Hello I am trying to create a way to compensate for lag for ability cooldowns in my multiplayer project by reading the time when the client used the ability and then fast forward it on the server. Now I know that you should not trust any data from the client but I need to know I was wondering if a graph such as this would be susceptible to client hacking if I use get server world time?
Anti-Cheat solutions exist for the very reason that worrying about this minute vulnerability vector will slow your game development down to a crawl.
There will be no players to do the cheating if the game is not finished.
In this case it should be pretty straight forward to do a minimum amount of sanity checking/validation for the the time received via RPC parameter. In this case you could compare it against the server’s own GetServerWorldTimeSeconds and allow for it to differ by RoundTripTime * (0.5f + some constant) + another constant before you just drop/ignore the call. Choose or omit the constants however you like but keep in mind they are intended to catch sudden differences in RoundTripTime.
1 Like
Everything is susceptible to hacking. Blizzard, Valve, and Epic are $ billion dollar corporations and people still find ways to cheat at their games.
GameState::GetServerWorldTimeSeconds() is a network synced clock time. The server updates this value every 5 seconds to keep clients synced with a universal world time. Yet, clients values can differ greatly depending on their ping/jitter at the time of update. So it’s never truly accurate. Mainly an approximation.
I wouldn’t worry about time discrepancy on cool downs. If coded so the server maintains authority it won’t matter what the client does or doesn’t do.
Clients are always ahead of the server in respect to movement, location, actions etc. Inputs for an update interval are bundled and sent together. Meaning our clients execute them locally first (client-side prediction), then send bundled to the server.
Updates sent to the server are timestamped. Each input is timestamped. Packet headers have timestamps as well.
1 Like
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.