How much automation is on Drugwars with scripts and bots?

in #utopian-io2 years ago (edited)



Image: modified Drugwars Logo

Drugwars became a big thing in the last couple of weeks with a lot of players and a lot of them spending money on the game. From the beginning, the community found ways to automate things, like investing drugs to heist or creating units with spare resources. The re-enabling of attacks brings another aspect where automation can directly have influence on the player rewards. It didn't take long until first auto-attack bots were spotted in the wild. The team explicitly spoke out against auto-attack bots and seemed to have banned a few players at least temporarily. Having a bot-race in the game is certainly not in the sense of the "100% human" players and takes some fun from the game. On the other hand, there are rewards, and for maximizing those, getting some "help" is rarely left unused. So, how many players are actually using scripts or bots to make the life of a drug lord easier?

How to distinguish between human and bot actions?

One indication that I'm going to use here is the signature of the corresponding transaction containing the game's custom_json operations to invest to heist, create units, upgrade buildings or attack others. An operation submitted through the game website will be signed by the @steemconnect account, while an operation submitted from outside the app (e.g. a script or bot) is likely signed with the posting key of the author account. Technically, there's however still a possibility to send an op with a steemconnect signature also from a script/bot, so better take the following numbers as a lower boundary. In the following, I'm considering all operations that are not signed by the steemconnect key as "scripted". This is not necessarily a "bot" but can be a helper/auto-heist/... script.

Data set

I'm using here all blockchain transactitions with drugwars custom_json operations that were submitted on March 5th. This was shortly before the team explicitly spoke out against auto-attack bots and the Websocket API did not yet require authentication at this time. The reason the period is rather short with 24h is that reconstructing the sender of a transaction from the signature is quite compute-intensive and therefore slow. The data was queried and processed with beem using python.

Distribution of scripted drugwars actions

First of all, the 5th of March had a total of close to 80000 custom_json ops related to drugwars while a a blockchain day with 3s block time has 28.8k blocks - that's 2-3 drugwars ops per block in average!!

The following graph shows the distribution of all operations (blue) and scripted operations (orange) across the different drugwars actions:

  • dw-heist: invest drugs to heist
  • drugwars: these are attacks
  • dw-unit: unit recruitment
  • dw-upgrade: building upgrade
  • dw-char: new character

Notice the huge orange bar for the invest-to-heist ops? More than half of all dw-heist operations (55% to be precise) are not done from the drugwars website but scripted!! 17% of all attacks were scripted and close to 5% of all unit creations. There are only a few scripted building upgrades and no scripted account registrations.

But the distribution of the individual ops doesn't tell much about the number of players using the scripts, all automation could still come from a single account.

Number of accounts using scripted drugwars actions

There were a total of 6030 distinct players on March 5th. The following graph shows the distribution of them across the different operation types. An account is included in the "scripted" part whenever it had at least one scripted operation of the given type.


A quarter (25%) of all drugwars players used an auto-heist script - I would not have expected that much! The fraction of users users with scripted attacks is at around 2%, so this is really a minority. Another slightly more popular thing beside auto-heisting is to create units via scripts, making up around close to 6% of all players.


It is not surprising that automation is applied, especially since a couple of actions can easily be automated (auto-heisting, unit creation). Others can potentially bring advantages. It is clear that fully bot-controlled players have an edge against human players in the current implementation of the game. I personally would not have expected such a high level of automation applied by the players.

However, some aspects have to be taken into account:

  • attacking from a script does not necessarily mean that this is an auto-attack bot. I think there's still a big difference if a bot attacks autonomously and if a script is used to attack a manually specified target, e.g. "only" leaving out the GUI.
  • The drugwars team implemented an authentication method on the websocket API around a day ago. This means that most of the published auto-heist scripts will not work anymore out of the box but need some adjustments. Not everybody that used the public scripts will be able to make these changes and I haven't seen any posts with updated scripts yet. The number of scripted ops is likely to be lower now, but that would have to be investigated in detail for a definite answer.
  • It is clear that one player or account is not one person. Seeing account names enumerated from like 1 to 100 makes clear that this is an aspect that has to be considered as well, possibly reducing the number of "physical" users with automation to a lower number than shown here.

