You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Creating anti-cheat checks for a server, we realized something curious.
Although the MTA wiki indicates that the vest that can be placed on a player is from 0-100, this is not real, you can set the number you want (example 1000) from the clientside, from the serverside this is not possible.
Testing this problem, I reached several conclusions.
The clientside part is currently vulnerable to this problem, you can set setPedArmor values outside the range indicated by the wiki. Therefore, a cheater can use this function to set values higher than those allowed.
The Server and the Clientside will be out of sync. In the sense that if on the Clientside my armor is 1000 on the server it will be reflected as 127.5 with the getPedArmor function. This also happens with the setElementHealth but it reaches a maximum of 255.
Armor and life are actually usable, when a person is hurt, the damage of the armor placed on the client side will be reduced. If you shoot him with 1000 armor from a distance, it will leave him with 9990.
Note:
MTA does a check only on life every 30-60 seconds and this returns to the real maximum. This does not happen with armor
It is not possible to do this in Health, however when a cheater uses the menu he can edit the Health.
Steps to reproduce
In clientside use setPedArmor
Version
Client: Multi Theft Auto v1.6-release-22763
Additional context
Relevant log output
No response
Security Policy
I have read and understood the Security Policy and this issue is not security related.
The text was updated successfully, but these errors were encountered:
Describe the bug
Creating anti-cheat checks for a server, we realized something curious.
Although the MTA wiki indicates that the vest that can be placed on a player is from 0-100, this is not real, you can set the number you want (example 1000) from the clientside, from the serverside this is not possible.
Testing this problem, I reached several conclusions.
Note:
Steps to reproduce
Version
Client: Multi Theft Auto v1.6-release-22763
Additional context
Relevant log output
No response
Security Policy
The text was updated successfully, but these errors were encountered: