Hello, i’ve followed a tutorial that showed how to make a cool orb drop effect, and it basically what it does is when the orb gets collected on the client it requires a module inside the orb that does something, for example play a sound
But if i would make it fire a remote event to give money, it would be very exploitable, so i was wandering is there any way to prevent that?
Maybe you can make it so that you make the orb on the server but only set it’s position.
Basically:
Calculate orbs position on the server.
Send position data to client.
Use client to make orb and do animation stuff when orb is touched.
Use workspace:GetPartsInRadius on the server to see if the orb is touched.
Add money.
This way, the orb doesn’t exist on the server except it’s positional data making it unique to all players and also safe as there is no client → server communication but only server → client communication.
Hi, Thank you for your reply, but i found a good solution myself that is easier, basically, orbs are mainly dropped from bosses, and when the boss is supposed to drop the money it makes a value inside each player that has how much money they can get from the boss if they collect, and when the orbs are collected from the client, it fires an event and it checks if the value of money that the player can get is equal or more than the value than theyre collecting, to prevent exploits,
That’s one way but it’s still exploitable as players can just set the value themselves without having to actually end up collecting orbs and saving time. A bit small thing but still exploitable.
Exploiters can change the value on the server? because it checks it on the server and i thought that was unexploitable (edit) i just checked and if i change the value on the client it dosen’t change on the server
What she mean is that it is exploitable as the pickup signal is from the client. They can just tell the server that they “collected” it and the server would think so.
How would you use workspace:GetPartsInRadius on server if orbs don’t exist server side.
Unfortunately Roblox doesn’t support client-specific replication, however this won’t stop you.
You can freely create orbs on server as “positional” parts (could be a regular cube), there parts should have attribute to which player it belongs.
Client will listen for any orb part creation, check the attribute, and delete the part client-side if it doesn’t belong to the client. If client deletes the part, it is deleted only on such client, no harm will be done to server.
At the end, if the part belongs to the client, it can be replaced with the actual orb with animations and such…
This way, you could use workspace:GetPartsInRadius and filter only those parts, which belong to the client from which is the ellipsoid cast called.
Of course there’s one possible exploit, where hacker could just easily read positions of all coins from all players, but after all, this information is totally redundant since he can collect only coins to his player.
GetPartsInRadius returns parts which are in a radius from specified existing vector position.
If you’re planning on casting such method on every coin to check for players, then this is ultimately bad approach performance wise.
You’re basically decorating something bad looking with flowers.
This method is thread-safe, however the next operations might not be, how do you dispatch this into main thread?
Thread scheduler also takes some time. Your target is to make less physics calls, and then parallelize.