Networking + Security

We're security nuts, and it's not just because we read "Ethereum is a Dark Forest". Our team's expertise is in building secure blockchain protocols and authoritative multiplayer games. We're no strangers to bad actors, and Hangman has been built from the ground up with an aggressive security model. At all times, we assume clients are compromised and hostile.

Protocol Security

The on-chain Spyre Protocol provides a robust and secure starting point. One key point: it isn't fancy. We follow best practices and existing standards, rather than inventing our own.

Client/Server Oracle Model

All off-chain activity is conducted through the Hangman server, and is heavily validated. Any mutation to player data is handled through server-authoritative endpoints. Matchmaking itself is completely obscured from the client (meaning that bad actors cannot join matches they are not "supposed to be in").

Additionally, we run the "authoritative hangman simulation" on our servers. Match results are submitted to the blockchain by our server, acting as an Oracle.

For much more detail, see our article Fair Matches in Web3.

Verification and Submission

Once both players finish a match, the server has a complete snapshot of the game. It knows what letters each player submitted, when they submitted them, scores, boost usage, and more. With this information, it is able to calculate a definitive winner. It pulls the signed EIP712 stakes from the database and submits them, along with the winner, to the blockchain, using the Spyre Protocol.

The Spyre Protocol heavily validates these stakes as well, before finally awarding funds.

Summary

In summary:

  • Match simulations run on the server.

  • Clients are never given the word.

  • Clients do not determine their own scores.

  • Latency is handled by simulation fast-forwarding.

  • Fast-forwarding cannot provide an advantage.

  • Clients do not submit match information to the blockchain: the authoritative Oracle does.

  • The Spyre Protocol applies additional validation upon match results submission.

Last updated