Web3 Gaming - Infrastructure & Security

Securing the Future of Gaming: Unraveling Web3's Infrastructure and Security Challenges

In the dynamic world of Web3 gaming, the conversation often focuses on gameplay and innovation, overlooking the critical aspects of infrastructure and security.

This transcript offers an in-depth exploration of these foundational elements, crucial to the integrity and success of Web3 gaming.

Featuring insights from experts in the field, we delve into the challenges and solutions that shape the secure, reliable platforms necessary for the burgeoning Web3 gaming industry.

Join us as we uncover the often-unseen yet vital facets of gaming's next frontier.

~~TRANSCRIPT~~

Legendary 00:02:31 GM, everyone, and welcome back to our weekly show. I think we have a pretty, pretty interesting topic to talk about today. Obviously, the market is in a massive, massive run. WP 3 space is growing. So is Web 3 gaming. And if if if we see that kind of growth, we almost never think about infrastructure. We never think about what's going on in the background. We mostly think about the games. We think about are they fun to play, but we don't think about security. We don't think about data.

Legendary 00:03:11 We don't think about the technical infrastructure and the frameworks. That happen behind the scenes. And this is exactly what we want to highlight in, today's space while not games themselves both of the projects that we wanna talk about today are contributing to growth in in 2 very, very different ways.

Legendary 00:03:30 On the one hand with a very holistic security framework and on the other hand, with analytics and, data accessibility, And I think that's a very, very relevant conversation to have, and I'm very happy that we can have it today with helbon security on the one hand with click on the other hand as well as with, our content creators with Yellow Panther, with Eliza, and with Sanjay and with, Mauritz joining me from the ZT X side today. With that out of the way.

Legendary 00:04:08 More, it's welcome to the stage, how you're doing, how you're feeling about the market.

Moritz 00:04:14 Yeah. GM, Jim. I'm, of course, feeling good about the market. I mean, the the market overall looks pretty decent. And, also, I think, like, a lot of the audience, it's also, like, heavily into both the gaming. And, yeah, if you look at the market there, it's it also looks very good. And, yeah, I'm very excited for the topic today. I think infrastructure and security might not be the most interested, interesting topic but I think it's definitely one of the more important topics in the 3. Yeah, and I'm excited to to learn a bit more myself because security is definitely not my field of expertise.

Legendary 00:04:54 Yeah. Very, very much agree. I think this will be a very educational space, for all of us. Scott, welcome to the stage from Halborne's side. How are you doing? How are you feeling about the market? Is it hard to focus when all numbers are going up?

Scott Gralnick 🦇🔊 00:05:10 1st, thank you so much for having Halborn here today and myself. Really appreciate the work that you're doing in the gaming space. And you know what? I've been in the space since roughly 2013. Building infrastructure since 2017. So I I enjoyed these, these up and downs in the ecosystem. You know, when we're down, it's a great time to have your head also down focusing on what you're building. And hopefully, it's a great game that's gonna draw mass adoption into the space. But, yeah, it's nice to hear the ecosystem outside of the core builders and developers and players talking about pricing going up.

Scott Gralnick 🦇🔊 00:05:48 So we'll see what happens in the in the next bull run.

Legendary 00:05:52 Love. Love. Love to hear that Lisa, welcome to the stage. How are you feeling? Are you still traveling?

Elisa 00:05:59 Hi, guys. Thank you for having me. Very happy to be here. Funnily enough, we actually mentioned, stuff about security in the space I was just in right now, So it seems like it's a topic a lot of people are thinking about. And yeah, I'm I'm in Japan right now, so still in Asia and coming back to Europe next week, and it's gonna be pretty crazy. I have like a mint during my flight, so Yeah. This war on is insane. Like, it's just nonstop, but yeah. Hope you guys are all doing well.

Legendary 00:06:31 I love love to hear that. Are you prepared for potential delays on your flight for the mint? Do you have a backup plan for that?

Elisa 00:06:39 So I'm, yeah, I'm pretty scared, to be honest. So my plan is to get, like, the most expensive wifi plan of the flight and I just have to pray that nothing goes wrong. I maybe need a backup plan where I maybe ask, like, yellow Panther to I don't know how to do it, though. Like, I give him my seed phrase, I guess, and humans for me. I don't know. But Yeah.

Legendary 00:06:59 It's I don't know. Love it. Quick side note on that. I once did a mint when I was in a spa, and what happened is a blackout, and I wasn't worried about blackout. The only thing that really worried me at the moment was, do I still have internet? Can I still mint? I don't worry about the apocalypse. But the mint was the focus, and it did work out. What about UEL Panther? Did did you have any in flight mint experiences so far and how you're doing. I don't know if it's just me, but I can't hear yellow.

Scott Gralnick 🦇🔊 00:07:36 Is it just me? And I think that is answer.

Elisa 00:07:40 I can't hear him either.

Legendary 00:07:42 Gotcha. Maybe you wanna drop off stage and and join us again, and then we'll have another try. In the meantime, Sanjay, welcome to the stage. What about you? Did you have in flight mints, or is it something on your on your wish list?

Sanjay 00:07:56 It's I don't know if that's on my wish list, to be honest. I mean, I prefer, you know, my very stable connection at home. I can't, like, I guess, first world problems, I can't imagine, like, not having really good internet on my fingertips. So I'm happy just minting from my bedroom to be so much. I mean, I I prefer going on my computer, so I'm connected with the ethernet cable rather than the Wi Fi because I do not wanna miss any chance of minting anything in this market.

Legendary 00:08:22 Love to hear that. Love to hear the excitement. With that out of the way, let's let's type actually into today's topic. And I wanna do it. Let's see if we can get yellow up on stage with us and maybe check with him quickly. Yellow, can you hear us? Can we hear you? Just checking again. Hello. Wonderful.

yellowpanther.moca 💎 00:08:47 So sorry. I just wanna say, wow, Elijah, trust me so much. I'm so touched. No one ever said Okay. I'll give y p my seed phrase. No one said no one ever, but, yeah, I I I did not have, those kind of rush men issue. And stuff like that, luckily, but I'm just so happy to be here. I'm ready to learn about infrastructure and security.

Legendary 00:09:13 Love it. And I also love the trust in giving away the seed phrase. I think that is the most trustful, almost most romantic thing someone could say in web 3 possibly. With with that out of the way, I think I wanna do things a bit differently today. Typically, what we don't do or what I personally don't like doing is necessarily have an intro, have an intro around. But I think as with with Halborne and with that more technical side of things, and again, it is an infrastructure topic is maybe a bit more on the technical side of things.

Legendary 00:09:47 It would be super helpful, Scott, to understand from your side what it actually is that that Halbon is doing Obviously, when you go to the website and you look at the services, you see security advisory as a service, you see advanced penetration testing, smart contract audit, devops, plus automation and very, very impressive list of partnerships, but it would be very helpful, to just hear from you a bit of an intro what it actually is that Halburn does.

