Skip to content

Instantly share code, notes, and snippets.

@7etsuo

7etsuo/tetsol.md

Created April 6, 2025 01:23
Show Gist options
  • Save 7etsuo/bfbebf378b7d76c650590f9ddd5fd7b5 to your computer and use it in GitHub Desktop.
Save 7etsuo/bfbebf378b7d76c650590f9ddd5fd7b5 to your computer and use it in GitHub Desktop.
Download ZIP
tetsol.md
Raw
tetsol.md

Development Roadmap for a Cross-Platform Solana AR Treasure Hunt Game

Phase 1: MVP – Core AR Treasure Hunt with Wallet & NFT Rewards

Core Goals: Build a minimal viable product where users can log in with a Solana wallet, navigate to real-world locations, view "treasure" in AR, and receive an NFT reward for discovery. This phase focuses on core functionality and cross-platform deployment (iOS & Android) with minimal custom infrastructure.

  • Mobile App & AR: Use Unity with AR Foundation to develop the app once and deploy on both iOS (ARKit) and Android (ARCore). Unity's AR Foundation provides a cross-platform AR framework so the same C# code works for both ARKit and ARCore. This greatly simplifies development and ensures feature parity. Leverage device GPS/location services in Unity to tie AR content to real-world locations (e.g. spawn a treasure chest when the user is within a certain radius). Optionally, integrate ARCore Geospatial API (via AR Foundation's ARCore Extensions) to anchor virtual treasures at exact GPS coordinates for more precise placement. ARCore Geospatial (and ARKit's location anchors) can track latitude/longitude/altitude and lock AR objects to real-world points, but a simpler distance-based trigger is acceptable for MVP. All development is done in C# within Unity, keeping client logic in one codebase.

  • Blockchain Integration (Solana): Integrate Solana for wallet authentication and NFT rewards. Use the Solana Mobile Stack (SMS), specifically the Mobile Wallet Adapter (MWA), to handle wallet connections in the mobile app. MWA is a standard protocol that connects mobile dApps to any Solana wallet app for transaction signing, allowing users to seamlessly log in with wallets like Phantom or Solflare. Unity can incorporate this via the official Solana Unity SDK (which includes Mobile Wallet Adapter support) so that the app can request signatures and connect to wallets directly. For the blockchain program logic, use Anchor (Rust framework) to develop Solana smart contracts. Anchor significantly simplifies Solana development by abstracting boilerplate and providing safe defaults for accounts and instructions, making on-chain code easier to write and maintain. In Phase 1, the smart contract's role can be minimal – e.g. an Anchor program that mints or authorizes an NFT reward when a user finds a treasure. Leverage Metaplex for NFT creation and management; Metaplex is a Solana-based framework with ready-made NFT tooling (Candy Machine, token metadata contracts) that developers use to create and mint NFTs. Rather than writing NFT minting logic from scratch, the team can use Metaplex's libraries or Candy Machine v2 to configure the NFT rewards (for example, pre-create a collection of "treasure NFTs"). When a user discovers a treasure, the app (or backend) calls the Anchor program/Metaplex API to mint or transfer an NFT to that user's wallet. This NFT could contain metadata about the treasure found.

  • Backend Services: Aim for a serverless/minimal backend to handle non-blockchain game logic. For instance, use a managed backend like Firebase or Supabase to store game data and coordinate blockchain actions, so the team doesn't need to maintain a custom server. In Phase 1, the backend can hold the list of treasure locations and track which have been claimed. When the app detects a user at a treasure location, it contacts a cloud function (Firebase Cloud Function or Supabase Edge Function) to verify the find and trigger the NFT reward. The cloud function (written in TypeScript/JavaScript for familiarity) can use the Solana web3.js or Metaplex JS SDK to mint/transfer the NFT. This approach keeps secret keys (for minting authority) off the client and lets the backend handle Solana transactions on behalf of the game. Using a BaaS (Backend-as-a-Service) like Firebase means we get out-of-the-box database, cloud functions, and even user analytics without setting up servers. We can use Firestore (NoSQL database) or Supabase's Postgres to log which wallet earned which NFT (preventing duplicate claims). If using Supabase, its built-in row security and SQL capabilities can be useful; if Firebase, Firestore's realtime listeners could update the app when a treasure is claimed. Both Firebase and Supabase offer scalability and quick setup, so the team can focus on game features.

