The GameFi project is a project that combines blockchain technology and the gaming industry to create a gaming asset platform. Therefore, it should be highly secure, but like any other platform, GameFi has security issues. In this article, we will look at security issues with GameFi. But before we look at GameFi’s security issues, let’s take a look at these types of platforms.
These platforms provide an opportunity for players to earn digital currency rewards by creating a play-to-win (P2E) model. Another advantage of the GameFi platform is that players have full control over their assets. Although the popularity of the GameFi service is increasing every day, some members sacrifice speed for the sake of speed, as a result, poor security measures expose members of the community to serious risks. This company has always faced serious security threats from hackers throughout its life. Stay with us till the end of the article to know more about this project.
The importance of GameFi project security
2021 has been widely praised by users for introducing the “play for money” model and offering players new financial opportunities. In 2022, Move To Earn projects will play a bigger role in GameFi’s growth. Overall, in 2022 GameFi was the largest part of the digital currency market, accounting for 9.5% of the total budget of the crypto industry and growing over 118% annually.
The most important difference between GameFi and traditional games is the possibility of hacking into users’ shares and causing significant losses. In the worst case, security vulnerabilities in GameFi can cause your project to crash and be terminated. For example, in 2022, hackers used a backdoor on a remote call (RPC) node to obtain signatures for the Axie Infinity project.
Using this security vulnerability, hackers illegally withdraw up to 600 million Ethereum (ETH). Any lack of power in GameFi services leads to huge losses for investors and players. This doubles the need for security for these services. Next, we will look at GameFi security in two aspects: online and offline.
Research GameFi security issues
1. How vulnerable are ERC-20 tokens
One of GameFi’s security concerns is its vulnerability to ERC-20 tokens. The stability and abundance of ERC-20 tokens play an important role in the game’s operability and stability. Therefore, projects must follow the logic of the rules and strictly control the entire supply of these signals. The DeFi Kingdoms project, a type of P2E game, was attacked by the Mint malware in 2022. Some players exploited vulnerabilities in the game logic to use locked game tokens. This action led to a drop in prices.
2. Unmatched token vulnerability
In GameFi projects, unique characters are usually used as virtual game assets in the form of equipment, weapons and objects. NFTs are fully available to players. Also, the value of these assets is maintained by controlling inflation and scarcity. However, improper use of NFTs can lead to security breaches.
The value of NFTs depends on the rarity of the equipment or tool. Players are also often looking for the rarest unique tokens. In the NFT generation process, information about the block, such as the timestamp, can be used as a weak random source to generate NFTs with different levels of rarity. A miner can create rare NFTs by manipulating the minting time.
Even a reliable randomization source like Chainlink VRF cannot eliminate all risk. Malicious users (hackers) can stop mining operations if the token ID is not good and continue mining until insufficient NFTs are mined.
Vulnerabilities in smart contracts can occur when NFT tokens are exchanged or transferred. For example, the secure TransferFrom function is used to transfer ERC-721 standard NFTs. If the recipient is a contract address, the (onERC721Received) function is used to make the call. In this case, there is a possibility of a replay attack, the attacker can use the function logic (onERC721Received). This risk also exists for NFTs based on the ERC-1155 standard. In fact, the (safeTransferFrom) function allows an attacker to re-attack by triggering the (onERC1155Received) function.
3. Vulnerability of bridges
Another GameFi security issue is bridge vulnerabilities. Users of the Gamefi project can exchange game assets across different networks using blockchain bridges. The existence of these bridges is necessary to improve user experience and strengthen the liquidity of DeFi projects. One of the biggest risks associated with cross-chain bridges comes from incompatibilities of game assets: in contracts on both sides of the bridge, it should be made clear that the same amount of goods will be accepted and burned. However, hackers can suddenly and simultaneously compromise the status of a large number of assets by exploiting contractual security vulnerabilities in the audit and accounting department.
4. The advantages of Dao government
Dao manages many GameFi projects. If the majority of the administrative tokens are owned by a small group of large actors, the risk is that the project will become centralized. Smart contracts that follow Dao’s governance rules are also considered security vulnerabilities; Because they provide a way for pirates to get into Tao’s coffers.
Offline security issues in GameFi projects
Most GameFi projects rely on centralized Offchain servers for things like background operations, web interfaces, or mobile apps. These servers maintain important information such as game data and player accounts and are vulnerable to malicious attacks such as Trojans and hacking.
In the case of NFTs, metadata includes important descriptive information that is stored off-string in a json file format. Instead of using a decentralized infrastructure like IPFS, many GameFi projects store their unique cryptographic metadata on centralized servers. This increases the possibility of metadata manipulation by hackers and leads to player rights violations.
Security issues with chain bridges include the possibility that an attacker can gain access to private keys or signing credentials through hacking or phishing attacks. By taking advantage of the infrastructure, hackers can launch exploits (malicious code) to control game assets. Hackers can inject malicious code into the network or take control of the network during data transmission. It is also possible that an attacker fraudulently increases the credit fee by exchanging a data package and uses this amount to obtain game assets. Front-end interfaces are another avenue for malicious activity. If a gaming site’s information is leaked, hackers can obtain other sensitive information by sending the information to a stolen address.
Solutions to increase security in GameFi projects
To maintain the security of GameFi projects, it is very important to observe security tips at all stages. The key pillar for the success of Gamifi projects is to ensure that the smart contract code is error-free. Writing quality codes, reviewing and continuous evaluation of the code and carrying out the official approval of the smart contract are among the actions that can be done in this area.
Securing servers and other infrastructure components is also important and necessary, and penetration testing should be done to identify potential vulnerabilities. To examine the penetration of blockchain-based systems and applications (DApps), attention should be paid to the characteristics of the third generation of the web (Internet 3). Therefore, special caution should be taken with digital wallets and decentralized protocols.
Other points such as “secure implementation process” and “comprehensive emergency response” should also be paid attention to in the GameFi project. A secure implementation process includes actions such as monitoring generated security events, improving the security environment, and implementing a bug bundling program. Additionally, the project must develop a comprehensive emergency response process that includes elements such as access and casualty management, attack tracking, and problem analysis.