This article Hash ( SHA1 ): bd9ca749e77416b81d65fff2457626ecfdaf59e2
No.: Lianyuan Security Knowledge No.022
The recent domestic 3A game Black Myth: Wukong has attracted the attention of gamers around the world, successfully attracted a large number of domestic and foreign players, and also triggered everyones thinking about the development of blockchain games (GameFi). In the continued development of Web3 games, security and innovation models are always key issues. Take the EVM-compatible game-specific chain Ronin Network as an example. In March 2022, Ronin Network experienced a serious security incident. Hackers stole the private keys of 5 validators and forged withdrawals, resulting in a loss of more than 600 million US dollars. This incident is not only one of the largest hacker attacks in the history of cryptocurrency, but also one of the most serious security incidents in the field of chain games. By carefully examining such security risks, Web3 games need to continuously improve technical protection measures to ensure the security of players assets and the stability of the overall game ecology.
Reflection on GameFi’s development triggered by Black Wukong
Improve the overall quality of the gaming experience
The success of Black Myth: Wukong is not only due to its cultural background, but also because of its excellent visual effects and smooth gaming experience. For the GameFi project to achieve similar success, it must ensure that the game is interesting and attractive, which requires developers to dig deep into the gameplay, not just hype the technology. Providing the same high-quality experience in a decentralized environment is one of the core challenges facing blockchain games. By optimizing smart contracts, improving the processing power of blockchains, and reducing transaction costs, it is possible to ensure that players are not affected by technical limitations, thereby improving the gaming experience.
Building a sustainable economic system
Although GameFi usually relies on the Play-to-Earn model, over-reliance on this strategy may lead to unsustainable economic systems. The design concept of Black Myth: Wukong provides inspiration for blockchain games - complex and diverse economic models can be adopted, and reward systems can be introduced based on player contributions to ensure the stability of economic parameters. Tokens should not be the fundamental driving force of the game, but should be regarded as one of the value-added services. Over-reliance on the value of tokens will put the game into a vicious cycle.
Strengthen community and user engagement
There is a passionate player community behind Black Myth: Wukong. This community power is one of the important factors for the success of the game, which is also a key factor for the success of blockchain games. Blockchain game developers should pay attention to community building, empower players through DAO and other forms, and improve user stickiness. However, the basis of all this is that the quality of the game is attractive enough and worthy of players long-term investment. Many teams only pursue short-term gains and lack the courage to invest in the long term, so it is difficult to achieve legendary success.
Enhance players sense of belonging and creativity
In Black Myth: Wukong, the game characters and stories are controlled by the developers; in blockchain games, players can truly own in-game assets through NFTs and smart contracts. This setting can enhance players’ sense of belonging and creativity and create a more attractive ecosystem.
The intrinsic value and challenges of blockchain games
The main problem with blockchain games is that they rely too much on tokenization and ignore gameplay. Development teams should learn to find a balance between risk and reward. As a pastime, games should prioritize entertainment over economic gain. Although blockchain games solve some of the drawbacks of traditional games by going on-chain, such as asset ownership, liquidity, and asset interoperability, and improve transparency and fairness, many blockchain games simply implant token economies into traditional games. The case of Black Wukong reminds us that we must deeply combine game design with blockchain technology to create new Black Myths, drive the industry forward, and meet the markets growing demand for high-quality content. For example, we can explore innovations such as blockchain-based cross-game asset interoperability, decentralized game world generation, and player-independent economic systems.
GameFis new model: ServerFi
On August 12 this year, a paper allegedly published by a Yale University professor first proposed the concept of ServerFi, stating that it emphasizes privatization through asset synthesis and focuses on a model that provides continuous rewards to high-retention players. Studies have shown that ServerFi is effective in maintaining player engagement and ensuring the long-term viability of the gaming ecosystem. The core of ServerFi focuses on the following three aspects:
1. Number of gamers: This is the premise for the establishment of ServerFi. Insufficient number of players will limit the interaction between players and the creation of assets, which is one of the main challenges faced by both ServerFi and traditional GameFi.
2. Server value: It is the core of ServerFi operation. Through the improvement of the in-game economic system, the server accumulates quantifiable value and links with the legal currency system. This value formation and monetization is the key to the continuous power of the ServerFi model.
