Remote Event Questions

Jerrythepancakesmith · August 23, 2021, 1:33am

Remote Event Questions

Hello, I have a couple questions concering remote events, For my first question, Is passing arguments client sided to the server using remote events exploitable, example

local amountofCoins = 1000
remote:FireServer(amountOfCoins)

It’s very concering to me since i do not want a player to try to exploit MarketPlaceServer type Assets that depend on parsing remote event parameters, if this is not the case then please let me know, im currently making a Shop GUI with Developer Products that rely on 1 Remote Event So i just need some info if this can be exploitable, if this is a bad way to make it please let me know

Sta

JackscarIitt · August 23, 2021, 1:36am

1 word answer: Yes

Explanation: Exploiters can see anything that’s client-sided inside the game (That includes LocalScripts, UI’s, Lighting, etc)

You could just handle the variable on the server instead if you don’t want them to change the amountofCoins variable

Jerrythepancakesmith · August 23, 2021, 1:41am

Oh i see, its cause im trying to make a marketplacesystem that relies off 1 remote event, parameters, does that mean i have to make a sepreate remote for each asset?

4vI7 · August 23, 2021, 1:43am

yes that is a very easy to exploit that script. Exploiters can see whenever a remote is fired using stuff like remote spy and will see the fired remote followed by all arguments, they can take advantage of this by firing it multiple times or changing the argument to whatever amount of money they want.

All local scripts are also able to be seen, disabled or removed, that’s why you have to hide anti cheats well. They also don’t need to wait for the remote to fire if they look through all local scripts.

RawEggTheGreatIX · August 23, 2021, 1:53am

you should do something like this to prevent the client from being able to exploit:
note this is a simplification

Client:

local ItemToBuy = "Cookie";
Remote:FireServer(ItemToBuy);

Server:

local ItemPrices = {
   Cookie = 10;
};

Remote.OnServerEvent:Connect(function(player(item)
   player.Coins -= ItemPrices[item]
end)

Jerrythepancakesmith · August 23, 2021, 2:01am

why did you put a not equal on

   player.Coins -= ItemPrices[item]

just wanna know, im still not very advanced into lua.

4vI7 · August 23, 2021, 2:11am

not equal is ~= and that would probably be minus instead of typing

player.Coins = player.Coins - price

Jerrythepancakesmith · August 23, 2021, 2:13am

i wanna know why exactly he put -= on that part

SlipperySpelunky · August 23, 2021, 2:14am

You were just given the answer, it is a shorter way of doing this:

value = value - 1

Jerrythepancakesmith · August 23, 2021, 2:18am

Ohh i see i misread it thanks

//////////////