Proof of Authorship

All scripts to generate these results are on my GitHub:


Can you make decent money with it?

After about 2 weeks I get ~0.5 Steem each day. And I consider myself as quite low. I've spent 2.4 Steem overall, so I am already making profit. Not getting rich of course. But it's kinda fun and a little extra

Go and create an account using my referral, and then I can tell more about it LOLL =)

You just convinced me to stay away, buddy.

comment self-votes bring you more returns with less effort...

That’s one of the things I don’t like about Steem.

so why do you do it then?

If you show me a way where I can make more -- I'm stopping right away.

Which options do you have with other coins? -> hodl. There's no point in Steem if we'd all use it as PoW and I'm pretty sure you'll get to a point where somebody with a comparable stake will disagree on your rewards...
How about delegating (a part of) your stake to (d)apps that bring Steem forward and eventually even pay you for that? Reward those that bring value or those who write about things you like to grow the value of Steem...

I already delegated to ActiFit and I would have kept my delegation, but then the difficult times hit and now I need to get money spendable right now since ActiFit isn’t traded on any exchange just yet.
Believe me, for me this is painful as well.
I didn’t self-upvote my self for a year having even a higher stake, but it’s not my fault that such hard times for Crypto came. I was pushed in a corner.

Posted using Partiko iOS

No you can’t ... here’s an example !bookkeeping drugwars

Please use one of the following keywords after !bookkeeping:

drugwars steemmonsters magicdice steemslotgames steembet moonsteem

yep, I have started 21 days ago, I have invested 14.622 STEEM and I earned 17.049 STEEM from daily and 8.019 STEEM from heist which totally gives me 10.446 STEEM of pure profit with incomes around 1.18 STEEM per day. I was break even after two weeks. It is important to know what is worth your money and what is not and can be upgraded normally in the game

Really? So, if I invest 1,400 Steem — I’ll make 1,000 Steem of pure profit in 21 days?
What are the risks?
Can I lose all my initial investment instead of earning anything?

Most likely it is almost impossible to invest 1400 Steem and earn 1000 Steem of pure profit in 21 days. Size of the rewards decreases every day and those rewards are generated from the resources in the game and shared reasonable with all the participants. If drugwars have a small payout budget and there is a lot of players which are not investing anything anymore, then sooner or later it might appears some problems with fulfilling your expectations. Without a smart management plan about spending some Steem during the first steps in the game, it is possible that you can lost a lot instead of earning. I have also heard about guys which made a full cashback in 7 days, so everything is up to you and your investing plans.

Hey @crokkon,

Thank you for your interest in DrugWars and for this analysis. We are also sad to see so many automated actions ingame and are working hard to counter them and/or to make them useless. With a total of 11k players we can't let some people ruin the fair and the fun of the majority of the DrugLords.

Best regards,

This is good to hear, what do you plan on doing? Captcha?

I wonder if there is a way to prove an awesome, genuine, player like myself is actually who I say I am?
What if there were "Proof of brain" airdrops or something?
I am not sure how it would work. Maybe create whitelist or something?

Make us turk something potentially useful! Use our army of capcha warriors to do real work that puts something back into the heist pool!

Hey, thanks a lot for the feedback and the resteem! :)

Hey @drugwars, before all congratulations for the great experience and game growth you acquired. I think it safe to say this project was a success since day 1.

But with all the success it would be obvious it would have people that always try to be more clever than the system and it's a good time to double down on the security. Otherwise, real players will not have a fair sensation while playing or spending time on the game.