Scott Gralnick 🦇🔊 00:10:18 Sure. Completely understand. You know, I find in conversations, one of the first questions. I ask other companies and people in the space. So you've heard of Halborne. Great. I really I I love that that our our team is getting brand awareness out there. But tell me, like, what do you actually know about Halborne? And a lot of people say, oh, you guys do smart contract audits. I was like, well, yeah, you you are right, but that's a fraction of what we do here at Halborne. So to give you a little context, Halborne's been around since roughly 2017.

Scott Gralnick 🦇🔊 00:10:51 We've really come from the understanding that web 2 infrastructure still exists and web 3 integrates with web 2. So the things we like to focus on for the ecosystem at large are very traditional requirements of breaking down architecture security, risk assessments, getting into cloud security audits, thinking about that design phase in the early stage project of, you know, your cloud configuration. Let's get into your physical network segmentation. Maybe you need some like DevOps, team members, and we can offload that for you.

Scott Gralnick 🦇🔊 00:11:31 Of course, we do smart contract auditing. But we get into infrastructure audits. We get deep into the CIC pipeline. We get into web app, mobile app, layer 1. We do layer 1 pen testing. We get into specific languages, whether it's polygons, ZK sync, Ethereum. We we do it all. One thing I like to frame ourselves as, we are very preventative group. We are not there. Like, you get hacked. You may need some type of instant response. We're the ones that wanna prevent that from happening in the first place.

Scott Gralnick 🦇🔊 00:12:11 So we work with groups all the way from very native web 3, all the way to large enterprise and that could be, you know, a unisewap all the way to a circle or a grayscale or a even like a BNY. Right? But for this sake, we'll talk about a lot of the gaming, companies and ecosystems and what they're really focusing on and how we could best protect So that's a thirty thousand foot overview of how we sort of frame things, in that, like, very holistic approach I hope that answers the questions.

Legendary 00:12:45 That that that is that is super helpful.

Legendary 00:12:47 And as you said, let's dive a bit deeper and let's focus also on the gaming side of things because I feel like the majority of exploits that make the headlines are on protocol level, are on they do make the headlines when suddenly a couple 100 mil are gone, especially when it comes to locals that either have large treasuries or just a bridging protocols But if we specifically focus on web 3 gaming and web 3 games, how or where do, web 3 games become a target for malicious actors, what what are some of the dangers or risks that you see there?

Scott Gralnick 🦇🔊 00:13:28 Oh, man. That's a a great question. You know, games are really you unique, right, because games are collecting and storing so much different information that really needs to be protected. So if you think about, from name, email, country, username, age, languages, you know, gender, purchase information, passwords, friendless, personal interests.

Scott Gralnick 🦇🔊 00:13:56 These are all things games, whether, you know, a gaming a specific gaming device or a gaming activity that they're relating to from your rankings, your chat applications, your, data about your contact, These are all areas which need to be thought about. And so if you break down the type of platforms that people are looking to protect. You can think about game 5. You can think about online gaming, the mobile and app store game. You think about the all the different NFT and metaverse games that exists. Within those, you have to look at the payment and escrow services.

Scott Gralnick 🦇🔊 00:14:35 You have to look at the client side and the council based apps or even like the MMO ecosystems or the play to earn and play to play to play, what's like play to earn, play to earn, and play to play. In these aspects, infrastructure is a key part of that. How we protect that. We're looking at the basic logic of the business hacking that's taking place. You could look at the, custody risk assessments. You could think about the anti cheat and anti bot bypass that are being put into the games.

Scott Gralnick 🦇🔊 00:15:14 Of course, smart contracts are a very key part of this. Even people preparing for the VR AR of the metaverse hacks. Right? You we could get into the cloud shards and, hyper version testing and tests that are taking place right now and some of the firmware assessments within the hardware, if that is applicable, Gotcha.

Legendary 00:15:37 Let's let's try to get a bit more as a as a follow-up question into into the detail of how such a, security process or working together with a company like Halborn that focuses on the holistic, security approach would work. So I say I'm a web 2 game studio. I enter the web Three space. I wanna come up with my own mobile game. I wanna come up, like, so many other games with my own token, and I just wanna onboard the web 3 community to my mobile game.

Legendary 00:16:10 What are some of the touch points aside from smart contract audits where basically you would fulfill that need for security and what you mentioned quite a few things. You mentioned anti cheating systems and many, many more. So in, in this case, you have this new game, this, this web to gaming studio building a new web 3 mobile game. They did the smart contract audit. What would, like, some other concrete things be that you'd work on with to secure not only the users, but also the infrastructure that the game is building.

Scott Gralnick 🦇🔊 00:16:48 Yeah. So, a step by process would look something like, we would kick things off with some initiation after, you know, doing some advisory work, talking back forth with them seeing what their goals were. In that, we would be putting together different technical reviews. We would understand the key project and initiatives that they want to accomplish, put together what tech stack that they're working with, understand that process, and then are architect and road map that out. From there, we would get into some type of security and risk assessment.

Scott Gralnick 🦇🔊 00:17:22 After that point, we get into our security service roadmap consensus that we all agree upon. Then it goes into continuous and ongoing improvement. We would be taking a look at the web app. We would be doing mobile pen testing. We would get into the game logic testing We would then look at the cloud auditing and configuration aspects from there, depending on the game itself. And I'm sure they will have some type of payment gateway or micro transactions. We would then do some type of micro transaction audit.

Scott Gralnick 🦇🔊 00:17:54 We would get into their cloud flare configurations because that's a huge contentious point of, some type of, DDoS attacks that have been taking place recently. You know, then if it's something in the metaverse or some type of NFT contract, we would get into some type of audit with the NFTs. And we'll have our team on standby at all times. Some type of dev security ops or scam detection put in place. The great thing is working with how born you're going to have your customer support in place at all times. You have a dedicated account manager.

Scott Gralnick 🦇🔊 00:18:28 You'll have your assigned to security engineer specialists you'll get your project management dashboard to integrate with. Then we have our communications and client approvals to go back and forth. So one of the things that we really pride ourselves on is we just don't dump our findings at the very end. It's a constant communication and back and forth with updates, fixes, updates, fixes. And then at the very end, if you wanted to make the report public, we can do so, or we keep it private, you know, it's, to the company to the company's liking.

Legendary 00:19:08 Gotcha. That that that makes a lot of sense. And let's maybe is maybe flip the script a bit on on the follow-up question. I saw you had a post on x, a gaming security challenge asking what is has basically the most critical impact on the user side of things is that clicking unverified links in the game chat, downloading free versions of paid games from unverified sources, downloading game extension packs from unverified sources and using public wifi when transactions are involved. The answer was, the downloading of free versions of paid games from unverified sources.

