Hello, I am currently trying to make some fire skills for my game and, just as I was working on the debounce part with my localscript, I was worrying if it would be safer/efficient to make the debounce on client or server. But the thing is that I don’t even know what an exploiter can do with my localscripts (and I’ve never seen an article about that. Would be good to make one or if there is already one you may link me).
I know that exploiters can, by example, read the content of a localscript, but are they able to change the content of the localscript itself so if by example for the debounce the original variable for wait is 5, could they change it to 2?
Here’s some great resource I could find explaining about exploiting. TL;DR Replication on machine can be only changed, while server is unharmed. The cheaters can change the server if the server is running on poor remotes.
And beyond. Keep in mind that LocalScripts do not run on the same context level as a thread coming from an exploited client does. Both cases are running client-side threads but one runs with a higher context level than another.
Since player’s are given unlimited control over their character they can teleport anywhere and move as fast as they would like. They can also push other people off of cliffs or down into the area where Roblox automatically deletes parts (and characters). If they are given a sword or other object welded to their character then they can use it to nearly instantly kill any/all players in the server.