Rewards System: Bot Investigation Report

Realm
8 min readDec 12, 2023

Dear Realm players and investors,

The following article is a report on the status of the ongoing investigation into bot manipulation of the Realm Player Engagement programme, as well as resolutions regarding rewards rebalancing and future actions that will have a profound influence on the future of the Realm platform.

As much as we value transparency and have always aimed to maintain the utmost clarity regarding our communications with the community, there are a number of factors that must remain confidential while we complete our investigation. In such cases of sensitive information more details will be made available in due course.

Brief Overview of the rewards system.

Every day the rewards system looks at the number of players playing that day who have the minimum XP. Then it looks at the price of $REALM that day and calculates how many $REALM should be available so $1 of $REALM is added to the rewards pool for every qualifying player with the minimum XP. The exact amount of $REALM rewards each player earns each day is defined by various factors like amount staked, XP earned that day and referrals.

One crucial aspect of the reward programme design is the slow unlock period that gives the team ample amount of time to uncover and rectify any nefarious methods, bots or players are taking to extract value from the community.

Context

Our primary goal is and always has been to ensure the integrity and longevity of the platform for all stakeholders — the players, creators and token holders, and the fantastic team who have been building throughout the past 18 months of turmoil and general global headwinds.

It’s been great to see players accumulating larger numbers of $REALM due to the price being low, which correlated with the low attention that web3 projects received during the bear market.

However following an issue distributing rewards automatically in August 2023, the team began investigating some signs of unusual behaviour that had bypassed the Realm analytics suite and therefore was not present in the data analysis available to staff.

Via discussions with various players and further direct data analysis it became clear that players were receiving far higher rewards than the target average figure per player of $1 / day based on engagement. This $1 figure was modelled meticulously so that advertising revenue could balance the inflation of tokens distributed in a sustainable fashion for the long term.

Analysis

The dev team began the painstaking process of testing every aspect of the rewards system again and again, both from the extensive server-side logic to the server-blockchain connections using customised subgraphs and oracles, to the actual on-chain data presented to us. We meticulously checked the code again and again and could find no actual errors — something which consumed a great amount of time and energy but yielded no further results.

It became increasingly clear however that there was indeed a significant skewing of the total rewards figure, and the team therefore began conducting in-depth Dev-ops work, analysing each request log individually to identify the root cause and detect any malicious actors. We noted, however, that the total number of claiming wallets was not unnecessarily high, and therefore the smart contract itself did not contain the correct clues to diagnose the problem.

Through detailed analysis of server logs it was discovered that a bot network had managed to bypass Realm security measures and increase daily players by 3397.30% (34x on average each day). Many of these bots were successfully logging XP each day via the daily goal of watching stories — an activity that gains more than the minimum rewards XP threshold per day. We believe this bot network was able to bypass API security and access the stories endpoints directly, meaning the player count recorded in Mixpanel analytics was not increasing but the player count used to calculate the daily reward pool size was increased by 34x.

Numerical Analysis

The result of this bot manipulation was to inflate the user rewards pool by a significant margin — on average 34x the actual player count that was being observed in our analytics.

The total rewards figure therefore attributed to bots and players stood at around 320m $REALM — or 32% of supply. This figure is clearly completely unsustainable and therefore poses a significant risk to the viability of the rewards programme going forwards.

However, it is also apparent that the top 50 players managed to scoop up 81% of the rewards that were earned by genuine players — and that these players were often earning between $30–40 per day for playing. This was a direct result of the inflated rewards pool from the network of bot accounts using programmatic means to gain XP and inflate the reward pool size.

Not only this but a number of the top 50 players were operating alt accounts, so in essence we have less than 50 people who are stating they are owed a total of 10% of total supply, of which they have already withdrawn nearly 2.5% of the total supply.

Resolutions

In the light of this analysis, and following discussions with legal counsel, the team have kept the following factors in mind:

Long term growth

Tokens are crucial in attracting new players and creators that will engage with the Realm platform. As the platform engagement increases, the ability to generate ad revenue grows, creating additional demand for the $REALM token. This flywheel is crucial to Realm’s success as a self-sustaining decentralised gaming platform. As we enter into this new market cycle, massively diminishing the rewards pool from these months of bot manipulation will severely impact the ability for the project to effectively attract new players and creators.

