Farty Watch: A Community-Driven Anti-Cheat for Web3 Games via Attestations

Over the past two decades, the gaming industry has seen tremendous growth and now stands on the brink of a new era with Web3 gaming. Unlike traditional games that are centrally controlled, Web3 games foster decentralized, player-driven ecosystems with features like asset ownership, interoperability, play-to-earn models, and decentralized governance. However, as the industry expands, so does the complexity of cheating methods, from basic cheat codes to advanced hooks and injectors. This ongoing battle for fairness is critical in Web3 gaming, where the stakes are high due to the direct financial impact of each game action, necessitating sophisticated anti-cheat software solutions.

Basic Detection and Prevention

In the early days of online gaming, cheating was often rudimentary. Players used simple cheat codes or memory inspectors such as Cheat Engine to manipulate the game process to gain an unfair advantage. Developers responded with basic detection methods, such as detecting common Direct3D/DirectInput hooks or checking for processes that matched known cheat signatures running alongside the game. These methods were often reactive, only detecting cheats after they’ve been reported and manually flagged rather than preventing new ones. Cheat makers only had to slightly update their cheats to make them undetectable again.

Advancements in Anti-Cheat Technology

Getting tired of constantly playing catch-up, game developers stepped up their anti-cheat programs. Modern games employ a variety of advanced techniques to combat cheating:

• Behavioral Analysis (e.g. FairFight): By analyzing player behavior patterns, developers can identify anomalies that suggest cheating. For example, a player with perfect aim, superhuman reflexes, or regularly tracks other players through walls might trigger a deeper investigation.
• Server-Side Checks: Instead of relying solely on client-side detection, many games perform server-side validation to ensure that the data being sent by the client is legitimate. This reduces the risk of client-side manipulation and alleviates client desync.
• Kernel-Level/Ring0 Access (e.g. BattlEye, EA Anti-Cheat, Riot Vanguard): Some anti-cheat software operates at the kernel level of a player’s operating system by installing a driver, providing deeper access to detect and prevent cheats. However, this approach raises privacy and security concerns, as players sometimes find the anti-cheat programs scanning through personal files unrelated to the game or arbitrarily blocking unrelated programs from running.
• Machine Learning (e.g. MouseTrap): Aside from powering various antivirus software, machine learning algorithms have also become increasingly common in cheat detection. These algorithms can learn from vast amounts of data and adapt to novel cheat signatures that would previously require manual flagging or hardware cheating devices that mask themselves as a generic controller.

Advancements in Cheating Technology

Despite these anti-cheat advancements, the battle against cheaters is far from over. Cheaters continually find new ways to exploit games, sometimes making it completely impossible to detect:

• Kernel-Level/Ring0 Cheat Drivers: If anti-cheats can run on the kernel level, then cheats surely can do the same. This levels the playing field yet again with kernel-level anti-cheats. Combined with a well-made hardware ID spoofer, hardware bans are easily avoided.
• Computer Vision AI Aimbot: Instead of injecting a hook into the game process itself and reading information regarding other players from memory, this aimbot runs on the graphics card and uses CV to make an AI agent aim and shoot for you. This entire process can even be run on a separate computer altogether, making it truly impossible to ever detect with any kind of software.

The (Never) Ending Battle

The battle between cheats and anti-cheats is a never-ending cat-and-mouse chase that, once the anti-cheat side stops, often leads to the destruction of the player base. In fact, many games die of cheaters as publishers give up updating anti-cheat and abandon players after a few years. The incentive here is misaligned: once the publisher can no longer effectively monetize the game, they stop caring immediately (or as quickly as their PR department permits) and even deliberately let cheaters run free to force players to move on to a newer game. Although legitimate players hold the correct incentive, they have no access to any hard power that the publisher wields. Thus, despite players craving for a fair game, they are left to fend for themselves against cheaters.

