setPedArmor and setElementHealth synchronization problems from Client to Server

[bastianmarin]

Describe the bug

Creating anti-cheat checks for a server, we realized something curious.

Although the MTA wiki indicates that the vest that can be placed on a player is from 0-100, this is not real, you can set the number you want (example 1000) from the clientside, from the serverside this is not possible.

Testing this problem, I reached several conclusions.

• The clientside part is currently vulnerable to this problem, you can set setPedArmor values ​​outside the range indicated by the wiki. Therefore, a cheater can use this function to set values ​​higher than those allowed.
• The Server and the Clientside will be out of sync. In the sense that if on the Clientside my armor is 1000 on the server it will be reflected as 127.5 with the getPedArmor function. This also happens with the setElementHealth but it reaches a maximum of 255.
• Armor and life are actually usable, when a person is hurt, the damage of the armor placed on the client side will be reduced. If you shoot him with 1000 armor from a distance, it will leave him with 9990.

Note:

• MTA does a check only on life every 30-60 seconds and this returns to the real maximum. This does not happen with armor
• It is not possible to do this in Health, however when a cheater uses the menu he can edit the Health.

Steps to reproduce

1. In clientside use setPedArmor

Version

Client: Multi Theft Auto v1.6-release-22763

Additional context

Relevant log output

No response

Security Policy

• I have read and understood the Security Policy and this issue is not security related.