0xMonaco Battle of the Titans with MatchboxDAO and Zellic
14 February 2023Summary
In 2022, Paradigm launched a CTF game called 0xMonaco. 3 players are in a race to the 1000 block finish line. Each car is armed with 15,000 coins which they can spend on acceleration or throwing shells to slow down their opponents. Prices adjust dynamically according to a variable rate gradual Dutch auction. Competitors submit Solidity contracts that manage these resources on their behalf.
MatchboxDAOis a blockchain gaming platform that has forked the original 0xMonaco competition, augmented it with more features, a rich 3D visualization, and live commentated Twitch Streams to reveal the results of the races.
On this episode I’m joined by MatchboxDAO Head of Product Natan Benish, Growth Lead Louthing, and Jazzy and Aaron from security firm Zellic, who found and exploited vulnerabilities in the most recent Matchbox Arena competition.
The platform that Matchbox is building is successfully drawing the attention and competitive spirit of the crypto dev community. This episode is also the first time that the Matchbox dev team and the Zellic hackers speak verbally, and it was a fun and ultimately heartwarming discussion. I hope you enjoy the show.
Links
sudolabel.eth’s explanation of 0xMonaco
Introducing MatchboxDAO: The Battle of the Titans
Introducing Matchbox Arena
Zellic’s postmortem
Transcript
Nicholas: Welcome to Web3 Galaxy Brain. My name is Nicholas. Each week I sit down with some of the brightest people building Web3 to talk about what they're working on right now. In 2022, Paradigm launched a CTF game called 0x Monaco. Three players are in a race to the 1,000 block finish line. Each car is armed with 15,000 coins, which they can spend on acceleration or throwing shells to slow down their opponents. Prices adjust dynamically according to a variable rate gradual Dutch auction. Competitors submit solidity contracts that manage these resources on their behalf. Matchbox DAO is a blockchain gaming platform that has forked the original 0x Monaco competition, augmented it with more features, a rich 3D visualization, and live commented Twitch streams to reveal the results of the races. On this episode, I'm joined by Matchbox DAO Head of Product, Nitan Banish, Growth Lead Lau Thing, and Jazzy and Aaron from security firm Zellik, who found and exploited vulnerabilities in the most recent Matchbox Arena competition. The platform that Matchbox is building is successfully drawing the attention and competitive spirit of the crypto dev community. This episode is also the first time that the Matchbox dev team and the Zellik hackers speak verbally, and it was a fun and ultimately heartwarming discussion. I hope you enjoy the show. Welcome everybody. Today we're talking about Matchbox DAO with Lau Thing and Nitan from Matchbox DAO, as well as Jazzy and Aaron from Zellik. So to start things off, maybe Nitan, could you tell us a little bit about your background and then we'll jump to Lau Thing and talk about Matchbox DAO first?
Natan Benish: Yeah, thank you, Nicholas. I'm the product lead at Matchbox DAO. In the context of the last event we did, I was in charge of the game mechanics, the final design of the smart contract, and also supported the server development of the platform. I also added that we had Nick, Nicholas Simbelton, as our tech lead, almost the guy who single-handedly built all of our platform. So also credit for me, for him on the technical side. Basically joined Matchbox a few months ago. Before that, I've been in Web3, mainly consulting and help building POCs for Web3 companies, also Web2 companies. Before that, traditional Web2 background, mostly server development. And yeah, that's it.
Nicholas: And in those other jobs you're working primarily in, Solidity, what kind of languages were you touching mostly?
Natan Benish: So it's really dependent on the type of task I'm doing. For the platform itself that we built right now, the Solidity part was mainly on the smart contract of the game contract that we made, which is a new version of 0x Monaco. We added on top of it a few unique game mechanics. But most of the work is actually more about the related stack. So it's mostly JavaScript, some front-end frameworks, and yeah, that's it basically.
Nicholas: Got it. Very cool. And Luthing, what's your background and role in the project these days?
Louthing: Yeah. So I'm Luthing, the head of growth at Matchbox. And I've been, so yeah, just to give you a very quick background of myself. So I've been in crypto for the past, I would say seven years, six, seven years. Very classic. I mean, being very original, just holding some Bitcoin, some ETH, playing around with some altcoins as well. And I did dive within the French community, being very active there. I ended up being one of the, I'm straight out of one of the largest crypto community in France. And I joined one of the largest crypto VC in Europe, Greenfield One, like a backing project such as, since 2018, such as 1inch, Celo, NIR, Dapple Labs, Flow, YGG on the gaming side, Thickwise, Nym, Vega, and a bunch of others. Not to mention all of them. More recently, Immortal Game, by the way, on the gaming side as well. So I mean, I've been very bullish into ZK, with stuff for a while. And Matchbox, we exist, I mean, I've been with Matchbox since the very beginning.
Natan Benish: And I mean, we are here for, we exist for about a year.
