AI Arena - popeye's results

Overview:

AI Arena introduces a unique PvP platform fighting game paradigm, where the combatants are AI entities trained by players, bringing a novel twist to the blockchain gaming landscape. This game leverages the Ethereum blockchain to tokenize fighters through the FighterFarm.sol smart contract, embedding a rich array of attributes within each NFT. These attributes include physical appearance, battle characteristics, and unique abilities, delineated as follows:

• Physical Attributes & Generation: These define the fighter's visual identity, contributing to a diverse and visually engaging roster of characters.
• Weight: A key determinant of a fighter's performance in combat, influencing their agility and strength.
• Element: Each fighter possesses elemental abilities, providing strategic depth and variety to battles.
• Fighter Type: Distinguishes between different classes of fighters, such as Champions or Dendroids, each with unique capabilities.
• Model Data: Encapsulates the fighter's digital essence through a model type and hash, ensuring uniqueness and authenticity.

Through participation in ranked battles, players have the opportunity to earn rewards in the form of $NRN, an ERC20 token defined by the Neuron.sol smart contract. The game's architecture assigns specific roles to smart contracts to facilitate its reward system and in-game economy:

• RankedBattle.sol: Granted the MINTER and STAKER roles, this contract is central to the game's reward distribution mechanism.
• FighterFarm.sol and GameItems.sol: These contracts receive the SPENDER role, enabling players to make in-game purchases using $NRN tokens.

A distinctive feature of AI Arena is its staking mechanism. Players must stake $NRN tokens to participate in ranked battles, with the potential for rewards based on performance. Notably, there is a risk of losing a portion of their stake if they perform poorly. The game introduces a stakingFactor, calculated from the square root of the staked amount, to ensure a level playing field, affecting the points calculation after each match.

Another innovative aspect is the voltage system, a form of energy that each player must manage. Voltage is replenished daily but is consumed with each ranked battle. Players facing depletion must either wait for replenishment or purchase batteries through the GameItems.sol contract to immediately restore their voltage.

It is important to highlight that AI Arena's core game logic is executed off-chain, with the game server acting as an oracle for determining ranked match outcomes. This hybrid approach raises considerations regarding the integration of off-chain and on-chain elements, particularly in terms of security, transparency, and trust.

Contracts Overview:

Description of the contracts (in scope):

Architecture view (Diagram):

User Flow (before battle):

click here - for better resolution

User Flow (after battle):

click here - for better resolution

Admin flow (general 4 actions):

click here - for better resolution

Game Server (flow):

click here - for better resolution

RankedBattle Contract (flow):

click here - for better resolution

Protocol Roles:

In the AI Arena ecosystem, various protocol roles are defined across the different smart contracts, each with specific activities and permissions. These roles are crucial for the governance, operation, and security of the platform. Let's detail these roles and their corresponding activities within the ecosystem:

1. User/Player

End-users of the AI Arena platform who participate in the game by owning, managing, and competing with fighter NFTs. Users engage in various activities, including battles, staking, and item management, to enhance their gameplay experience and achieve success within the arena.

Activities: NFT Ownership and Customization: Users acquire fighter NFTs through the FighterFarm contract, which they can customize, train, or upgrade using in-game items and attributes managed by contracts like GameItems. Participation in Ranked Battles: Players stake NRN tokens on their fighters to participate in ranked battles managed by the RankedBattle contract, aiming to improve their fighters' rankings and earn rewards. Resource Management: Players manage resources such as NRN tokens and voltage, crucial for engaging in battles and accessing various game features. The VoltageManager and Neuron contracts are instrumental in these activities. Item Acquisition and Usage: Through the GameItems contract, players purchase and utilize items that confer advantages in battles or affect game mechanics, enhancing their fighters' performance or altering gameplay conditions.

2. Fighter NFT

Digital assets representing fighters in the AI Arena, each with unique attributes and capabilities. Fighter NFTs are central to the game's competitive elements, serving as the avatars through which players engage with the game world.

Activities: Engagement in Battles: Fighter NFTs are deployed in ranked battles, where their attributes and the strategic choices of their owners determine the outcomes. Success in these battles affects the NFT's value, reputation, and progression within the game. Staking and Economic Involvement: NRN tokens are staked on fighter NFTs, aligning the player's economic interests with the performance of their fighters. The RankedBattle and StakeAtRisk contracts facilitate this process, intertwining gameplay success with economic rewards. Enhancement Through Items: Players can use game items to enhance their fighters' attributes or capabilities, directly impacting their effectiveness in battle. This interaction, managed through the GameItems contract, adds a layer of strategy and personalization to the game. Risk and Reward Dynamics: The performance of fighter NFTs in battles influences the stake at risk and potential rewards. Winning battles can lead to reclaimed stakes and rewards, while losses might increase the stake at risk, as managed by the StakeAtRisk contract.

