What are Sanity Checks?

While reading posts about preventing exploits, I’ve seen people talk about “sanity checks”
I couldn’t find anything when I Googled it, so hopefully one of you can help me understand.

Note: This is my first post on the devforum, sorry if it’s a bit sloppy :grinning:

18 Likes

Checking with the Server, Verifying on the Server, Checking if something is legit.

Let’s say you need $100 To buy item A, you send a remote to the server and the server checks if that player has enough money then gives that player item A.

I advise that you check both on the server and client.

Sever checks are there to prevent cheaters, exploiters.

Client checks are there to prevent unnecessary events from firing to the server.

16 Likes

Checking your variables to see if they’re sane :stuck_out_tongue:

Jokes aside, you’re checking whether the values of your variables are sensible and/or expected. For example:

I have this client script:

showMessage("Type a number between 1 and 5")
doSomeStuff(getNumberTyped())

The expected value is between 1 and 5, so we do a sanity check to verify the number is, indeed, between 1 and 5:

local function doSomeStuff(number)
    if typeof(number) == "number" and number >= 1 and number <= 5 then
        -- do stuff
    else
        error("gib number between 1 and 5 pls :c")
    end
end

This is especially useful when stopping exploits as you can check that the player has enough money to spend an item, or has the item they’re trying to activate, in their hand.

Related topic: https://en.wikipedia.org/wiki/Defensive_programming

36 Likes

It seems simple, I just wasn’t sure what it meant. Thanks guys!

2 Likes

Sanity checks is a way you can authenticate events such as Remote Events. You can use the parameters in a function to determine if that function is within reasoning to be functioning. This can combat against exploiters and cheaters who try to do things which they shouldn’t do.
Making checks or doing sanity checks stops this from happening. Essentially, you could call it making your code smarter so it doesn’t do silly things.

Hope you’re welcome to this forum!

8 Likes

For typechecking in Lua, I would recommend using Osyris’s t library.

It makes doing stuff like this (which is especially important for server checks) really easy.

4 Likes