Is it safe to trust a client's tick count for client prediction / reconciliation?

In my current implementation, when a client moves, its local position (after applying the movement) is immediately saved to a circular buffer and the request (consisting of the inputs and the local tick count) is sent to the server via an RPC. The local tick is incremented by 1 once per NetworkSystem.Tick.

The server then calculates the position of the client for that tick and sends the authoritative position and the tick number it received from the client back to the client. The client then checks if the position written to earlier in the circular buffer (indexed by the tick number) matches and moves the client's local position if it doesn't.

In this system I need to trust the inputs (easily sanitised) and the tick number sent by the client. As far as I can tell, the worst that a malicious client who can modify the tick being sent would be:

1.) Buffer a series of valid inputs
2.) Repeat a tick value in order to achieve a freecam - like effect

Am I missing something? Is this safe to do? The tick is essentially the index at which the local position is stored in the array so I'm not sure that it's bad but I wanted a more experienced opinion.

I was considering having a server-side variable track the number of movement requests that come in (incrementing each time it enters the RPC) to send back as the index, but this would result in reconciling legitimate movements in the case of out of order packets.

Thanks!