I have no idea what vulnerabilities exist in Vetex’s code that allows client sided exploits to be able to steal items. I seriously don’t know type of trade confirmation system Vetex has in place. Maybe the recipient (the one being sent the trade) fires a confirmation RemoteEvent. If that was the case, how can the exploiter (the one who sent the trade) pretend to be the recepient?
1 Like
This is not really a vetex problem since it’s Byfron that got bypassed. Byfron is the exploit measure that’s put in place by roblox
it wouldnt really be an issue if byfron did its job but anyway its not like i know what im talking about
although i dont think vetex has any idea why exploiters can steal items either
Supposed explanation of the exploit:
Exploiters duping items:
Exploiters obtaining dev permissions:
Inventory stealing was confirmed:
(These are all from the galleon server)
Each time someone sends a trade it sends a remote event with the data and stuff of the player that sent it. All the exploiter has to do is run a trade function but with the players username and items as the parameters. Then they just hit accept to the trade they were just “sent” and items stolen.
Honestly, find it kind of sad the lengths people will go to cheat and ruin the fun of others on a silly little lego game
yea why would anyone do this
I risked my life once, I was in a exploiter server
Hmm… I can see Vetex disabling the ability to look into the other players’ inventories in trading to prevent this while looking for a fix or prevention for this exploit. (or keep this permanent if it cant be fixed).
I know another game that does this, where you can only add the items in your inventory, and you actually cant look at the other person’s inventory that you’re trading with. So you have to pretty much ask or contact someone if they have what you want. (More social interactions ig 
)
This does have a downside in not being able to see or report anyone with suspicious items (like dupes if that still exists), but eh. Maybe mods can keep it.
so it could be solved just by an if function checking whoever’s inventory the item is in?
Like say it checks if the item is actually in the inventory of the player supposedly assigned on the receiving end, essentially stopping the game from firing the trade event
who the heck would make such a despicable exploiting tool 
What about adding the auction house
Oh shit…
Thats… kinda a scary thought actually
Auction house and regular tradin should be separate since both are convenient in different ways
im a little confused on this part because i dont see how this affects things
wait, is it the recepient or the exploiter
ngl your wording feels a little weird
The way I interpret it is like
If the exploiter is A and the victim is B
Both players is assigned a role in a trade but somehow the script manipulated the trade to have A as both the guy who sent the trade and the one receiving it yet keeping the items variables the same
Idk this seems somewhat difficult to pull off but I’m not an expert in LUA
this is possible and if this is true, i have no idea how the fuck vetex didn’t check who owns the items (variables)
People shit all over YandereDev for mountains of if function but I’d reckon one might just save AO
These exploits reminded me of this trade (old image)
We are so rich with this 