3. Owner/Admin

The Owner/Admin role is typically assigned to the contract deployer or designated individuals/entities responsible for high-level management and configuration of the contracts.

Activities: Contract Upgrades and Modifications: Can update contract logic or parameters to enhance functionality or address issues. For example, adjusting the NRN distribution amount in the RankedBattle contract. Role Management: Assigns or revokes roles (e.g., Minter, Staker) to other addresses, controlling who can perform specific actions within the ecosystem. Adjust Game Mechanics: Can adjust game mechanics, such as voltage costs in the VoltageManager or the basis points lost per loss in the RankedBattle contract.

4. Minter

Granted the ability to mint new tokens or NFTs within the ecosystem, such as NRN tokens or fighter NFTs.

Activities: Token Minting: Authorized to mint NRN tokens within the Neuron contract, facilitating reward distribution or ecosystem funding. NFT Creation: Can mint new fighter NFTs in the FighterFarm contract, adding new fighters to the game based on specific criteria or achievements.

5. Staker

Addresses with the permission to stake tokens on behalf of users, typically involved in gameplay mechanics that require staking NRN tokens for participation or reward.

Activities: Stake Management: Initiates staking of NRN tokens on fighters in the RankedBattle contract, representing a player's investment in a fighter's success. Unstake Tokens: Can withdraw staked NRN tokens from fighters, either upon completion of a battle or when a player decides to reallocate their stake.

6. Spender

Entities allowed to spend tokens from the treasury or user wallets for specific purposes, such as purchasing items or accessing features.

Activities: In-game Purchases: Executes transactions using NRN tokens for buying game items or services, as seen in the GameItems contract. Accessing Paid Features: Utilizes NRN tokens to access certain game features that require payment, ensuring tokens are spent according to the game's rules.

7. Voltage Spender

Special addresses permitted to manage a player's voltage within the VoltageManager contract, directly influencing gameplay by determining a player's ability to participate in battles.

Activities: Voltage Consumption: Authorized to consume voltage on behalf of a player for initiating ranked battles or other voltage-consuming activities. Replenishment Actions: Can trigger voltage replenishment for a player, either through natural replenishment or by using items like voltage batteries.

8. Game Server

A designated server or automated system responsible for updating game states based on off-chain events or calculations, such as battle outcomes.

Activities: Update Battle Records: Records the results of battles in the RankedBattle contract, adjusting players' win/loss records and points accordingly. Manage Risk Stakes: Communicates with the StakeAtRisk contract to update the stakes at risk based on battle performances, ensuring accurate reflection of game dynamics.

The ecosystem's design emphasizes the importance of each role and their activities, creating a game where decisions have real consequences, and success is a result of skill, strategy, and engagement. This approach ensures a rich and rewarding experience for users, making the AI Arena not just a game of chance, but a competitive arena where excellence and effort are rewarded. These roles and their associated activities are foundational to the operation and governance of the AI Arena ecosystem, providing a structured approach to managing gameplay, tokenomics, and user interactions. Each role is designed with specific permissions to ensure the ecosystem's integrity, security, and fairness, fostering a competitive and engaging gaming environment.

Approach Taken in Auditing Ai Arena Codebase

Day 1-2: Initial Documentation Review and Framework Understanding

• I started with reading all about Ai Arena - what it aims to do, how it works, and the technology it uses. This helped me get ready for a deeper look into its code. The scoped contract was:
  • src/AiArenaHelper.sol
  • src/FighterFarm.sol
  • src/GameItems.sol
  • src/MergingPool.sol
  • src/Neuron.sol
  • src/RankedBattle.sol
  • src/StakeAtRisk.sol
  • src/VoltageManager.sol
• I spent time going through the project’s documents to understand its goals and how it plans to reach them. From the Documentation part I dived deep into:
  1. In-game Reward System Tutorial
  2. Game Overview
  3. Economic System

Day 3-5: Codebase Navigation and Architectural Overview

• Next, I explored Ai Arena’s code, looking at how different parts of the project work together. This helped me see the big picture of how it functions. The NatSpec were well written, that’s why it was easier for me to grasp the whole logic flow.
• I focused on how the project handles things like tokens and NFTs, which are important for understanding how it operates. I Mainly focused how the FighterNFT will minted for every user. I followed the path from minting to engaging in Battle.

Day 6-8: In-depth Technical Analysis and Feature Exploration

• I took a closer look at specific parts of Ai Arena, like how it creates NFTs and handles rewards. This was to find any hidden problems or ways to make it better. I was confused in many spots, for that reason I created a private thread on the C4’s contest channel and solved my doubts by discussing with the core team members.
• I paid extra attention to unique features of Ai Arena, trying to spot any tricky spots that could cause issues later. Dived deep mostly in the Battle Result update mechanism (the main part was in off-chain though)
• At this stage, I made the diagrams to understand the user flow, admin flow and other possible flow from various actors.

