During the development of my FPS game, I’ve run into a problem. Currently, the client fires a remote event and does a client-side raycast so it doesn’t have to wait for the server’s response (only the server can deal damage, the raycast is to make it seem more responsive because bullet holes are generated), and the server does it’s own raycast to deal damage. Both raycasts are fired from the “head” (camera on the client, the head of their character on the server) but the effects for the gun originate at the gun’s muzzle(eg; muzzle flash, physical, visible bullets).
The problem is, the camera of the player may not be in the exact same place as the head of the character. While you could say “well, why don’t you just send the position of the camera in the remote event?”, that would be very easily exploitable. Another thing you could say is “why don’t you just let the client handle damage?”, again very exploitable.
So, I want the input of developers experienced in making FPS games: has this affected your game? How have you worked around it? Have you concluded it isn’t that big of a problem?