SIWE Signature Verification
Servers MUST perform full EIP-191 signature verification. Common pitfalls:- Failing to verify that the recovered address matches the claimed address
- Accepting expired or reused nonces
- Not binding the SIWE message to the server’s domain
- Accepting signatures for a different chain ID
Token Management
Authentication tokens should be:- Generated with a cryptographically secure random source
- Opaque (no embedded user data)
- Limited lifetime (default: 24 hours)
- Never appear in URLs, logs, or error messages
Rate Limiting
Implement rate limiting on all endpoints. Recommended limits:| Endpoint | Limit |
|---|---|
/api/auth/challenge | 10/minute per IP |
/api/auth/verify | 5/minute per IP |
| WebSocket messages | 60/minute per session |
submit_action | Governed by game pace |
Replay Protection
Servers MUST maintain a set of seenmessageId values per session and reject duplicates. The set may be pruned after session expiry.
Balance Integrity
Server credit balances MUST survive server restarts. Use durable storage (write-ahead log, ACID database, or event sourcing). The invariant: no credits may be created or destroyed by a server failure.Transport Security
- TLS 1.2 minimum, TLS 1.3 recommended
- Reject plaintext WebSocket (
ws://) and HTTP connections in production - Use secure WebSocket (
wss://) and HTTPS exclusively