Louthing: We raise 7.5 million from like a top tier investors, from Stockware, Delphi, Delphi, 1KX, Bitcraft, Fabric Ventures, Lendiscap, Big Brain Holdings, Formless Capital, Mask, Network as well. And a bunch of others, not to mention all of them. And basically we are building the infrastructure of games that are fully on chains. We are obviously Chain Agnostics. We have been doing this like a super cool platform, which is some kind of a layer of esports for developers, like bringing the Web3 stack towards an esports layer, where we believe developers are going to be the next athletes. The same way gaming became super big within the past 15 years, we believe the next big thing is going to be developers. I mean, they are the ones that shepherd the word. Yeah, we believe people, I mean, we're going to be able to have them competing against each other and have people watch them compete against each other. And yeah, really it's going to be a new massive thing. And that's what we have embraced with OX MNACO, I mean, the new V2 of OX MNACO, I mean, that we have done. Just to give you some background, maybe for the audience that don't really know much about OX MNACO. So it's like a CTF created by Paradigm, I would say mid-2022. A CTF is a game where you need to be a coder. You need to code to play the game. So basically, it's a very simple game. Three cars, the first that switches the line, the final line, wins the game. Obviously, your car is a smart contract and you need to code the best strategy to win the game. And by coding the best strategy, I mean you have some resources, you can do some actions and every action costs a cost. And you need to, again, build up the best strategy to manage the best resources to win the game and cross the line at the first.
Nicholas: Yeah, I thought pseudolabel.eth had a good summary. He said, or they said, I don't know. Zero X Monaco is a three player 1D racing game. Each player starts with 15,000 coins and the first one to the end of the 1,000 block racetrack wins. Each turn, a player can either accelerate by one or throw a shell, setting the speed of the player directly ahead of them to one.
Louthing: Yeah, that's right.
Nicholas: So that's the original Zero X Monaco game, which you borrowed. And actually, maybe the first question, is it a friendly fork or is it just the code is open source? So y'all went with something?
Louthing: I mean, I mean, we obviously, I mean, we haven't partnered officially with the paradigm, but I mean, we have great relationship with them. Like they always, you know, I mean, obviously know about the fork. We have talked to them. I think they're very big game. I mean, yeah, they had no issue with us, like using their original game. I mean, yeah. And even we tweeted the final results after the game. So and again, along the way, we also had a discussion with them. So there's a friendly fork, as to say. Yeah. And yeah, just as you said, we changed it a bit. So it's like that's very detailed. That's not a big deal. But like we added a few features. So it's all about accelerating and firing shells. We added a few other actions. And also it's not like 1500, 15,000 gas, like 17.5, which is OK. Which doesn't I mean, which is a bit.
Nicholas: OK, so the numbers are changing.
Louthing: Yeah, yeah. But whatever, whatever. And yeah, and just just to finish with Matchbox. So and we are also we see what we're trying to agnostic, but we also happen to be the largest community of developers on Stocknet. Even if we're not only based on Stocknet, as you can see with OX Finneco. I think that's a good blur of who we are, what we do. If you have any questions, feel free to ask.
Nicholas: Yeah. Well, I want to ask Natan, maybe you could talk a little bit about the changes from the original 0x Monaco to the. are you calling it? I mean, Matchbox is 0x Monaco, Monaco 2.
Natan Benish: Yeah, we call it 0x Monaco Battle of the Titans. This is like the official game title. And in terms of the change that we made, first of all, I think it will be like a good, a good, good to give some context of why we thought we need to introduce certain changes in the game and what is the rationale behind them. So basically, 0x Monaco is a strategy game. And in order to create sustainable, fun experience for developers and keep challenging them in a very competitive, very competitive environment, we need to prevent the repeatness and repeatability of strategies of the same patterns that players already saw and tried to implement in the previous event. So when we looked into the data of the original 0x Monaco, we saw certain meta rules that I like to think about them as points of coordination in which all of the players and all of the car strategy that were pretty much successful share the same kind of same kind of pattern. So, for example, in the original 0x Monaco, one of those patterns was trying to stick up to the race from behind, basically from the third place. So everyone tried to be at the third place for most of the race. And then right, right in front the end, they pushed very aggressively to buy a lot of speed and shell the other cars in order to win the race. So we wanted to create like something unique and something that will be different than that. And here it becomes very tricky because 0x Monaco is like a chess or even like poker version just in Web3. You can maybe speculate what kind of changes a certain certain edition of rules and mechanics would make, but you cannot predict it for sure. So it's like similar to say, well, maybe I will change how a queen moves on a chess board. Maybe it will influence certain strategies and certain patterns that you have in chess, but you cannot know for sure what will be the final outcome of it. But from this like very interesting experiment, we thought, well, first of all, we want to create a new dynamic. that would that cars would not be able to impact the race just towards the front, but also would be able to impact the race on the cars behind them. So we add two changes in that regard. First of all, we added a shield that protects the car from being shelled by other cars. And we also added the bananas that in fact like functioning like backwards shells. So those two types of additional mechanics created a new vector and a new kind of dynamic that is not just into the front of the race, but also goes backwards. So we think it's created like very interesting dynamic in the race. And we actually going to double down on that. And we also added the super shell. A super shell basically clears all the bananas out of the way and also hitting all the cars, not just the closest cars in front of you, but also the cars, the two cars that in front of you, basically.
Louthing: Also, I would like to add some context as well, because I think that's a main thing. A big change from the first edition is contrary to the first edition, which was like an open bracket where anybody could participate. Anybody could just play and yeah, look at each other. It was open to anybody. We made it into a very close competition within the back of three companies. The idea was just to create some kind of some kind of a World Cup. I mean, of the back of the companies, I mean, having the technical team of all of those teams to compete against each other. And you just somehow the motto was to find out who had the best technical team. And yeah, and we find it's really cool to all of those big names to fight against each other and to just find out like who designed the best trilogy.