Day 9-10: Vulnerability Testing and Security Assessment

• I tested Ai Arena in many ways to try and find any weaknesses or bugs. This included using Foundry test and trying to think like someone who might want to attack the system. I played with the unit tests as those were well written by the core developer. Those were helpful. But if there were fuzz and invariant tests, it would be best as I am not a pro in this side.
• I tried out different scenarios to make sure Ai Arena is strong and secure against possible threats. Asked a lot weired questions to challenge my understandings of the every core logic :)

Day 11-12: Audit Report Compilation and Recommendations

• I started to put together all my findings, organizing them, and getting ready to submit them.
• I wrote the finding’s report and tested it for the last time that it’s a valid finding or not.
• I make this beautiful analysis report which demonstrate my hard work to protect the Ai Arena codebase.
• I finished my audit by making a detailed report that included any problems I found, suggestions for improvement, and parts of Ai Arena that I thought were really well done. This report was meant to help the Ai Arena team make their project even better.

Contract Analysis:

AiArenaHelper.sol:

The AI Arena Helper contract plays a crucial role in the AI Arena game by managing the creation and allocation of physical attributes for fighter NFTs. It employs a combination of DNA, generation data, and special types (like iconsType and dendroidBool) to produce unique attributes for each fighter. This contract ensures a diverse and engaging gameplay experience by allowing for a wide range of fighter characteristics, thereby supporting the game's dynamic ecosystem and contributing to its replayability and depth.

Functions are:

• constructor(uint8[][] memory probabilities): Initializes the contract with predefined attribute probabilities for the first generation of fighters. This foundational setup allows for a diverse pool of fighter attributes right from the start, contributing to the game's complexity and strategic elements.

• transferOwnership(address newOwnerAddress):Allows the current owner to transfer contract ownership to a new address, ensuring that administrative control can be passed on securely. This function is critical for maintaining the contract's integrity and facilitating smooth management transitions.

• addAttributeDivisor(uint8[] memory attributeDivisors): Updates the divisors for calculating fighter attributes from their DNA. This adjustment capability is vital for fine-tuning the balance between different attributes, ensuring that the fighters remain diverse and no single attribute becomes overwhelmingly dominant.

• createPhysicalAttributes(uint256 dna, uint8 generation, uint8 iconsType, bool dendroidBool): Generates a fighter's physical attributes based on its DNA and other parameters. This function is the heart of the fighter creation process, determining how the genetic code translates into physical traits that affect gameplay.

• addAttributeProbabilities(uint256 generation, uint8[][] memory probabilities): Updates the probabilities for generating fighter attributes for a specified generation. This flexibility allows the game to introduce new attributes or adjust the rarity and distribution of existing ones, keeping the game environment dynamic and engaging.

• deleteAttributeProbabilities(uint8 generation): Removes the attribute probabilities for a given generation, offering the ability to phase out certain attributes or rebalance the game as it evolves. This function ensures the game can adapt over time without being permanently tied to initial configurations.

• getAttributeProbabilities(uint256 generation, string memory attribute): Retrieves the probability distribution for a fighter attribute based on its generation. This function supports strategic planning and depth by allowing players and the system to anticipate the potential outcomes of the fighter creation process.

• dnaToIndex(uint256 generation, uint256 rarityRank, string memory attribute): Converts a fighter's DNA and rarity rank into an attribute index, determining the specific traits a fighter will have. This critical function ensures that each fighter's attributes are uniquely determined by their genetic makeup, contributing to the game's strategic complexity.

---

FighterFarm.sol:

The FighterFarm contract is a pivotal component of the AI Arena ecosystem, orchestrating the creation, ownership, and trading of AI Arena Fighter NFTs. It facilitates various functionalities, including the minting of new NFTs through merging pools or by redeeming mint passes, managing ownership and tradeability through locking and unlocking mechanisms, and integrating with external contracts like Neuron for economic activities and AiArenaHelper for additional game mechanics. This contract enhances the game's dynamics by directly linking players' in-game achievements and strategies with tangible rewards, thus enriching the overall gaming experience.

Functions are:

• transferOwnership: Allows the current owner to transfer contract ownership, ensuring seamless administrative transitions. This function is crucial for maintaining the contract's operational integrity and flexibility in management.

• incrementGeneration: Adjusts the generation of fighters, enabling the evolution of NFT attributes over time. This feature introduces a dynamic aspect to the game, where fighters can evolve, reflecting their progression and achievements within the ecosystem.

• addStaker: Authorizes new addresses to stake fighters, expanding the game's strategic depth. By involving more participants in staking activities, it fosters a more vibrant and competitive environment.

• instantiateContracts: Links the FighterFarm contract with other critical components of the ecosystem, such as AAMintPass, Neuron, and AiArenaHelper. This integration is vital for the seamless operation of the game's economy and the enhancement of fighters' attributes.

• setTokenURI: Updates the metadata URI for tokens, a key feature for maintaining the relevance and uniqueness of NFTs. This function ensures that fighters can be distinctly identified and that their digital assets remain up-to-date.