  • Estimated Complexity: Moderate. This phase involves multiple components (AR, blockchain, backend), but each is implemented with high-level frameworks that reduce heavy lifting. Unity/AR Foundation abstracts ARKit and ARCore differences, Anchor abstracts low-level Solana contract code, and managed backends avoid building a server from scratch. The team will need to get comfortable with Unity and basic Rust for Anchor, but many examples (wallet login, a simple mint function) are available. By using test networks (Solana Devnet) and proven SDKs, the MVP can be developed and tested relatively quickly. The result of Phase 1 is a working cross-platform app where users log in with a Solana wallet, see AR treasures at real GPS spots, and receive an NFT in their wallet upon discovery – proving the core game loop.

Phase 2: Token Rewards and Leaderboards

Core Goals: Enhance the game's reward system and player motivation by introducing a fungible token economy and competitive leaderboards. In this phase, users will earn in-game tokens for each treasure found (in addition to or instead of NFTs), and the app will track and display rankings or stats (e.g. most treasures found, token balance) to drive engagement.

  • Fungible Token Integration: Create a Solana SPL Token to serve as the game's reward currency (for example, "Treasure Coin"). Solana's SPL tokens are analogous to ERC-20 tokens and are supported natively by wallets. The development team can use Solana toolsets to mint a fixed supply or a mint authority for this token. This can be done easily via Solana CLI or a small Anchor program. (For instance, one could write an Anchor function to initialize a new mint and another to dispense tokens, or simply use Solana CLI to create the token and manage distribution keys.) The Anchor program from Phase 1 can be extended to include a token reward mechanism: when a user claims a treasure, the program not only mints an NFT but also invokes the token mint to issue, say, X number of "Treasure Coins" to the user's wallet. The Anchor framework makes it straightforward to handle token mint instructions as part of the contract logic. If on-chain logic becomes too complex, an alternative is to handle token dispensing off-chain: e.g., maintain a treasury wallet for the token and have the backend (cloud function) send a transaction from the treasury to the user. The backend approach means the user doesn't need to sign a separate transaction for tokens – the server signs and pays the fee – simplifying user experience at the cost of some centralization. In either case, leveraging Solana's existing token program means we don't write custom token logic, we just call the standard mint/transfer instructions. This keeps complexity low while introducing a new incentive layer for players.

  • Leaderboards & Progress Tracking: Implement a basic leaderboard and stats tracking using managed backend services. Utilize the backend database (Firebase/Supabase) to record each user's achievements: number of treasures found, total token balance, etc. Each treasure claim event (from Phase 1) can trigger a database update. For example, when a cloud function awards tokens/NFTs, it can also increment that user's score in the database. Use these records to generate leaderboards such as "Top treasure hunters this week" or "All-time tokens earned." Firebase Firestore can easily store such aggregated data, and queries can sort by score to get top N players. Supabase (Postgres) can even use SQL for more complex ranking queries if needed. The app (Unity) will display these leaderboards in a new UI section. Unity's UI tools can be used to create leaderboard screens and profiles, or the team can integrate a ready-made UI kit for leaderboards. Since each user is identified by their wallet public key (or a username if the team adds one), that ID can be used in the database and displayed (possibly with an option to set a nickname). For real-time updates, Firebase's realtime listeners or Supabase's subscriptions can update a user's rank or token count in the app live. This way, when a player finds a treasure, they might immediately see their score rise and their leaderboard position change.

  • Tech & Tools: Continue using Unity (C#) for front-end updates and Anchor (Rust) for any on-chain program extensions. Use the Solana SPL Token Program (no new contract needed if using the standard) for token functionality – Anchor can call into this program. The Metaplex toolset remains useful if we want to treat tokens as part of the game economy (Metaplex primarily covers NFTs, but also has features like Gumdrop for airdrops that might inspire how to distribute tokens). For the backend, if using Firebase, the combination of Cloud Functions and Firestore works: the function (Node.js/TS) can credit tokens and then update Firestore, and the client can listen for changes. If using Supabase, an Edge Function (Deno/TS) could do the same, updating a Postgres row. Supabase's auto-generated APIs or Firebase's SDK make it straightforward to call these from Unity (Unity can perform HTTPS calls to trigger the function or use the SDKs if available). Additionally, consider integrating analytics (Firebase Analytics or Unity Analytics) to track usage of treasures and tokens – this will help fine-tune token distribution and difficulty in later phases.

