Could the client deliberately send incorrect parameters in a remote event that could cause the code to error and would the error cause issues with the entire script?
my code
is it necessary to protect against that with a pcall for example or am I fine without?
and if so how would I apply a pcall and connect it from a remote event
thanks
Couldn’t you just check if each variable is not equal to nil or some unexpected value to make sure it exists and to prevent erroring?
no because one of the parameters is a CFrame and they could send for example “1” or literally anything else besides a CFrame and it would error
Yes. The only argument you can trust is the first, implicit, player argument. Malicious users can fire any remote event with any arguments at any given time. I always use the following function for this reason:
local function nAssert(value, player, message)
assert(typeof(player) == "Instance" and player:IsA("Player"), "bad argument #2 to Network.NAssert, expects Instance<Player>")
assert(typeof(message) == "string" or message == nil, "bad argument #3 to Network.NAssert, expects string?")
-- assign message to its default value if no value is provided.
message = message or "An error occurred."
-- if value is falsey, kick the player with message.
if not value then
player:Kick(message)
end
return value
end
Usage:
remoteEvent.OnServerEvent:Connect(function(player, stringArg, instanceArg)
nAssert(typeof(stringArg) == "string", player)
nAssert(typeof(instanceArg) == "Instance", player)
end)
This code will kick the firing player if the arguments are of an unexpected type. Some developers may choose to just return from the listener instead of kicking player to account for mistakes on their end resulting in innocent players being kicked—it’s up to you.
This makes sure that the information sent is the information needed for the rest of the code to function properly in the OnServerEvent. 
Like Dandystan said, you should check everything.
Keep in mind that this function is called in its own thread, so technically nothing bad has to happen if it errors.
Also
local obj = game.ReplicatedStorage.Objects[building]
if obj then
isn’t any good, because it will error if obj isn’t there
You need:
local obj = game.ReplicatedStorage.Objects:FindFirstChild(building)
if obj then
Is there a way to do this with a CFrame value?
print(typeof(CFrame.new())) --> CFrame
(post withdrawn by author, will be automatically deleted in 24 hours unless flagged)
Would this be a correct way of going about it?
Yes. I would personally just do
if typeof(building) ~= "string" or typeof(CF) ~= "CFrame" then return end
to avoid an extra nest.