• claimFighters & redeemMintPass: Facilitates the acquisition of new fighters, either by claiming through achievements or redeeming mint passes. These functions are central to the game's reward mechanism, directly linking players' in-game performance and participation with rewards.

• updateFighterStaking: Manages the staking status of fighters, crucial for engaging players in the game's economic strategies. This function enables players to leverage their fighters in staking mechanisms, influencing the game's economy and their progression.

• updateModel: Allows players to update their fighters' machine learning models, thereby enhancing their capabilities or characteristics. This function adds a layer of strategy and personalization, as players optimize their fighters for competitive advantages.

• mintFromMergingPool: Enables the creation of new fighters from the merging pool, a process that rewards players for their participation in the game's ecosystem. This function is key to expanding the universe of fighters and encouraging continuous engagement.

• reRoll: Offers players the chance to re-roll fighters' attributes, introducing an element of chance and strategy in optimizing fighters' capabilities. This feature enriches the gameplay, providing players with opportunities to enhance their fighters' potential.

• safeTransferFrom & transferFrom: Ensures secure transfers of fighter NFTs between addresses, adhering to ERC721 standards. These functions facilitate the trade and exchange of fighters, promoting liquidity and interaction within the community.

• contractURI & tokenURI: Provides access to the contract's and tokens' metadata, essential for transparency and information dissemination. This feature supports the discoverability and authenticity of fighters and the overall contract.

• getAllFighterInfo: Aggregates and provides comprehensive details about a fighter, enabling players to access vital information for strategic decision-making. This function enhances the game's depth by allowing players to evaluate and strategize based on detailed attributes of their fighters.

FighterOps.sol:

The FighterOps library is a specialized Solidity library designed to support the creation and management of Fighter NFTs within the AI Arena game ecosystem. It provides essential data structures and functions for handling the attributes and metadata of fighters, facilitating a modular and efficient approach to NFT attribute management. By defining fighters' physical attributes, generation, and associated machine learning model details, FighterOps plays a crucial role in the game's mechanics, allowing for dynamic and customizable fighter characteristics that enhance gameplay and player engagement.

Functions are:

• fighterCreatedEmitter: This function emits the FighterCreated event, signaling the creation of a new Fighter NFT with specified attributes such as id, weight, element, and generation. It serves as a notification mechanism to external observers or contracts interested in tracking the creation of new fighters within the game. For example, when a new fighter is created, emit FighterCreated(id, weight, element, generation); is called to broadcast this event.

• getFighterAttributes: This function extracts and returns the physical attributes of a fighter as an array. It provides a straightforward way to access a fighter's appearance-related attributes (like head, eyes, mouth, body, hands, and feet) stored within the fighter struct. This is crucial for rendering the fighter in the game or for use in external applications where these attributes may affect gameplay or visual representation. Example usage: return [self.physicalAttributes.head, ..., self.physicalAttributes.feet];.

• viewFighterInfo: Offers a comprehensive view of a fighter's information, including ownership and all relevant attributes (physical attributes, weight, element, model hash, model type, and generation). This function is essential for external interfaces or game logic that requires detailed information about a fighter, enabling interactions based on the fighter's characteristics and owner's address. It encapsulates the fighter's data in a single call, enhancing ease of access and integration with UI/UX elements or other smart contracts. Example: return (owner, getFighterAttributes(self), self.weight, ..., self.generation);.

GameItems.sol:

The GameItems contract utilizes the ERC1155 standard to manage a collection of game items within the AI Arena ecosystem. It supports the creation, minting, and trading of diverse game items with unique attributes, catering to various gameplay mechanics. Through integration with the Neuron token, it establishes an in-game economy, allowing players to purchase items directly. This contract enhances gameplay by offering customizable items that can influence game strategies and player experiences.

Functions are:

• transferOwnership: This function transfers the contract's ownership to a new address, ensuring that only the current owner can initiate this change. It's crucial for administrative control and securing the contract's management.

• adjustAdminAccess: It modifies an address's administrative privileges, granting or revoking access to critical contract functions. This flexibility is essential for managing the contract's operations securely.

• adjustTransferability: Enables or disables the transferability of specific game items, allowing for dynamic control over each item's trading status. This function supports strategic game design and compliance with trading regulations.

• instantiateNeuronContract: Links the GameItems contract with the Neuron token contract, facilitating economic transactions within the ecosystem. It underscores the contract's integration within the broader AI Arena economy.

• mint: Allows users to mint new game items by spending Neuron tokens, subject to the item's supply constraints and the user's token balance. This function is central to the game's economic interaction and item distribution.

• setAllowedBurningAddresses / burn: Authorizes specific addresses to burn game items, managing the item's lifecycle and supply. This mechanism can impact the game's economy by adjusting item scarcity.

