This message is sent by client in response to S2C::SIGN_REQUEST. Client responds with message signature to proove ownership of the address. After this, client is considered as logged in.
Message signing procedure eliminates the need of user names, emails any other identification elements beyond BTC addresses. This is also quite efficient for spam protection. There is very limited set of messages between client and the server before login operation happens, so spam isn't really possible. When logged in, server checks if there are any playable NFTs in the wallet and if so, player is qualified to join the game. If there are no NFTs to play, then this player may safely be ignored by the server, so no spam is possible. One of the possible attack vectors is to create a lot of qualified clients (with at least one playable NFT card) and let them all join to overload the server. Price of this attack isn't high, but isn't negligible, because at least one NFT send operation is required to a newly created BTC address (e.g., MPMA send).
struct c2s_signature_t {
char type; // MSG_C2S_SIGNATURE
char sig_length; // Length of the signature
char signature[sig_length]; // Signature for the message sent in S2C::SIGN_REQUEST
};function send_signature(socket, signature) {
let payload = new Uint8Array(1 + 1 + signature.length);
payload[0] = C2S_SIGNATURE;
payload[1] = signature.length;
for (let i = 0; i < signature.length; i++) {
payload[i + 2] = signature.charCodeAt(i);
}
socket.send(payload);
}