If I may advise, you could start to implement reCaptcha v3.0, since now it's a really seamless experience and always analyze all the players vs bots movements in a quick and clean way without any confirmation or pop-ups needed to be a field or check. That way real players can keep have fun while the number of bots is reduced​ or even banned. This is just a short term patch I really recommend you as well to implement your own security measures like a blacklist of recurring bots and false players and other methods that make the game a safe place for all and promote a fair and fun place to be a part off.

@drugwars you made an amazing job (for yourself)

the game is actually quite nice in the beginning ... but the rewards are way to low ... and the degradation of earned value goes downward way to fast.

I am a human player, with no bots or gazillions of steem sitting somewhere, and i was in the game quite early, and spended over a 100steem, just to realize that after you have build something of a little empire, these prices and the recourse needed get’s way out of hand. It is really way to crazy and expensive. We are not all whales with gazillions of steem to spend like it is nothing!!!

Also i have noticed that you change things on the fly. And after the battles were back, you raised the price for troops significant.

So, it is safe to say that ... The only winner with drugwars are the drugwars devs and with that conclusion, i take my hat of for you

scash!tip 100

⚡$$$ Tipped @crokkon ⚡100.00000000 SWIFT! If you don't know how I work, reply help! Currently the price of SwiftCash in the market is $0.0031 USD per SWIFT. Current value of the tip is $0.3100 USD. To find out more about SwiftCash, please read our whitepaper!

The drugwars team implemented an authentication method on the websocket API around a day ago. This means that most of the published auto-heist scripts will not work anymore out of the box but need some adjustments. Not everybody that used the public scripts will be able to make these changes and I haven't seen any posts with updated scripts yet.

The change which is require to login to websocket API takes about 5-10 lines of code. From my perspective it was made not to limit access to API but to help drugwars team find user names of players who are abusing the API.

The problem is that it in reality it doesn't change anything, for 6 STEEM you can buy a new Steem account and use it only to find players with cheap resources by calling get_user method. This info you pass to army of bot. The bot attacks looks then legit because no abuse of API is done by them :( You will have to only regular buy new accounts which will be banned for abusing the get_user method.

From my perspective identifying and banning bots is waste of time, instead of developing the game the team has to do some statistic analysis :( Instead of this number of user actions should be limited for e. g. 20 attacks a day, or only 1 attack in time frame of 2h . Maybe a captcha should be added before each attack.

I don't have any insights on what the team plans to do with this. Yes, the current change is minor, but may already stop those using 3rd party scripts. I'm not sure if real user logging is going to happen. I'd guess that this is more towards setting up some rate limiting, which would probably help already. I completely agree, a blacklist approach likely won't work, it brings a maintenance nightmare and new accounts are easily set up. Not sure on the captcha approach - wouldn't this void all decentralization aspects? I'm confident the team will find a good compromise for all.

I think some anti-bot tools could be tweaked to work offline too, via temporary information read from/via blockchain. Either way, decentralizing anti-cheating on STEEM can be a hard to do thing. Maybe it would be something to address (if not already done) on SMT's.

For example, the player @qurator-tier-1-2 has already some bots. I can never attack this one anymore. On top of this, the player itself is part of a bot on STEEM, which makes all this very hard to manage.

Although I agree limiting will reduce the bots, it will never avoid them. And because of the capability of STEEM accounts, it would not work. People will just create more accounts to have strategic scripts working on them.

I think that should be a "luck" aspect to when a player attacks. Like a sliding scroll (anti-bot features), or something like @properfraction said "Maybe a captcha should be added before each attack", and if during that period, more than 1 player slides successfully the scroll, a roll is done, to which one attacks. This will both kill bots and also allow attacks to be fair (in my view).

