Networking + Security

We're security nuts, and it's not just because we read "Ethereum is a Dark Forest". Our team's expertise is in building secure blockchain protocols and authoritative multiplayer games. We're no strangers to bad actors, and Hangman has been built from the ground up with an aggressive security model. At all times, we assume clients are compromised and hostile.

Protocol Security

The on-chain Spyre Protocol provides a robust and secure starting point. One key point: it isn't fancy. We follow best practices and existing standards, rather than inventing our own.

Client/Server Oracle Model

All off-chain activity is conducted through the Hangman server, and is heavily validated. Any mutation to player data is handled through server-authoritative endpoints. Matchmaking itself is completely obscured from the client (meaning that bad actors cannot join matches they are not "supposed to be in").

Additionally, we run the "authoritative hangman simulation" on our servers. Match results are submitted to the blockchain by our server, acting as an Oracle.

For much more detail, see our article Fair Matches in Web3.

Verification and Submission

Once both players finish a match, the server has a complete snapshot of the game. It knows what letters each player submitted, when they submitted them, scores, boost usage, and more. With this information, it is able to calculate a definitive winner.

Summary

In summary:

• Match simulations run on the server.

• Clients are never given the word.

• Clients do not determine their own scores.

• Latency is handled by simulation fast-forwarding.

• Fast-forwarding cannot provide an advantage.

• Clients do not submit match information to the blockchain: the authoritative Oracle does.