Critical login happen at client machine is how fps games work at all. It's way too late to judge every hit on server due to the latency. A 40ms latency is 3 frame lag even on a 60fps monitor. And It can be a lot worse in a lot of cases. The server may detect some hit that is too far off and impossible. But it have to trust what client says as long as it is on some reasonable range or the game won't even work.
And that reasonable range isn't that small. It is enough to make every bullet that was supposed to shoot on air shoot on the enemies' heads.
Did you mean to post that to a different subthread?
I'm familiar with FPS networking, however I'm talking about a trend where a customer-machine is designated to act as a game-server, so that the company can avoid paying to host one in a dedicated but more-secure fashion.
If that machines happens to be the attacker's, then their scope for chicanery is so much greater than just wallhacks or aimbots.
For example, they might temporarily or permanently grant everyone equipment that is otherwise locked behind some grind-wall, where the company hopes to make money selling a "level boost". While not totally malicious, it's definitely a "hack" the company will oppose.
And that reasonable range isn't that small. It is enough to make every bullet that was supposed to shoot on air shoot on the enemies' heads.