FYI @drugwars

Hey, friend.🙂 First, uh, of course a HUGE thanks for the follow! Greatly appreciated. Then, i swing by your place to get to know you a bit....and this is the first thing i see. An amazing analysis with some great insight. I love reading ashers stuff. And, while in the middle of your post, for a second there thought i was reading him.(sorry, if thats offensive to you.)😁
Then i laughed my butt off when i dropped down to the comments...and there he is...the first guy, right on top. I'd love to say im surprised, but my grandpa always said,"money knows money boy, and smart men know smart men." So, not surprised....but really happy to see. Now i have an excuse to ramble to him too.

And as far as if theres bot or not, im okay either way. I keep all my accounts' resources below the "safe" line and i dont attack people. One, because it's just mean, and two, it just seems a horrible waste of resources.(just my opinions. 🤪) i try to just build build all the accounts as much as possible to help others. No time for yhe silly squabbling. 😂🤣 anyway, as i reread this, i noticed its starting to look more and more like a post. All thats missing is a picture. Oh, hang on i have one of those too....20190228_222441.jpg
Yep, me pretending to be Spiderman.... for my son. HAVE A GOOD NIGHT AND A GREAT WEEK BROTHER!
P.S. @abh12345 i was talking about you, so figured I'd tag you.😋

haha, thanks for your nice comment and I don't feel offended at all :) It's probably no big surprise that I found you via Asher as well. Ah, and great spiderman picture! :D

haha :)

Well I hope crokkon isn't too offended, and if so I will have to get better at copying his analysis work!

On the photo I can't quite fathom which way is up and can only conclude that you are performing a single hand stand :D

This post has been voted on by the SteemSTEM curation team and voting trail in collaboration with @curie.

If you appreciate the work we are doing then consider voting both projects for witness by selecting stem.witness and curie!

For additional information please join us on the SteemSTEM discord and to get to know the rest of the community!

I am actually about to release something to help people perform automated actions in Drug Wars. Scripting in itself is not bad, I don't agree that people should be scripting attacks, but many of the online games I've played like this have a community with scripting.

A game I've played for years called Kings of Chaos has many scripts for macroifying game play. I think for DW scripting to automatically invest and buy units is fine (imo) scripting to auto attack or create multiple accounts and harvesting Steem is obviously bad.

Good analysis.

Posted using Partiko Android

Any scripting gives an advantage to small pool of players, so it is a form of cheating!

When you do some scripting in a normal game I can accept that because other players are only loosing their time. The difference between normal game and drugwars is that here you are awarded with real money (steem is just like money), so it is not a cheating but obviously it can be called form of steeling from others.

Imagine what would happen if come to casino (where you can also win real money) and cheat there or just use some tools to win more?

Precisely. =) And when laws become very conformable dealing with these techs, it will be crime! Write that down! 🤣 - I am joking with it, but its not that far away to happen... and its pretty easy to do/implement.

You have a valid point here. However, I think such automation merely will force the Drug Wars team hand to make the game less two-dimensional and introduce other ways to make money and grow, invalidating the need for automating heist invests or unit creation.

It's a flawed game right now.

Posted using Partiko Android

Yeah, I think it depends a bit on what the game should be. In the state of the game from the data used here, there were quite some possibilities to get monetary gains with auto-attack bots. This is certainly no fun for all others. Things like auto-heist scripts don't do any harm, but they potentially help to reward inactive players. So it's more a conceptual question if this should be tolerated or not. I'm confident that the drugwars team will find a solution that works for all. Looking forward to your automation solution!

Thank you for this post. I actually started complaining about it in the drugwars post yesterday to get a debate going.
Unsurprisingly bot users argue it is fair and it is the future.
I am glad @drugwars has spoken on thee issue.
Even a heist bot has a huge advantage as they don't need to do anything else in life but himans do.

For those already using relatively harmless bots, I don't think they deserve a ban, but moving forward, it should be stopped on at least one server.

