> For the complete documentation index, see [llms.txt](https://team-race.gitbook.io/race-protocol/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://team-race.gitbook.io/race-protocol/race-research/security-audit-report/findings/on-chain-account-management.md).

# On-chain Account Management

This section reviews the security of on-chain account creation, access control, and management processes in Race Protocol. It also assesses the design and implementation of game accounts, game bundle accounts, player profiles, and registration accounts.

**Findings:**

{% hint style="warning" %}
This section of report is currently only accessible to the core team for security reasons. \
Once the identified issues are resolved they will be publicly revealed.
{% endhint %}

**Design and Implementation Assessment:**

* **Game Accounts:** The design of game accounts appears to be comprehensive and covers the necessary data elements for managing game state, players, servers, and settlements. However, the lack of on-chain verification for game state updates is a significant security concern that needs to be addressed.
* **Game Bundle Accounts:** The use of NFTs to represent game bundles is a suitable approach for establishing ownership and linking to off-chain WASM data. However, the security of the decentralized storage solution used to store the WASM bundles should be carefully evaluated.
* **Player Profiles:** Player profiles provide a convenient way to manage player information and assets. However, additional security measures, such as multi-factor authentication or transaction confirmation prompts, could be implemented to further protect player accounts from unauthorized access.
* **Registration Accounts:** The concept of public and private registration accounts offers flexibility for developers and platform operators. However, the access control mechanisms for private registrations need to be strengthened to prevent unauthorized manipulation.


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter:

```
GET https://team-race.gitbook.io/race-protocol/race-research/security-audit-report/findings/on-chain-account-management.md?ask=<question>&goal=<endgoal>
```

`ask` is the immediate question: it should be specific, self-contained, and written in natural language.
`goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal.

The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.