Nicholas: Which were those companies that were the primary competitor?
Louthing: I mean, we a lot like just to not to mention the entire lineup, because we had about 25, 30 teams in total. But a few names would be, I mean, I could actually just list the finalists. We had Ledger, we had Polygon, we had Uniswap, we had Neoprocol, YGG, Bybit, OKX, Verlick, Mask, Network, Stackedowl, Channeling was also under.
Nicholas: So all the hot engineering teams have a desire to compete and to win in this competition. Yeah. It reminds me a little bit of Kaggle in a way. Like a...
Natan Benish: Kaggle? Yeah.
Nicholas: Yeah. Yeah.
Natan Benish: Yeah. It's kind of similar, but I think also adding on what Eli said, we took it even one step further. And our goal was not just to create a very fun experience for developers, because developers are less interested about the visuals and about like all the non-technical things. And we also added the visual side of the race, because in the original Xerox Monaco, it was like just basic CVS file and a very like primitive kind of rendering of the race. In our case, we added like a full video simulation of each of the races. So our experience is similar to Kaggle and similar like similar themed CTFs. But we want to push and create sport around that and not just making a single event that are isolated from each other. So if we're talking about our vision, first of all, we want to introduce this kind of game also for non-technical audience in terms of like making a stream and making eSports around it, because we think it's actually very fun to watch those strategies and those very smart and talented developers competing against each other. And also we want to create this continued and continuous experience from event to event. We don't want to have like one CTF and that's it. We want to create like some kind of track and some kind of progress from event to event and potentially even expand it more to the other games that we are working on right now.
Louthing: Yeah. The idea would be also to create a stack of competition between all the games we either incubate, like we partner with. But again, and also as Nathan mentioned, yeah, like also the Fortnite was really nice. We had a Twitch. The Twitch lasted about three hours, even more. So it was very fun to watch. And yeah, the idea is just to create some kind of eSports meets when eSports meets Web 3 in a way and developers.
Nicholas: Cool. Before we stray too far, I wanted to just nail down something about the mechanics in the pseudo label thread on their participation in the original Monaco. They mentioned that the I think they give some explanation about the impetus for the changes that you made, that there was. the dominant strategy was to just hold back resources the entire time. So basically you've upgraded this in a variety of ways that introduce new specific mechanics like the bananas and the shells that incentivize people to have different strategies for a more diverse playing field. That's, I suppose, more interesting, but also some of these things have introduced. So I'm curious. We have two things we need to touch on. One, I want to get to the Zellick folks to talk about their participation. But first, maybe I think it would be helpful contextually for people to understand what is the user experience of someone playing the game, submitting, making a submission to the arena? And what is the role of Matchbox DAO in orchestrating the arena on a technical level? How is the simulation executed? And then how does that ultimately resolve to this beautiful Twitch rendering 3D race experience? Yeah.
Natan Benish: So the first step, the onboarding process of the teams. Well, currently our platform is not open access for everyone. You need to get access by us in order to play it because we are moving right now in the tournament format. But basically teams signing up to the game, to the platform, opening an account. Then they have the ability to upload as many strategies as they want. And the strategy that they're uploading is not very different from what they did in the original Xerox Monaco. Basically, you have an interface for the smart contract that you need to have, the core, the car smart contract. You are creating whatever kind of strategy that you want. You compiling it to a bytecode, making sure everything runs well. And then you're just copy and pasting the bytecode into our platform. And that's it. The strategy is then saved for you as a user. Then when the tournament starts or the event starts or any kind of challenge starting, you are choosing your strategy for the specific round. We had open rounds in which everyone could live update their strategy. And we also have like rounds that you can choose the strategy before and then it's locked for the strategy. After players are submitting their strategy, we are creating matchmaking between them. Right now, it was pretty randomized in the group stage. After the group stage, it was more based on score because some of the teams were knocked out of the tournament. That was our structure. But after we have a match, meaning like three teams that are assigned to a specific race, we are taking the bytecode of their strategy, moving it to a local environment, local blockchain environment that is controlled by us. We are then executing it in the smart contract of the game, creating some kind of file log. And then the file log is used for the rendering, for the visual rendering of the game. And basically that's it. We are publishing the result instantly. It takes like a matter of seconds. Then it also can be viewed live on the stream. And yeah, that's pretty much the flow, I think.
Nicholas: And the visualization is not unfolding as quickly as your local chain is able to execute the... Yeah.
Natan Benish: Yeah. So the visualization is very basic, like a Unity viewer. We are parsing all the logs from the race execution. And then it's like, we have like a JSON format for that. And then the viewer instantly can load it. So yeah, but we are first of all executing the race, getting the result, and then we are loading the JSON file result to the viewer and getting this rendering of the video simulation.
Nicholas: And you're not revealing the results of the race until the visual simulation? Like you reveal the results through the visual simulation?
Natan Benish: Well, it depends because in the case of the stream, we wanted to keep like a surprise factor. So first of all, we creamed everything on the stream and we did not reveal all the results. But basically, the results and the video simulation are almost like processed instantly. So we can publish them technically at the same time.
Nicholas: Makes sense to hold it back. And then you have some commentators on the live stream as well, right?
Natan Benish: Right, right.
