@kingerman88 The client can be modified in any way. Exploiters are not limited by any boundaries put in place by Roblox meaning this is not really that effective.
What I do in this case is act like the server is the client. All of this client code will run on the server with some scaffolding in between to tell the client what to do. Reducing lag is a bit hard to do but if you share code between the client and server and somehow “sync” the client with tick and a little math or “prefire” events to happen at a specific time you can solve this issue. When the client makes an input or tries to do something it’ll notify the server and the server will just mimic the action the player wants to do server sided as the client visualizes this for them and then the server can resync the client again (e.g. by telling it an object wasn’t really deleted).
I am not saying that you are wrong but that doesn’t mean that your idea will work forever. Once it is found it’s as easy as doing script.Disabled = true in rbxlua but a lot of exploits will offer extra functionality. One of these I think I heard about was the ability to literally change Roblox functions. That means any function could run lua code, accept different arguments, and return different results. In that case by hooking a function in the right way they can use coroutine.yield to pause only certain parts of your script. Another of these is the ability to easily set the values of locals and variables referenced by functions.
It doesn’t matter what your script does. It will be bypassed rather quickly and there’s no point in wasting time with client side checks.
The problem with that is, you are making the client tell you when the minigame is done. Thus an exploiter could just fire the remote event when ever he wants to just bypass the minigame.
It’s a client-side minigame. You kind of have to rely on mutual trust while also not doing so, hence the need for various security measures on the server’s end and a process that the client should be abiding by for the sake of minigame security.
OP is asking how to prevent exploiting on client-side minigames. A game link wouldn’t do much here, nor do you need to play any games. The idea is to try and provide a response that helps OP resolve their given issue. Try checking out the Scripting Support category guidelines for information on this category.