Future of the Platform:

The Player Engagement Programme was carefully modelled within certain parameters in terms of reward amounts and player numbers. It is the duty of the team to ensure that the project’s future is secure for holders as well as to provide value to players and creators

The inflation of rewards by 34x, and the disproportionate benefits provided to a small cadre of players falls well outside of the intended function of the system and unfairly inhibits growth potential for all holders.

Precedent:

In the banking industry benefiting from a system error or manipulation is not considered legal, and the bank will seek to recoup any losses and incorrect amounts debited incorrectly. This rests on the basis of the recipient getting an unintentionally large amount of funds, and this situation is no different.

Similarly, the results of malicious actors have been to create an environment where the programme functioned in an unintended and unsustainable manner, from which a few players benefitted from the actions of deliberate manipulators. We are not seeking to recoup any additional rewards, but to limit the damage caused by these actors.

Adjustment

All tokens already unlocked and claimed to players are theirs to keep. This amounts to an average of 26% of the earned tokens, By now all players have unlocked and received 8.8x the total amount they should have received over 13 months.

The team must make difficult decisions in order to safeguard the project, and therefore the rewards system will be summarily reset in January with new OpSec safeguards and rules around qualifying rewards.

To reiterate: Players who have played during the period affected by bots have already received 8.8x the correct figure and have benefitted significantly. Furthermore those players with alt accounts have been allowed to keep the additional gains they received. The scale of the manipulation is so great that drastic measures are necessary to ensure that Realm is in the best position to continue to provide a market-leading product in 2024 and beyond.

- Bot Accounts Policy

Any player suspected by our forensics and analytics of being responsible for programmatic attacks on the Rewards Programme will be blacklisted and all rewards nullified.

- Alt Accounts Policy

During our analysis over the past weeks we have also identified a number of prominent community members who have been running multiple accounts (‘alt accounts’) in order to benefit from the inflated rewards pool even further.

As we have previously stated this is not allowable behaviour, and where it is possible to prove we will be enforcing blacklist and ban procedures and rewards will be nullified. This policy is in line with many other prominent web3 games.

2024 and beyond:

We are aware that for the select few who have already benefited handsomely from inflated reward figures there will be some frustration that they will not receive further benefit.

We would like to request that you consider not simply your own interest but the future of the project, and we will be firm in banning users who are not contributing positively to the community and platform’s success in general. Realm seeks to be a platform for the many, not a select few, and designed a system that seeks to be an alternative to the unsustainable models of Axie and other P2E projects. The end goal is a lofty one, and one that cannot tolerate malicious actions or a small minority profiting hugely from these nefarious actions.

Governance

Since the beginning of Realm we have discussed how the project essentially needs some level of centralisation to establish the direction of the project and over time as the project grows it is important to offer more control of the direction to the Realm community.

A lot of the gaming platforms have a separate Governance token and systems that enables members of the community to securely propose and vote on issues affecting the community. The reason projects use a second token with voting rights is it offers an ability to weigh decision making in favour of the players & creators who engage with the platform while giving less power to the passive holders.

We strongly believe that those players and creators generating the engagement within the Realm platform should have an outweighted impact on the direction of the platform and thus we are deciding to introduce a governance token that community members engaging with the Realm platform will receive in addition to $REALM.

Currently all players have received on average an 8.8x benefit from the botted reward pool issue. By way of restitution for players who have been consistently playing Realm who will not receive the full 34x benefit from the bot reward issue, we have come to the decision to ensure that incorrect rewards are recognised via an airdrop of a Governance token.

Currently there is no mechanism in place for governance to be securely managed, and therefore we will be launching a governance token in Q2 2024, which will be distributed based on both historical $REALM rewards and holdings of $REALM. We have taken a snapshot of the wallet holdings across both ETH and BSC and we will take further snapshots in the run up to distribution of the governance token airdrop.

This governance token will enable users to have an active role in voting for resolutions on the platform, and will impact both players and creators in a positive manner. More details will be released about the wide-reaching impacts the Governance programme will have for the future of the platform in due course, and the team feels this is an important step to both recognising the dedication of the core player base and towards ensuring community ownership of the direction of the platform.

Conclusion

Thank you for reading this report into our ongoing investigation. We hope you are understanding of the situation and the firm actions taken by the team to rectify the situation and ensure the strength of the platform for the future.

2024 and beyond has a great deal in store for Realm and we’re extremely encouraged to welcome a large number of engaged new players in the last couple of months. Let’s keep building and reaching new heights together!

--

--