I have been playing with steemmonsters lately. While learning the how steem monsters work, I also questioned a couple of things.
Recorded actions on blockchain
When you do any action in the game, you broadcast a custom json into the network.
For example, when you combine cards, you sign and broadcast an operation like this:
{
"required_auths": [],
"required_posting_auths": [ < your_account > ],
"id": "sm_combine_cards",
"json": {
"cards": ["
"C-<card_uuid>",
"C-<card_uuid>",
"C-<card_uuid>",
"C-<card_uuid>"
]
}
}
There is no validation here. You can broadcast a combine_cards custom op with the cards you don't own or with the cards not generated and have invalid ids.
Since this is not a part of the blockchain consensus to validate this stuff, after the user's transaction, the original @steemmonsters account acknowledges the operation by checking their internal centralized database and broadcasts the verification.
{
"required_auths": [],
"required_posting_auths": ["steemmonsters"],
"id": "combine_result",
"json": [{
"account": "news-today",
"ref_trx": "<users_trx_id>",
"card_id": "C-<combined_card_id>",
"xp": 6,
"removed": ["C-<removed_card>", "C-<removed_card>"]
}
}
}
Makes sense. However, one thing I question is that transactions will not be picked up by the game unless they have been initiated through the website..
Verifying randomness on card generation
Card generation is not verifiable. I mean, owners can set a "if condition" like this:
if account == "emrebeyler":
generate_all_the_legendaries()
Generating cards via self-transfers
I know, they have rights to do that, but it still feels wrong.
Final thoughts
I have stopped spending time for the game until the actual game released.
Most of my critics are related to decentralization of the game while owners don't claim they're building the next decentralized game, however, these things can be applied without giving the authority to anyone. And kudos to the team for the great idea and implementation so far.
Matt mentioned about trying to set up the random to be based on transaction ID or something.
What gets logged on the blockchain is only for auditing purposes, everything is done off chain.
I think it is ok to have the game logic off-chain. It would be good however to decouple the transactions you do from their website. But I do think that this is mainly a question of priorities. Also, I would hope that they make the whole project open on github, so that the code can be reviewed.
So, they can just print cards as many cards as they want to?
while true: transfer_50SBD_to_myself()
No need for an if condition there
I wrote a small blog about why I think steemmonsters cards are worth actual money.
You can check it out https://steemit.com/steemmonsters/@tsnaks/are-steemmonsters-cards-actually-currency