• setTokenURI / uri: Manages and retrieves the metadata URI for game items, providing essential information about each item's characteristics. This contributes to the items' utility and integration within the game.

• createGameItem: Facilitates the creation of new game items with detailed attributes, influencing the game's diversity and player options. This function is key to expanding the in-game universe.

• getAllowanceRemaining / remainingSupply: Offers insights into the minting allowances and the remaining supply of specific game items, guiding players on item availability and minting opportunities.

• uniqueTokensOutstanding: Provides a count of unique game item types available, reflecting the game's asset diversity and enhancing player engagement.

• safeTransferFrom: Ensures secure item transfers between addresses, with checks on transferability to uphold the integrity of the game's trading system.

MergingPool.sol:

The MergingPool contract is a core component of the AI Arena game, designed to manage and allocate rewards within a competitive framework. It introduces a unique mechanism where participants can earn points through gameplay, which contribute towards the potential of winning new fighter NFTs. This contract not only incentivizes players to engage more deeply with the game by participating in ranked battles but also adds a layer of strategy, as players must decide how to allocate their efforts to maximize their chances of earning rewards. With the integration of the FighterFarm contract, winners can claim their NFTs, directly linking game performance with tangible rewards.

Functions are:

• transferOwnership: Allows the current owner of the contract to transfer ownership rights to a new address, ensuring that administrative capabilities can be handed over securely. This function is critical for maintaining the contract's integrity and facilitating a smooth transition of control when necessary.

• adjustAdminAccess: Provides the ability to modify admin access, enabling or restricting certain addresses from performing administrative actions within the contract. This is crucial for maintaining a controlled environment, where only trusted parties are allowed to execute sensitive operations like updating the number of winners per period or picking winners.

• updateWinnersPerPeriod: Admins can adjust the number of winners for each competition period through this function. This flexibility allows for dynamic adjustments to the game's reward structure, ensuring that the game remains engaging and fair to participants, adapting to the evolving player base and game dynamics.

• pickWinner: A key function that allows admins to select winners for the current round based on the points accumulated by participants. This process is central to the contract's purpose, determining which players have earned the right to claim new fighter NFTs based on their performance. The function ensures that only eligible winners are selected and that the process is reset for the next round, maintaining the integrity and excitement of the competition.

• claimRewards: Enables winners to claim their rewards for the rounds in which they've been declared winners. This function is integral to the reward mechanism, allowing players to receive their fighter NFTs and directly linking game performance with tangible incentives. It underscores the contract's role in enhancing player engagement and satisfaction through meaningful rewards.

• getUnclaimedRewards: Provides visibility into the number of unclaimed rewards a player has, based on their participation and wins in various rounds. This function supports transparency and encourages players to claim their earned rewards, contributing to a more engaging gaming experience.

• addPoints: Allows the addition of points to a fighter's total based on their performance in ranked battles. This function is crucial for tracking player achievements and determining eligibility for rewards, directly impacting the competitive landscape of the game.

• getFighterPoints: Offers a way to retrieve the points accumulated by fighters up to a specified token ID, providing a snapshot of the competitive standings. This function supports transparency and strategic planning for players, enabling them to gauge their progress and strategize for future competitions.

Neuron.sol:

The Neuron contract is an ERC20 token designed for the AI Arena's in-game economy, symbolized as NRN. It serves multiple purposes, including facilitating transactions within the game, rewarding players, and enabling various game mechanics through token staking and spending. The integration of AccessControl ensures a flexible permission system, allowing specific roles for token minting, spending, and staking, which aligns with the game's decentralized governance and operational needs.

Functions are:

• transferOwnership: This function allows the current contract owner to transfer ownership to a new address, ensuring that administrative control can be smoothly transitioned as needed for the management and evolution of the Neuron token.

• addMinter: Grants the MINTER_ROLE to a specified address, allowing it to mint new NRN tokens. This is crucial for controlling the token supply, especially in scenarios requiring the injection of new tokens into the game's economy for rewards or other purposes.

• addStaker: Assigns the STAKER_ROLE to an address, enabling it to stake NRN tokens on behalf of users. Staking is a key mechanic in many blockchain games, often used for earning rewards, participating in governance, or accessing specific game features.

• addSpender: Confers the SPENDER_ROLE on an address, authorizing it to spend NRN tokens. This role is essential for contracts or addresses that need to facilitate in-game transactions or token burns as part of the game's economic activities.

• adjustAdminAccess: This function allows for the dynamic management of administrative privileges, enabling or disabling an address's admin status. Admins can perform critical operations such as adjusting roles and setting up airdrops, reflecting the need for trusted control within the game's infrastructure.

• setupAirdrop: Admins can use this function to prepare NRN tokens for airdrop to multiple recipients, setting allowances from the treasury. Airdrops can serve various promotional or reward-based objectives within the AI Arena ecosystem.

• claim: Enables users to claim NRN tokens up to the amount approved by the treasury, facilitating the distribution of rewards or airdropped tokens directly to participants' wallets.

