Skip to content

Latest commit

 

History

History
240 lines (148 loc) · 12 KB

README.md

File metadata and controls

240 lines (148 loc) · 12 KB

AI Arena audit details

  • Total Prize Pool: $60,500 in USDC

  • HM awards: $41,250 in USDC

  • Analysis awards: $2,500 in USDC

  • QA awards: $1,250 in USDC

  • Bot Race awards: $3,750 in USDC

  • Gas awards: $1,250 in USDC

  • Judge awards: $6,000 in USDC

  • Lookout awards: $4,000 in USDC

  • Scout awards: $500 in USDC

  • Join C4 Discord to register

  • Submit findings using the C4 form

  • Read our guidelines for more details

  • Starts February 9, 2024 12:00 UTC

  • Ends February 21, 2024 12:00 UTC

Automated Findings / Publicly Known Issues

The 4naly3er report can be found here.

Automated findings output for the audit can be found here within 24 hours of audit opening.

Note for C4 wardens: Anything included in this Automated Findings / Publicly Known Issues section is considered a publicly known issue and is ineligible for awards.

Overview

AI Arena is a PvP platform fighting game where the fighters are AIs that were trained by humans. In the web3 version of our game, these fighters are tokenized via the FighterFarm.sol smart contract. Each fighter NFT within this smart contract contains the following:

  • Physical attributes: Determines the visual appearance
  • Generation: This primarily affects the visual appearance
  • Weight: Determines the battle attributes
  • Element: Determines its special abilities
  • Fighter Type: Indicates whether its a regular Champion or Dendroid
  • Model Data: Comprising of the model type and model hash

Players are able to enter their NFT fighters into ranked battle to earn rewards in our native token $NRN. Our token is an ERC20 token, as defined in the Neuron.sol smart contract. During deployment, we grant our RankedBattle.sol smart contract the MINTER and STAKER roles in order to facilitate our reward system. Additionally, the FighterFarm.sol and GameItems.sol smart contracts are granted the SPENDER role to allow for in-game purchases with our native token.

Players are only able to earn $NRN in our game by staking their tokens and winning. However, it is important to note that it is possible for players to lose part of their stake if they perform poorly. Additionally, to level the playing field, we take the square root of the amount staked to calculate the stakingFactor, which is used in the points calculation after each ranked match. To learn more about our reward mechanism, please click here.

Lastly, each wallet has voltage that it has to manage. Every 24 hours from the start of their first initiated match for the day, voltage will be replenished back to 100. Each ranked battle costs 10 voltage units. If a player runs out of voltage they either have to wait until it naturally replenishes or they can purchase a battery from our GameItems.sol smart contract. Each battery will fill voltage back to 100.

NOTE: Our core game logic runs off-chain via our servers. We essentially use our game server as the oracle for ranked match results.

Links

Scope

See scope.txt

File SLOC Description Libraries
Contracts (9)
src/AiArenaHelper.sol 95 This contract generates and manages an AI Arena fighters physical attributes. @openzeppelin/* @FighterOps/*
src/FighterFarm.sol 327 This contract manages the creation, ownership, and redemption of AI Arena Fighter NFTs, including the ability to mint new NFTs from a merging pool or through the redemption of mint passes. @openzeppelin/* @FighterOps/* @Verification/*
src/FighterOps.sol 74 This library defines the Fighter struct and contains methods for fetching information about a fighter.
src/GameItems.sol 163 This contract represents a collection of game items used in AI Arena. @openzeppelin/*
src/MergingPool.sol 110 This contract allows users to potentially earn a new fighter NFT.
src/Neuron.sol 92 The Neuron token is used for various functions within the platform, including staking, governance, and rewards. @openzeppelin/*
src/RankedBattle.sol 300 This contract provides functionality for staking NRN tokens on fighters, tracking battle records, calculating and distributing rewards based on battle outcomes and staked amounts, and allowing claiming of accumulated rewards. @FixedPointMathLib/*
src/StakeAtRisk.sol 63 This contract allows the RankedBattle contract to manage the staking of NRN tokens at risk during battles.
src/VoltageManager.sol 47 This contract allows the management of voltage for game items and provides functions for using and replenishing voltage.