Posted using Partiko Android

Thanks a lot for the data... I was curious too ;-)
There are humans, bots... but also 1 mannequin playing the game, haha!
Big hug
Steemitri The Mannequin

haha, yes, I have to work finding ways to also detect mannequin players - those completely slipped through in this analysis :)

Very good analysis. I wouldn’t have thought bot ratio would be that high at this point but in any game you will find bots. So I guess I shouldn’t be surprised. I’m in the game and not running any scripts so 💯 human here. Wonder how long I will survive.

Scripting will get MUCH worse with time... Just remember OGame!... I could have weeks without checking my account, and always have my ships/resources protected...

I am not saying its the best or worse path to take, it depends... But I would prefer for the "Humanized" non-scriptable one, to be the one STEEM can actually bring more value into these kinds of games.

oh, OGame, I liked that :) It must be decades since I played this the last time - is the game still around? Finding a solution where automation doesn't provide monetary gains, but maybe convenience is probably key here...

Thank you for the information! I've been curious about bots and DrugWars... It is not surprising...

GREAT POST! i had to read every word of it! the charts and everything, really nice work! thanks for sharing! :D

Why can't I fight any1 you get this bug?

Posted using Partiko Android

If another player already has started an attack to the same target, then your attack won't go through. This was introduced recently. It's a bit annoying that there is currently no error message on that but the battle request is silently ignored... You've probably hit that.

Great thanks a lot ok so u basically just need to keep finding fights thanks hopefully I am quicker than the bots you mentioned

Posted using Partiko Android

I would not of thought the numbers of scripted users would be that high either. 100% human in my account.

Posted using Partiko iOS

yeah, me neither. Kudos for 100% human!

It’s a fun to play so I rather be in control. I know many just use the game to make passive income so I could see why you want to automate it.

Posted using Partiko iOS

@crokkon you rock!
I'm in the game as well and this is some interesting data to read :)

thanks @dalz, saw you there as well :D

Thanks. This analisys is very interesting. I'm developing a new game for Steem and this information is very useful to me. I don't like game bots!

Hey @marcosdk, looking forward to your game! Awesome work on the 3d modelling - I tried to start looking into blender some time ago but didn't get far :D

Thanks! Give a try to Blender and keep in mind that every trip, even longest, starts with a first step.

Posted using Partiko Android

This post has been included in the latest edition of SoS Daily News - a digest of all the latest news on the Steem blockchain.

This was very enlightening @crokkon, thanks. Hop they manage to get it under control.

Posted using Partiko Android

Where can I find the complete list of all API methods? The github sample usage examples illustrates only a few.

Posted using Partiko Android

I'm not sure if there is a documentation with the full list, at least I'm not aware of it. You can see the most common methods in the browser's developer console when playing the game - not sure if this helps?!

This was an early concern of mine, thanks for taking the time to make a report.

Good work. How long did it take to extract all signers?

Posted using Partiko Android

I took a multi-step approach, pulling all relevant transactions in a file first and then processing it offline in a second step. The first step is dependent on the node/connection but had to be done only once. The offline step to find the signers took at the end around 30 min for the final run for that day, but I had to do a couple of iterations until all results I needed were there.

Thank you for the interesting analysis. While I haven't played yet, based on scripts opened and the structure of the game, I actually expected much higher bot ratio :)

Well, I think the majority of people here on Steem are not that technical that they could implement this themselves. And since there is no auto-heist/-invest/-younameit app out there readily usable without technical knowledge, I still think that the number is comparably high.

One reason why I thought that way was those who can do programming, they don't usually have only one account :) Ah! actually those who can do coding, they don't have enough money or SP to create too many accounts! and they're always late :)

ps. Detecting subaccounts will be an interesting analysis.

And I actually didn't know that Drugwars is open-source. Probably only part of it, right?

good point on the devs with multiple accounts, so it's indeed not very clear and there is lots of room for deeper analyses :)
Yeah, it is open source, but similar to steemhunt mainly the frontend. Parts of the backend are not open AFAIK.

!bookkeeping drugwars

Hi @piergianni!



