I have added this under catalog assets. The following issue is in discussion of an exploit being used within games to claim catalog items. The item’s that are linked to the game can be purchased even if the objective isn’t out for the item itself and is highly abusable by exploiters. The exploit allows for a purchase pop up if both requirements are met: 1. You can join the game and play the game the item is in. 2. The item is enabled. As long as these requirements are met items can be granted by the exploit even if the quest or objective isn’t released to the game allowing for people to get an unfair headstart and potentially profit off this exploit.
Expected behavior
The main aim of this is to hopefully get the exploit patched or add further preventions to ensure the catalog assets aren’t being granted via an exploit this will allow for developers to have their quests worked on without worry of someone exploiting for their item and bruteforcing any steps to gain an unfair advantage. The exploit also uses Roblox’s API allowing for the purchases to take place ingame using an executor script associated with the exploit.
A private message is associated with this bug report