♠️
RACE Protocol
NFT PresaleDiscord
  • ❤️Official Docs & Links
  • ⏳Progress Overview
  • RACE Protocol
    • 🏗️System Architecture
      • Components
      • On-chain Accounts
      • Synchronization
      • Randomization
      • Payment
    • 🎲Game Development
      • Game Handler
      • Effect
      • Event Handling
      • Race API
        • Arweave Integration
      • Race JS SDK
        • Installation and Setup
        • Key Components
          • AppClient
          • SubClient
          • Events
          • Game Context
          • Decryption Cache
        • Advanced Features
          • Getting Revealed Knowledge
          • Exiting and Detaching
          • Submitting Messages
          • Sub-game Interaction
        • Best Practices
        • API Reference
        • Troubleshooting
    • 🧪Testing
      • Race Test Kit
      • Unit Testing
      • Integration Testing
      • Additional Considerations
    • 🧱Modules & Features
      • Encryption Methods
      • Command-line Tools
      • Configuration Options
      • Blockchain Transport Implementations
    • 📃Smart Contract
      • Solana Program
    • 🔦Examples and Use Cases
      • Draw Card Game
      • Raffle Game
      • Other Examples
  • RACE Games
    • ♠️RACE Poker app
      • 🎮Start playing in minutes
        • 💰Cash and sit-n-go
        • 🏆Tournaments
      • 🎨Workshop
        • 🏆Create cash games
        • 🏨Create tourneys
      • 💡Concept introduction
      • 🏗️System architecture
      • 👾Game Flow
      • 🎲Cards shuffling
      • ☎️Communication
      • 🔐Key sharing/decryption
      • 💱Cash flow structure
    • ⚡Solfast
      • 🎲Game modes
  • RACE RESEARCH
    • 👾No-Code Development
      • Brainstorming
      • Implementation Approach
      • Project Status
    • 0️⃣Zero-Knowledge Proofs
      • Brainstorming
      • Integration steps
        • Verifiable Randomness Generation
        • Private Game State Updates
        • Verifiable Settlements
        • Private Player Actions
      • Project Status
    • 🛡️Security Audit Report
      • Executive summary
        • Introduction to Race Protocol
        • Audit Methodology
      • Findings
        • Smart Contract Security
        • WebAssembly Security
        • Client-side Security (Race SDK)
        • Server-side Security
        • Randomization and Encryption
        • On-chain Account Management
        • Synchronization Mechanisms
        • Payment Handling
      • Recommendations
      • Conclusion
  • RACE DAO
    • 😎About
    • 🫂Community
    • 🖼️NFT Collection [!]
Powered by GitBook
On this page
  1. RACE RESEARCH
  2. Security Audit Report
  3. Executive summary

Introduction to Race Protocol

Race Protocol is a multi-chain infrastructure designed to facilitate the development and deployment of secure and fair web3 games, particularly asymmetric competitive games. It offers developers a comprehensive set of tools and features, including on-chain account management, P2P randomization, encrypted communication, and transparent token settlements. These functionalities aim to simplify web3 game development while ensuring fairness and security for players.

This security audit was conducted to assess the overall security posture of Race Protocol and identify any potential vulnerabilities within its smart contracts, WebAssembly components, client-side SDK, and server-side implementations. The audit focused on evaluating the following aspects:

  • Smart Contract Security: The audit reviewed the smart contract code for vulnerabilities such as reentrancy, access control issues, and logic errors. The use of best practices for smart contract development was also assessed.

  • WebAssembly Security: The audit analyzed the WASM game bundles for potential vulnerabilities like memory safety issues or malicious code injection. The security of the WASM runtime environment and its isolation from the client application were also evaluated.

  • Client-side Security: The audit assessed the security of the Race SDK, its interaction with the Transactor server, and the handling of sensitive information and secret keys on the client side.

  • Server-side Security: The audit reviewed the Transactor and validator server implementations for potential vulnerabilities, such as insecure communication or data handling practices. The security of the P2P randomization process and server-side security measures were also evaluated.

  • Randomization and Encryption: The audit assessed the security of the mental poker algorithm implementation and the strength of the encryption methods used for communication and data protection.

  • On-chain Account Management: The audit reviewed the security of on-chain account creation, access control, and management processes for game accounts, game bundle accounts, player profiles, and registration accounts.

  • Synchronization Mechanisms: The audit evaluated the effectiveness of the access and settle versions in ensuring consistent game state synchronization across different nodes and the event-driven architecture's ability to handle asynchronous updates and network delays.

  • Payment Handling: The audit assessed the security and transparency of the recipient account mechanism for managing complex payments and the claiming process for receivers.

The audit employed a combination of manual code review, automated vulnerability scanning, and penetration testing techniques. The scope of the audit covered the core Race Protocol components, including the smart contracts, WASM game bundles, Race SDK, and server implementations.

The audit identified several potential vulnerabilities and areas for improvement within the Race Protocol ecosystem. These findings, along with detailed recommendations for addressing them, are presented in the full audit report.

PreviousExecutive summaryNextAudit Methodology

Last updated 1 year ago

🛡️