like this current exploit is so egregiously stupid i don’t even know how it is even possible outside of vetex just not using best practices in his code.
fyi the ONLY way other users would be able to steal items is if the trading system only authenticated trades on the client. simply using the server to authenticate trades (making sure both parties accept) would be sufficient to solve this entire problem since then we let filtering enabled do its magic.
Suggestion out of suggestions 
Another suggestion out of suggestions
are you getting paid for this? are you moderators? what’s the point of saying this? just report and ignore instead of making dumbass comments
Another suggestion outside of suggestions
Suggestion out of suggestions
Mods crush his skull thank you
I’m not sure what the point of this thread is. They’re aware of the exploit. Why not use one of the existing threads about it to guess at what’s wrong?
Some people speak for attention, so even when they have nothing useful to say, they’ll find an excuse to post anything.
Why would I snitch when I can just annoy?
Aside from the suggestion out of suggestions, this is actually a really good idea.
Having trades be client-sided makes no sense whatsoever and feels like cutting corners. I don’t know a thing about coding though, so it might be easier to make it server sided. In which case, there’s no reason for it not to be.
How do you know it’s not server sided?
because if it was server sided the server would know that the player who’s items are getting stolen didnt accept the trade
If they were able to tamper with things server-side, forget having trades accepted for you, we’d all be without any items, waking up back at Dawn Island, or looking at a whole lot of empty character slots (or just three).
If I had to guess with zero experience in this sort of thing and zero idea what the code looks like, the way this one works is the client sends messages to the server when hitting accept, containing what the trade is for. So, the exploiter sends a message to the server saying “hey, I have accepted victim’s trade of everything they have for my absolutely nothing)”, trade goes through, hence the trade accepted message. In this guess, the trades themselves aren’t stored server-side, relying on and trusting the client to keep track of the trade.
Because if it was then you couldn’t manipulate trades from the client
ok rb2