GUNZ

We express our gratitude to the Gunzilla team for the collaborative engagement that enabled the execution of this Blockchain Protocol Security Assessment.

GUNZ is a Layer 1 blockchain platform developed by Gunzilla Games, designed to enhance gaming experiences by offering players true ownership of in-game assets. Built on an Avalanche Subnet, GUNZ enables players to convert their in-game items into tradable NFTs, allowing secure transactions within the game's marketplace or on external platforms. This integration empowers players with tangible value for their in-game achievements, fostering a community-driven economy.

Audit Summary

This audit confirms the security and integrity of the GUNZ Avalanche Subnet, ensuring that its deployment remains uncompromised. The evaluation verifies that the validator network, node configurations, and key security parameters adhere to Avalanche's best practices. Additionally, the integrity of executable binaries has been validated. The report provides a comprehensive summary of the verified checks and other pertinent details.

Subnet Setup & Verifications:

• Verified Binary Hashes: Cross-checked the integrity of the executable binaries Avalanchego v1.12.2 & Subnet-evm v0.7.2 mentioned in the Linux service unit file against the official hashes provided in the corresponding GitHub repositories (Avalanchego v1.12.2 Release, Subnet-evm v0.7.2 Release) to ensure no modifications or tampering. Confirmed the exact binaries mentioned in unit services are running by manual server login.

• Verified Node Service Status: Confirmed that the node services are running as expected, with all services active and logs indicating smooth operations.

• Validated Validator Network: Checked that no unauthorized or unknown validators were connected at the time of verification,

• Confirmed GUNZ's P-Chain Ownership: Verified that the GUNZ network is associated with and operating under P-Chain, ensuring proper blockchain governance and that the GUNZ chain is listed on the P-Chain.

• Verified Native Minter Configuration: Cross-checked node configurations to ensure the native minter is disabled, aligning with documentation stating the native GUN coin supply should remain fixed.

• Verified Subnet Validation Details: Confirmed that only one blockchain (GUNZ) is being validated by the subnet, as expected.

• Confirmed Correct Subnet Validation: Ensured that the blockchain is being validated by the correct subnet with proper validation parameters, validating the consistency of the validation set.

• Verified Staking on GUNZ Subnet: Checked the total amount staked (24,000 AVAX across 12 nodes, 2,000 AVAX each) to ensure it meets expected requirements and security thresholds.

• Verified BLS Key and Proof of Possession (PoP): Validated each node's BLS public key and corresponding PoP to confirm ownership of the private keys, ensuring the security and integrity of the node's validator identity.

• Verified Security Precompiles: Confirmed that contractDeployerAllowList, feeManager, and rewardManager precompiles are correctly configured with no unauthorized precompiles.

• Verified Network Connectivity: Ensured all validator nodes maintain proper peer connections for network stability and consensus.

• Verified Chain Configuration: Confirmed that Chain ID 0xa99b (43419) is consistently validated across all validators with proper block processing parameters.

System Overview

The GUNZ Chain operates as an Avalanche subnet. It comprises 12 validator nodes: 8 managed directly by Gunzilla and 4 sponsored by trusted partners. The system utilizes the Snowman consensus mechanism. GUN serves as the native currency for the chain. The GUNZ subnet is configured as a permissioned network, meaning external validator nodes cannot be added without approval. Avalanche validates the integrity of the subnet.

Gunzilla Validator NodeIDs:

• C6b58cQGYSqm1FeQyvXKXUgZ3R7Q9D9es

• Fd4DMc88ELLiTHHSLVZ7L4MB3Z7jbDEAy

• GuTDsR1tBFgQUbKqCf7J29yBo8ofudHEZ

• 2pNQqfaBqMqwWgeJiqPbmHZk1cUtWcjqb

• Q5xvrPQSjHhJX8eLKbBnZMWbS648NqnsZ

• F5sBP4yNA2YXHbD6FJUjsZJ5zhoMqMi6g

• CosZvo7bLiPF8XWNnd5Ctgktfv8b288h9

• 5B2Uyysf1nWcRbiCYdKwXzevVF5a7sN6T

Key System Characteristics & Configurations:

• Platform: Avalanche Subnet

• Consensus: Snowman

• Native Currency: GUN

• Network Type: Permissioned

• Validator Count: 12 (8 Gunzilla, 4 Partner)

• Chain ID: 0xa99b (43419)

• Binaries: Uses Avalanchego v1.12.2 and Subnet-evm v0.7.2.

Key Precompiles: Includes FeeManager, contractDeployerAllowListConfig, RewardManager, WarpMessenger.

Components in Scope

• The integrity of binaries run by nodes

• • AvalancheGo →

  • Subnet-Evm →

• Network Configuration

Below is the list of NodeIDs for the validators whose integrity has been reviewed:

1. C6b58cQGYSqm1FeQyvXKXUgZ3R7Q9D9es

2. Fd4DMc88ELLiTHHSLVZ7L4MB3Z7jbDEAy

3. GuTDsR1tBFgQUbKqCf7J29yBo8ofudHEZ

4. 2pNQqfaBqMqwWgeJiqPbmHZk1cUtWcjqb

5. Q5xvrPQSjHhJX8eLKbBnZMWbS648NqnsZ

6. F5sBP4yNA2YXHbD6FJUjsZJ5zhoMqMi6g

7. CosZvo7bLiPF8XWNnd5Ctgktfv8b288h9

8. 5B2Uyysf1nWcRbiCYdKwXzevVF5a7sN6T