  • 0.852 STEEM from daily
  • 0.040 STEEM from heist
  • 0.000 STEEM from referral


  • 38.210 STEEM


  • -37.318 STEEM

First transfer was before 18.58 days.
Your ROI per day is 0.13 % and you are earning approx. 0.05 STEEM per day.
Break even in approx. 777.3 days.

Hell! When I spend hours scroling down the list of potential targets for an atack, they simply use automation to hide their drugs and create units.
Of course human players may lose interest in this game

Hello, as a member of @steemdunk you have received a free courtesy boost! Steemdunk is an automated curation platform that is easy to use and built for the community. Join us at

Upvote this comment to support the bot and increase your future rewards!

!bookkeeping drugwars

Hi @doloknight!



  • 0.212 STEEM from daily
  • 0.194 STEEM from heist
  • 0.000 STEEM from referral


  • 0.085 STEEM


  • 0.321 STEEM

First transfer was before 27.39 days.
Your ROI per day is 17.44 % and you are earning approx. 0.01 STEEM per day.

!bookkeeping drugwars

Posted using Partiko iOS

Hi @rollie1212!



  • 0.545 STEEM
  • 30.662 STEEM from daily
  • 15.923 STEEM from heist
  • 0.098 STEEM from referral


  • 43.129 STEEM


  • 4.099 STEEM

First transfer was before 23.34 days.
Your ROI per day is 4.69 % and you are earning approx. 2.02 STEEM per day.

ROI when taking only the last 5 days into account

Your ROI per day is 2.86 % and you are earning approx. 1.23 STEEM per day.

Congratulations @crokkon! You received a personal award!

DrugWars Early Access
Thank you for taking part in the early access of Drugwars.

You can view your badges on your Steem Board and compare to others on the Steem Ranking

Do not miss the last post from @steemitboard:

Are you a DrugWars early adopter? Benvenuto in famiglia!
Vote for @Steemitboard as a witness to get one more award and increased upvotes!

!bookkeeping drugwars

Hi @gyanibilli!



  • 7.239 STEEM
  • 3.334 STEEM from daily
  • 0.509 STEEM from heist
  • 0.000 STEEM from referral


  • 45.201 STEEM


  • -34.119 STEEM

First transfer was before 9.00 days.
Your ROI per day is 2.72 % and you are earning approx. 1.23 STEEM per day.
Break even in approx. 27.7 days.

ROI when taking only the last 5 days into account

Your ROI per day is 0.96 % and you are earning approx. 0.43 STEEM per day.
Break even in approx. 79.0 days.

Does anyone know if there is a search for players? Thanks again Mark

Posted using Partiko Android

Hey do you know of a target search engine please for @drugwars? Thanks again Mark

Posted using Partiko Android

Hi @crokkon!

Your post was upvoted by @steem-ua, new Steem dApp, using UserAuthority for algorithmic post curation!
Your post is eligible for our upvote, thanks to our collaboration with @utopian-io!
Feel free to join our @steem-ua Discord server

Hey, @crokkon!

Thanks for contributing on Utopian.
We’re already looking forward to your next contribution!

Get higher incentives and support!
Simply set as a 5% (or higher) payout beneficiary on your contribution post (via SteemPlus or Steeditor).

Want to chat? Join us on Discord

Vote for Utopian Witness!

Dear crokkon:

We are SteemBet, the next generation STEEM based gaming platform. We are honored to invite you to join our first fantastic dice game, which is just the beginning of SteemBet game series. Our dividend system has now launched. The prize pool has already accumulated 2,000 STEEM and more than 60 players have participated in staking mining token SBT. A huge reward of 40,000 STEEM is awaiting! Join us NOW with other 500 STEEM users to loot HUGE dividend reward!!

SteemBet Team

Official Website

Discord Server

Telegram Group

You have been infected by the King of Disease!

Will you quarantine yourself?

Or will you spread the plague?

King Of Disease