Legendary 00:19:46 And I think That's also something that we've seen, in web 3 as well. Not necessarily with free versions of paid games, but I also remember personally that I've been targeted by, a fake game studio wanted to partner with me as a content creator And they said, look. We want you to do a play test, etcetera, etcetera, etcetera. And here's the and I think I'm can also speak for some of the other creators on stage, and I'm certainly not the only person that's received messages like that. Here's the game demo, download the game, and test it and then do your video, whatever on that.

Legendary 00:20:25 And with, obviously, the target, being to, to get access to my wallets by doing that to get access or control of the computer that I'd be downloading the game on is this a, Scott and and attack vector that you see becoming more common as well, the popularity of web 3 game games increases and be how can users, you know, whether it's content creators who gamers protect themselves against attacks like that?

Scott Gralnick 🦇🔊 00:20:58 Oh, man. That that's a great question. So let me let me break this down in in two ways. 1, internal to companies, we offer security awareness training and also social engineering readiness. This really falls under our social engineering readiness, and I I really wish people would take just a little bit more time to, you know, trust, but verify. Right? That is a poor ethos to this whole entire ecosystem, right, trust, but verify.

Scott Gralnick 🦇🔊 00:21:33 So when you're excited about a game or someone's trying to partner with you, do as much as you can to verify the links, looking back at you, if if it's like https, seeing who you who sent it to you. And you know, triple verifying because it is fishing is a very, very, very, very, very common, but successful method of attack from the gaming ecosystem, from the traditional Web 3 ecosystem that even well, well known investors today have been fallen to phishing attacks and, you know, wallet trainers.

Scott Gralnick 🦇🔊 00:22:09 So, yeah, it's it's always good to take that extra step of verification to make sure if someone's approaching you, you don't know them at first. If you can maybe you know, qualify them by mutual connection or asking companies that they've worked with and qualifying them. You know, some of the best people in the space have fallen prey to hacks like that, unfortunately.

Legendary 00:22:37 Absolutely. You're a 100, 100% right on that. And we'd also love to hear from, our creators, yeah, I'm gonna throw it to you first. How do you go about basically vetting a new project where you maybe are not aware of the company that's behind it? What does your process as a creator look like? Keeping in mind that, obviously, when you share that, you have a big audience, and there will be people going to the profiles and to the website. So how do you go about analyzing a new project?

Scott Gralnick 🦇🔊 00:23:06 You know, I feel very fortunate for the projects that we do work with. We try to always do our best work. We try to give the best customer support. We look at teams that we work with. We think about this space in longevity. Yeah. You know, it's not just quick money. We wanna be there for the long haul. And in doing so, in treating every company that we work with, like family and partners, we get a lot of referrals. And the referrals come through a trusted source which is very much appreciated. If not, if it's something new coming through the pipeline, you know, we do our we do our own diligence.

Scott Gralnick 🦇🔊 00:23:46 We look at the founders. We look at you know, what they've done before. You know, we're having conversations with them on Zoom and or in person. So we're we're vetting these projects you know, as best that we can. And sometimes we can be quite selective on the groups that we work with. Just, you know, If you're looking for a quick audit or stamp of approval, we're probably not the best auditor or security team for you.

Legendary 00:24:13 Gotcha. That makes a lot of sense. And I would also like to hear from, our content creators on stage how they go about, you know, looking at new games, looking at new projects. Yellow Panther, maybe you could you could answer that first. If you see a new game, that hasn't been on your radar before from a team that you don't really know how you go about finding out more about the company or that that team before you share it with your audience?

yellowpanther.moca 💎 00:24:42 Yeah. I think, I think legendary, you actually gave a really good, social, I I forgot what's the what's the word about, like, a social hack. I I got that once, like, I think, like, unfortunately, like, 2 years ago or something, but it was exactly how he described it. So from then, I actually learned and talked to a lot of people and learn from my experience from it. And I think the first thing when I get a DM or a email, I will actually check the social first and whoever my mutual is following or not.

yellowpanther.moca 💎 00:25:17 The biggest red flag is always, seeing seeing a game and no one's following it. That's the biggest one. So and the second mid red flag, is actually lesser people following it, like ten people or so. That is also something that you need to be aware of. It might be something new or it might just be, outside of your, know, your bubble, and stuff like that. Because some games, like, for example, Japanese games and stuff like that, they actually have a really tight bubble. And only people that are in Japan in Japan knows about it and stuff like that.

yellowpanther.moca 💎 00:25:53 And the 2nd most reliable is actually I trust my friends. Like, I will trust I will cross check with, Sanjay, Eliza, Raven, and other creator fan. We have a group, and we will ask questions, we won't just, like, go ahead and I'll say, okay. Okay. Just give you a link and download. Let's work No. No. It's actually a longer and more tedious process because, we all know how dangerous web tree is. Right? And I think what, hellborne and, you know, ZT X, this partnership is actually very meaningful because Z ZT X is, like, from Zepetto, right, And even myself, I played the Zapato game, and they had, like, so many users.

yellowpanther.moca 💎 00:26:33 I partnered with some of the Zapato creators, and they have so much followers. Right? And these creators might not have, the knowledge about, you know, how to protect themselves. And I think this partnership will help more, web 2 gamers, that are onboarding and coming into web tree, you know, we we'll do them a very big favor and protecting them to, a lot of sources and vulnerabilities that they do not know about.

Legendary 00:27:04 Love the answer and also love that you brought up. Having a look at the at the mutual followers, I think that's a very, very helpful thing to do on x. Obviously, it's not as you said, it's not a full due diligence process, but it can be, very helpful to get, like, a first indication of some level of trustworthiness. Eliza, have you been targeted before, in in the way that I or Yellow Panther have been describing just before. And also the same question to you, how do you look at a new project that you're not that familiar with?

Elisa 00:27:40 Yeah. I've I've had loads of times where I could have messed up. I think one of the biggest ones is like fishing links. I also it's not so much like when downloading a game, but this school service, in my experience, have been, like, extremely, risky. Like, I was once managing a server and we were, at level 3. If you know, this call, you know, that at level 3, you have custom invite link. And we lost we lost the level 3 for, like, I don't know, a couple hours.

Elisa 00:28:13 And someone basically sniped the link, and had whipped up like a whole new server that was identical, except they basically added a collab land to it. So For those of you who don't know what that is, you link your wallet and it was a trainer. And luckily, no one in the community, got hurt because they noticed straight away and, and, you know, people in in web 3, are quite savvy with that, but yeah, really, really scary stuff.

Elisa 00:28:43 Like, you always need to watch your back and you always need to double check, triple check, and to be honest, I I feel like I I should almost be more cautious. I don't download any games unless I've met the team, like, on call or yellow panther, Sanjay, or any of my really close creative friends recommend it and say it's all fine and I triple check the link. But yeah, security is always on my mind. Like, even the other day, I hosted, like, kind of like a crypto 101 session with my community, and I showed them how to make a safe, which is like a multi sig.