  • User Experience: Add UI elements to show the new token balance (e.g. a coin icon with amount in the HUD) and a leaderboard screen accessible from the menu. Ensure the Solana wallet integration from Phase 1 can display the token – if using a wallet like Phantom, the custom SPL token might need to be added to its interface; however, in-app we can show it regardless. We might also introduce an in-game wallet overview panel: using the Solana Web3 libraries (possibly via the Unity SDK or by calling a lightweight API), the app can fetch the user's token accounts to display their token and the NFTs collected. This provides players a sense of ownership and progress without leaving the app.

  • Estimated Complexity: Moderate. This phase builds on the established framework, adding new features that are conceptually straightforward. Creating an SPL token and transferring it is simpler than NFT minting, since it uses standard Solana functionality. By reusing backend infrastructure for tracking scores, the team avoids reinventing the wheel (e.g., Firestore handles concurrent updates and data retrieval for leaderboards). Most work will be in integration and testing: ensuring token rewards don't unbalance the game, and that the leaderboard updates correctly. The complexity is manageable because we continue to use high-level services (e.g., no need to run a separate leaderboard server when Firebase can do it). The team should budget time to test the token distribution (especially if using a central treasury to avoid double spends or race conditions) and ensure the leaderboards scale (querying top 100 players, etc., should remain fast with indexing or appropriate queries). Overall, Phase 2 adds significant engagement value with only incremental complexity, thanks to leveraging Solana's token standard and backend-as-a-service features.

Phase 3: Social and Multiplayer Features

Core Goals: Evolve the app from a single-player experience into a social game. This phase introduces features that let players interact, cooperate, or compete in real time. The aim is to boost engagement by adding social connectivity: friend interactions, possibly cooperative treasure hunts or competitive races, and community features.

  • Social Profiles & Friends: Implement in-app profiles for players. Each profile can show a player's stats (treasures found, token balance, NFTs collected) and perhaps a unique avatar or username. Because wallet addresses are not user-friendly, allow players to set a nickname (store this mapping in the backend DB). Add a friend system where users can add each other by username or QR code. Using the backend, maintain a friends list for each user (e.g., a subcollection in Firestore or a join table in Supabase). The friend list enables features like seeing friends' progress or sending them in-game gifts (an advanced idea could be allowing players to gift an extra token or hint). At minimum, friends' scores can be shown on a friends-only leaderboard for friendly competition.

  • Real-Time Multiplayer Elements: Introduce real-time or group gameplay features to make the treasure hunt collaborative or competitive. One approach is cooperative events – e.g., special treasures that require multiple players to be present to unlock. For instance, the app could detect when two or more players (friends or any players) are at the same treasure location; then trigger an event (like a harder AR puzzle or a boss treasure) that yields bigger rewards when completed together. Implementing this requires real-time communication: the app needs to know when multiple players are co-located. This can be handled by the backend via realtime updates (each app can periodically send its GPS coordinates to the server; when the server sees multiple within a small radius, it notifies those clients of a group event). Utilizing Firebase Realtime Database or Firestore with Snapshot listeners can achieve this without a custom socket server – essentially treating the location updates as streams that clients subscribe to. The Unity app can also use a networking framework if needed: for example, Unity's Netcode for GameObjects or Photon Unity Networking (PUN) to establish multiplayer sessions. However, a simpler route for a small team is to use the existing backend for state sync (since location data is not super high-frequency).

  • Shared AR Experiences (Optional): As an advanced extension, enable shared AR so that multiple players see the same virtual object in the same physical location. Unity's AR Foundation with ARCore and ARKit provides Cloud Anchors / ARWorldMap features that can be used to share AR reference points across devices. For example, using ARCore Cloud Anchor API (through AR Foundation) one device can host an AR anchor at the treasure location, and other devices can resolve that anchor to align their AR content. This would let two players see the exact same treasure chest in AR from their own phones. Niantic's Lightship ARDK is another toolkit that facilitates multi-user AR sessions (with features for networking and mapping), though it's a separate SDK and adds complexity. If the team chooses to pursue shared AR, they'd need to integrate these services and manage anchor IDs via a backend service (Google's Cloud Anchor service or Niantic's servers). This is a complex feature, so it can be deferred or done as a limited trial in specific events. For the roadmap, it's an optional enhancement to truly achieve a "multiplayer AR" experience.

