I’ve always wondered how games like A Bizarre Day managed to “Defend” their stand scripts. They use LocalScripts for the stands (I know because the stand animations still play when I was disconnecting). You see, I’ve never seen someone deal more than 100+ damage with the stands … I know the remote has a damage limit, but can they just spam the remote events (because exploiters can edit localscripts, right?). But I’ve never seen someone exploiting with ABD stands before… they create custom specs and somehow create remoteevents to fire (some player told me when i ask how the exploiter is doing it). So my question is how do I defend localscripts like ABD? I’m fairly new to scripting so forgive me if my question don’t make sense.
you can maybe check if the remote has been fired incorrectly, for example adding a cooldown, and if the remote is fired within that cooldown, cancel it or do whatever.
Theres a couple things you could due to protect Remotes, and @STOPEATCAK is right for saying this
Blockquote you can maybe check if the remote has been fired incorrectly, for example adding a cooldown, and if the remote is fired within that cooldown, cancel it or do whatever.
I’ve found the most useful (in my opinion) way to make a cooldown system is to store the players name in a table with the time that they fired the remote, and every time they fire the remote check to see if the current time it was fired - the time in the cooldown == a certain number.
But combat is probably handled serverside in ABD, so there would be no need to protect the localscript because if you do checks on the server, like making sure the player is within a certain distance of who they are attacking (to prevent the remote from being fired anywhere) and other conditions like that, you can protect your combat system easily
All you need for damage capping is the following server-side check.
damage = math.min(damage, 100)
Clamping may be safer (to prevent negative values).
damage = math.clamp(damage, 0, 100)
add sanity checks to your remotes and do not add cooldowns to local scripts since these can be easily bypassed (which is how people bypass cooldowns in ABD), you cant really defend localscripts from exploiters as far as i know but these are the best tips i know for now.
for more information, check this post: Exploiting Explained