Elisa 00:29:22 And yeah, always trying to think, like, you know, what, what can I share that I know to my community and I'm not I'm not even that savvy, right? Like I, I could know more and I could be more careful, and yeah, the my community actually shared, like, a few things with me, like, what is it called? Revoke dot cash. Please again, triple check the the URL, but yeah, revoke Door Cash and it basically revokes, like, all of your, previously signed I guess, like, connected websites. It's beyond connected websites.

Legendary 00:29:57 It's like All the allowances for tokens or NFTs that you might have given out to a malicious smart contract. Exactly. You can revoke them with tools like revoke dot cash, and either scan itself also has a functionality to do that and the super, super helpful to actually and sorry for for cutting you off, but such a valuable point that you're making for checking just the allowances that you've given out to contracts because even if it's not a malicious contract, but say you're trading, I don't know, say, a trading Ape coin for ETH, and you can give out a limited allowance for a 100 Ape that you wanna trade into ETH.

Legendary 00:30:35 Or you can give it an unlimited allowance for an unlimited amount of aid that you allow, a debt to trade on your behalf. And if that gets hacked and you have the unlimited allowance open, all your AP or all your NFTs, whatever the allowance is, might potentially be at risk by doing that. So that is a very, very valuable point. And also, another another thing that you implied essentially is just ask questions Like, you don't need to know everything yourself, and there's no stupid question when it comes to security. Just talk to people and and get a second or a third opinion. I had the very same thing, by the way, to happen to me with, the Discord.

Legendary 00:31:14 I had, a couple of invite links that once they were used that they got sniped and exactly the same story, fake collab land bought, fishing for or not fishing or just trying to get access to to the NFTs of users connecting with it. But, again, same outcome as, with you, someone was savvy. To see that because I didn't even see that fake disc whatsoever within 5 minutes, and we got it resolved pretty, pretty quickly. And nobody got hurt.

Legendary 00:31:44 What I wanna do now is introduce, actually, take a quick break from the security talk and introduce our second guest click I said it at the beginning of the show, we're gonna do things a bit different and differently because we talk about infrastructure and security and not everyone might be that familiar with what's going on in the background and click, a, welcome to the stage who is joining from the team. And b, if I go to your website, I see identity articles connecting web 2 and web 3, prove any data that you own in web 2 to a third party and bring it on chain while preserving privacy.

Legendary 00:32:24 Can you explain what click does exactly and give a quick intro on the company.

Clique 00:32:30 Yeah. Absolutely. Thanks for having us. And great to see some friends here as well. How's it going YP? Once again. But, yeah, click at its core. We were really focused on building out chain reputation, and making, you know, connecting users' data, right, that that is totally siloed in web 2, allowing them take ownership of that and then helping them find use cases for that in web 3. Right? So a good example of that is in gaming. We've been working very closely with Ronin. And soon also working with Arbitstrom as well to essentially help users prove their gaming history.

Clique 00:33:05 So things like, how many hours you spent on Steve and specific genres, how many way in order favorite games, how much money you spent to instant seasonality, things like that. Obviously, when it comes to user data, right, you were taking this data from the user privacy really big element. So, you know, we're backed by a team of great researchers from, you know, Cornell, Princeton, so on and so forth. And what we do is we use different cryptographic tools I won't go too deeply into it. But, essentially, when your data is being proved through clicks or oracles, neither are or the the place that the data ends up on, whether that's on chain at the ID, is none of your private data is is actually revealed to us.

Clique 00:33:45 Right? So there's only that proof that's generated in secure environment. So let's say more than 1000 hours of steam steam games played in RPG games, not your steam ID, your IP address, your age, your location. It's all fully protected. It's black box. It's not visible to anything other than your front end. And that's something that we really pride ourselves on as well.

Legendary 00:34:04 Gotcha. So it is it is a 0 knowledge proof. I am not disclosing if I want to prove that I have, I don't know, a 1000 hours you said, spent in Fortnite. I'm not sharing publicly nor on chain, my username, my my steam account, whatever it is, but I just, as with any other kind of of sero knowledge proof, I can bring on to improve to whatever the statement is that I want proof, but I'm not disclosing the data, my data behind that.

Clique 00:34:33 Is that correct? Yes. Exactly. And so, when you generate a 0 knowledge proof, the environment itself usually still has to handle some of that data. Right? And so what we've done is we've created, you know, we're using trusted execution environments, with from SGX, you're essentially able to create this environment where the proof can still happen without, the without the environment actually seeing any of your as well so that there's there's no risk. Right? It's fully compliant. You're really only getting that proof on change to to prove that. Let's say you are a real gamer to a game.

Legendary 00:35:06 Gotcha. It makes a lot of sense. Before I go to my follow-up question yellow, I see you with your hand up.

yellowpanther.moca 💎 00:35:12 Go for it. Yeah. I just wanted to say, I actually met Jaden, since the pair. I think it was June or July, last year, 2022. Right? Like, this guy is, like, a definition of a builder. Like, you know, when when I first saw him, he was explaining all these things. Right? I had zero clue. I just pretended. I understand, but Nope. I have no idea what he's talking about, but, you know, as as Tango, I I started to understand better. And now it's just so good to see them working with Ronin and other, blockchains and, you know, ultimately for a web tree gaming. So I'm just super happy.

Clique 00:35:47 I just wanted to share that. Love. Love. Yeah. We've been here a minute, YV.

Legendary 00:35:53 Love love to hear that. Sanjay, I wanna I wanna throw it to you because I, also as a gamer myself, I found found that super, super interesting, hearing that I can take all of my quote, quote unquote, track record, my play history, my game time, and bring that on chain, without obviously disclosing who I am and without having to disclose what my usernames on other gaming platforms have been so far. How how do you feel about that as a, as a content creator as a game or yourself?

Legendary 00:36:26 Is it something you could see web 3 games, using, those those kind of data points maybe for achievements maybe to create different onboarding experiences depending on, basically, the skills or the play history, of the gamers. So just to learn more about the ecosystem, I found it super fascinating, but would love to hear from, your side as well.

Sanjay 00:36:52 Yeah. I think it's I think it's great, not just for not just for the players, you know, like, to have their have their statistics on chain and proved and, you know, like, not alter it, but also for, like, other games and other, other ecosystems who might wanna be working with Clay or might wanna be working with the infrastructures, like these.

Sanjay 00:37:14 Let's say for a game is looking for, you know, specific type of audience or specific type of gamers, would they wanna cater towards they can come to something, somebody like Click or like, you know, these infrastructures, and they can target those gamers directly rather than, you know, throwing a dart in the in the dark, dark is in the dark. Okay. Yeah. Trowing a dart in the dark, and it's like, you know, not not sure where it's gonna hit. Not sure which camera is gonna, like, you know, like, know about it or which game are there, kinda like targeting.

