Part of my combat system verifies hits by firing a remote from the client with data about the hit. (Where was the client aiming? Where were they facing?) How can I secure this remote against replay attacks? E.g., an exploiter successfully hits their opponent. As the verification remote fires, the exploiter sniffs this remote, and fires it again. Because the remote is identical to a successful hit, it damages their opponent twice.
From what I’ve read, people defend against these attacks by creating a one-time token that prevents the message from being sent again, but I’m not sure how I could implement that in the context of Roblox.
Timestamps wouldn’t work as an exploiter could fire the remote with a different timestamp, with every other argument identical. Tracking each verified hit and preventing that exact same one from being used again wouldn’t work, as it’s possible for two hits to be identical without exploiting.
Any ideas would be great!