Hello, I’ve made a game like @haz3mn 's PLS DONATE, but I’ve noticed an issue (that apparently happened to him too?). People can set their gamepasses to 9999999 bazillion robux, join the game, claim a booth and then change the gamepass to 1 robux & buy it. Roblox will then be tricked into thinking they bought the 9999999 bazillion robux gamepass, and they’ll be put 1st on the leaderboard.
How could I fix this? The player’s stats only increase by the PriceInRobux that I get from doing GetProductInfo right after someone buys a donation, so it shouldn’t add 999M to it, but instead the actual price, right?
At least I think this is what’s causing it, could be other things but the only time I increment the Donated/ Raised values are right after the player buys something.
You’re truly adding the result from that PriceInRobux property returned from MarketplaceService:GetProductInfo() to the amount donated on the server, not the client.
That there’s sufficient logic to prevent any invalid additions to the amount donated (etc, you could perform a check that determines if the passed in number is > the gamepass amount, otherwise reject the transaction).
Another value isn’t being added to it, instead of the one you think that’s being added.
The only other sufficient explanation I can think of is (although unlikely) is that there’s a delay in the updating of data on the API endpoint that MarketplaceService:GetProductInfo() sends a request to. Other than that, I have no ideas.
Hope some of these suggestions get you closer to solving the problem!
This is all done on the server & the Donated attribute gets saved nomally like a leaderstat value, I used an attribute instead just so I can add anonymous mode
(yes, I do use Enum.InfoType.Gamepass instead of .Asset for gamepasses!)
Maybe because the game thought its 999bazillion robux, then compare it with the real price of the gamepass, something like if whatgameseesgamepasspriceis == gamepasspriceactuallyis then
maybe try using tonumber(string) assuming your gamepasses on booth is textlabel which has the priceinrobux and once they changed the price of the gamepass maybe try change the text aswell? idk if you can see if they changed the price gamepass.
Don’t have gamepass prices in an attribute. Theoretically, unless the player has network ownership of the part, they should not be able to change those values, but I have seen strange things happen before.
Store them in a table instead and then populate the text field with that value from the table. Also, when sending the purchase request to Roblox, the actual purchase amount also matches values that table. If they don’t, then you got a problem. Do not write the code to add/change things in the table. If the code doesn’t exist, it cannot be exploited. Make sure to secure and sanity check your remotes.
Here’s the thing, If GetProductInfo() doesn’t work correct, you really should submit a bug report so Roblox engineers are aware of it and they can get the problem fixed. Roblox uses a lot of caching to speed up lookups and such for performance reasons. If the cache is getting corrupted, that would explain a lot.
This has been a persistent issue for years; the engineers are well aware of this and there are countless posts on it already, I’m just providing a temporary solution for games who suffer from this exploit.
