fxScratchCards [FREE] [ESX] [QB]

FiveM Releases
, , ,
1

fxscratchcards_thumbnail
fxscratchcards_thumbnail1920×1080 92.3 KB

|Preview|
Preview

If you are using QBCORE add this in your qb-core/shared/items.lua:

[‘fx_scratchcard’] = {[‘name’] = ‘fx_scratchcard’, [‘label’] = ‘Scratch Card’, [‘weight’] = 0, [‘type’] = ‘item’, [‘image’] = ‘fx_scratchcard.png’, [‘unique’] = false, [‘useable’] = true, [‘shouldClose’] = true, [‘combinable’] = nil, [‘description’] = ‘A scratch card.’},

If you are using ESX add this to your database:

INSERT INTO items (name, label) VALUES
(‘fx_scratchcard’,‘Scratch Card’)
;

|Version 1.2 Update|

  • Animation when using the scratch card.
  • Resolved an issue where the cursor would get stuck on the screen.
  • The resource name is now changeable.
  • Fixed vulnerability issue by handling all sensitive operations on the server side.

|Version 1.1 Update|

  • Fixed vulnerability issue allowing exploitation via NUI devtools or direct event triggering.
  • Added token system to prevent unauthorized event triggering.

|Download (FREE)|
Get this resource at Tebex or at Github

17 Likes
2

really nice work bro

1 Like
3

thank you for share, i’ll use this on my servers <3

1 Like
4

Cool script but I noticed few vurnabilities for example you can trigger this on nui devtools or just trigger the event with executor.
$.post('https://fx_scratchcards/giveMoney', JSON.stringify({ price: 999999999}));
TriggerServerEvent('fx_scratchcard:server:AddMoney', 999999999)

1 Like
5

Hello, thank you for your feedback! You are absolutely right about the vulnerabilities. I appreciate you pointing them out. I will fix the issue shortly.

1 Like
6

thanks ! nice script brother !

1 Like
7

Nice, but when i use it, after scratch, my mouse stuck in the screen… and i need to restart the script

8

The fix you did isn’t a proper fix, clients can still intercept the token and send the max amount.

Also if the client stops the fx_scratchcard:server:Closed event they can spam reuse their token.

The best solution here would to determine beforehand on the server the amount of money the given scratch slot should give and they just send the event to the client with the prices in each slot. Then you can keep track of a slot has actually given money and refuse to give them more money on slot reuse.

Most of these changes are probably doable on the server itself since you already make the prices array on the client, you would just need to send it via the message instead.

9

Thanks for the feedback. I realized my mistake and will fix it later.

10

I will look into it. Have you changed the name of the resource?

11

Hello i have try to changed to the original name of the resource and have the same issue :frowning:

12

Hello, are you getting any errors either in the f8 console or in txadmin. Also does your mouse get stuck on the screen after scratching or when closing the scratch card?

13

Hello, no errors :S