UGC Limited experience only items are being exploited

I have added this under catalog assets. The following issue is in discussion of an exploit being used within games to claim catalog items. The item’s that are linked to the game can be purchased even if the objective isn’t out for the item itself and is highly abusable by exploiters. The exploit allows for a purchase pop up if both requirements are met: 1. You can join the game and play the game the item is in. 2. The item is enabled. As long as these requirements are met items can be granted by the exploit even if the quest or objective isn’t released to the game allowing for people to get an unfair headstart and potentially profit off this exploit.

Expected behavior

The main aim of this is to hopefully get the exploit patched or add further preventions to ensure the catalog assets aren’t being granted via an exploit this will allow for developers to have their quests worked on without worry of someone exploiting for their item and bruteforcing any steps to gain an unfair advantage. The exploit also uses Roblox’s API allowing for the purchases to take place ingame using an executor script associated with the exploit.

A private message is associated with this bug report

7 Likes

Hi @Mythicspire!

Thank you for flagging this - We have an update for you here.

6 Likes

Thanks for the swift response!

Just wish to raise my concerns on the possible (and already occurring to some degree) side-effects that fixing this exploit may cause, mainly just a lack of documentation on how advertising these items needs to be done:

3 Likes