Sanjay 00:37:44 So I feel like this is not only going to solve, like, just gaming issues, but it's also going to solve a lot of, like, marketing issues and, you know, like, us, marketing budgets. You can, you can allocate the budget more accurately. Sorry. My brain is just like going all over the place thinking about how this could be used. So I think there's, like, so many options here to be, export. And, in my opinion, I think this is a huge for any game who would wanna work with such infrastructures.

Legendary 00:38:11 Yeah, man. Absolutely love to hear that. And I also I've been while while you were speaking, I've been thinking, about beta testing. If you're looking for beta test is for your game, and you want them to have a certain level of experience that would be, a very, very good way to go about it I wanna I wanna follow-up with you. Was it was it Jaden from Click?

Clique 00:38:32 Just to have the name right?

Legendary 00:38:33 Yeah. Jaden. Wonderful. Wanna follow-up with you. Is that something when you work with, with companies, games, the protocols, Is it something that always happens, like, on a game level that they have a specific request in terms of data that they want to access or on a protocol level? Or are you also thinking about basically having those on chain game profiles for lack of a better name that you want to create to be publicly accessible. I would love to hear more about, how how that works in reality for you guys.

Clique 00:39:07 Yeah. That's a great question. And so the approach that we take here at Clique, when it comes to building is is really to be customer centric. Right? I mean, I can go give a long spiel about, you know, building things that are not scalable entrepreneurship, but basically, the idea is we really take the time to talk to all of our partners and get, you know, down and dirty into what they really need. We before we built the gaming pipelines, we interviewed over 200 games to figure out what are the datasets that are mostly applicable so there's there's two points here. Right? Every game is gonna have their own specific needs. Right? If you're building an RPG game, you wanna know who are the top players in in in, like, World of Warcraft example, right, if you're building a mobile, you wanna know who are the top players in Delta too.

Clique 00:39:46 But what we find after, you know, all those interviews is that, at least at the ecosystem level, there is a benefit, to having a base on on changes in profile. Right? So how many hours you spend in specific genres? That's helpful for every game on the ecosystem. So we work closely with the ecosystem to get that basic dataset on chain first. Afterwards then, we work very closely in partnership with the games themselves to create value for their own specific games. Right? And and and this, if you think about it from, you know, serving the users better, it makes a lot of sense. Right? As a user, I I have my basic profile, I can already be targeted by by different games for air drop campaigns or work campaigns, access to early beta. Right?

Clique 00:40:23 Once I'm in that ecosystem, then these games want to retain you. They wanna engage you. They wanna give you better, better, like, personalized UX. Right? That's also something we're working with. Running on very closely. You wanna start to build out your reputation in that ecosystem and in that game. That's when you want to start proving different things about yourself, more in-depth from specific chain data sources and also tying that back together with on chain data sources. Right? So, for example, you are a pro player in DOTA 2, then you come to a mobile in web 3 and you have a lot of really good on transaction, a lot of anti behavior, you don't dump.

Clique 00:40:54 We want all of these things to build out, to contribute to your LTV towards the user so that the games know that they want to retain you and they put in the effort to to to take care of you. Right?

Legendary 00:41:05 Yeah. I love I love to hear it, and I love, also that you you mentioned Adrop campaigns, use a segmentation to find out what kind of users have, what kind of experience. And that reminds me of, what Bitcoin has been doing with the Bitcoin Passport. Obviously, if you are protocol, if you're a game, And you you want to know who of your users are actually real users who are Sibyl's trying to farm a game of specific airdrop.

Legendary 00:41:32 And, they've introduced, the GitC cipation in in in Dallas or dollar protocols like Snapshot, ETH Transactions, etcetera. And, basically, they apply 89 and more than that criteria to, assign a score to that and find out how you is this wallet attached to a real human user, or is it not? And the same very much goes for for the gaming side of things.

Legendary 00:42:02 If you want to, target specific gamers, specifically active gamers, you want to have that that kind of proof and the kind of track record to be able to determine that.

Clique 00:42:15 Yeah. In fact, the kind of reason we started building in gaming, and I think I told this story to Yellow Panther before as well is I actually, like, I'm a lifelong gamer. I used to be one of the top 50 players, for auto, like, TFT here in in Singapore. So I'm a huge fan of auto battles. Right? And I see all these auto battle games building in web 3. And I want to, like, I want to be a part of their community. Right? I want to contribute. I wanna say like, hey, you know, I think the semi pro players or the competitive players who wanna see these things in your game loop. But I can't prove it to them when I'm in the Discord. Right? I don't have the time to be, let's say, farming away hours chatting with people in the Discord to prove my reputation. And so I was like, hey.

Clique 00:42:53 If we could push these credentials on chain, and we partner. And so we have partnered with with Guild, actually, where now for polygons official discord, if you have different sessions from us. You actually get a role automatically assigned to you, a gamer role, RPG player role, things like that, that allow these games to better NFIU, and and it helps them, you know, really build that community up from the grassroots from the onset, which is something that we're really, really looking to push for. Gaming is very nascent compared to, let's say, defi or on chain governance. And we want to apply those similar principles here as well.

Legendary 00:43:27 Yeah. Love love love to hear that. And then also goes just beyond the game, right, it goes, across games because you mentioned auto broilers, hero broilers, you have something like, like, battle plan by pixel vault, 3 versus 3 auto broiler, and they basically will have, a soul bound token that kinda keeps, track of your performance in the game of your skill set in the game. But in an ideal world, you'd want that to be available. Obviously, beyond that game, you want that, to be available universally, no matter on what blockchain or on what game or instead of which gaming ecosystem you're navigating.

Legendary 00:44:08 What I wanna do is to also welcome Lewis to the stage. Lewis is a web 3 security researcher and also an engineer at Halbourne. I saved some of the more technical questions that I would love to ask, Luis, to you. We've been speaking in at the beginning of the show more about the security side of things.

Legendary 00:44:32 We've been speaking about, the different areas that that the hell born covers when it comes to, a holistic security concept, speaking about how we can protect users, some of the biggest pitfalls But I would like to flip that question back again basically to, to web 3 games. There's so many new teams entering the space, building in this space who might be familiar with building again, but maybe might not be as familiar with with operating in web 3.

Legendary 00:45:02 And what would you say are some of the mistakes that you see, founders, teams building in web 3, whether it's web 3 or web 3 gaming specifically. What are some of the mistakes that you see those team make the most most frequently. Welcome to the stage.

