summary
BigTime caused a craze in GameFi after the token was launched on October 10, 2023. The team started paying attention to BigTime in September but has not been able to conduct analysis due to lack of qualifications. After the registration threshold was recently lowered, we began to conduct a series of security analysis and analysis on BigTime. Testing, including tampering with game client attributes, GameRPC malicious call testing, token contract auditing, etc. Through the overall evaluation of the game, we found that the game has poor security and the cost of cheating is low for malicious players. And the game is easy to analyze. If the project team wants to continue operating the game, improving the security and fairness of the game should be the first priority in later operations.

summary
cradles was opened for download on November 15th. The Damocles team conducted an in-depth security analysis of the game on November 16th. Through the analysis, it was found that a large amount of Debug information in the game had not been deleted. From the Debug log, it was inferred that the game development team was a Chinese team. And during the testing process, it was found that the game did not have any security protection, and the game communication protocol part used an open source engine, and some logical judgments were too loose, so it is not recommended for users to play the game.

Game background
Ø Game version for evaluation: 20231115
Ø Game type & game engine: MMORPG, Unity2021.3.x

Summary (Game Safety Rating)
Seraph will open three betas on November 22, 2023. The Damocles team conducted a security analysis and assessment on the game on November 24th, but the assessment results were not satisfactory. The first is that the project party retains a large amount of Log information in the code, and it can be inferred from the Log information that the project party is not a Korean team, but a Chinese team, and the game uses Unity to load Lua, without protecting the Lua code, or using Lua JIT and other means to improve the difficulty of reverse engineering are used to protect the source code, which results in the source code being completely exposed. Only the hook load function is needed to dump the game source code from the memory. However, this game is an ARPG game. This type of game has a natural anti-cheating advantage, that is, most of the data is synchronized through the server, which alleviates the security issues of the game to a certain extent.