Image: modified Drugwars Logo
Drugwars became a big thing in the last couple of weeks with a lot of players and a lot of them spending money on the game. From the beginning, the community found ways to automate things, like investing drugs to heist or creating units with spare resources. The re-enabling of attacks brings another aspect where automation can directly have influence on the player rewards. It didn't take long until first auto-attack bots were spotted in the wild. The team explicitly spoke out against auto-attack bots and seemed to have banned a few players at least temporarily. Having a bot-race in the game is certainly not in the sense of the "100% human" players and takes some fun from the game. On the other hand, there are rewards, and for maximizing those, getting some "help" is rarely left unused. So, how many players are actually using scripts or bots to make the life of a drug lord easier?
How to distinguish between human and bot actions?
One indication that I'm going to use here is the signature of the corresponding transaction containing the game's
custom_json operations to invest to heist, create units, upgrade buildings or attack others. An operation submitted through the game website will be signed by the @steemconnect account, while an operation submitted from outside the app (e.g. a script or bot) is likely signed with the posting key of the author account. Technically, there's however still a possibility to send an op with a steemconnect signature also from a script/bot, so better take the following numbers as a lower boundary. In the following, I'm considering all operations that are not signed by the steemconnect key as "scripted". This is not necessarily a "bot" but can be a helper/auto-heist/... script.
I'm using here all blockchain transactitions with drugwars
custom_json operations that were submitted on March 5th. This was shortly before the team explicitly spoke out against auto-attack bots and the Websocket API did not yet require authentication at this time. The reason the period is rather short with 24h is that reconstructing the sender of a transaction from the signature is quite compute-intensive and therefore slow. The data was queried and processed with beem using python.
Distribution of scripted drugwars actions
First of all, the 5th of March had a total of close to 80000
custom_json ops related to drugwars while a a blockchain day with 3s block time has 28.8k blocks - that's 2-3 drugwars ops per block in average!!
The following graph shows the distribution of all operations (blue) and scripted operations (orange) across the different drugwars actions:
dw-heist: invest drugs to heist
drugwars: these are attacks
dw-unit: unit recruitment
dw-upgrade: building upgrade
dw-char: new character
Notice the huge orange bar for the invest-to-heist ops? More than half of all
dw-heist operations (55% to be precise) are not done from the drugwars website but scripted!! 17% of all attacks were scripted and close to 5% of all unit creations. There are only a few scripted building upgrades and no scripted account registrations.
But the distribution of the individual ops doesn't tell much about the number of players using the scripts, all automation could still come from a single account.
Number of accounts using scripted drugwars actions
There were a total of 6030 distinct players on March 5th. The following graph shows the distribution of them across the different operation types. An account is included in the "scripted" part whenever it had at least one scripted operation of the given type.
A quarter (25%) of all drugwars players used an auto-heist script - I would not have expected that much! The fraction of users users with scripted attacks is at around 2%, so this is really a minority. Another slightly more popular thing beside auto-heisting is to create units via scripts, making up around close to 6% of all players.
It is not surprising that automation is applied, especially since a couple of actions can easily be automated (auto-heisting, unit creation). Others can potentially bring advantages. It is clear that fully bot-controlled players have an edge against human players in the current implementation of the game. I personally would not have expected such a high level of automation applied by the players.
However, some aspects have to be taken into account:
- attacking from a script does not necessarily mean that this is an auto-attack bot. I think there's still a big difference if a bot attacks autonomously and if a script is used to attack a manually specified target, e.g. "only" leaving out the GUI.
- The drugwars team implemented an authentication method on the websocket API around a day ago. This means that most of the published auto-heist scripts will not work anymore out of the box but need some adjustments. Not everybody that used the public scripts will be able to make these changes and I haven't seen any posts with updated scripts yet. The number of scripted ops is likely to be lower now, but that would have to be investigated in detail for a definite answer.
- It is clear that one player or account is not one person. Seeing account names enumerated from like 1 to 100 makes clear that this is an aspect that has to be considered as well, possibly reducing the number of "physical" users with automation to a lower number than shown here.
Proof of Authorship
All scripts to generate these results are on my GitHub: https://github.com/crokkon/steem-analyses/tree/master/1903_drugwars_bots