Nicholas: Very cool. I guess overall, do you see this as something that's appealing primarily to developers in a Kaggle style where it's sort of a way to build reputation in order to be hired or, I don't know, increase contract flow if you're an auditor or something like that? Or do you see it as like a gaming, a type of gaming in and of itself?
Louthing: But yeah, that's a good question, actually. Great that you talk about it. But go ahead, Nathan.
Natan Benish: Yeah, so I think that if we can get the best of the two worlds, because obviously this is a very challenging game that is it's kind of prestigious to win the game. It's obviously kind of an indicator of your technical skills. But at the same time, I think that most of the developers that are coming to play our game are not coming to play it as kind of a immunify bug bounty or something like that. They're first of all coming to play the game because it's very fun to play. It's just fun to play. because for from the developer perspective, even more so for a Web2 developer, most of the code that you are doing is not very abstract. You are not like sitting on your chair and thinking about like a very abstract concepts. And in our case, we're actually like creating a lot of interesting abstractions in our code. that is essentially making you create this that experiment thought of thinking about, well, maybe if I'm going to put this condition in my strategy, let's see what would be the effect of it. And it's like instant feedback and very nice experimentation creates like a very, very effortless experience in terms of code. You don't need to think a lot about the technical, like the specific solidity, technical details of the code. We're just trying to understand what would be the dynamic, trying to predict the other people moves and then like just overcome them. So, yeah, I think it's very, very unique experience. And also for myself, I'm a developer. I enjoyed a lot to play the game. And also I think that almost any developer that I talked with, even from Web2 or Web3 was like extremely excited to hear about this concept and to think about it because it's fun. Just very, very fun experience. So I think it's also like a good way to earn a reputation as was in the original Xerox Monaco, but also a very, very much strong experience in terms of fun and entertainment for players and viewers.
Louthing: Yeah, I think what you mentioned about having some kind of a leaderboard of the best devs in terms of recruitment, that's again, yeah, as you said, that's a very collateral effect of it. Like, you know, like today there's no real way to measure how good a developer is. Like there is no objective reference, there's no objective measure. So I mean, I don't know, like when you talk to a developer and he tells you that he comes from, like he has been working for Google for a few years, you don't, you never really know what he has done there. It's very blurry and you just need to have him do stuff just to measure how good he is. I think this kind of games is obviously a way to track the best developers and for them to be. And I think, yeah, I think this is a very clear reference to work where you can have them compete and get a good reputation also allows you to be able to be approached by the best, the best, I mean, the best company. The same way the best NBA teams would pick the best prospect from universities. That's also a kind of fact.
Nicholas: And it also seems great for finding developers who maybe don't have as much reputation through association with companies or DAOs or Twitter presence, but who are very skillful.
Louthing: Yeah, yeah, definitely. It's a good way for them to expose together, I mean, to get exposure and to get a reputation.
Nicholas: Well, I guess there's no time better than right now to talk to Jazzy and Aaron from Zelleck who participated and were ultimately disqualified. But we'll get to that. Maybe Jazzy, could you give a little a couple of words on your background and then Aaron and what Zelleck does also? Oh yeah, absolutely.
Jazzy: Hi. So I'm Jazzy and I'm the co-founder of Zelleck. We essentially provide security services to blockchain companies. So like my personal background, I've been hacking since I was 14. I got into crypto around 2017, been in Ethereum around the same time. And yeah, basically around late 2021, me and my co-founder Steven, since we have been doing crypto for a while. And oh yeah, I mean, so one more major point is like before starting Zelleck, me and my co-founder, we started a CTF team. So like our background is hardcore CTFs. We have been playing just like traditional security CTFs since 2017. And so yeah, back in 2017, we made a CTF team called Perfect Glue. Our team became the number one team in the world for 2020 and 2021. We were second in 2022. And yeah, but yeah, so like our background is like hardcore CTFs and hack competitions.
Nicholas: And that spans all the technology stacks, I presume.
Jazzy: Yeah. So like basically traditional CTFs have like challenges ranging from binary exploitation to web backends to cryptography to even blockchain now. So like it is basically like the full stack of computers that you have.
Nicholas: So when you say Zelleck is a security firm for crypto web3 projects, it's not just Solidity auditing. It's maybe the whole of their security infrastructure.
Jazzy: Yeah, so like most of the work we do is Solidity. Or most of the audits we do is like smart contracts. But we have been doing a few backend audits or like essentially anything the customer needs from a security standpoint. We are also like J-Agnostic. We can easily move to new ecosystems just because of our wide, super diverse background. We started with EVM, we quickly moved to Solana. We recently moved into OOV, and now we're also expanding into Cosmos.
Nicholas: Very cool. And Aaron, what's your role at Zelleck and what's your background? a little bit?
Aaron: Hi, yeah, I'm Aaron. I'm a security engineer at Zelleck. Before Zelleck, I was working on web security. I worked for a couple of different security firms before then. And I also have a background in CTF, a different team from Jasby and Steven. But that's how I met them.
Nicholas: Great. So you said you were on a different team at the most recent competition or in the past?
Aaron: In the past. In the past, okay.
Nicholas: And were you a part of the team that worked on the Matchbox, the most recent Matchbox arena?
Aaron: Yes, because that was like Zelleck playing in the team.
Nicholas: Great. So maybe before we dive in, maybe both of you can give us some sense of what attracted you to Matchbox. What you think about the idea of these games for developers? Do you think anybody's going to care beyond developers? Or do you think that there's just like a huge opportunity for even just things that do appeal to developers? Because it's so rare that you can have this visual representation or game representation of your skills. What interests you about the competition in the first place?