Out of scope

  • All of the OpenZepplin contracts (used for ERC20, ERC721, ERC1155) used as the base for our smart contracts
  • The FixedPointMathLib.sol library created by solmate
  • The Verification.sol library
  • The AAMintPass.sol smart contract since it is already deployed and completed minting

Additional Context

  • AAMintPass.sol: This contract creates mint passes for those who have qualified, which are claimable for AI Arena fighters at a later date. In order for a player to redeem their mint pass for a fighter, they will call the redeemMintPass function in FighterFarm.sol, which burns their mint pass and creates a fighter NFT.
  • The result of a ranked battle can result in one of the following (depending on their current state):
    • $NRN staked == 0 (Condition)
      • No impact on points or stake
    • $NRN staked > 0 (Condition)
      • Win (Condition)
        • stake at risk > 0 (Condition)
          • Reclaim stake at risk for this round
        • stake at risk == 0 (Condition)
          • Increase points
      • Lose (Condition)
        • points > 0 (Condition)
          • Decrease points
        • points == 0 (Condition)
          • Move some of staked $NRN to the StakeAtRisk.sol smart contract
  • The calculation for points is comprised of a stakingFactor and eloFactor.
    • The staking factor is derived from the amount of $NRN a player has staked
    • The ELO factor is derived from the fighter's ELO scored
      • We maintain the flexibility to adjust how the ELO score is calculated off-chain
  • Players are able to divert part of their points to the MergingPool.sol smart contract. This contract will periodically raffle off new NFTs to be minted. The amount of NFTs to be minted through the Merging Pool will be managed in a way that keeps NFT inflation relatively low.
  • At the end of each round, we will distribute a fixed amount of $NRN between players proportional to the relative amount of points they have amassed.
    • For example, let's say there are two players: A and B. Player A earned 500 points and player B earned 1500 points. If we were to distribute 1000 NRN for that round, then player A would receive 250 NRN and player B would receive 750 NRN.
  • NOTE: The asymmetry in point increase/decrease as well as $NRNs gained vs potentially lost is an intentional design in our economy.

Scoping Details


- If you have a public code repo, please share it here:

- How many contracts are in scope?: 8

- Total SLoC for these contracts?: 1271

- How many external imports are there?: 5

- How many separate interfaces and struct definitions are there for the contracts within scope?: 4 structs

- Does most of your code generally use composition or inheritance?: Composition

- How many external calls?: 0

- What is the overall line coverage percentage provided by your tests?: 90

- Is this an upgrade of an existing system?: False

- Check all that apply (e.g. timelock, NFT, AMM, ERC20, rollups, etc.): NFT, ERC-20 Token, Uses L2

- Is there a need to understand a separate part of the codebase / get context in order to audit this part of the protocol?: True - We have a deployed mintpass that will be redeemed for a fighter NFT. It could be important to read through the mintpass smart contract code. Additionally, to understand the ranked battle points system, material will be required to understand the flow.

- Please describe required context: We have a deployed mintpass that will be redeemed for a fighter NFT. It could be important to read through the mintpass smart contract code. Additionally, to understand the ranked battle points system, material will be required to understand the flow.

- Does it use an oracle?: Others - Our game server acts as an oracle to put battle results on-chain

- Describe any novel or unique curve logic or mathematical models your code uses: Our points system for determining distribution of our ERC20 token at the end of each round uses a combination of ELO factor, staking factor, and % of points to be allocated to the merging pool

- Is this either a fork of or an alternate implementation of another project?: False

- Does it use a side-chain?:

- Describe any specific areas you would like addressed:

Tests

Setup

Clone with recurse:

git clone --recurse https://github.com/code-423n4/2024-02-ai-arena.git

Alternatively, if you have already cloned without recurse, do:

git submodule update --init --recursive

Install libraries using forge and compile contracts.

forge install

forge build

After installing and building contracts you can run this command to execute all the test scripts:

forge test

If you would like to execute an individual test script you could do so like this:

forge test --match-path test/AiArenaHelper.t.sol -vvvv

To print the gas report of contracts simply run:

forge test --gas-report

See code coverage by running this command:

forge coverage --ir-minimum

Slither

See slither.txt

To run slither from root, run:

slither .

To generate or view graphs of contracts, refer here: printer-docs

Here's and example of outputting a graph showing the inheritance interaction between the FighterFarm contract.

slither src/FighterFarm.sol --print inheritance-graph 

Then run this command to view the graph:

xdot src/FighterFarm.sol.inheritance-graph.dot 

Miscellaneous

Employees of AI Arena and employees' family members are ineligible to participate in this audit.