What are Sanity Checks?

Help and Feedback Scripting Support
#1

While reading posts about preventing exploits, I’ve seen people talk about “sanity checks”
I couldn’t find anything when I Googled it, so hopefully one of you can help me understand.

Note: This is my first post on the devforum, sorry if it’s a bit sloppy :grinning:

18 Likes
How do i make a sanity check for Remote Events / Functions
How To Anti-FunctionHook
My anti-exploit concept... “The inquiry method”
Are key systems for RemoteEvents helpful?
Is there any way to hide RemoteEvents?
How do i secure my remote event?
Sending Damage To Server
Tool not working
Server side not running upon fired
Why does leaderstats not show up in my player? (player.leaderstats)
UserInputService Problems
#2

Checking with the Server, Verifying on the Server, Checking if something is legit.

Let’s say you need $100 To buy item A, you send a remote to the server and the server checks if that player has enough money then gives that player item A.

I advise that you check both on the server and client.

Sever checks are there to prevent cheaters, exploiters.

Client checks are there to prevent unnecessary events from firing to the server.

14 Likes
Check if RemoteEvent is called from a specific script
#3

Checking your variables to see if they’re sane :stuck_out_tongue:

Jokes aside, you’re checking whether the values of your variables are sensible and/or expected. For example:

I have this client script:

showMessage("Type a number between 1 and 5")
doSomeStuff(getNumberTyped())

The expected value is between 1 and 5, so we do a sanity check to verify the number is, indeed, between 1 and 5:

local function doSomeStuff(number)
    if typeof(number) == "number" and number >= 1 and number <= 5 then
        -- do stuff
    else
        error("gib number between 1 and 5 pls :c")
    end
end

This is especially useful when stopping exploits as you can check that the player has enough money to spend an item, or has the item they’re trying to activate, in their hand.

Related topic: https://en.wikipedia.org/wiki/Defensive_programming

35 Likes
How to Approach Writing An AntiCheat
For events that happen client side how do I securely store the results on the server (such as award points)?
Help with securing remoteevents
#4

It seems simple, I just wasn’t sure what it meant. Thanks guys!

2 Likes
#5

Sanity checks is a way you can authenticate events such as Remote Events. You can use the parameters in a function to determine if that function is within reasoning to be functioning. This can combat against exploiters and cheaters who try to do things which they shouldn’t do.
Making checks or doing sanity checks stops this from happening. Essentially, you could call it making your code smarter so it doesn’t do silly things.

Hope you’re welcome to this forum!

8 Likes
#6

For typechecking in Lua, I would recommend using Osyris’s t library.

It makes doing stuff like this (which is especially important for server checks) really easy.

4 Likes