Recently, I saw in my game that some exploiters are simply making coins by exploiting, and I would like to know if this could be an easy way for exploiters to make the coins?
If so, will the solution to this problem be a table in the server script in which the player’s coins will be stored and can the exploiters change it?
local DataService = game:GetService("DataStoreService"):GetDataStore("MoneyStore")
Table = {}
game.Players.PlayerAdded:Connect(function(plr)
if Table[plr]==nil then
Table[plr]={}
local Money=0
local Data = DataService:GetAsync(plr.UserId)
if Data ~= nil then
Money=Data
end
Table[plr].Money=Money
end
end)
game.Players.PlayerRemoving:Connect(function(plr)
if Table[plr]~=nil then
DataService:SetAsync(plr.UserId,Table[plr].Money)
Table[plr]=nil
end
end)
--I know DataStoreService is not good that DataStoreService2, this is just a test
The only way for an exploiter to manipulate something on the server is due to a flawed RemoteEvent – for example, sometimes players may handle the purchasing of a car on the client. The client would then tell the server what the client’d purchased and what to subtract.
-- LocalScript
-- after car purchase
Car_Purchase:FireServer("CAR_1", 500) -- pshhh hey server bro, player purchased a car
-- Server Script
-- upon receiving the request
plr.Money = plr.Money - price -- eyyy ok bro here you go
-- <spawns car>
This is very vulnerable to an exploit, as all they’d have to do is call the remote, enter what car they want and enter a negative number, negating the subtract (2 - (-2) = 4)
Car_Purchase:FireServer("CAR_SPECIAL1", -9999999)
What need’s to be done is for the server to handle this, instead of the client telling what the server to do.
-- LocalScript
Car_Purchase:FireServer("CAR_SPECIAL1") -- pshhh hey bro, plr wants this cool car
-- Server Script
local CarPrices = {
["CAR1"] = 50,
["CAR_SPECIAL1"] = 500
}
-- yo lemme chk if they can even afford it
local CarCost = CarPrices[CarWanted]
if CarCost ~= nil and plr.Money - CarCost >= 0 then
plr.Money = plr.Money - CarCost
-- <spawns car> ok they could afford it, tell them i said enjoy!
However, if the client has no input on this, then there’s no need to worry about it as the server (should be) handling it.
If an exploiter changes the value of the Money NumberValue, it won’t replicate to the server (i.e. it only changes for the exploiter, no one else can see it).
The only thing that storing the money in a table within a server script would change is that an exploiter would now be unable to view the money at all.
Like said above, an insecure RemoteEvent is what’s causing coins to be exploited in.