Jazzy: I mean, so for us personally, it was essentially the CTF aspect and the competitive aspect. Like since we are like hardcore CTF players, anything that is like semi-competitive really attracts us. And that is exactly why we were attracted to the Matchbox game, because we could essentially treat it as a competition. And we all love competitions. And apart from that, I think the visual aspect for the game is actually super useful because normally when you play traditional CTFs, there isn't a lot of way you can engage the audience. But if you're able to take a competitive match and then turn it into an esports type of thing, which a lot of people are interested in, I think it could reach a wider variety of audiences than just developers.
Nicholas: Aaron, same for you. Anything else to add to that?
Aaron: I'd say so, yeah. I think it's pretty fun to visualize your solution too, right? So you write a solution to the problem, but you have to see it in action, play it over time. So it's fun to watch.
Nicholas: Did you watch the live stream?
Aaron: Oh yeah, we watched it.
Nicholas: And I imagine it's something you can even share with people who are a little less technical in your lives. I don't know if you did that. Right.
Aaron: Yeah, that too. That too. Normally I'm just like, hey, I'm playing CTF to my parents or something. And they're like, cool, have fun, good luck. And then afterwards, I'll be like, how was the CTF? And I'm like, oh, we didn't do well. We got last place or whatever. But this time I can actually send the live stream and they can watch and see my car play. I'm still at car, whatever. That's great.
Nicholas: I feel like this other side to it. that's not, I mean, I'm not sure that this will be a huge thing for non-technical audiences. But at the very least, just sharing clips seems to be something that people can make sense of the competitive, you know, who's won basically. So I guess maybe you could tell the story about your participation and the vulnerabilities that you found and that whole story.
Jazzy: Oh, yeah, absolutely. So like, I mean, you can just start from the point that like when we started looking at the game and we realized there were like a lot of new aspects of the game. There are a lot of new game mechanics, a lot of new code that was not audited. So like being auditors and security people, that was the first thing we looked at. And we found a few issues. And according to the rules, like it was not really like it was against the rules to like exploit issues and we would get disqualified. So we were somewhat hesitant. But we just realized that like even if we do end up getting disqualified, it would just be a lot more entertaining to showcase the different bugs we found. And I think Aaron can talk more about the different issues we found and how we leverage them to have a very fun game.
Aaron: Sure. So our first issue was that if you place double bananas, like if you place two bananas in one turn, like in one spot, it has some unintended side effects. So this is the first bug we discovered, at least. At first, it didn't seem like that malicious to use, right? Like it's not like you're going out of your way to exploit it. Like I think our code actually accidentally triggered it, like by placing two bananas in one place and then one of the cars crashed. Like one of, I don't know, it was one of the example cars. But one of the side effects is that if another car shoots a shell to try to clear the bananas, it causes it to crash. And so the car that has like some, right, like the car that tries to clear the bananas. So that is some benefit to us because then the car is like, like their strategy reverts. It's inside of a try catch. So their strategy reverts and the game continues, which is like, like that's good for us. But the only way you could clear those double bananas is to either pass over the bananas, which is probably what we want by placing the bananas in the first place. Although I should note that if you pass, if the car passes over the bananas, it only clears one of the bananas. So it leaves another banana behind, which is really good. if you're in first place and you're trying to hit both cars with banana.
Nicholas: So you should leave the two of them very far apart. Or I guess you can't. You have to do it within the space of one turn. So it's a yeah.
Aaron: I'm just saying like if you're in first place, it's helpful to have the two bananas because it'll hit both cars, assuming no one clears it. And you can also place three bananas, by the way, if you want to double banana both cars. But you can also force a car if you're not in first place to super shell by placing a double banana, which might be helpful if you're like if your speed is pretty low. Like if it's low already, then you don't care if you get super shelled too. And the car behind you has to super shell it. Like we thought other people would find these bugs, right? Like the double banana bug, we found by accident just by like playing. So we thought other teams would find it and realize like, oh, if we detect a double shell or a double banana, we have to like, we have to super shell. At least I was surprised. That nobody like some cars reverted with that. But that was our first bug.
Nicholas: You said it crashes like it's out of the race basically or it's just slowed down.
Aaron: Just that like just the turn that they try to clear it. Okay. Yeah.
Nicholas: But if they try and clear it based on their strategy, the same thing will happen. Right.
Aaron: So like if we place a double banana in front of them until they hit that banana, if their strategy was like detect banana in front of me and shell it like normal shell, not super shell, then their car like their strategy would revert every time. So they basically just be like stupid and like not going very fast. They wouldn't be able to accelerate or anything. So it's beneficial to us in that way.
Nicholas: What are some other bugs you found?
Aaron: The next bug we found. Let me think.
Jazzy: I think we can talk about the free shields. That was the one.
