My game relies very much on player’s HumanoidState. When player is in combat he can jump in the right time and he won’t take any damage. To make so players can’t just spam SPACE/jump button, i make a client-sided jump debounce.
So it looks like this:
player enters a combat state.
client script sets a jump debouce
player can jump in the right time and he won’t get any damage
In certain period of time server checks player’s HumanoidState and if it is equal to Jumping state then player won’t get damage.
I’m 100% sure exploiters can just bypass this and jump when they want, so they are almost 100% guaranteed to not take a damage. Also i think they can also just change HumanoidState to Jumping and this will replicate to server and they will be immune to damage once again.
My only idea is to get a server script and connect a HumanoidState Changed event to it and check how much time it took for this player to Change its State from Jumping to something else. Is this a good approach?
How would i go about making a better anti-exploit for this? I’m so clueless to how i can make so they won’t be able to get an advantage…
New idea:
Create a BoolValue. Once player joins a game on server i will listen when he jumps and change the BoolValue’s value to true or false (if jumped then true; if landed then false). Then instead of checking HumanoidState when i want to deal damage i will check this value.
Since exploiters can’t change this BoolValue they won’t be able to exploit by changing their HumanoidState, but here comes another issue: they can just ignore the jumping debounce and just spam jump button.
I don’t know how would i go about fixing this so help is appreciated!
You can’t rely on everyone to give you free code. You need to provide code for us to work with, otherwise we’re just giving you a free piece of code. It literally states it when you are going to post it.
They’re not asking for code, they’re asking for feedback as to whether or not the approach they’ve chosen is acceptable from a security standpoint before going ahead with it.
As for answering OP’s question, I concur with OminousVibes - never trust the client, always perform server-side checks for anything that should be secure. You don’t need BoolValues for this; you can track each player’s jump state with a table - even go a step further with this and have that table store the tick of when each player last jumped. Just remember to clear out values for players who leave the game.