MetaFab takes security very seriously. Our systems implement the latest security best practices to minimize and remove risk exposure to the maximum degree possible.
Game and player accounts both use passwords.
bcrypt with a cost factor of 10 is used to generate a stored hash of your game and player account passwords. Password related authentication is done by standard bcrypt comparison operations.
Passwords can be cycled and changed at any time for game or player accounts through the relevant update game and update player endpoints.
Token / Secret Management
An industry standard access token model is used to interact with game and player accounts. Each game and player has a unique 64-character secret key (games) or access token (players) assigned to it.
This secret key or access token is used to update game and player-specific account details. It is also required, along with the
walletDecryptKey, to interact with any MetaFab endpoints that submit transactions on behalf of the player or game.
Secret keys and access tokens for games and players can be cycled at any time using the relevant update game and update player endpoints.
Managed Wallets (Games & Players)
Implementing a trustless model for managed wallets has always been a key consideration since we began building MetaFab. Game and player managed wallet creation and encryption/decryption systems are implemented so that MetaFab never has direct access to managed wallet private keys. MetaFab also never stores PBKDF2 derived decryption keys used to encrypt/decrypt wallets.
Managed Wallet Generation & Encryption
The managed wallet generation and encryption flow for a new game or player registration, as outlined in the diagram below, works like this:
- Game or player submits a registration request with their email (game) or username (player) and a password.
- A randomized private key is generated in an isolated process and assigned as the game or player's managed wallet.
- An reproducible derived key is generated using PBKDF2 with a shifted salt generated from a hash of the password.
- That private key is encrypted with AES 256-bit encryption using the derived key as the encryption/decryption key.
- The generated ciphertext from that encryption is stored in MetaFab's encrypted database. No plaintext passwords or derived keys are ever stored, all sensitive information is always processed within strictly isolated processes and discarded from memory immediately after use.
Managed Wallet Decryption & Usage
Managed wallet decryption and usage when a game or player interaction wants to interact with the blockchain, as outlined in the diagram below, works like this:
- API request submitted for game or player that involves performing blockchain transaction. This request includes the game's secretKey or player's accessToken, as well as walletDecryptKey.
- Authentication is performed using the provided secretKey or accessToken.
- The managed wallet ciphertext for the authenticated game or player is retrieved.
- The managed wallet ciphertext is decrypted using the provided walletDecryptKey in an isolated process and used to sign any relevant transaction to be performed for the request.
- Transaction or gasless transaction is submitted to the blockchain.
Managed Wallet Considerations
The nature of the patterns implemented for managed wallet security is such that even if a breach of MetaFab's encrypted database were ever to happen, whether, by external or internal bad actors, managed wallets private keys cannot feasibly be breached.
The reason being is that with strong password enforcement for player and game accounts that are then used to derive individually unique PBKDF2 encryption keys, brute forcing the managed wallet ciphertext MetaFab stores is not possible. Each managed wallet will have a varying decryption keys compared to another, such that each would need to be brute forced individually. The nature of the AES256 encryption we use makes accessing the private keys for managed wallets without each individual plaintext account password or the walletDecryptKey impossible.
Funding Wallets (Games)
A game's funding wallet is used to cover the underlying gas fees of player transactions. Because of this, it is required that MetaFab's systems have access to transferring funds from the funding wallet to your game's internal, automatically managed gas relay wallet nodes at any time.
The private keys for your game's funding wallet and internal gas relay wallet nodes are encrypted and managed using a combination of Amazon Web Services' (AWS) Hardware Security Modules (CloudHSM) and Key Management Service (KMS).
External Wallets (Players)
A frictionless external wallet experience is available for player accounts using MetaFab's services. This is a first-of-its-kind technology that allows your players to connect their external wallet once to their player account and transact in game as their external wallet without ever dealing with transaction signing, pop ups, etc. This allows you to create managed wallet-like experiences for players who use external wallets that are as frictionless as games that don't implement blockchain.
To enable this, a number of security considerations are put into place. This systems works by using MetaFab's innovative System Delegate Approver to make this possible. No private keys are exposed or shared by the external wallet.
Our external wallet connection system is made possible by using a one-time signature generated by the player's external wallet, our gasless transaction system, and a "System Delegate Approver" to delegate transactions to be executed by a managed wallet as if they were the external wallet.
This system limits delegation approval ONLY to smart contracts that implement your game's system id and support for MetaFab's delegate approval system on chain.
You own and control all smart contracts you deploy through MetaFab. By default these contracts are deployed and assigned initial ownership to your game's managed wallet.
Contract ownership and administrative control can be transferred to an external wallet (EOA) that only you control the private key of. This can be done without any interruption to your usage of MetaFab's services. If you decide you want to leave MetaFab but take your deployed contracts with you, you can absolutely do that. We don't enforce any lock-in.
Learn more about contract control & ownership transfers here.
We perform backups on MetaFab databases and internal systems multiple times per day. These backups are done in such a way to prevent any data loss using Amazon Web Services (AWS) best standards and practices.
Updated 4 months ago