• mint: Allows addresses with the MINTER_ROLE to mint NRN tokens up to the maximum supply limit, ensuring controlled expansion of the token's circulating supply in line with the game's economic design and reward mechanisms.

• burn: Permits token holders to burn their NRN tokens, reducing the circulating supply. This can be used for game mechanics that remove tokens from circulation as a cost for certain actions or privileges.

• approveSpender: This function lets a token holder approve another address to spend a specified amount of their NRN tokens, essential for enabling transactions within the game that require token transfers between contracts or addresses.

• approveStaker: Similar to approveSpender, but specifically for staking purposes, allowing token owners to approve another address to stake their tokens, aligning with the game's mechanics that reward players for locking in their tokens.

• burnFrom: Enables an approved spender to burn tokens from another account, subject to the spender's allowance. This is critical for game mechanics that require token burns as a part of gameplay, ensuring tokens can be effectively removed from a player's balance by authorized entities.

RankedBattle.sol:

The RankedBattle contract is integral to the AI Arena gaming ecosystem, orchestrating the dynamics of competitive engagements between players' fighters. It introduces a structured environment where players can stake NRN tokens on fighters, participate in battles, and receive rewards based on outcomes. This system not only enhances player interaction within the game by adding a layer of strategy and risk but also solidifies the utility of the NRN token by embedding it within the core gameplay mechanics. The contract manages the lifecycle of ranked battles, from staking and battling to reward distribution, making it a central piece of the game's competitive framework.

Functions are:

• transferOwnership: This administrative function is crucial for the management and operational integrity of the contract. It allows the current contract owner to securely transfer ownership to a new address, ensuring that the control of the contract's critical functionalities can be passed on as necessary. This is particularly important for maintaining the game's continuity and for implementing strategic decisions or updates to the contract.

• adjustAdminAccess: Essential for maintaining the contract's security and operational efficiency, this function allows the owner to grant or revoke administrative rights. Administrators have significant control over the game's mechanics, such as initiating new rounds and updating game parameters, making this function critical for overseeing the game's fair play and progression.

• setGameServerAddress: This function designates a specific address as the game server, authorized to update fighters' battle records. This is a vital aspect of ensuring that only verified and legitimate gameplay outcomes are recorded, maintaining the integrity of the ranked battle system and preventing unauthorized manipulations.

• setStakeAtRiskAddress: By setting the address of the StakeAtRisk contract, this function integrates a crucial risk management aspect into the gameplay. It determines how stakes are handled in scenarios of loss, directly affecting players' strategies and their approach to risk in battles.

• instantiateNeuronContract: Establishing a connection with the Neuron (NRN) token contract, this function enables the RankedBattle contract to facilitate staking, rewards, and penalties using the game's native currency. It's a foundational element that links the game's economic model with its competitive mechanics.

• instantiateMergingPoolContract: This connection to the MergingPool contract expands the game's reward system beyond the confines of direct battle outcomes, allowing for a diversified reward mechanism that enhances player engagement and investment in the game's ecosystem.

• setRankedNrnDistribution: This function allows administrators to adjust the NRN token reward pool for ranked battles, directly influencing the incentives for player participation. It's a dynamic tool for balancing the game's economy and competitive appeal, making strategic adjustments based on gameplay analytics and player feedback.

• setNewRound: Transitioning the game into a new round, this function resets the competitive landscape, enabling players to claim their rewards from previous engagements and prepare for new challenges. It's a cycle that keeps the game fresh and engaging, encouraging continuous participation.

• stakeNRN / unstakeNRN: Players can strategically stake NRN tokens on their fighters to potentially increase their rewards from ranked battles, or choose to unstake their tokens, reclaiming their investment. These functions add a layer of strategic depth to the game, as players must balance the desire for higher rewards against the risk of losing their stake.

• claimNRN: After participating in ranked battles, players can use this function to claim their earned NRN tokens, providing a direct incentive for engagement and success in the game's competitive environment. It's a crucial feature that ties players' achievements in the game to tangible rewards.

• updateBattleRecord: By updating the wins, losses, and ties for each fighter, this function maintains the integrity of the competitive rankings within the game. It ensures that player standings reflect their actual performance and strategy, making the ranked battles a fair and exciting aspect of the game.

StakeAtRisk.sol:

The StakeAtRisk contract is a pivotal component of the AI Arena's competitive landscape, providing a mechanism for handling NRN tokens that players risk losing during ranked battles. It encapsulates the risk-reward dynamic that's central to the game's strategy, enabling players to put their tokens at stake for the chance to win more based on their fighters' performance. This contract interacts closely with the RankedBattle contract, managing the stakes that could be lost or reclaimed after each round of competition, thereby adding a layer of strategic depth and engagement to the game.