Aaron: Oh, that's right. That's right. Yeah. There is a free shield bug because I don't actually know like why that bug existed. There was, it was like some solution to like just a weird way that the shields were implemented. Like because it had to, it consumed a shield like per turn. So they had to add one like for your current turn to like, or like add one to the amount of shield that you want to buy for like the current turn. So I don't really understand like exactly why, exactly why. But anyway, the like buy shield function. when you'd buy say like three shields, it would actually buy four, but it would charge you for three shields. So the same is true. if you were to buy zero shields, the cost, like the cost function, it would take in zero. And so of course the cost would be zero, but it would add one shield to your like to shield counter. So you can abuse that to just like call buy shield zero over and over and get as many shields as you want. So I think every turn we would buy, we buy like three shields to cover the next three turns and then it would just like reset. It's pretty, pretty fun watching that on the, like when it was visualized in the game, you could see like our car was blue the whole time. It's like, oh, the shield.
Nicholas: The name Matchbox and the choice of this matchbox car metaphor is really fruitful. It's makes the whole, I mean, if we were just talking about dumb names, you know, poor names of variables, this would be a lot less fun to talk about and a lot less relatable to people who haven't written any Solidity. But it really successfully turns it into like a narrative, a story that even with the bugs and all this, it doesn't matter. It's something that's relatable through the metaphor that's provided by the game.
Aaron: Are you saying like if there wasn't like if they didn't talk about cars like this could just be like a programming competition to see who can get the farthest Y?
Nicholas: Totally. I mean, I think without any context, I assume a lot of other competitions are roughly like that, right?
Aaron: Right. Yeah, that's a good point. That's interesting.
Nicholas: It I mean, even just in this conversation talking about the bugs, it's much easier for us to think about the bugs if it's, oh, I can get three shields in one turn rather than whatever I can iterate with for no cost. You know, even if programmers can understand it's it's. I'm sure it's still even for programmers easier to relate to with some decent variable names pretty much.
Aaron: Right. Yeah.
Nicholas: Were there any other super interesting bugs that you discovered in your in your quest?
Aaron: Yeah, I always talk about the Forge bug.
Jazzy: Oh, yeah. So one of the most like critical issues was since the whole platform was being run in Foundry and Foundry had like Foundry has its own tool chain where they're on their own local node and will and they have this thing called cheat codes and Foundry, which essentially give you like God mode access to like every other contract on the chain. And since the whole platform was being run on Foundry, we could just use the four cheat codes to like change bytecode of every other car and we could make all the other cars like go negative or even go positive or like do anything with any other car. We didn't end up like like. we actually didn't end up using the bug in any of our races because we were saving it for the finals. But we ended up getting disqualified before the finals due to the free shield bug.
Nicholas: It was unfortunate how you were going to use it in the finals.
Jazzy: We actually have a video of that on our Twitter where we make all the cars go to negative one, two, three, seven, like like all the cars start moving forward. But maybe in the end, they will start start moving backwards while we keep moving forwards.
Aaron: It's pretty funny. because it's pretty funny because in the game, the Y positions are unsigned. So like you'd expect that it's impossible for a car to go negative. But we're like directly writing to the logs to make the car like like. it's not even storing the Y position. We just like. first we overwrite the Monaco contract so that the game can't continue. Then we overwrite the storage slot for like the current game state to like because because the code is still executing. So that way when it finishes the loop, it like finishes executing. And then we overwrite like we start just writing to the log directly.
Nicholas: You're just doing the events that the front end will interpret.
Aaron: Oh, it's not actually like. it's not powered by events. They have like a JSON log and it writes to it with foundry, the g-codes.
Nicholas: Amazing. I was thinking you could have every other car go to like 99 percent of the way down the race and then just very slowly most of your way past them like the Matrix or something. So Natan, I'm sure it's not super fun to revisit some bugs from the code, but I guess this is the spirit of the whole thing. How did you interpret this? Obviously, they were disqualified. They broke the rules. I think in the tweets they mentioned that that was all right. They expected that basically. But how did you experience this whole thing?
Natan Benish: Yeah, it was like. it was very, I'd say, like in real time, it was very stressing experience because we almost made the whole platform and the whole contract and everything like almost like in one month, something like that. So we were like very, very fast and did not have a lot of testing. So one of the idea was like to get the results before we stream the result and sharing them with the stream. We had like two minutes before that to get all the results on our back end. And I was going through the logs and looking, looking on all this stuff. And then like I had like I think one minute to understand that the Zellig team doing something suspicious. And yeah, I was like I wasn't sure that they actually doing something which is not right. And I was like kind of not sure about that. But I took the decision to disqualify them. Obviously, I had like I had I had the Shield team, but I actually told them in real time, well, OK, the Shield team wasn't wasn't OK, but you are already proceeded to the next round. So please, like, don't cheat again. And yeah, it was like very, very, very stressful experience. But in retrospect, it was very fun, very fun. And I'm kind of proud or at least like kind of like I had the pleasure to catch them in action. But obviously, yeah, this is also part of the of I think the web free native gaming experience. We have all of these different smart people and communities, security experts, solidity devs, even like just general blockchain protocol architecture. Everyone coming into the competition and everyone bringing their unique angle, unique technical skills in order to, you know, to contribute to this total experience and making it so much fun and so much creative. But yeah, it was fun. Obviously, like security is a big challenge in on-chain games. But I think we will work this out as we progress into deploying our our game fully on-chain.
Nicholas: Yeah, I think by some you got a free Zelleck audit. What were you going to say Jazzy?
Jazzy: No, I mean, I mean, I was just going to apologize to Nathan again, just because like of all the all the stressful of like all the stress we caused, we just meant it as like a purely entertainment thing. But like, yeah, I'm really sorry about like any stress we caused you.