Luis Quispe Gonzales 00:45:20 Hello. Nice. Happy to be here. Well, actually, if we try to identify what are the common vulnerabilities that affect, web tree games, it's a mix between bulnerabilities that already exist on, let's say, all the school games, web 2 games, for example, and also some new kind of attacks that affected specifically to work today. So, let me give you some examples. We have the typical issue with input validation.

Luis Quispe Gonzales 00:45:50 So we have to consider that a player, if the player introduced an input like the direction, speed, or whatever, this input needs to be validated on all that instances. In a all school game, we have the client, we have the server. But now in web 3 games, we have another, important actor is the blockchain. So, what happens if you validate, an input on the client and on the server?

Luis Quispe Gonzales 00:46:24 So an attacker can go dearly to the to the smart contract on the blockchain and try to do an unauthorized, action directly there. So in this case, for example, you see that you have a more complex, environment, so you need to to make sure that you have to protect the input to validate the input in every one of those instances. And this example I gave you, that attackers interacting directly with the smart contract is a typical example of what, it's a common mistake on our web tree games. Another another kind of of vulnerability that appears a lot.

Luis Quispe Gonzales 00:47:03 It's, vulnerability re related to signature replay in web field authentication. What I mean? Many many, depths, including web field names, of course, use a web authentication that basically it's you have your wallet, on your browser, for example, you have to sign a messages, a message. And if you are able to sign that message correctly, the the game validates your identity and let you inside the game. So what happens, at at first sight, it's insecure.

Luis Quispe Gonzales 00:47:44 But what happened? We here, we have 2 drawbacks. The first one is what happens is the message that appears in the in the game, it's always the same. For example, that a message is welcome to Acme game. So the signature you create signing that message is always going to be the same. And what happens if, let's say, another application use the same message. You, player, sign the message most of the time. You, even don't don't see the message, you sign that message.

Luis Quispe Gonzales 00:48:24 And this signature that was captured by a by another party can be reduced in the game. I'll hang over because that party will be able to impersonate you of course, have access to all your your assets. So that's, something to to be to be careful with. And the other thing, this kind of messages, even can be worse because if you fix the message, let me explain that.

Luis Quispe Gonzales 00:49:00 The server give to the to the player to sign a a specific message, a message. But what happened if the user is able to change the message? So that could also be, something to be, careful about when dealing with web authentication. And finally, well, something that is very typical, it's game logic vulnerabilities and access control. And this is typical for web 2 or web 3 and other kind of of of games. And what happens?

Luis Quispe Gonzales 00:49:33 Let's imagine that you have a list of assets that belong to you as a layer, those assets are identified with IDs, in data came. But if you don't protect or you don't validate that those IDs belongs to the player, someone else can modify, his or her request and instead of using, their own IDs, they can change for another IDs. And this is a very, very common, vulnerability.

Luis Quispe Gonzales 00:50:08 So I a new player that has only, very weak sword as repo. I can change my ID for another ID and I can start guessing different IDs, for example, and I can have access to stronger weapons. And of course, those weapons, those assets are part of, the the in game economy. So in that in that kind of scenarios, a malicious player can, break into the in game economies of the game.

Legendary 00:50:43 Gotcha. So you you basically address 2 things, and I wanna break it you, on the one hand, spoke about, the signature. On the other hand, you spoke about, game logic and game logic testing. And I think the the the example with sword is a very good one. And taking taking that even further, you said that's a risk that can affect game economies. So for example, say we have a game, say we have just making something up. We have an MMO, and there's 10 different tiers of I don't know. Well, let's let's maybe let's maybe stay with big time with big time as an MMO that I know.

Legendary 00:51:20 And in big time, you can craft items, and there's multiple levels of forges, for example, that you can have to craft items with very rare forges, obviously, being better crafting things.

Legendary 00:51:31 So you're saying with the game logic, testing or with the with with the game lodging risk, what someone could do is pretend to have one of the rarest forges in the game and then basically craft a massive, massive amount of rare weapons, sell them at the market, create an inflation for those specific items or if there's an asset that, I don't know, boosts your stake in rate for a specific token, simulate or pretend that they have those.

Legendary 00:52:02 And by having that tight connection to the in game economy, because we're talking about either tokens or NFTs that could actually pose a significant risk to the game economy. Is that an accurate summary?

Luis Quispe Gonzales 00:52:16 Yeah. Exactly. And not only, trying to impersonate other, payers asset, but also to destroy asset from other players. It also has happened, in the past.

Luis Quispe Gonzales 00:52:28 So, as long as the player have access to operate, to modify other players' assets, it have a direct impact on in game economies as, for the consequence you mentioned, you can create inflation, you can, create more demand or or more offer of certain assets, you can have, let's say, a black market of assets and, and it also, impacts the the aim economy.

Luis Quispe Gonzales 00:53:04 So that's why it's so important, to try to test all those edges on the game and also consider, what seems low likelihood scenarios because if they are low likelihood, of course, but also possible. So it's part of the things, that need to be tested on again.

Legendary 00:53:27 Yeah. Especially if we're talking about, low likelihood scenarios that can have a very, very significant impact. We've also been been speaking about basically user protection security before how we can protect ourselves from, fishing attempts and other kind of impersonations. And you mentioned, apart from the game logic, you also mentioned, the the signatures that it can be, abused. It can be faked.

Legendary 00:53:56 And I have a very, very specific question on that, which maybe goes a bit away from gaming, but goes more into, like, a general good practice while navigating web 3, because we talked about, Eliisa mentioned revoke dot cash to revoke, allowing allows that we gave up for smart contracts. And, the question that I have is if you use a wallet that not MetaMask. So you use don't wanna name it. And the names just say use another wallet that has, transaction simulation.

Legendary 00:54:29 Transaction simulation simulation is feature that just explaining that because some people might not be aware of that, is a is a feature in a while at the basically shows you the expected outcome of a transaction. So say you are on a malicious website and you think you're claiming an ad drop, which is a very, very typical scam that's happening while in essence, you are, giving access to, I don't know, to you, Azuki elementals, and the attacker can then, steal those those NFTs from you.

Legendary 00:55:02 And what transaction simulation does in those wallets is it shows you the outcome of the transaction that you're about to sign. So say, again, you're thinking you claim an ad hoc, but then transaction simulation shows you wait you're actually allowing someone to take away your Azuki elemental, and then you would kind of clock that. This is not a transaction that you want to sign. You are on a malicious web side. Long story, I think the context was was needed for that.

Legendary 00:55:29 My question is, is transaction simulation, a feature that also can be, for lack of a better work, like bypass, abuse in any way, or is it something that I, as a use in web 3, can rely on and be like, nope, if the transaction simulation says the transaction is good to go. I'm protected, or should I also be careful in that case? Because it can be abused to manipulate it in any way.

Luis Quispe Gonzales 00:55:59 Yeah. In security, there is a concept that it's called, layers of security. So in that sense, transaction simulation, it's one of the layer of security because obviously, it helps you to understand if you're in a fake, page that tries to steal your your these or or or try to send your your assets to to, malicious and others. But what happens? Let's remember that this wallet, it's a piece of software.

