Client
Browser-based game running on the player's device. No keys held; talks to the simulation server over WebSocket.
Protocol Layer
The chain is never on the critical path of play.
Gameplay state stays on the simulation server. Ownership state lives on Base. The two layers communicate through signed attestations — never through synchronous calls.
Architecture
Four components. One direction of trust.
Simulation server
Authoritative game loop. Validates inputs, advances the simulation at fixed tick, and produces match result records.
Attestation service
Signs a hash of (seed, inputs, score, identifier) at match end. Holds the operator's attestation key.
Settlement contracts
Deployed on Base. Hold soldier and gear ownership, accept Merkle-proven claims for seasonal rewards.
Replay Attestation
Match results signed at the source. Verifiable by anyone.
The simulation is deterministic given a seed and an input sequence. Tampering with either yields a different hash and invalidates the signature; tampering with the runtime produces a different result on re-simulation.
STEP 1
1. Match concludes
Server emits the tuple (s, i, r): seed, ordered inputs, result. Moment-to-moment state is discarded.
STEP 2
2. Hash + sign
h = H(s ‖ i ‖ r ‖ p) where p is the player identifier. The attestation service signs h with the operator key.
STEP 3
3. Independent re-simulation
Any auditor with (s, i) can re-run the simulation locally and confirm the resulting score equals r.
STEP 4
4. Season root committed
At season end, attested results form a Merkle tree of (wallet, amount). Only the root goes on-chain.
STEP 5
5. Player claims
Submit leaf + proof. Contract verifies against the published root and transfers $WARF to the wallet.
Settlement
Constant-cost claims, regardless of leaderboard size.
At season end, the operator builds a Merkle tree of (wallet, amount) leaves. Only the root is published on Base — the chain stores no per-player record. Players claim with a leaf and a Merkle proof.
Unclaimed rewards expire after a fixed window and return to the treasury. A player who links a wallet after season end may still claim, provided the window has not elapsed.
Anti-Cheat
Treated as a primary concern, not an operational afterthought.
Input validation
Inputs implying impossible movement, fire rate, or projectile speed are rejected at the server before they reach the simulation.
Statistical outlier detection
Distributions of accuracy, reaction time, and movement coherence are monitored across completed matches. Outliers are flagged for review.
Re-simulation of high stakes
A sample of high-ranking matches is re-simulated by an independent verifier before the season Merkle root is committed.
Bug bounties
Paid in $WARF and cash. External researchers are paid to find vulnerabilities in the protocol and contracts.
Read the full design.
The whitepaper covers identity, replay attestation, settlement, token sinks, and failure modes in detail.