Hello everyone,
So I’ve been tasked with creating a trading system for a game but I’m worried that there may be vulnerabilities that could be exploited to duplicate items. The system is fairly basic; two players place offers and once the trade is accepted on both ends the items are handed out.
I would greatly appreciate it if someone could outline some common mistakes that could lead to players being able to dupe items in order to more easily prevent them, thank you.
You could read this github/gist article by “Gael” on Github.
It explains the most used duplication methods and gives you ways to patch them.
Its very interesting to look at, you should give it a shot and perhaps you will learn more from it yourself! 
You should implement session locking to make sure only one server at a time can load a player’s data. Use ProfileService to have this built-in.
However there can still be an issue if giving the item succeeds, but removing the item fails (or the other way around).
Both data adjustments have to succeed successfully for the transaction to complete.
A way to handle this is to save transactions and their relevant data. This keeps track of the data changes. Whenever a player joins, this is used to ‘fix’ their data. If this fails, it’s best to kick the player, as they currently have an invalid item in their inventory (we don’t want them to trade it again!)
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.