Project & Development Update #6
February 16, 2022
Good afternoon, pilots. It's time for the next internal project update.
In this post, we'll be sharing the full preliminary audit report and supplemental information, explaining the new community resources that are in the works, providing information regarding the GUI, and giving a complete view of the team's focuses moving forward.
Let's dive in. ๐
๐น Full Preliminary Audit & Explanationsโ
We've received our preliminary report from Solidity Finance! We've already covered the main findings in our previous post which you can read above, but we wanted to share the entire report with you, in the spirit of transparency. You can find the full report here.
Aside from the findings, we wanted to cover a couple of points where the verbiage from Solidity Finance might be confusing:
"Please ensure trust in the team prior to investing as they have substantial control in the ecosystem."
The preliminary report does not examine our migrations, which include the step that relinquishes roles to governance. Solidity Finance has agreed to double-check our migrations before the final audit report, and to asses the decentralization of the project once our contracts are deployed to the mainnets.
"NFT metadata that contains information about the Ships is stored using an off-chain URI endpoint."
All metadata comes from an onchain endpoint, but as weโve discussed before, the image is a link to IPFS. Weโve discussed this with Solidity Finance, and this is their standard verbiage whenever any part of the metadata is stored off-chain. However, they have agreed to explicitly state which parts of the metadata are kept on- and off-chain in the final audit report.
"[Regarding the construction bay] This contract is used to sell Ships to users through a Dutch Auction."
This is still a blind reverse dutch auction, and the wording in the final report will be updated.
"The bidding logic is implemented using off-chain logic, so we cannot give an assessment in regards to security."
Because the value and quantity of the bid must not be leaked, the bid tickets are generated off-chain. In order to ensure that manipulation by the team is not possible, deposits may only happen once, and bid tickets must be signed by the bidder in addition to the system. Because the bidder signature is verified onchain during bid reveals, it is not possible for anyone a bid on your behalf if you didn't sign it.
To ensure the security of the bid ticket distribution system, we are working with Solidity Finance to find the minimal set of criteria that the off-chain portion must meet in order for the system to function properly. Once we have come to a conclusion, we will provide the source for the off-chain portion and thoroughly explain how it meets these criteria.
Reading through the audit results section of the report, you may see a couple of points of concern we'd like to clarify:
"Centralization of Control" - WARNING"
The preliminary report does not examine our migrations, which include the step that relinquishes roles to governance. Solidity Finance has agreed to double-check our migrations before the final audit report, and to asses the decentralization of the project once our contracts are deployed to the mainnets. If they find any major points of centralization, we will adjust and redeploy until our decentralization meets their standards.
"Overall Contract Safety - FAIL"
This is due to the security finding related to pilot badges (covered in depth in the previous post). It is fixed as of yesterday, and the fix should be reflected in the final audit report.
TL;DR
The centralization result is because the governance relinquish is not examined in the initial report, and the PilotBadge issue has been fixed and will be updated in the final report solving the overall contract safety rating.
๐น New Community Resourcesโ
As promised, weโre working on creating a host of updated resources for community builders. While we know that this community is fully capable of figuring out how all of the game and governance internals work, we donโt believe that they should be obligated to go through that process. Instead, we want to keep the barrier to entry low, and to let builders focus on building, instead of reverse-engineering the existing system. At the moment, we have the following in the works:
An updated yellowpaper, which will cover everything that has been added and changed since the original. Specifically, this update will cover:
- Outposts & additional return options
- The onchain construction bay system
- Near-instant L2 reveals
- New ore types
- New region positions
- Transfer locks for pilot badges
- Free first travel for new ships
- Visual infographic models
A set of documents on governance, explaining:
- How the DAO works
- How to delegate votes and receive delegated votes
- How to break down and structure proposals
- How to encode transaction data for complex proposals
- A set of sample proposals for the DAO, along with valid transaction data
A set of documents on Polygon, explaining:
- Overview of the network
- How to get MATIC and how much you'll need
- How to switch between networks easily
Miscellaneous:
- Source files for the all of the ship models
- Source for website
- Source for the Discord bots
- Source for the construction bay backend
- Community server back up files
๐น Non-Pixel GUI (partially)โ
To speed up the process of building the UI, increase ease of adding new features and gameplay, and allow for faster design iterations based on community feedback, we've made the decision to deploy a non-pixel-based interface upon launch. While we have the capability to execute a pixel-based interface, we feel it is best to prioritize user experience (UX) for the time being. Then, when the time is right, and once we've fleshed out more of the game as a community, we will be able to confidently transition into a pixel-based UI.
That said, the starmap, the in-game icons, the ship display, and other many other elements will remain pixel-based. It'll still be a full game GUI, but due to the fact that it is a full game GUI, we'd rather spend our time delivering a good user experience than to deliver something that looks pretty, but is more difficult to use.
๐น Dev Team Move-Inโ
After a lot of deliberation, we've decided to temporarily move the dev team across the country, into Fleet Commander's house. We all believe that we can be more productive in the same room, and we want to put our best foot forward as we grind toward release. This may not be super bullish news, but we're all stoked to work in the same office again and figured it was a fun thing to share with you guys.
๐น What's next?โ
From here, we'll be focusing on:
- Completing the GUI. We're still on track, and the non-pixel direction has helped decrease our iteration times. Now, it's just a matter of completing each panel and applying final touches.
- Completing the final stage of our audit. Now that the PilotBadge issue is fixed, this comes down to adjusting governance settings and ensuring that our migrations are solid.
- Writing the Discord bots that link our server to the game. This includes wallet verification and the regional chat feature.
- Creating resources for community builders. This means updating the yellowpaper, finishing the documents on governance, and getting our code ready to publish.