  • Communication & Community: Add basic communication channels for players. A safe approach is a global chat or event chat moderated by the game. The devs can use a third-party chat service (like Amazon IVS for chat, PubNub, or even Firebase's Firestore to store chat messages and Functions to distribute them). If a full chat is too much, implement templated messages or reactions players can send when near each other ("Hello!" or "Let's hunt!") to foster community without moderation headaches. Another social feature is sharing achievements: integrate a way to share a treasure find to external social media (e.g., generate an image of the found treasure and allow the user to share to Twitter/Instagram). This leverages device native sharing capabilities and can grow the userbase via social exposure.

  • Backend & Services for Social: Expand the backend schema to support social data. For example, add collections for profiles, friends, and sessions. Use Firebase Cloud Messaging (FCM) or another push notification service to send alerts: e.g., a push when a friend is nearby or invites you to a hunt, or when a new group event starts. Push notifications will keep users engaged even when the app is closed (though make them opt-in and relevant to avoid spam). For real-time multiplayer logic like cooperative unlocks, ensure the backend can handle frequent updates. Firebase Realtime DB is optimized for rapid small updates (like location pings) and can broadcast changes to subscribed clients efficiently. If the team uses Supabase, it offers real-time subscriptions on database changes via websockets, which can serve a similar purpose. In cases of truly simultaneous action (like two players needing to trigger something at the same time), a dedicated game server or using Unity/Photon realtime might be more appropriate; but the team can likely design around this with clever use of backends (e.g., have each client confirm ready state in Firestore, then one acts as "leader" to initiate the event).

  • Estimated Complexity: High. Social and multiplayer features significantly increase complexity due to the need for synchronization, new UI/UX flows, and potential moderation concerns. The small dev team should plan these features carefully and possibly implement them incrementally. For example, start with non-real-time social features (profiles, friends list, comparing scores) then add simple concurrent features (showing nearby players on a map), and only then tackle fully synchronous AR interactions if desired. Utilizing existing services (Firebase for real-time updates, third-party SDKs for chat or multiplayer) is crucial to keep it manageable. Expect to spend substantial time on testing: e.g., ensuring that friend requests work, that two players at the same location both reliably get the event trigger, etc. Also, consider edge cases like what if one player disconnects during a group event. By the end of Phase 3, the app will not only let players hunt treasures, but also interact with each other – a key step for a "full-scale commercial" game that retains users through social engagement.

Phase 4: Scalable Event System and Content Expansion

Core Goals: At this stage, focus on scalability and content management. As the user base grows, the game should support large-scale events (e.g., city-wide treasure hunts, holiday specials) and be able to handle many concurrent players. Phase 4 introduces a robust event management system and optimizes the app's architecture for performance and scalability, ensuring the game can operate as a reliable service.

  • Dynamic Event Management: Build an event scheduling system that allows the development team (or even automated scripts) to introduce new treasure hunts and challenges without requiring app updates. For example, the team can design a format for "event packs" that include data like: event name, duration, list of treasure locations (GPS coordinates), reward types, and any special rules. These event definitions can be stored in the backend and fetched by clients on launch or on the fly. Using Firebase Remote Config or a cloud database, the team can toggle events on/off and configure parameters. A possible implementation: maintain a Firestore collection or Supabase table for events with fields for start time, end time, and JSON data of treasures/clues. The app can query for active events based on the current date and the user's region. This way, devs can deploy a "Halloween Hunt" or "New York City Special" by simply adding a new entry to the database. For ease of management, lightweight admin tools can be created: e.g., a simple web interface (using React or even Firebase's built-in data editor) for adding events. In a small team, even manual insertion of data is fine initially, but eventually a small admin portal webapp backed by the same database could be built to streamline content updates. The events system should also support scalable notifications – e.g., when a big event starts, send a push notification to relevant players (those in the region or everyone, depending on event type). Firebase Cloud Messaging can target segments of users for this (for instance, based on topics or device locale).

