Hello. I am aware that an exploiter can fire and send whatever they want from their client through a remote function and/or event. In terms of a remote function firing from client to server, is it possible for an exploiter to fake what a remote function returns? For instance,
--Client
if remoteFunction:InvokeServer() then
print("Expected Behavior")
else
print("Unexpected Behavior)
end
--Server
remoteFunction.OnServerInvoke = function()
return true
end
Is it possible for an exploiter to intercept or fake what is returned to achieve the unexpected behavior?
Well if it’s coming from the server they can’t change the outcome of what the server gives to the client, however there’s no real point in ‘trying to secure’ (I assume that’s what you’re doing) what’s given from the server since the client can just manipulate whatever it wants anyway.
Yes, this can be done quite easily with namecall (and other methods), and just a basic understanding as to how spoofing works.
However, you shouldn’t be returning anything sensitive to the client; even if they do spoof it, ideally it will have no effect assuming you programmed it elegantly.
1 Like
thats why i would use sanity checks