Luis Quispe Gonzales 00:56:33 And as a concept, a piece of software can be tampered, can be, even, what happens This is very it's very typical. It has happened with a wallet. It has happened also with games. Appears on a on a Twitter, or a web page, that's the current, there is a new version of the wallet of the game. With new features that are, let's say, better or only for a close group of, testers.

Luis Quispe Gonzales 00:57:09 So, a user, a player, very eager to try these new features. What happens? They go to the the the original, the the real web page, they don't find this new version. They switched to the this webpage or this, Twitter thread that appears a link to download the latest version with those features. So they download and the wallet, they don't know the game.

Luis Quispe Gonzales 00:57:40 And what happens seems to be seems to be the real, software but it has already been injected with formal issues, code. So in that case, for example, even with that Fisher, this can be bypassed or worse. It can be blacklisted or blacklist zone sites. So imagine you use your your wallet, with this feature and everything looks to seem legit and okay.

Luis Quispe Gonzales 00:58:15 But when you when you when you use this wallet to another, let's say, while listed malicious web pages, that, the wallet, the start start, that doesn't work as expected. So that kind of attacks happens. Let me, talk about any scenario. Some years ago, you remember there was a fever with Pokemon Gold. So what happened?

Luis Quispe Gonzales 00:58:47 Pokemon Go, had many features, but basically, they, need that you walk around the workaround to find the the Pokemon. So what's interesting is that so verb documents appear on some parts that maybe are far from your phone. So you need to work that that's the idea of the game. But some players, didn't want to to walk too much. They they just wanted to go to a mountain to a lake to find rare Pokemon.

Luis Quispe Gonzales 00:59:21 So appear in the in the web page, a version of Pokemon Go that has some way to control how do you move your your your avatar instead of moving by walking, you you you can just, move the avatar with some buttons in the game. So what happened? Yeah. Of course, you were able to to to move your avatar around the world, and find the various, the the various Pokemon, in the world. But what it was the drawback here that was version of Pokemon Go was infected.

Luis Quispe Gonzales 01:00:00 You were able to catch more Pokemon but, attacker weren't able to catch your your data. And that's something to be careful of. It happened as a I mentioned with game, it happens with software with new features. So trying to summarize the question is, it's a very, very useful, Fisher. Yes. Definitely it is, but it's not it's not, that's super valid because it doesn't exist in security. It's one of the layer of security. And, obviously, just talking about that signature. The signature is not a transaction per se.

Luis Quispe Gonzales 01:00:37 So it's a it I mean, it doesn't go to the blockchain. It's just a cryptographic operation. So, in that case, for example, this feature, are not going to touch, in case you go to a to a malicious website. So Yeah. Just, it's just another layer of security we need to add to, for for our our backtrack of security. But it's something, in general, a good for, for security of the transactions.

Legendary 01:01:07 I absolutely loved and and got goosebumps, with the with the Pokemon Go example because I was enjoying Pokemon Go a lot, and I remember those websites that showed you where some, particularly area Pokemon with particularly high IV, high high staffs, were responding, and I did see that version where you could spoof your location. And, I didn't go for that, but I also didn't want when I saw it, didn't have an idea that this is actually going for my data because it has a malicious component to it. And I think that's often the temptation. You see a new better of something.

Legendary 01:01:42 You see something that promises, to have new features that you might be looking forward to. And it might even have those features, but there still might be a malicious component to it. So I think there's such a good example. Alyssa would love to loop it, to loop you in into this conversation because over the last spaces, We've been also speaking about user onboarding. And, we've been speaking about how we go about basically saying that web 3 gaming, 1st and foremost is gaming.

Legendary 01:02:12 And that we don't want to overwhelm, basically, if we talk about getting new people into the space, we don't want to overwhelm them with all the, specificities and challenges of how blockchain works, what happens in web 3, but they will be onboarded to those features eventually if they want to use them. But then we also have, that aspect, that additional aspect of of security. We'd love to know how you think about that as a as a content creator when you, also address people who are not as familiar with web 3 necessarily.

Legendary 01:02:47 Is it something that you want to to integrate or that you're already doing with your community that you want to help onboard them or help them learn more about security. I'm asking you specifically because you also mentioned the revoke dot cash, example before, or is it And and when does this come in the onboarding process? Do they learn about the game first? Then they learn about blockchain and security? Like, what's the order of things that you see for that as a creator?

Elisa 01:03:14 Well, what a good question and, yeah, really difficult to answer, I think. Because I I don't think doing a perfect job at it. And, like, some members like, it it's still it's still really, like, some members are interested in in the web 3 and some aren't. So I'm not onboarding everyone. Like, I'm not doing forcibly.

Elisa 01:03:39 I'm I'm really just doing, like, onboarding, those that wanna be onboarded, and those that do wanna be onboarded are willing to, learn and like putting the time to understand like, you know, risks and like best practices and things like that. So yeah, I think we're still at that point where like you do have to learn, and I know we we always talk about, like, seamless experience and all of that, like, logging in and, like, you know, maybe like Blockchain being in the back end and stuff, but I do hold the belief that there will always be some sort of learning involved.

Elisa 01:04:15 Even if it's not like you know, very hardcore, like, we will have to always kind of get used to the fact that things are different, like, having Blockchain makes like, there's a layer that's different, and that's, like, added on. So Yeah. Not everyone is willing to learn that, and I think people will learn that for a game they wanna play, or if there's something compelling enough on the other side, like, all of us here have, you know, learnt and, you know, it's it's not always fun. Like bridging is is not fun at all. I I absolutely hate it.

Elisa 01:04:49 But I I still do it if it means, you know, minting something or if it means, like, playing a game that I really wanna play. So, I think, yeah, friction could be ameliorated, but at the same time, like, I think there's always gonna be that on like a a small scale. So, yeah, it's, you know, acting, fancy, great example. Like, they onboarded 1,000,000,001,000,000 of people, and, it wasn't, like, at that time, it was even worse than now, like, the the UX UI, right? And these people still figured out. So I think, yeah, it it depends on, like, motivation as well and you can't force people to to be interested.

Elisa 01:05:28 So, yeah, It's a tough one. I I don't have a good answer for this one legendary.

Legendary 01:05:33 Sorry. No. I I think I think it's a very it's a very, very good answer. I know that's a very tough question. I even have a tougher follow-up question, but also would love to hear from from you, Yellow Panther, and Sanjay as well. Who's are we responsible as content creators for that to at least point out security risks? Is it more the responsibility of the game to educate the players about, the security aspect of things. Is it a joint effort, that essentially everyone is even if not responsible for that, but everyone should have that at heart, this interest at heart so that we can grow the space safely.

yellowpanther.moca 💎 01:06:14 Yeah. I'll I'll let Sanjay go first because the time went first.

