🔐Security

Hashpower Mining is built with security and transparency as core principles. Everything is verifiable on-chain.

Fully On-Chain

What This Means

Every aspect of the game runs on Solana blockchain:

✅ All rewards calculated on-chain ✅ Card ownership stored on-chain ✅ Random card reveals use Solana VRF ✅ Farm levels stored on-chain ✅ Global state publicly auditable ✅ No hidden databases ✅ No centralized servers

Benefits:

  • You can verify everything yourself

  • Developers can't cheat or change rules

  • Your assets are truly yours

  • Transparent and auditable by anyone

Smart Contract Security

Built with Anchor Framework

Anchor is the industry-standard framework for Solana programs:

  • Type-safe development

  • Automatic security checks

  • Prevents common vulnerabilities

  • Used by major Solana projects

Security Features

Account Validation:

// All accounts are validated with constraints
#[account(
    mut,
    has_one = owner,
    constraint = player.pending_action == PendingRandomAction::None
)]
pub player: Account<'info, Player>,

Authority Checks:

// Only authorized addresses can call admin functions
pub authority: Signer<'info>,
#[account(
    mut,
    has_one = authority,
)]
pub global_state: Account<'info, GlobalState>,

Overflow Protection:

// All math uses checked operations
let reward = slots_elapsed
    .checked_mul(self.reward_rate)?
    .checked_div(self.total_hashpower)?;

Randomness Security

Verifiable Random Function (VRF)

All random events (pack openings, recycling) use Solana's built-in VRF.

1

Commit Phase

Transaction records current slot number.

2

Delay Phase

Mandatory 2-slot minimum delay (≈800ms).

3

Reveal Phase

Uses a future block hash as the randomness source.

4

Verification

Anyone can verify the randomness on-chain.

Why This Is Secure

Impossible: Developers manipulating your card drops ❌ Impossible: Players predicting outcomes ❌ Impossible: Front-running randomness ✅ Guaranteed: Provably fair randomness

Audit Your Own Drops

1

Step 1

Open Solana Explorer

2

Step 2

Find your pack opening transaction

3

Step 3

Check the "reveal" transaction

4

Step 4

Verify the randomness seed matches the block hash

5

Step 5

Calculate expected cards based on seed

6

Step 6

Confirm they match what you received

Anti-Cheat Mechanisms

Capacity Limits

Maximum Cards Per Player: 128

  • Prevents blockchain bloat

  • Prevents spam attacks

  • Forces strategic card selection

Maximum Staked Cards: 25

  • Tied to Level 10 farm

  • Prevents single player dominating with 1000 cards

  • Fair competition

Energy Limits

Farm Energy Capacity: Enforced on-chain

  • Can't stake more cards than energy allows

  • Must upgrade farm to grow

  • Prevents capacity exploits

Time Locks

Farm Upgrade Cooldowns:

  • Level 1-2: 6 minutes

  • Level 3-4: 6-12 hours

  • Level 5-10: 24 hours

Purpose:

  • Prevents instant maxing with bot farms

  • Forces gradual progression

  • Gives organic players fair competition

Player Data Verification

You can verify your own account data:

const player = await program.account.player.fetch(playerAddress);

console.log("Your Hashpower:", player.totalHashpower);
console.log("Your Cards:", player.cards);
console.log("Your Rewards:", player.totalRewards);

Attack Vectors & Mitigations

Sybil Attack (Multiple Accounts)

Attack: Create 100 accounts to farm more rewards

Mitigation:

  • Each account needs 0.5 SOL for initial farm purchase (~$75)

  • Each account needs cards to mine (costs WATT)

  • Each account is its own separate operation (no synergy)

  • Cost: $7,500 for 100 accounts

  • Benefit: Same as using that $7,500 to buy WATT directly and stake it

Verdict: Economically irrational

Flash Loan Attack

Attack: Borrow large WATT amount, manipulate something, repay loan

Mitigation:

  • Staking has lockup periods (can't instant unstake)

  • Farm upgrades have cooldowns

  • No instant arbitrage opportunities

  • All actions require actual time passing

Verdict: Not possible due to time locks

Front-Running

Attack: See pending transactions, front-run them

Mitigation:

  • All randomness has 2-slot commit-reveal delay

  • No way to predict card drops even if you see the commit

  • All rewards are accumulated automatically (no race to claim)

Verdict: No profitable front-running opportunities

Smart Contract Exploits

Attack: Find bug in smart contract code

Mitigation:

  • Built with Anchor (industry standard)

  • Extensive testing on devnet

  • Gradual rollout (devnet → mainnet)

  • Admin pause functionality in emergencies

  • Bug bounty program

Response Plan

1

Pause

Pause contracts immediately if exploit found

2

Fix

Deploy fix

3

Reimburse

Reimburse affected users from treasury

4

Post-Mortem

Transparent post-mortem

Player Security Best Practices

Protect Your Wallet

Never share your seed phraseUse hardware wallet for large holdingsEnable wallet security features (password, 2FA) ✅ Verify transaction details before signingUse official website only (check URL carefully)

Avoid Scams

No official team will ever DM you firstNo "customer support" asking for seed phraseNo "double your WATT" promotionsNo fake token airdrops

If unsure, ask in official Discord/Telegram!

Don't Trust, Verify!

The beauty of blockchain is you don't need to trust anyone:

  1. Verify token supply - Check mint info

  2. Verify your rewards - Calculate expected earnings

  3. Verify randomness - Check block hashes

  4. Verify burns - Sum burn transactions

  5. Verify smart contract - Read the code

Everything is transparent. Everything is auditable. Everything is provable.

Your security is our priority. Play with confidence! 🔒⚡

PreviousMathematicsNextFAQs

Last updated