This is most evident when it comes to Battlefield V, a fan-favorite game that was intentionally neglected by the publisher, EA, in favor of the next entry in the franchise, Battlefield 2042. Despite the overwhelming negativity surrounding 2042 and strong player count of V, it never received an anti-cheat update, which led to an increasingly low player count due to the abundance of cheaters.

Since one of the core tenets of Web3 is to empower the “little guy”, how can we apply this to anti-cheat so legitimate players can form a self-sufficient committee and effectively guard their beloved games against rampant cheaters without having to rely on publishers or developers?

Securing Web3 Games

Cheating in web2 games is still limited to the game itself. Players may rage quit, games may die, but affected gamers don’t lose anything in real life aside from the time and energy they poured into gaming. However, with Web3 gaming and the introduction of independently tradeable gears, we simultaneously introduce an incredibly effective motivator: money, as winning in-game leads to acquiring better gear which then if sold translates to more real-world financial assets. This attracts an entirely different set of cheaters who are much more desperate and would try so much harder to exploit the games not to gain more ego, but more money. For example, Dookey Dash Unclogged, a BAYC-themed game by Yuga Labs, was exploited within days.

With massive amounts of money at stake, making Web3 games bulletproof is paramount. It is an immense challenge as the enemies at the gates are now a different breed.

Casual Games: The Next Big Trend in Web3

The rise of Notcoin as a tap-to-earn game, which has already amassed more than 40 million players, is a testament to this emerging trend. Additionally, games like hamster kombat and Catizens are gaining popularity, demonstrating the appeal of simple yet engaging gameplay. It is inevitable that there will be more casual games in the future on the TON network and gradually expand to other chains as well. These games will likely share common features: simple game play, leaderboards, and rewards. Given the financial incentives involved, developing robust anti-cheat mechanisms tailored for Web3 games will be crucial to maintain fairness and integrity in this burgeoning sector. As casual games continue to attract a diverse audience, the need for effective anti-cheat solutions becomes even more paramount to ensure a level playing field for all players.

Introducing FartyWatch

We propose FartyWatch, an incentive-aligned community-driven anti-cheat system based on consensus, where every single game result is publicly posted on the blockchain and community members can start a dispute, have other members vote on the dispute, and eventually determine the legitimacy of said game result based on governance.

Attestations: Standardizing Game Records On-Chain

To standardize game result records, all games implementing FartyWatch will leverage Sign Protocol to publish game data per match in the form of attestations in accordance to a game-specific data schema predefined by game developers.

This data is then used to power both leaderboard calculations and community anti-cheat screenings to ensure data consistency, with the added bonus of data interoperability as all game account state is publicly defined and available. In other words, anyone can inspect and dissect any player on the leaderboard, freely scrutinizing their game records from every single match they have ever played.

Governance: Power to the Players

Players are the beating heart of every gaming ecosystem, therefore we are giving every player a say in deciding the fate of suspected cheaters. To begin with, any player can flag a game record as malicious. Once flagged, a case is opened and all players can vote for or against the game record. As a consensus is reached after a set period of time, the game record is either kept or flagged as discarded, and the associated players punished accordingly. This can happen in a variety of ways, one of which is to lock up all token earnings of players in a game for a set period of time. If a guilty verdict is reached before the earnings are unlocked, the illegitimate earnings are slashed from the cheaters and redistributed to other players.

The number of votes any player has is determined by their staked game token balance. This is to make sure all voters are incentive-aligned for the betterment of the game and prevent brigade attacks from a different community. Although tokens can be bought by cheaters and used to vote against punishment, this simply drives other legitimate players away from the game, causing them to sell tokens and devalue the cheater’s token holdings. With moral, communal, and economic incentives combined, this crowd-sourced anti-cheat is not only independent but also resilient.

Web3 is all about community — created by and for the people. At Farty Bera, we believe the players should also have the power to combat cheaters in Web3 gaming. Stay tuned for more details on this initiative in our upcoming posts, including any updates for game developers to integrate FartyWatch. Join us on Discord and follow on Twitter for updates.