  • Scaling Infrastructure: As the number of users and events grows, ensure the app's tech stack can handle the load. Firebase and Supabase are both designed to scale: Firebase's Firestore auto-scales and has offline caching, and Supabase's Postgres can be scaled up with read replicas if needed. Monitor the database usage and optimize indexes/queries (for leaderboards or event lookups) to keep response times low. On the blockchain side, moving from devnet to Solana mainnet-beta is necessary for a live product – this means the team should obtain a reliable RPC endpoint (consider using a service like Alchemy, QuickNode, or Triton RPC to handle many requests). The Anchor program/NFT and token logic should be audited or reviewed for efficiency (Solana transactions are low-cost but not free, so high volumes of minting or transfers should be minimized or perhaps aggregated). If the game expects thousands of daily NFT mints, consider using Metaplex's "Compressed NFTs" feature – a newer approach where many NFTs can be minted cheaply by offloading data to a Merkle tree. This could dramatically lower costs for large events (though it adds development complexity and requires using Metaplex's specific SDK for compressed NFTs). Similarly, for token rewards, the team might switch to a model of granting larger token batches for major events rather than frequent small drops, to reduce on-chain transaction count.

  • Performance Optimizations: Optimize the Unity app for smooth performance in AR even as content grows. Ensure that only nearby treasures are actively rendered or tracked – e.g., if there are hundreds of active treasure points, don't load them all at once. Implement a geofence logic on the client to load event data relevant to the player's current area (the backend can support queries like "get events within 50 km of me" by storing coordinates, or the client can filter). Unity's Addressable assets or asset bundles can be used if new AR models need to be downloaded for events (for example, a special event might have a unique 3D trophy model as the treasure – the app could download it from cloud storage when needed). Also consider using object pooling and efficient AR session management to keep memory and CPU usage stable as the AR content appears/disappears.

  • Monitoring and Analytics: Introduce comprehensive monitoring to ensure the app's health at scale. Use Crashlytics (if Firebase) or a similar service to catch app errors in the wild. Set up analytics events for critical actions (treasure found, event joined, transaction failed) to gather metrics. On the backend, use monitoring for function execution times and database reads/writes; for example, Google Cloud Monitoring can watch Firebase usage, or Supabase studio can show query performance. This will help pinpoint bottlenecks as user count increases. Also, keep an eye on Solana-specific metrics – e.g., if using an RPC provider, watch the request rates and error rates (throttling may occur if limits are hit, so the team might need to upgrade plans or use multiple endpoints).

  • Estimated Complexity: Moderate to High. The focus here is less on new user-facing mechanics and more on system architecture and reliability. Introducing a flexible events system is a moderate complexity task – it requires careful design but leverages existing components (databases, remote config). Achieving scalability is a continuous effort: in this phase, the team will refine and possibly refactor parts of the code to be more efficient. Because we rely on managed services, a lot of scalability is handled for us (Firestore can handle very high reads/writes, and Firebase functions can scale out), but costs and quotas must be managed. The complexity mainly comes from ensuring everything works together under heavy load. Testing might involve simulating many users (could use scripts or Firebase's abilities to test at scale). By the end of Phase 4, the game should be able to support a large audience and the developers should be able to roll out new content or events quickly, which is crucial for a live-operated game.

Phase 5: Security and Anti-Cheat Measures

Core Goals: Protect the game's integrity and player trust by implementing robust anti-cheat and security measures. As the game grows popular, some users may try to exploit it (e.g., spoof GPS location, use automated scripts to "farm" rewards, or even attempt to hack the app). Phase 5 is about hardening the app and backend against such behavior to ensure a fair and secure experience for all players.

