Is this easily exploitable?

Help and Feedback Code Review
1

I was just wondering if exploiters/hackers can use this script to unfairly gain amounts of resources

local player = game.Players.LocalPlayer
local tg = script.Parent
local inputframe = script.Parent.TradeFrameIn
local outputframe = script.Parent.TradeFrameOut
local in1 = inputframe.Input1
local in2 = inputframe.Input2
local in3 = inputframe.Input3
local out1 = outputframe.Output1
local out2 = outputframe.Output2
local out3 = outputframe.Output3
local inlabel = script.Parent.InLabel
local outlabel = script.Parent.OutLabel
local inputbox = script.Parent.InputAcceptor
--Values
local Stone = 50
local Pounds = 10
local Denarii = 1
--------------------- 
local inval
local matfolder = player.matfolder
local amounttest = nil
local tradebutton = script.Parent.TradeButton
local outputamount
local outval
local outdis = script.Parent.OutputDisplay
local inselection = nil
local number
local outselection = nil
local function tradeoff(mode,val)
	if mode == "input" then
		inselection = val
		inlabel.Text = val
	elseif mode == "output" then
		outselection = val
		outlabel.Text = val
	end
end
in1.MouseButton1Down:Connect(function()
	tradeoff("input",in1.Text)
end)
in2.MouseButton1Down:Connect(function()
	tradeoff("input",in2.Text)
end)
in3.MouseButton1Down:Connect(function()
	tradeoff("input",in3.Text)
end)
out1.MouseButton1Down:Connect(function()
	tradeoff("output",out1.Text)
end)
out2.MouseButton1Down:Connect(function()
	tradeoff("output",out2.Text)
end)
out3.MouseButton1Down:Connect(function()
	tradeoff("output",out3.Text)
end)
local function outputengine(given,wanted)
	if given ~= nil and wanted ~= nil then
		return given/wanted
	end
end
local function findnumber()
	if inselection == "Stone" then
		inval = Stone
		amounttest = matfolder.Stone
	elseif inselection == "Pounds" then
		inval = Pounds
		amounttest = player.matfolder.Pounds
	elseif  inselection == "Denarii" then
		inval = Denarii
		amounttest = player.leaderstats.Denarii
	end
	if outselection == "Pounds" then
		outval = Pounds
	elseif outselection == "Stone" then
		outval = Stone
	elseif outselection == "Denarii" then
		outval = Denarii
	end
end
inputbox.FocusLost:Connect(function()
	findnumber()
	local ratio = outputengine(inval,outval)
	number = tonumber(inputbox.Text)
	if inselection == outselection then
		tradebutton.Text = "Invalid Operation "
	else
		if number ~= nil and type(number,number) then
			outputamount = number/ratio
			outdis.Text = outputamount
		else
			tradebutton.Text = "Not A Number"
		end
	end
end)
outdis.FocusLost:Connect(function()
	findnumber()
	local ratio = outputengine(outval,inval)
	outputamount = tonumber(outdis.Text)
	if inselection == outselection then
		tradebutton.Text = "Invalid Operation "
	else
		if outputamount ~= nil and type(outputamount,number) then
			number = outputamount/ratio
			inputbox.Text = number
		else
			tradebutton.Text = "Not A Number"
		end
	end
end)
tradebutton.MouseButton1Up:Connect(function()
	if tradebutton.Text ~= "Invalid Operation" then
		if amounttest.Value >= number then
			game.ReplicatedStorage.Remotes.UpdateMat:FireServer("remove",inlabel.Text,math.ceil(number))
			game.ReplicatedStorage.Remotes.UpdateMat:FireServer("add",outlabel.Text,math.ceil(outputamount))
			tradebutton.Text = "Trade Successful"
			task.wait(1)
			tradebutton.Text = "Trade"
		else
			tradebutton.Text = "Too Expensive"
			task.wait(1)
			tradebutton.Text = "Trade"
		end 
	end
end)
2

If you make it server sided, I doubt there’ll be issues.

1 Like
3

Anything done in a local script should be assumed “unsafe”. An exploiter could change the value of a variable in that script, so you should expect for that when designing your server-side code. So, as long as you make sure the data being sent over in the RemoteEvent is valid, then this client code is perfectly safe. We can’t say definitively if the server side code responsible for handling the RemoteEvent calls in this script is also well-secured.

Even though exploiters can mess with local scripts, we don’t actually find that problematic - at worst, they will break their own game in the process, and will not be able to affect other players.

1 Like
4

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.