♠️
RACE Protocol
NFT PresaleDiscord
  • ❤️Official Docs & Links
  • ⏳Progress Overview
  • RACE Protocol
    • 🏗️System Architecture
      • Components
      • On-chain Accounts
      • Synchronization
      • Randomization
      • Payment
    • 🎲Game Development
      • Game Handler
      • Effect
      • Event Handling
      • Race API
        • Arweave Integration
      • Race JS SDK
        • Installation and Setup
        • Key Components
          • AppClient
          • SubClient
          • Events
          • Game Context
          • Decryption Cache
        • Advanced Features
          • Getting Revealed Knowledge
          • Exiting and Detaching
          • Submitting Messages
          • Sub-game Interaction
        • Best Practices
        • API Reference
        • Troubleshooting
    • 🧪Testing
      • Race Test Kit
      • Unit Testing
      • Integration Testing
      • Additional Considerations
    • 🧱Modules & Features
      • Encryption Methods
      • Command-line Tools
      • Configuration Options
      • Blockchain Transport Implementations
    • 📃Smart Contract
      • Solana Program
    • 🔦Examples and Use Cases
      • Draw Card Game
      • Raffle Game
      • Other Examples
  • RACE Games
    • ♠️RACE Poker app
      • 🎮Start playing in minutes
        • 💰Cash and sit-n-go
        • 🏆Tournaments
      • 🎨Workshop
        • 🏆Create cash games
        • 🏨Create tourneys
      • 💡Concept introduction
      • 🏗️System architecture
      • 👾Game Flow
      • 🎲Cards shuffling
      • ☎️Communication
      • 🔐Key sharing/decryption
      • 💱Cash flow structure
    • ⚡Solfast
      • 🎲Game modes
  • RACE RESEARCH
    • 👾No-Code Development
      • Brainstorming
      • Implementation Approach
      • Project Status
    • 0️⃣Zero-Knowledge Proofs
      • Brainstorming
      • Integration steps
        • Verifiable Randomness Generation
        • Private Game State Updates
        • Verifiable Settlements
        • Private Player Actions
      • Project Status
    • 🛡️Security Audit Report
      • Executive summary
        • Introduction to Race Protocol
        • Audit Methodology
      • Findings
        • Smart Contract Security
        • WebAssembly Security
        • Client-side Security (Race SDK)
        • Server-side Security
        • Randomization and Encryption
        • On-chain Account Management
        • Synchronization Mechanisms
        • Payment Handling
      • Recommendations
      • Conclusion
  • RACE DAO
    • 😎About
    • 🫂Community
    • 🖼️NFT Collection [!]
Powered by GitBook
On this page
  1. RACE RESEARCH
  2. Security Audit Report
  3. Findings

On-chain Account Management

This section reviews the security of on-chain account creation, access control, and management processes in Race Protocol. It also assesses the design and implementation of game accounts, game bundle accounts, player profiles, and registration accounts.

Findings:

This section of report is currently only accessible to the core team for security reasons. Once the identified issues are resolved they will be publicly revealed.

Design and Implementation Assessment:

  • Game Accounts: The design of game accounts appears to be comprehensive and covers the necessary data elements for managing game state, players, servers, and settlements. However, the lack of on-chain verification for game state updates is a significant security concern that needs to be addressed.

  • Game Bundle Accounts: The use of NFTs to represent game bundles is a suitable approach for establishing ownership and linking to off-chain WASM data. However, the security of the decentralized storage solution used to store the WASM bundles should be carefully evaluated.

  • Player Profiles: Player profiles provide a convenient way to manage player information and assets. However, additional security measures, such as multi-factor authentication or transaction confirmation prompts, could be implemented to further protect player accounts from unauthorized access.

  • Registration Accounts: The concept of public and private registration accounts offers flexibility for developers and platform operators. However, the access control mechanisms for private registrations need to be strengthened to prevent unauthorized manipulation.

PreviousRandomization and EncryptionNextSynchronization Mechanisms

Last updated 1 year ago

🛡️