Magnitude Sanity Check Issue

The situation is pretty straight forward, I’m doing Sanity Checks on the Server whenever a Client Requests to do Damage to another Player, however the challenge here is latency.

Vector3_New(Position1.X,Position1.Y,Position1.Z) - Vector3_New(Position2.X,Position2.Y,Position2.Z)).magnitude

By simply getting the Magnitude of those two Positions then compare it to a Distance that is an acceptable Threshold I can determine if the Request is Legit or Not.

This is where latency breaks my code;
The Positions aren’t updated Real-Time and has a noticeable Delay, often times a Player is close enough to do Damage but because of the Delay the Request becomes a False Negative.

I’ve only tested this with One moving player, imagine what would happen if both are constantly moving.

While I can increase the Threshold to compensate for Latency, I would rather listen to other Developers ideas to solve the issue.

This may not be the best method, but this is what I use

I do all the detection on the client and if the enemy is within a set range I fire the server and check if the players are near each other, but less accurately than client so there is more room for the delay

benefit is smoother detection for the attacker, downside is that exploiters could probably enhance their hitbox by larger than what it should be due to the compensation with the check

(so most of the time detection would normal relative to the client)

1 Like

That’s part of the problem; I check on both Client and Server, first to prevent unnecessary Request to the Server and then Sanity Checks to prevent or at least slowdown cheaters.

Are you suggesting that I should remove my Server Sanity Checks?

Don’t be too scared to increase the threshold, an exploiter would likely do damage from ridiculous distances in most cases, whereas being, say, 5 studs out of range is more likely to be lag than an exploit. Yes, it will potentially increase the number of people being damaged by an exploiter, but generally not enough to outweigh the decrease in false flags.

You could also calculate things like players’ velocities, so that even if they are lagging, you could predict where they might be in the time since the server last processed their movement.


No, you always want those, I was just saying have a strick/exact threshold on the client and have a less strict threshold on the server

1 Like

@Quoteory, I see that’s a great idea!

@EmeraldSlash, I’ll increase the Threshold like you suggested

Right now I’m looking into Detecting Ping for making calculations to compensate for Lag and I will look into Calculating Velocity too

Probably something like this

math.floor((, 0, lastcf.p.Z) -, 0, root.Position.Z)).magnitude) > maxspeed
1 Like

Quick idea here: getting the positions of the attacker and the attacked as soon as it happens and temporarily storing it (in a script variable) can be a way to beat the lag issue.

As soon as a touch is registered, you can use a Script to compare the stored positions of the attacker and the attacked. If their distance away from each other at those stored positions are within a certain threshold, you can call a positive. If not, you can call a negative. After this, you can set the position variables to nil.

However, you would need to use a Script to do the detection. I don’t know much about magnitude sanity checks, so this solution could be extremely flawed.

Your solution works perfectly for Touch Detected Weapons, however in my specific case I’m not using said type of weapons but rather range based attacks; for example a telekinetic attack.

1 Like

I think the previously mentioned solution is adequate.

Check X magnitude on the client and then check X magnitude + Latency buffer on the server. In the majority of cases this will discourage exploiters from bothering.

1 Like

I actually think this could be a lot easier now. Are you using raycast, FastCast, or good 'ole body movers?

Non of those it’s a point and click attack.

I’m checking the magnitude to make sure that a player isn’t attacking a player out of range or an exploiter isn’t attacking from the other side of the map

For this, I would recommend recording the positions of the player and the player who got clicked on in variables inside of the input script. As soon as a click is made on another player, the positions are recorded. You could get those values and find their magnitude inside the script, too. After doing that, you can compare that magnitude to the threshold and check if it’s valid or not.

This would work better if there’s a cool down on the attacks or else the variables will keep getting overriden.

Are you suggesting that I send Positions of the Attacker and the Victim to the Server and then comparing both with another set of Positions on the Server to determine their difference in magnitude while also determine if the Request is legit by checking a threshold controlled by a base value and ping compensate?

Doing it on a Local Script would save some headaches. But prone to exploits.
Doing it on the server is prone to lag.

I’ll suggest this:
Use the LocalScript to FireServer() a RemoteEvent with only info about the person who got clicked (No positions, just the part that got clicked, as to combat position exploitation). A Script will then pick up the fired RemoteEvent and its parameter (clicked part). It will then immediately record the positions of the HumanoidRootPart of the clicker and the clicked in variables. You can then compare the distance between those two positions. If it’s good, do damage. If it’s not, don’t do any. This results in damage delay but it should be alright.

Another solution:
Increase the threshold. You could even pair it with the method above.

Another solution:
Do checks on LocalScript

I am already doing what you suggested, you can refer to my code in the OP.

Which leads back to the latency problem.

I will combine all of the ideas that’s been given to aid the latency issue hopefully it will provide better UX and security.

Antilag style code would work for this.

  • have the server send a client a seed server time on connect.

  • update it every frame. ( servertime = seedtime + elapsedtimesinceconnect)

  • now when the client attacks, attach the server time

  • on the server, every tick record where players are and the local servertime

  • when the server needs to check an attack, it can simply look up where the victim was

You still need to trust the client position during the attack for this to work though, but it will give you accurate enemy validation.

1 Like