Functions are:

• setNewRound: This function transitions the game into a new round, resetting the stakes at risk. It's a critical function for maintaining the game's progression, ensuring that stakes from the previous rounds are cleared and the treasury is updated accordingly. The function plays a key role in the game's economic cycle, ensuring that the flow of NRN tokens is consistent with the outcomes of ranked battles.

• reclaimNRN: After a victory in a ranked battle, players can reclaim a portion of the NRN tokens that were previously at risk. This function symbolizes the reward aspect of the risk-reward paradigm, allowing players to recover their stakes based on their fighters' performance. It reinforces the competitive nature of the game by providing tangible incentives for players to engage in and win battles.

• updateAtRiskRecords: In the event of a loss, especially when a fighter goes into a deficit, this function updates the records to reflect the additional NRN tokens placed at risk. It dynamically adjusts the stakes based on the outcomes of battles, directly impacting the player's strategy regarding how much they're willing to risk in future engagements.

• getStakeAtRisk: Players can inquire about the current stake at risk for a specific fighter, providing transparency and allowing for informed decision-making. By understanding the potential loss, players can strategize their participation in ranked battles, balancing the desire for high rewards against the risk of losing their stake.

• _sweepLostStake: At the end of each round, this internal function sweeps the accumulated stakes that have been lost and transfers them to the treasury. This not only ensures the proper redistribution of NRN tokens according to the game's economic rules but also cleans up the slate for the next round of competition, maintaining the integrity and balance of the game's economy.

VoltageManager.sol:

The VoltageManager contract is an integral part of the AI Arena ecosystem, designed to manage the voltage system which serves as an energy or activity metric for players within the game. Voltage is a consumable resource that players use to engage in various game activities, making its management crucial for maintaining game balance and enhancing player engagement. The contract provides mechanisms for replenishing and spending voltage, ensuring players have the energy needed to participate actively in the game's ecosystem.

Functions are:

• transferOwnership: Allows the current owner to transfer ownership of the contract to a new owner. This is crucial for administrative purposes, ensuring that control of the contract can be passed on as necessary for the game's ongoing management and development.

• adjustAdminAccess: Grants or revokes administrative privileges to a specified address. Admins have the authority to adjust critical settings within the contract, such as allowed voltage spenders, making this function essential for maintaining the security and integrity of the game's voltage system.

• adjustAllowedVoltageSpenders: Designates which addresses are permitted to spend voltage on behalf of other users. This flexibility is vital for enabling various gameplay mechanics, where entities other than the player might need to spend voltage for actions or transactions within the game environment.

• useVoltageBattery: Enables players to replenish their voltage to the maximum limit using a voltage battery. This function promotes continued player engagement by allowing them to restore their energy levels and participate in more game activities without waiting for natural replenishment.

• spendVoltage: Allows players or authorized entities to spend voltage from a specified account. This is a core function of the voltage system, enabling the consumption of energy for actions within the game, and ensuring that the cost of activities is deducted from the player's voltage balance.

• _replenishVoltage: A private function that replenishes a player's voltage to full and resets the replenishment timer. It's called automatically when a player's voltage is spent, ensuring that players have a consistent method of regaining energy over time, thus keeping the game's economy and player activities balanced.

Codebase Quality :

Ai Arena's codebase demonstrates a commendable level of sophistication and maturity. It's clear from my analysis that the developers have implemented a variety of best practices and standards with care and precision. The overall architecture and design choices reflect a deep understanding of the blockchain ecosystem, resulting in a codebase that is not only reliable but also maintains a high standard of quality. The following sections will delve deeper into specific aspects of the codebase, highlighting its strengths and areas for potential improvement.

Centralization Risks:

The suite of smart contracts developed for the AI Arena, as reviewed, reveals several areas where centralization risks are introduced through admin roles and the _ownerAddress functionalities. These roles enable a concentrated group of addresses to exert significant influence over the platform's operations, which, while beneficial in certain aspects, also introduces several potential drawbacks. Below is a more detailed examination of these roles across the provided contracts, outlining the pros and cons of each action associated with centralization.

Analysis of Admin and _ownerAddress Functionalities

Ownership Transfer (transferOwnership Function):

Agility in Management: Quick response to critical issues or necessary updates by transferring ownership to a more active or capable party. Business Continuity: Ensures the platform can continue operating smoothly if the current owner is unable to fulfill their role. Potential for Abuse: The current owner could transfer ownership to a malicious entity, compromising the platform's integrity. Lack of Oversight: Without a governance mechanism, this transfer is unilateral, lacking community or stakeholder consensus.

Admin Access Adjustment (adjustAdminAccess Function):

Operational Flexibility: Enables dynamic adjustment of administrative powers to accommodate the evolving needs of the platform. Security Response: Quick revocation of admin access in response to compromised accounts or internal threats. Centralization of Power: Concentrates decision-making in the hands of a few, potentially leading to biased or unilateral decisions. Risk of Exclusion: Legitimate entities or contributors could be unfairly removed from their roles without due process.

