Roll20-cheat-dice (2025)

: A non-technical "cheat" involves temporarily inflating ability scores or modifiers on a character sheet before rolling, then quickly reverting them before the Game Master (GM) notices. Known Tools and Scripts

: A showcase repository illustrating how to hijack WebSocket objects to modify client-side dice results. roll20-cheat-dice

While Roll20 uses a "Quantum Roll" system to generate random numbers server-side, vulnerabilities often stem from how these results are communicated to and from the player's client. : Some exploits allow players to "throw away"

: Some exploits allow players to "throw away" unfavorable rolls before they are finalized. Since the client reports the final result to the game log, a player can repeatedly roll until a desired number is generated, then only permit that specific packet to reach the server. Detection and Mitigation for GMs : GMs should

: While primarily used for automation, some scripts are designed to track and average player rolls to identify statistically improbable "hot streaks" that might indicate cheating. Detection and Mitigation for GMs

: GMs should hover their mouse over any suspicious roll in the chat window. This reveals the formula breakdown , showing the actual raw die roll and every modifier applied.

This report examines technical vulnerabilities and common exploits associated with "roll20-cheat-dice," specifically focusing on client-side manipulation of the Roll20 virtual tabletop platform. Overview of Exploits