Huge donation amounts

For some reason, while some times my donation system works perfectly, some others it gets messed up. Basically, there’s a possibility that certain users have a huge number of robux donated in their data, but in reality, they haven’t really donated that amount.

local MarketplaceService = game:GetService("MarketplaceService")
local players = game:GetService("Players")
local DataStoreService = game:GetService("DataStoreService")
local ReplicatedStorage = game:GetService("ReplicatedStorage")

local DonationDB = DataStoreService:GetOrderedDataStore("DonationDB")

local donations = {
	[2652261069] = 50;
	[2652260756] = 100;
	[2652261143] = 500;
	[2652260997] = 1000;
	[2652260931] = 10000;
	[2652260844] = 100000;
}

MarketplaceService.PromptProductPurchaseFinished:Connect(function(playerId, productId, isPurchased)
	if not isPurchased then return end
	
	local donationAmount = donations[productId]
	if not donationAmount then return end
	
	local player = players:GetPlayerByUserId(playerId)
	if not player then return end
	
	DonationDB:UpdateAsync(player.UserId, function(oldData)
		local old = 0
		if oldData then old = oldData end
		return old+donationAmount
	end)
end)

you should immediately switch over to and use the ProcessReceipt callback to handle purchases instead of listening to this event.

the PromptProductPurchaseFinished event should NOT be used for handling developer product purchases, an exploiter can spoof the purchases and trick the server into thinking that they did buy it in this way if you use this event, it’s unsafe. it’s been a vulnerability for some time: PromptProductPurchaseFinished Vulnerability Fix

this probably means that the top 3 leaderboard donators are exploiters, and possibly more down below, but you’d have to look into the transaction history in the group and other stuff to verify this.

Thank you! I wasn’t aware of such issue.