Integration Control (e.g., instantiateNeuronContract Function in FighterFarm):

Strategic Flexibility: Allows for strategic partnerships and integrations to be formed and dissolved as necessary for the platform's growth. Upgradeability: Facilitates the integration of new features and improvements by connecting to updated contracts. Gatekeeping: The owner can arbitrarily decide which integrations are allowed, potentially stifling innovation or favoring certain parties. Dependency Risks: Over-reliance on the owner's judgment for critical integrations could lead to single points of failure.

Token Management (Minting and Burning in Neuron):

Economic Flexibility: Allows for the adjustment of the token supply to manage inflation or incentivize participation. Reward Distribution: Facilitates the distribution of rewards or airdrops to contributors and participants. Inflation Risk: Unchecked minting could lead to inflation, diminishing the token's value. Centralized Control Over Economy: Concentrates economic decision-making power, affecting token holders' trust and the token's market perception.

Gameplay Mechanics Control (e.g., adjustAllowedVoltageSpenders in VoltageManager):

Quality Control: Ensures that only entities that align with the game's standards and ethics can influence gameplay mechanics. Security Measures: Protects the game from potentially exploitative or malicious actors by controlling who can spend voltage. Barrier to Entry: Could limit new entrants or innovative ideas from contributing to the ecosystem due to centralized approval processes. Lack of Diversity: Centralized control over gameplay mechanics may lead to a homogenized game experience, stifling creativity.

Systematic Risks:

1. Potential for Smart Contract Vulnerabilities: The complexity of interactions between contracts such as FighterFarm, RankedBattle, and MergingPool increases the risk of vulnerabilities that could compromise the entire ecosystem. Ensuring thorough testing and external audits are crucial to mitigate these risks.
2. Denial of Service (DoS) Attacks: Certain design choices, such as unbounded loops or publicly accessible functions that modify contract state, could make the system susceptible to DoS attacks. Limiting gas usage and optimizing smart contract functions can help prevent such exploits.
3. Dependency on Single Points of Failure: Relying heavily on single contracts for critical operations can lead to systemic failure if these contracts are compromised. Implementing decentralized and redundant systems could enhance the protocol's resilience.
4. Security Best Practices: The use of standard security libraries and adherence to recommendations, such as those from OpenZeppelin, is vital. For instance, ensuring secure signature recovery methods can prevent vulnerabilities related to signature malleability.

Architectural Improvement :

Protocol Structure: The Ai Arena ecosystem is bifurcated into two primary categories: Core Gameplay Contracts and Economic & Reward Mechanism Contracts. This structure facilitates a clear understanding and maintainability of the protocol, ensuring that participants can engage seamlessly with the gameplay and reward systems.

Core Gameplay Contracts: The gameplay is fundamentally driven by contracts such as FighterFarm.sol for NFT management, RankedBattle.sol for competitive play, and MergingPool.sol for rewards through engagement. This setup not only centralizes the gaming experience but also provides a straightforward pathway for users to interact with the game's core mechanics.

Economic & Reward Mechanism Contracts: Economic incentives and reward distributions are managed through contracts like Neuron.sol for the in-game currency, StakeAtRisk.sol for staking mechanisms, and VoltageManager.sol for energy management within battles. These contracts work in tandem to create an engaging and balanced economic model that rewards participation and skill.

Exceptional Features of Ai Arena

Dynamic Reward System: Ai Arena employs a dynamic reward system, adapting to player engagement and performance. This ensures that rewards are distributed fairly and encourages continuous participation. Complex NFT Interactions: Through contracts such as FighterFarm.sol, Ai Arena showcases complex NFT interactions, including minting, staking, and attribute management, providing a rich and immersive experience. Strategic Battle and Staking Mechanics: The implementation of RankedBattle.sol and StakeAtRisk.sol introduces strategic depth to the game, where players must carefully consider their actions in battles and staking decisions. Engagement through Energy Management: VoltageManager.sol introduces an innovative energy management system that requires players to strategize their participation in battles, adding another layer of engagement.

Areas for Improvement

Integration of Multitoken Standards: Adopting ERC-1155 could enhance the game's flexibility by supporting fungible and non-fungible tokens, thereby broadening the scope of game items and rewards. Decentralized Governance: Implementing a governance model that allows players to have a say in future updates, features, and balancing changes could increase community involvement and investment in the game's development. Cross-Contract Security Enhancements: Given the interconnected nature of the contracts, implementing additional security checks and balances between contracts could mitigate systemic risks and enhance overall protocol security. Improved Randomness for NFT Attributes: Investigating more secure and unpredictable sources of randomness for NFT attribute generation, such as Chainlink VRF, could further enhance the fairness and unpredictability of the gameplay. Enhanced Player Incentives: Exploring additional mechanisms for player rewards, such as tournaments, leaderboard prizes, and seasonal events, could drive engagement and long-term player retention.

Time Spent:

Pure 92 Hours :)

Time spent:

92 hours