How would I do sanity checks for player states

Hey there, so in my current game, there’s a lot of states for the players (Attacking, Dodging, etc…). Now these states are only controlled on the client as it also acts as a debounce, so if I moved it to the server, the player would take a considerable time before commencing the action.

The states are handled by a StateController module, which is code-based. States will be tracked by an attribute, but the actual value is in the controller itself
(The module is irrelevant in this post)

Now my current approach works as fine as it is, but I’m afraid the exploiters can just change the states by hand, leading to deadly attacks.

Currently, the server can read the states of the client through Attributes. This also includes altering the client’s states by changing the changeState attribute, but since it is client-based, the client will handle the change, which makes it even more susceptible to exploits.

My question is that is it possible to do sanity checks for the player states on the server ?. Now I can indeed make a copy of the StateController for the server and authorize changes and read the states from there, but cant the exploiters just delete the remote call in the client and modify the debounces from there ?

Note: I don’t think I can handle the client’s states on the server altogether for the sake of performance.

Edit: Need desperate help on this one…

1 Like

After some time of meticulous thinking, the only thing I have managed to come up with is that to authorize by using other factors, not just the states.

The states are widely opened to exploits (The exploiters can just update the state in its’ client and send a request to the server to update). So I would need to validate these changes by setting up a time interval (Time between changes), since ALL of the server-sided code is based off of the State attribute in the player’s character, those code would be based off of the player actual states.

Now the time interval would vary for each states, so I would simply set up a table consisting of the time for each states.

I have not put this into action yet as I want to hear more from you guys’ perspective!