There are some improvements which can be made here, in order to further protect it from exploits. For instance, the server now immediately runs a simulation step when the user sends input. One only needs to send input at a faster rate in order to exploit this system.
We can modify our server to process input at a fixed rate, perhaps via a queue of move commands which are processed one at a time in
FixedUpdate. Care needs to be taken to ensure that the server doesn't fall behind when processing user input.
The server could also keep track of the last processed input message, and when a new message is received the server compares the timestamps, discarding the new message if the timestamps are too close together. This could also be ...