Small Grants: Sphinx Game Lit Trivia

[gabriel-sk-williams]

1. What is your project? (max 100 words)

Sphinx Game is Lit-powered competitive trivia that is currently free-to-play, with a small fee to mint the user's results to a Solidity contract representing the leaderboard. We are currently offering prizes to top players.

In this initial implementation we are using Lit Protocol for encryption, decryption, and timelocking. Our goal is to take full advantage of the security features offered by Lit Protocol, and with the help of this grant, to build a more secure, decentralized competitive version of the game.

https://github.com/NpappaG/Sphinx-ReWrite

https://sphinxgame.wtf/ https://sphinxgame.wtf/leaderboard

2. How is Lit used for this project? (max 100 words)

Currently we encrypt the question-answer pairs and save them alongside keys so they can be decrypted at runtime; we also run a Lit Action to begin the session and obtain a wallet signature. The Action returns a timelock for the trivia session (currently two minutes), after which questions can no longer be decrypted and the game ends.

3. How will you improve your project with this grant? What steps will you take to meet this objective? (max 200 words)

In order to make Sphinx Game into a truly competitive decentralized product, the security needs to be airtight. Given enough time, users will eventually find exploits if they are available.

Timelock and decryption are already reasonably secure, but the final product will need automated decentralized proof that a high score submission is legitimate. We plan to tie a proof, generated by Lit, to both (a) a specific session and (b) the correctly answered questions from that session. The program would then submit that proof to a novel Solidity contract integration for verification before accepting the data. If this integration turns out to be unworkable we may consider using NFTs to the same effect, but all the same, these measures will require funding to provide for several weeks of development and testing.

4. Is this project open source?

Not currently, but once sufficient security measures are in place for the game (and therefore cannot be exploited by players), we would make it open source.

5. Do you agree to share grant reports upon request, including a final grant report at the end of the two month period?

Absolutely.

6. Links and submissions

We started this project independently and selected Lit based on our needs. If there any other prizes we should applying for, please let us know!

7. Total Budget Requested

$2,500 for engineering to complete the final security milestone as described above.

Additional questions:

• For each team member(s), please list name, email, Github account, and role in the project.

Nick Pappageorge, Founder https://github.com/NpappaG/ NPappageorge@gmail.com

Gabriel Williams, Engineer https://github.com/gabriel-sk-williams gabrielskwilliams@gmail.com

• How did you learn about our grant program?

Video call with David Sneider (also recommended by Adarsh)

[debbly]

Hey @gabriel-sk-williams, thank you for the proposal!

One note about our grants - the expected output is open source tooling extending Lit. If there a way for the team to open source the Lit Actions code and how you are utilizing Lit so others may use it in their project?

[gabriel-sk-williams]

You're welcome @debbly!

We were keeping the source private while the last game was active. I could fork the repo and make it public like this: https://github.com/gabriel-sk-williams/lit-trivia

Lit would be free to link to it (this is a working version but would need some cleaning up alongside the proposed security updates). If you have something else in mind we can do that too.

[debbly]

@gabriel-sk-williams - something like the Lit Trivia repo would be great! For the purpose of the grant, we want the Lit specific portions to be open source so that others many use it as reference

Can you give a breakdown for milestones + estimated cost for each? We like to operate with set milestones so we can get folks paid out in chunks + have actionable completion goals.

[gabriel-sk-williams]

Sure @debbly that can be done! I would pare down the repository to the relevant Lit implementations and call them out explicitly in the readme file.

As for milestones, I would propose three checkpoints across two repositories:

Repository 1 (NextJS): /lit-trivia 1) Encryption - Automatically encrypts the contents of a JSON containing trivia questions and answers using Lit, and returns a new encrypted JSON for use in the Lit Trivia game. The code here is already finished; will need additional documentation to be made legible and open-source for other users ($500).

2) Trivia - A one-page Lit-powered trivia game. On wallet signature, a Lit Action returns current Unix timestamp + two minutes, which serve as the beginning and end of the trivia session. When the user submits an answer to a Lit-decrypted question, the client waits for Lit to decrypt the answer and then checks it against the user's guess. At the end of the session the PKP is sent to a Solidity contract. Milestone would include documentation and the development of Lit Action code which can enable verification of high scores ($1000).

Repository 2 (Solidity): /lit-verification

3. Leaderboard - Currently, trivia scores are stored in a contract monitored by https://sphinxgame.wtf/leaderboard, but they are not verified for authenticity. Milestone would include the development of contract functions that can verify trivia scores by using some combination of the PKP, timestamp, and the Lit Actions described in Milestone 2 ($1000).

[gabriel-sk-williams]

@debbly Was any final determination made on this project? Would love to move forward and finish the documentation if the checkpoints above are acceptable. Otherwise, would love to hear any feedback and get a better understanding of where LIT is hoping to see more development efforts.

[debbly]

hey @gabriel-sk-williams

We're not funding the development of using Lit for encryption, so repo 1 part 1 does not fall under our grant eligibility.

For repo #1, part 2 - can you clarify what you mean by the PKP is sent to the solidity contract?

For this project we're able to offer $1.5K USDC.

[gabriel-sk-williams]

Hi @debbly very sorry for the delay—we were recently commissioned to implement our trivia game for a public promotion with Coinage Media. The good news is this afforded for more development with Lit—although due to budget and time constraints we have not further developed any Lit Actions or contract schema there.

To clarify further, the idea for the grant would be to explore the use of a Lit Action to verify the user's AuthSignature and Score from playing the game before entering it onto a public 'Leaderboard' contract. Without some sort of verification, malicious users could freely send a High Score to the 'Leaderboard' contract without ever having played the game. Alternatively, there could be an opportunity to use a PKP or some form of Account Abstraction to verify that a new Score is being sent from a real play session.