so, instead of handling the hitbox on the server
you instead; make a client hitbox, you send all data to the client and then you do a magnitude check (instead of just making the magnitude check on the server and running that as ur hitbox)
me when the exploiter keeps extending his hitbox to the max sanity check radius 
this is for projectiles not for actual hitboxes
How would they even do that in the first place
if the hitbox is handled on the client, they can hook the remote and just send in their OWN data
K i cant take you seriously i thought you were fr
i am serious, what do you mean you can’t take me seriously???
The server fires the client with the hitbox data.
Thats a tutorial for all around hitboxes, not projectiles.
…
do you know what you are talking about?
why are you talking about client hitboxes and then saying the server gives the client hitbox data??
of course the client returns the people that are hit or the position? that’s what makes it a client hitbox
so an exploiter can hook the returning hit or position in order to extend their hitbox
Well fair enough but how would they get the attack id?
hooking your request (btw for roblox moderation, this is technically a github page making it not an off-site violation)
They’d still only hit people inside the hitbox. The way it works is the server generates a number for the attack and only waits for the client’s request within the given hitbox period, so they’d only be able to hit people while attacking, when the hitbox is already active, and while the person is within the magnitude check.
Read through the hitbox tutorial and tell me the flaws you see after. If you still see criticism, reply to the post and tell the creator.
(From what I understand hooking just replaces a function, i was never into advanced exploits)
If I’m right about that definition, it also means they have to replace the attackid every attack or it’ll break their hitboxes
hooking doesn’t just replace a function, it can replace your own systems in place (like client systems) to return teh request and hook the request in order to manipulate the data that gets sent to te server
just use the DamageHumanoid bindable in serversztorage
This small exploitability is worth the smoothness to your players in normally every circumstance
mfw giving the client network ownership of their character is a security vunerability.
Doing hitboxes on the server also means that the user has to aim for where their target is on the SERVER, not from what they see. I’d much rather have a game where attacks hit more than they should over a game where attacks hit less than they should.
all i’m saying is, big games like The Strongest Battlegrounds, Heroes battlegrounds don’t use client hitboxes and they only use them for velocity-based skills 
Most battleground games use client hitboxes. Maybe those two don’t, but I haven’t seen concrete proof on that since there’s no hitbox toggle and they feel really responsive. There’s server prediction hitboxes but those are pretty hard to do.
Do you know that for a fact? Or is that just speculation?