Sanjay 01:06:22 Sorry. Sorry, my bad. I just, can you can you repeat the question, please?

Legendary 01:06:26 I didn't hear that. Sure. I'll I'll put it a bit short. It's a it's a it's a difficult question, but do you think we as content creator is responsible to educate people about security and security risks for best of our knowledge in web 3? Is it the game's responsibility? Should we just obvious I mean, the obvious answer would be we all should do it to create a better experience. What what are your thoughts on that?

Sanjay 01:06:47 Yeah. Great question. You know, I know a lot of, creators, influencers all around the world, or they like to use the word, you know, no financial advice or no advice. Or, you know, do do your own research and and all of that. Right? But I think in the end of the day, if, if a gamer or somebody from the community or a viewer just wanted to, do their own research. They might not need you anyways. Right? So, like, I mean, if I want to learn about the new iPhone, what the new iPhone is releasing, I'll go to Marquis Brown, Brown's. Sorry. I don't know if I have, I'm pronouncing his name right.

Sanjay 01:07:22 I'll go to his YouTube channel and I'll watch what the what the iPhone does, how it performs, if it's worth my time or not, and that's it. I'm not gonna go to website and read the white paper or read the whole, document on how the iPhone really works. I'll trust that guy because I know that he's a great influencer. And he got me covered. He will still tell me that, oh, go ahead and check yourself, but I I well, I will trust him regardless. So I think it's our responsibility. Even though, like, you know, always do your own research because we can also be wrong sometimes, especially in the web tree space because there's a lot of funds involved, and, you know, there's a lot of bad apples.

Sanjay 01:07:58 But I think, I think when when projects come to our profiles and they are, like, you know, learning about a new project, when men, sorry, when gamers come to our profile and learn about new projects, they they just wanna, like, you know, they just they just want the right information and they wanna trust somebody so they can rely on somebody and they can you know, they don't wanna do all the all the research by themselves. They don't wanna go to the white paper. They don't wanna look at the smart contract. They don't wanna look at who's the backer of the project. You know, like, you know, who's who are their part is this legit. They don't wanna go to VC's, portfolio and see if the project is listed there or not.

Sanjay 01:08:31 That's our job, and that's that's why we are the ones who you know, like, give these projects basically like a green check that, oh, yeah. We looked into your project. We talked to your team 1 on 1. You guys are doing a great job. This is a good this is a good good apple in my opinion. You know, always worse comes to worse. Anything can happen in this space. At the end of the day, but I I do truly think that think that it is our responsibility to kinda, like, you know, show gamers and viewers and community members what is good and what is bad.

Sanjay 01:09:04 And then, and then, you know, and then let the community kinda just kinda like rely on us a little bit, you know, like, we don't want them to do all the work either because then what is the point of us being on this influencer panel in the first place?

Legendary 01:09:19 Yeah. I I love love to add the answer. Scott, give me give me one one quick second, and I'll go to you in a second. I love the answer because it means stepping up and it means proactively taking responsibility and not saying, yeah, look. Everyone can educate themselves it's not my my goal as a content creator to do that. I'm just here for the vibes and to share a cool game with you. And if you lose something or lose your because you haven't educated yourself. That's your loss. And I love that you didn't say that, but went for the proactive part taking responsibility.

Scott Gralnick 🦇🔊 01:09:52 Sorry, Scott. Go for it. I was just gonna add to that. Maybe what the content creators do, are or, you know, talk about the games that have been audited. And the content creators know that, the companies of these games took that one extra step to make their environment more secure. So we're not just talking about cool games, but we're talking about games that also are gonna provide a a great security experience for the end user. And that's one of the things I loved about ZT X. Right?

Scott Gralnick 🦇🔊 01:10:25 ZTX whole goal is about empowering creators and communities, and that's how Halborne feels about empowering creators in the gaming ecosystem, the enterprise ecosystem, web 3 in blockchain in general, to empower them through security. So we couldn't be more proud to partner with CTX in in their seriousness for creators, communities, and security. So great job, ZTX. Really appreciate everything you've done for the ecosystem.

Legendary 01:10:53 Love it. That's almost the perfect, perfect way to close out the show. And we've been going for a bit more than an hour. I do have one last, follow-up question before I would like to close it for today. I think, we spoke a lot about different security issues about security risks. But if either you Scott De Lewis, whoever wants to take that would have to pinpoint it to the single biggest challenges that you guys see facing games right now, what would it be Yeah.

Luis Quispe Gonzales 01:11:24 Sure. One key point, that I think summer summarizes everything. It's called security end to end.

Luis Quispe Gonzales 01:11:36 What it means, it's that the security, doesn't need to be consider since the inception of the game development, trying to understand what are the threats that could affect that, that to the game, try to do some test along the game life life cycle and consider that the security test or ethical hacking penters that you do when, again, it's almost done. It's most it's more like a final exam.

Luis Quispe Gonzales 01:12:14 So you are supposed to be prepared and ready from, the starting of the process, not just at the end. So if there is something very important, to all of us to bring to our home, it's, consider that security is not non ending process and should, I mean, the sooner you you put security in your process, it's more efficient and it has demonstrated, with different studies that you can, you can take more than double of the time in launching in launching your product if you don't con don't consider security from the beginning.

Luis Quispe Gonzales 01:12:53 I think that's, what summarizes everything.

Legendary 01:12:56 Security is the continuous process, a a like that a lot, Scott, did you want to add anything to that?

Scott Gralnick 🦇🔊 01:13:04 You know what? I think Luis did a great job summing it up. I was going to say it a bit differently, but, yes, it is end to end security. Is thinking about from the beginning of your creation of your project all the way through to post deployment and not thinking about, hey. We got a smart contract audit. We're good to go because a smart contract audit is like protecting your your front door. You're putting a lock on your door. But you have to think about your yard, your fence, your windows, your roof that your your your foundation, there's so much more to protect than just your front door. And end to end security really sums that up.

Legendary 01:13:41 It's such a good analogy, and I wanna I wanna close it up on that note. Before I do that, I want to thank everyone in the audience for, joining our space today, taking your time appreciate, especially because, again, infrastructure security might be a bit more of a difficult topic. So really appreciate everyone joining us today. Also, thank you both, Scott and Lewis from Halborne for, joining our discussion as well as, Jade and from Click who had to leave to go to a follow-up meeting.

Legendary 01:14:15 And last but certainly not least, thank you to you, Eliza Sanjay, and Yavapentin, for joining us on stage today as well, and have a fantastic rest of your Tuesday.

yellowpanther.moca 💎 01:14:25 Thank you, everyone.

Scott Gralnick 🦇🔊 01:14:26 Thank you, everyone. Thank you, everyone. Great conversation today.