3. Contribution-return ratio: As an adjustable parameter, it changes the fixed income setting in traditional games. ServerFi builds players, servers and project parties into a community of interests, thereby motivating the investment and maintenance of all participants.
GameFi on-chain and off-chain security issues
The essence of games is entertainment. Traditional web2 games are very different from web3 games, because GameFi will not only provide players with token incentives, but also give players ownership of game assets, creating game projects with the characteristics of crypto economy and decentralization. However, the current blockchain game market is mixed, and it is difficult to distinguish between true and false. There are endless tricks and many pitfalls. GameFi is facing many security vulnerabilities and hacker attacks in its development. These threats not only pose a serious threat to the security of users assets, but also have a serious negative impact on the healthy development of the entire GameFi ecosystem.
On-chain security challenges include:
Token contract vulnerability
GameFi projects typically use one or more tokens for in-game purchases and rewards. The token contract is responsible for managing the minting, trading, and destruction of tokens. If there are vulnerabilities, it may seriously affect the game economy. Token contracts often face centralization risks. Contract owners or administrators have too much authority and may modify transaction fees, restrict transactions, issue additional tokens, or adjust account balances.
Business contract loopholes
The business contracts in the GameFi project are responsible for implementing the gameplay and reward distribution. Developers usually design them as upgradeable contracts. The ChainSource security teams security recommendations for upgradeable contracts include:
Initialize contracts and dependencies: Forgetting to initialize them at deployment time can lead to serious vulnerabilities.
Be aware of storage conflicts: When upgrading a contract, modifying storage may cause conflicts, leading to data errors or fund losses.
Permission control: Limit the contract upgrade permissions to prevent attackers from obtaining upgrade permissions through private key theft or governance attacks.
NFT Vulnerabilities
NFTs are used in GameFi to represent player assets, and their value is guaranteed by quantity and rarity. Improper implementation may bring security risks, especially randomness generation. GameFi projects should use reliable information sources, such as blind boxes and random reward activities, to reduce prediction and manipulation risks. In addition, project parties should securely store NFT metadata and IPFS hash values to prevent metadata from being leaked in advance. Operators need to carefully distinguish between ERC-1155 and ERC-721 tokens. ERC-1155 supports batch transfers, while ERC-721 requires multiple transfers. Previously, TreasureDAO on the Arbitrum chain was attacked for not distinguishing between the two tokens.
Cross-chain bridge vulnerability
The cross-chain bridge is used to synchronize game assets between different blockchain networks and is an important component to improve the liquidity of the GameFi project. The danger lies in the fact that contract loopholes may cause assets to be out of sync on the connected chains. The cross-chain bridge verification node is also a potential risk. It is recommended to add verification nodes and store private keys securely.
Off-chain security challenges include:
Most GameFi projects rely on off-chain centralized servers to handle some backend logic and interfaces. These servers store critical information, including game logic and player account data, and are vulnerable to malicious attacks. For example:
Tampering with NFT data
The metadata of game NFTs is critical, but many GameFi projects tend to store them on centralized servers rather than decentralized facilities like Arweave, which increases the risk of internal or external attackers tampering with the data and affecting the ownership and interests of players assets.
Phishing Attacks
Attackers use phishing to obtain sensitive information from project owners, such as private keys to game vaults or GitHub accounts, which may trigger supply chain attacks, expand the scale of attacks, and cause more losses.
Conclusion
The road to shaping the future of Web3 games is full of opportunities and challenges. Through some new technological developments, we see new hope in maintaining fairness, security, and innovation in games, and we have also learned valuable lessons from successful cases such as Black Myth: Wukong: high-quality content and excellent gaming experience are still the core of attracting players. However, game developers must be vigilant about potential security threats, especially in the implementation of on-chain and off-chain technologies. By strengthening technical protection, improving the sustainability of economic models, and promoting broader community participation in the industry, Web3 games are expected to achieve stronger growth and deeper player connections in the future, ultimately driving the positive development of the entire GameFi industry.
Lianyuan Technology is a company focused on blockchain security. Our core work includes blockchain security research, on-chain data analysis, and asset and contract vulnerability rescue. We have successfully recovered many stolen digital assets for individuals and institutions. At the same time, we are committed to providing project security analysis reports, on-chain traceability, and technical consulting/support services to industry organizations.
Thank you for your reading. We will continue to focus on and share blockchain security content.