Natan Benish: It's OK. It was fun. And also, as Nicola said, it was like a good a good service that was very needed. We needed to have this audit. So I think that I also I also need to thank you.
Jazzy: And absolutely. Anytime.
Nicholas: Is this the first time you speak? Oh, sorry. Is this the first time you've spoken like verbally or I guess even by text? I don't know. I guess by text or communicating during the competition.
Jazzy: Yeah. Yeah. So like, yeah, I think this is the first time we have like spoken verbally before. That was mostly over telegram.
Nicholas: Oh, that's nice. I remember reading the Zelleck thread, which was very kind. It was not, you know, there was no anger over the disqualification or anything. You're very, you know, very appropriate.
Natan Benish: I think that in general, we all remain in a very like no, no, no bad feelings. And I think we all remain like in a very good like feelings about the rest. And it was fun for everyone. So, yeah, it was great. No hard feelings. I appreciate I very much appreciate the Zelleck team. And yeah, that's it, I think. In terms of that.
Louthing: And congrats for virtually having beaten Uniswap.
Nicholas: Definitely. Good point. Yeah.
Jazzy: Like the whole thing was very fun. So, like, yeah, thank you again for like. thank you basically again for setting up the whole thing. It was actually pretty fun to like even have strategies and like even without the hacks, the game was itself was pretty fun.
Nicholas: Do you think you'll be participating in the next arena when these bugs are patched?
Jazzy: If we get an invite, we absolutely would love to.
Nicholas: It reminds me a little bit of Elon showing off the Cybertruck and its indestructible windows. And then they smash the windows with a rock and it just shatters. But ultimately that became the image that popularized one of the images that popularized the launch of the Cybertruck. And everybody saw that image. But, you know, in six months or a year, whatever, they'll fix the windows. That's not impossible. That's fixable. But all the publicity and the fun of discovering the process and the Web3 nativeness to actually having disclosures through the gaming experience, I think, makes perfect sense and is the kind of thing that attracts the audience of people who are going to be playing and watching these competitions, first of all.
Natan Benish: Yeah, for sure. I think that entertainment and even like the tensions between different teams, because obviously think about the cool dynamic between like competitive like Dexys or competitions, competitors in the centralized exchange world. Like it adds the tribalism of Web3 for sure plays some kind of role in our game because we want to invite all the major Web3 companies. And obviously we have some tensions in that regard.
Nicholas: It's nice to hear that even though there is all this competitive angle, there's still quite friendly competition, even in something a situation like this, which is more tense than just within the game's logic. But breaking out of the game's rules, still there's like friendliness between people operating in the system. Because sometimes crypto Twitter can be a bit vitriolic and sometimes even toxic. So it's nice to hear that devs can get along and admire each other's work. I know that Matchbox DAO is not just about this one game. You have other games you're working on and also like a machine learning educational program. Maybe you could talk a little bit about that, either Natan or Luthing.
Natan Benish: Yeah, so basically Matchbox DAO is kind of one of the first pioneers in this space of on-chain games. Basically, our focus was on investment in on-chain games of creating like infra, having a grants program. So we worked with a lot of projects and with a lot of developers. I think like more than 100 projects, you might say, something like that. And also like when we saw the whole hype and the whole like recognize the value of 0x Monaco type of games, we also initiated a few more developments in that area. We are currently working on a very similar type of game to 0x Monaco, which is called Devs & Plebs. Actually, the main developer there is Suspoint, also a very, very smart developer that actually I think he got on the top 10 leaderboard in the original 0x Monaco. And we're also working on another game, which is called Silverstone, which is a transportation game on 2D grid, which we are working on with the Nethermine guys. So a lot of things that are going to come into the future. But I think now our main focus would be on, first of all, creating a content because you see like as our conversation evolved around this game, we are getting like all of these new and interesting angles, dynamics and like technical complexity. And it's very interesting. But the problem is it's quite hard and not intuitive for non-technical audience and especially for people who's just like this is their first watch and they did not hear about the game before. Our goal for the next type update would be like introducing a lot of dashboard data, introducing a lot of data on the teams themselves and kind of simplifying the viewing experience that would be able to let people, especially non-technical audience, to appreciate the game. Because if you think about 0x Monaco, we actually like our analogy for that would be like poker or chess. It's maybe potentially not that hard to play if you have like, if you know, if you have idea of the basic rules, but it's hard to master. So we already have like our grand master layers. We have like the old talented devs that are really interested to play the games and we are expanding it to more companies and talented communities. But we still want to bring people as people can appreciate like the best poker players or the best chess players like Magnus or Phil from poker. We want to create the same experience in 0x Monaco. And even if you cannot comprehend the whole complexity, the whole complexities and the whole technical stuff behind it, you still can appreciate and at least somewhat understand why the game is so challenging, why it's so interesting to watch and why it's fun and showing off at least some kind of talent in terms of like technical skills. So, yeah.
Nicholas: Great. A lot of exciting games. It sounds like. I was curious, but it sounds like many different angles and and projects that you're working on. Does it function like a DAO really? Or is it like an LLC or a company underneath?
