Ok so atm i’m trying to make a secure trading system since I understand how dangerous an insecure one can be to a game’s economy, I want to know what checks I should perform and what ways people have uses to bypass similar systems in the past, all things from the very specific to obvious (such as handling on the server) is appreciated.
There isn’t anything specific, other than checking all of the data serverside before a transaction and also making sure you don’t have duplicate trades (creating item duping).
Just follow best practice for the Client-Server Model.
2 Likes
On the server side, never trust the client and check if the client actually owns the item that you want to trade. Along with double checking for duping, eg if client double clicks the trade button and it has no debounce or exploiters calling remote events/functions.
Could go one step futher, introducing some key that is assigned to the client when they join, and the client must give it to the server every time it calls the event.
I would assume that would be pretty secure… Server should never trust the client.
3 Likes
Already checking and handling on server, although thanks for reminding me to add a debounce on the server
1 Like
hi there!
as many other have told you, do not trust the client, and use a good client-server model implementation.
and do not run any checks on the client, only the server, because anything that is on the client can be manipulated, and so on.
2 Likes
In addition to what kni0002 is saying, when you assign that key to the client, :SetAsync() the key with the data and make it act like a debounce (to prevent people that rejoin before the trade is completed and whatnot).
2 Likes