client hitboxes should only be used for velocity-based moves
Nuh uh, why should they? Client hitboxes should be used generally
because of security issues? hitbox extension?
1 Like
Same thing as people flying and teleporting on the server, also, just make the server send the hitbox size and information and do a magnitude check when recieving hit players with a server debounce, its as secure as you can make it
- no actually, it’s not the same as “people flying and teleporting on the server”
so, instead of handling the hitbox on the server
you instead; make a client hitbox, you send all data to the client and then you do a magnitude check (instead of just making the magnitude check on the server and running that as ur hitbox)
me when the exploiter keeps extending his hitbox to the max sanity check radius 
this is for projectiles not for actual hitboxes
How would they even do that in the first place
if the hitbox is handled on the client, they can hook the remote and just send in their OWN data
K i cant take you seriously i thought you were fr
i am serious, what do you mean you can’t take me seriously???
The server fires the client with the hitbox data.
Thats a tutorial for all around hitboxes, not projectiles.
…
do you know what you are talking about?
why are you talking about client hitboxes and then saying the server gives the client hitbox data??
of course the client returns the people that are hit or the position? that’s what makes it a client hitbox
so an exploiter can hook the returning hit or position in order to extend their hitbox
Well fair enough but how would they get the attack id?
hooking your request (btw for roblox moderation, this is technically a github page making it not an off-site violation)
They’d still only hit people inside the hitbox. The way it works is the server generates a number for the attack and only waits for the client’s request within the given hitbox period, so they’d only be able to hit people while attacking, when the hitbox is already active, and while the person is within the magnitude check.
Read through the hitbox tutorial and tell me the flaws you see after. If you still see criticism, reply to the post and tell the creator.
(From what I understand hooking just replaces a function, i was never into advanced exploits)
If I’m right about that definition, it also means they have to replace the attackid every attack or it’ll break their hitboxes
hooking doesn’t just replace a function, it can replace your own systems in place (like client systems) to return teh request and hook the request in order to manipulate the data that gets sent to te server
1 Like
just use the DamageHumanoid bindable in serversztorage
1 Like
This small exploitability is worth the smoothness to your players in normally every circumstance