question

Claudio Grassi avatar image
Claudio Grassi asked

Question about granting VirtualCurrency in a unity mobile game app.

My game relies on scoring points(how original) during a match. those points are then the amount of Virtual Currency that I reward my player with. to do soI am calling a cloudscript function to AddVirtualCurrency(or AddUserVirtualCurrency..whichever the syntax is) and this works fine. My question though is in regards to the fact that I have to pass a "score" variable that defines the amount of VC to give the user. I do so from unity. is there a way to exploit this? How could I make it more secure, short of having to log each point through an api call and then having the server deal with it?

support
10 |1200

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

brendan avatar image
brendan answered

Yes, a hacker can quite easily make the call to ExecuteCloudScript with any values they want. How you check the values is going to be somewhat game-specific, but checking the time since the last reported scores and the totals against what you believe is reasonable would be a good start. You'll also want to check player totals over time and if you see things that look like unusually fast progression, re-evaluate how you're checking for cheating.

10 |1200

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Claudio Grassi avatar image
Claudio Grassi answered

so the solution is "write your own cheat anti-cheat code"?

10 |1200

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Write an Answer

Hint: Notify or tag a user in this post by typing @username.

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.