What can the client (and by extenstion, exploiters) access in replicated storage?

longandshortname · November 17, 2024, 6:13pm

I am curious as to how a client or a potential exploiter can access replicated storage. All my tools in the game I have worked on are located in replicated storage, so the main thing I am worried about is if an exploiter could potentially exploit tools stored in replicated stoage.

deIuxor · November 17, 2024, 6:16pm

Hi there! I can help greatly with this. I’m happy to tell you what can be done. Please put the specific game link here.

longandshortname · November 17, 2024, 6:17pm

It is mostly tools with server scripts in them, and some client scripts.

deIuxor · November 17, 2024, 6:20pm

I’ll let you know what I find. It will take some time

FroDev1002 · November 17, 2024, 6:21pm

First off, you’re worried more about exploiters not hackers, there isnt much you can do about hackers as thats in robloxs hands for the most part.

Exploiters can access anything you put in replicated storage (as anything in there is replicated to the client), that doesnt mean these things will work if you do proper sanity checks. Something to consider is storing tools inside of ServerStorage instead.

The best thing to do is probably just do sanity checks, for instance if someone activates a tool, check if the tool is nil on the server. If the client, or exploiter just cloned it from Replicated Storage, the server cant see it, thus, its nil to the server. Ofc this could very depending on how you have your game setup, so just do sanity checks is my point lol

longandshortname · November 17, 2024, 6:25pm

Alright. To check if a tool is nil on the server, would I simply do something like this:

Tool.Activated:Connect(function()
if Tool ~= nil then
--code
end
end)

FroDev1002 · November 17, 2024, 6:29pm

Yes, just make sure its a server script/script/regular script

Also this code can be simplified:

Tool.Activated:Connect(function()
    if Tool then -- This if statement basically just checks if Tool exists, rather simple, you can also do the opposite with if not Tool then, which just checks if Tool is nil, or false, or something like that.
        --code
    end
end)

deIuxor · November 17, 2024, 7:02pm

Man that was fun I got to go eat but yeah now you have a great idea of what can be done and honestly it isn’t much lol you can really protect your code nicely when you put the time into it

longandshortname · November 17, 2024, 7:22pm

Note: We found some tools which could have their cooldowns ignored. Fixed it by moving some cooldowns to the server.

system · December 1, 2024, 7:23pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.