techlist.io
KR EN
woowahan

WOOWACON 202 (opens in new tab)

matter-jsphysics-enginedeterministic-physicsanti-cheatgame-developmentreplay-verification

To ensure the integrity of the "WOOWA POP!" mini-game during WOOWACON 2025, the development team focused on moving security from an external layer into the core game mechanics. By implementing a deterministic physics simulation, they created a system where the server could independently verify player scores by replaying their inputs. This approach effectively turned game sessions into verifiable mathematical proofs, preventing cheating in a high-stakes environment full of tech-savvy attendees.

The Limitations of Traditional Game Security

  • Standard methods like code obfuscation and variable renaming only delay hackers rather than stopping them, as determined users can eventually reverse-engineer the logic.
  • Integrating external security measures like CAPTCHA often ruins the user experience; as seen in historical examples, the game eventually stops being a game and starts being a "humanity test."
  • Modern AI and computer vision have rendered many traditional CAPTCHA generations (OCR and image recognition) obsolete, requiring a more robust architectural solution.

Building a Deterministic Verification System

  • The team utilized Matter.js for physics but had to address the challenge of non-determinism caused by floating-point inconsistencies across different browsers and operating systems.
  • Instead of sending massive amounts of frame-by-frame data (which would reach 30,000 frames for a 10-minute session), the system records only "Events"—the specific coordinates and timing of user drops.
  • By synchronizing the random seed and the discrete input events, the server can re-simulate the entire game state to ensure the final score submitted by the client matches the result of the server-side replay.

Practical Fraud Detection and Mathematical Proofs

  • The system was put to the test when a user submitted an impossibly high score of 14,570; the server-side verification caught the discrepancy because the re-simulated score did not match the submitted value.
  • This architecture mirrors the concept of one-way functions: while it is difficult for a player to achieve a high score (the "work"), it is computationally inexpensive for the server to verify the legitimacy of that score.
  • The project demonstrates that for competitive digital environments, security should be treated as an inherent property of the system's mathematical design rather than a separate protective shell.

By shifting the focus from "preventing the act of cheating" to "verifying the integrity of the result," developers can maintain a seamless user experience while ensuring fair competition. Leveraging deterministic simulations allows for a robust "Proof of Play" that is resilient even against sophisticated automated scripts and manual manipulation.