Natan Benish: Essentially, we are a DAO, but our main project as of now is actually this platform. And most of the people that are working on are part of the core team. But like the part of the DAO part in Matchbox DAO is all of the corporate collaborations and hackathons and different investment and grants programs that we are doing with so many projects and so many builders in the space. So this is still a big part of Matchbox DAO. We still very much want to promote the on-chain gaming community. But also we think that if we can pave the way for other projects and show how we can take on-chain games and actually scale it up to a lot of people and create a lot of audience and hype around it, we possibly also helping to a lot of the projects that we are working on, on how to create a stronger and more hopeful roadmap for the future.
Nicholas: Love it. So if people want to hang out, work on Matchbox or participate in the next competition, where should they go?
Natan Benish: So the best place would be our Discord, but we're also very active on Twitter. Obviously, if you're interested in Zurox Monocore or working on similar type of games, it will be great if you can DM me on that or Eli or any other of the Matchbox official people, core people. And in terms of the next tournament, we are targeting April to make a much bigger tournament. We are talking about 70 plus teams that we are talking with them. Almost every essential and significant company in Web3 that we want to bring to the competition, make it much bigger. And we will announce it. So, yeah, it will be very exciting. Very exciting next month.
Nicholas: Very cool. So that's Natan underscore Benish on Twitter or Matchbox underscore Dow. And Jazzy and Aaron, what should people do if they want to get in touch with Zelleck? Maybe they want some auditing services or something now that they've seen what you can do.
Jazzy: Yeah, absolutely. So if you want to get any auditing service, we do have a very good contact form on our website and you'll get a response in less than four hours. So there's that. Apart from that, you can also DM our Twitter account and we can help you there. We absolutely love working with new projects in the ecosystem and we're chain agnostic. So happy to help anyone.
Nicholas: Awesome. So that's Zelleck underscore IO or Zelleck.io for those links. And I mean, what size teams are you able to work with? if someone is an independent developer? Do you think it's possible they could afford your services or it's more suitable for protocol development and that kind of thing?
Jazzy: I mean, it really depends on the size of the audit. So if it's like a relatively small contractor or like a small scope, I think even a small developer should be able to afford the services. Great.
Nicholas: That's helpful. I'll definitely connect folks that come my way.
Jazzy: Yeah.
Natan Benish: I think that we have one of the Polygon team here. Maybe you can share a little bit of their experience. Just like to give you another angle.
qedk: Hey, guys. I was at Polygon. I think our car was called Need for Gas. And yeah, we came second. And I think I'm a smart contract engineer at Polygon along with Daniel, who's the tech lead. And then Dean also was here. I guess he just left. He was one of the people who was kind of deconstructing the matchbox APIs and figuring out the other vulnerabilities. But yeah, we didn't really exploit any of that. Just like it was like they're in the security team, you know, that's what they enjoy doing. So, yeah, got to respect that.
Nicholas: Awesome. Congratulations on second place. What part of Polygon do you work on?
qedk: So I primarily do smart contracts. So I've been in. the team was founded approximately a year ago. I've been in that team since. And this is actually like my first smart contract CTF. Like at least like an official one. Like I've done Ethernet and all, which is pretty cool. But this was like the first Monaco style ones that I've attended. It was super cool for sure.
Nicholas: Awesome. Any insights about the competition or your strategies to play? second?
qedk: Yeah, sure. We actually come out of the blog post about it soon. Probably like next or next next week. I will go more in depth. But basically what we kind of realized early on while just testing around was that like you really couldn't like you had to have your eco on spot or like it. basically doesn't matter if you go to like 930 meters and then run out of coins. So what we basically started off was with like a bare bone template, which was just optimized to save resources. And then we kind of saw like the strategies of other cars. Like how would you have stages? Like we had some code of some cars which had stages. Then we kind of had some acceleration logic to kind of do the final boost at the end, like spend your eco when you can and all of that sort of thing. But I think the primarily because of the newly added abilities and because, you know, all of them also have that added exponential cost. I think what we kind of tended to focus was to ensure that we ecoed first and then focused on like the offensive part of it.
Nicholas: Very cool. I don't know if Natan you had any questions or anybody else for QEDK?
Natan Benish: No, actually, one cool thing that happened that I think all the finalists and also some more teams published their smart contracts. like the source was caught because we did not have access to the source. We just added the bytecode. So it was like very, very cool. And I think this is something that we want to promote more. I'm also working on a blog post and potentially like a big write up about all the strategies and the different angles. So we do want to make it even more accessible for developers in terms of like onboarding them into the type of strategy that they can come up with. And we really appreciate like any team that would maybe try to write about their strategy and like go in depth in that regard. So, yeah, it was very fun to host the Polygon team and all the other teams.
Nicholas: Great. Thank you, everybody, for coming through. Thanks QEDK for jumping in at the end to give your perspective. It's cool to talk to number two place team also.
qedk: Likewise. Awesome.
Nicholas: Well, thank you, everybody. Regular show is Friday at 5 p.m. Eastern Time every week. And this week it's going to be Harpy who do wallet security tech. So if you're interested, 5 p.m. Eastern Time, UTC minus five, I think we're at these days on Twitter space and then Web3GalaxyBrain.com for the podcast version the next week. Thank you all. And hope to talk to you soon on Twitter.
Natan Benish: Bye, everyone. Bye.
Aaron: Thank you.
Jazzy: Bye bye.
Nicholas: The podcast feed links are available at Web3GalaxyBrain.com. Web3GalaxyBrain airs live most Friday afternoons at 5 p.m. Eastern Time, 2200 UTC on Twitter spaces. I look forward to seeing you there.
Show less