  • Location Spoofing Prevention: Since the game is location-based, a primary cheat to address is fake GPS location (using VPN-like spoofers or mock location apps to pretend to be at a treasure without traveling). On Android, integrate the Google Play Integrity API (the successor to SafetyNet) to attestate the device's integrity and detect common rooting or mock-location usage. The Unity app can call this API (through an Android plugin or SDK) to get a signal of whether the device is trustworthy. If the API indicates the device is rooted or using mock locations, the app can restrict access or flag the account. Additionally, implement server-side checks on location data: for example, log the timestamps and coordinates of each treasure claim and detect impossible travel (if a user "teleports" 100 km in a minute, they are likely spoofing). The backend can deny rewards in such cases or mark the account for review. For iOS, although there is no official equivalent to SafetyNet, the app can still check for signs of location manipulation (e.g., if the CLLocationManager reports a location with horizontalAccuracy that is suspiciously constant or too high precision in a short time frame). The team can also require that the device's location permissions are set to high accuracy mode and potentially use IP geolocation as a secondary check (e.g., if a user claims to be in New York but their network IP is from another country, something is off).

  • Cheat-Resistant AR Interaction: To ensure the user actually interacts with the AR treasure (and not just triggers it remotely), consider adding a step that requires camera input. For instance, when a treasure is found, require the user to align the AR object with a specific real-world feature or perform a simple AR mini-game (like "tap the spinning coin"). This makes automated scripts much harder to use, since a human needs to be present to aim the camera and interact. It's also possible to use image recognition or markers – for example, show a pattern on the AR object and ask the user to confirm details, or place QR codes at physical locations that the app must scan to verify presence. However, deploying physical markers is not always practical; a softer approach is using the phone's sensors (camera, gyroscope) to ensure the user is moving the device naturally as one would on-site. If the game detects unnatural patterns (like no camera movement at all), it could require additional verification.

  • Secure Backend and Blockchain Ops: By this phase, ensure all sensitive operations are secure. Any cloud functions that mint tokens or NFTs should enforce authorization (only accept requests from authenticated app users, and double-check that the user is eligible for the reward). Use authentication tokens or signatures: for example, when the app triggers a mint, have the user sign a message with their wallet that the backend verifies, to prove identity beyond doubt. Alternatively, use Firebase Auth's custom token with wallet sign-in or Supabase's third-party OAuth if available for wallets. Protect any private keys stored on the server (use cloud secrets management to store the treasury key, not in code). On the blockchain side, consider adding rate-limiting or quotas to the Anchor program if possible (e.g., one reward per user per treasure) – this might be implemented by storing a record on-chain (like a PDA per user per event) to prevent double-claiming via direct program calls. This on-chain check combined with off-chain validation forms a defense-in-depth.

  • App Security and Exploit Mitigation: Obfuscate or secure the client application to make reverse-engineering difficult. Unity can be decompiled somewhat, so use tools or Unity's IL2CPP (which converts C# to native code) for the final builds to make it harder to tamper with the app. Validate data coming from the client on the server whenever possible – never trust the client to decide if a user gets a reward without server verification (by Phase 5, likely all critical rewards go through the server which checks eligibility). Also address potential abuse in social features: implement moderation tools for chat (even if it's just the ability to block/mute other players or simple profanity filters) and have a report system for bad actors. While this is not "cheating," it's important for a commercial app's community health.

  • Anti-bot Measures: If there's a risk of bots creating tons of wallets to farm airdrops, introduce friction or verification for new accounts. For example, require an email verification or a captcha during wallet linking for the first time. Another strategy is to use Proof of Location services or oracles if available in the future (there are blockchain projects that attest location, though not widely adopted yet). In absence of that, the combination of device attestation, movement checks, and server logic will deter most cheaters. The game could also randomly require a photo or AR scan for high-value treasures (much like some games ask for AR scanning to get rewards, which proves the user is actually there and holding a device).

  • Estimated Complexity: High. Anti-cheat and security is an ongoing effort and can be quite complex, as it often involves low-level details and constant updates to outsmart cheaters. However, many of the measures can be incrementally added. For instance, integrating the Play Integrity API is a moderate task using Google's SDK, and setting up basic server checks is straightforward with our existing cloud functions. The challenge is in covering all edge cases and not hindering honest players (false positives). The team should allocate time for testing these measures under different scenarios (e.g., test the game on a rooted device to see that it's correctly flagged). By the end of Phase 5, the game will have a much more secure foundation: cheating will be difficult, and users can trust that the leaderboards and rewards are earned fairly. With security, scalability, and core features in place, the application will be a production-ready, full-scale commercial AR treasure hunt game leveraging Solana blockchain for a cutting-edge user experience.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment