Doomsday: Settlers of the Wasteland

Summary

**Update**: The client has addressed all the issues in the report. Notably, the high severity issues were fixed, and a full test suite was implemented. **Initial audit**: Quantstamp performed an audit on the Doomsday project. *Doomsday: Settlers of the Wasteland* is an on-chain game involving NFTs. Players mint NFTs, termed "settlements", during a game period known as the "Renaissance". During the other game period, the "Dark Age", these NFTs are progressively damaged -- to the point of burning the NFT itself -- by geographical events known as "disasters", until only one NFT remains. Due to the extensive use of ether in the game, and the fact that the contracts are to be deployed on the Ethereum Mainnet, the developer implemented numerous gas optimization techniques in order to make playing the game as affordable as possible. Verifying that these techniques were correct and appropriate was a point of consideration during the audit. Another important point was verifying whether the smart contracts abide by the specification provided in a document. We found that, due to the type of pseudorandom number generation (PRNG) being used, certain elements of the game were unintentionally vulnerable to giving distinct advantages to users with deep technical expertise regarding Ethereum. In addition, we found that the conditions for state transition from Renaissance to Dark Age and back allowed for edge cases where the transition would occur inappropriately. We would further like to highlight the importance of improving the test suite and documentation for this project. Although the code is generously commented, the documentation provided was at times inaccurate, and the variable naming was at times confusing and did not properly represent the intentions of the developer. Furthermore, with the on-chain logic being so intricate, we highly recommend improve the test suite such that branch coverage reaches 100%.