Protecting Randomness in Angel Battles
Random numbers play a key role in Angel Battles and similar games. They control everything from how hard you might hit, to which cards you receive in each pack, to which monsters you will face. Yet, truly random numbers are one of the hardest problems in computer science.
If this wasn’t bad enough, flashbots and other Miner Extractable Value (MEV) tools allow all kinds of powerful manipulation. For instance, one thing you can do is submit a ‘bundle’ of transactions, where either ALL of the transactions will run or NONE of the transactions will run. For instance, a malicious user could submit a bundle of 2 transactions
Buy the ultimate card pack
Send the Michael card I just received to my other address.
Normally, a user has a 1% chance to receive a Michael card when purchasing the ultimate pack. However, by submitting this bundle, flashbots software would try to do this in every block, without any cost until the Michael card was successful. This is because the 99 times out of 100 when they received something other than the Michael card, the 2nd tx would fail so the first tx would never go in the block.
There are several key mitigations. We highly recommend this excellent blog post written by Martin from Quantstamp for technical details.
In general, the idea is to make it so that the cost of manipulating randomness in Angel Battles is higher than the benefit that an attacker can receive. We also have to balance this out with the difficulty imposed on honest players. For instance, the result of a simple swing of the sword uses only the built in randomness. If someone were to go to the time and expense to manipulate a single PVP battle on the leaderboard so that they could defeat a marginally stronger opponent, that opponent can always just reclaim the spot right afterwards.
However, there are two key aspects of Angel Battles that must be protected. These are getting the ultimate pack and changing conditions on the battle mountain.
NOTE: Sometimes, metamask may warn you that it cannot predict gas and therefore a tx may fail. If you have already committed, you should be safe to reveal. This is because it can be difficult to simulate these tx.
Getting the Ultimate Pack – You must burn Halo tokens in order to receive a card from the ultimate pack. In this case, you will first send a ‘commit’ transaction. This commits you to the action – you must burn your Halo tokens and information about the resulting card is stored in the contract. This information is private, meaning other contracts are not allowed to read it. Finally, you must come back at least 10 blocks later and send a ‘reveal’ transaction, where you will actually receive your card.
Changing Mountain Conditions – Mountain conditions can be changed every 24 hours, and any player may change the conditions for all players. Thus, one player commits, and then any player can reveal after 10 blocks. Once a player has committed, the next player must reveal.