Closed NexiusTailer closed 1 year ago
TBH even the fact that a player can call server death by knife from himself not a critical thing in general, but if the server has death or damage list then all others may constantly see something like "Player1 damaged / killed Player1 by a knife" which is pretty hilarious while any other weapons are properly validated from this.
These checks prevent attempting to call server death by knifing yourself or attempting to abuse resync on yourself. Such checks are not relevant for any other damage reasons because of stream checks which used there (1, 2) and thus returned false if playerid and damagedid/issuerid was passed the same, but not in knife case as it processes first and only checks the distance between two players (and they have passed if two players are actually the same). Now it also consider an obviously spoofed data when the player sends issuerid or damagedid equal to his ID.
Cases of fake sending OnPlayerTakeDamage with INVALID_PLAYER_ID as issuerid are still a thing (as this could be called without any cheats, judging by the initial checks for it in the script which existed for years). Anyway, this won't lead to fake calling serverside death, but only resync will be applied in this case.