Truly Fair and Verifiable
Every game outcome on Pachinko is cryptographically verifiable using ORAO VRF. Trust, but verify.
What is VRF?
VRF = Verifiable Random Function
A cryptographic primitive that produces random output with proof of correctness. Unlike traditional random number generators, VRF output can be verified by anyone.
| Property | Meaning |
|---|---|
| Random | Output is unpredictable before generation |
| Verifiable | Anyone can verify the output is correct |
| Unique | Same input always produces same output |
| Non-manipulable | Even the generator can't bias results |
ORAO Network
Pachinko uses ORAO Network for all randomness.
Why ORAO?
| Feature | Benefit |
|---|---|
| Solana Native | Fast, integrated with our programs |
| On-chain Proofs | All seeds published publicly |
| Decentralized | Multiple oracle nodes |
| Battle-tested | Used by major Solana projects |
How It Works
The VRF Flow
1. ROUND ENDS
│
▼
2. SERVER REQUESTS RANDOMNESS
│
└── Sends request to ORAO oracle network
│
▼
3. ORAO GENERATES SEED
│
├── Creates 32-byte random seed
└── Generates cryptographic proof
│
▼
4. SEED PUBLISHED ON-CHAIN
│
└── Transaction visible on Solana
│
▼
5. WINNER SELECTED
│
├── Blockpad: seed mod 25 = winning tile
└── Pachinko: Fisher-Yates shuffle with seed
│
▼
6. ANYONE CAN VERIFY
│
└── Check seed → confirm winner calculationBlockpad Verification
Winner Selection
winning_tile = VRF_seed mod 25
Example:
VRF seed: 0x7a3b...f2e1 (as integer: 1234567890)
1234567890 mod 25 = 15
Winner: Tile #15How to Verify
- Find the round on Solscan
- Locate the VRF transaction (ORAO response)
- Extract the seed from transaction data
- Calculate:
seed mod 25 - Confirm it matches the announced winner
Verification Example
| Step | Value |
|---|---|
| Round ID | #12345 |
| VRF TX | 5Kx7... |
| Seed (hex) | 0x7a3bf2e1... |
| Seed (int) | 1234567890 |
| Calculation | 1234567890 % 25 = 15 |
| Winner | Tile #15 ✅ |
Lotto Verification
Winner Selection (Fisher-Yates)
Lotto uses Fisher-Yates shuffle for unbiased selection:
1. Get VRF seed (32 bytes)
2. Initialize random state with seed
3. Create array of all ball IDs
4. Fisher-Yates shuffle the array
5. Select first 5 balls
6. Deduplicate by wallet address
7. Assign prizes by positionAlgorithm (Simplified)
javascript
function selectWinners(balls, seed) {
let rng = initRNG(seed);
// Fisher-Yates shuffle
for (let i = balls.length - 1; i > 0; i--) {
let j = rng.nextInt(i + 1);
[balls[i], balls[j]] = [balls[j], balls[i]];
}
// Select up to 5 unique winners
return deduplicateByWallet(balls.slice(0, 5));
}How to Verify
- Find round's VRF transaction
- Get the seed value
- Run Fisher-Yates with that seed
- Confirm winning balls match
On-Chain Proof
What's Recorded
Every round records:
| Data | Location |
|---|---|
| VRF Request TX | Solana blockchain |
| VRF Response TX | Solana blockchain |
| Random Seed | In response TX data |
| Winner(s) | Game program state |
| Prize Distribution | Transfer transactions |
Transaction Trail
Round #12345 Timeline:
├── 12:00:00 - Round starts
├── 12:00:45 - Last bet placed (TX: abc123...)
├── 12:01:00 - Round ends
├── 12:01:01 - VRF requested (TX: def456...)
├── 12:01:02 - VRF response (TX: ghi789...)
├── 12:01:03 - Winner selected (Tile #15)
└── 12:01:04 - Prizes distributed (TX: jkl012...)Security Guarantees
What We Guarantee
| Guarantee | How |
|---|---|
| Unpredictable | VRF seed unknown until generated |
| Unbiased | Cryptographic randomness, not pseudo-random |
| Verifiable | All proofs on-chain |
| Tamper-proof | Cannot modify after generation |
What This Means
- ❌ We cannot predict outcomes
- ❌ We cannot manipulate results
- ❌ We cannot favor certain players
- ✅ Anyone can verify any round
- ✅ All data is public on Solana
Verification Tools
Solscan
- Go to solscan.io
- Search for transaction ID
- View instruction data
- Find VRF seed in logs
Our Verification Page
Each round shows:
- VRF transaction link
- Seed value
- Winner calculation
- "Verify" button
Smart Contract Security
Program IDs (Devnet)
For up-to-date devnet program IDs for Blockpad, Lotto, and the Unified Wallet, see the Smart Contracts page.
Security Features
| Feature | Implementation |
|---|---|
| Checked Arithmetic | Overflow protection |
| Access Control | Authority-only admin functions |
| PDA Vaults | Funds in program-controlled accounts |
| Input Validation | All inputs sanitized |
Server Security
| Layer | Protection |
|---|---|
| API | Rate limiting, CORS |
| Auth | Signature verification |
| Input | Validation middleware |
| Database | Parameterized queries |
User Security
Protect Yourself
| ✅ Do | ❌ Don't |
|---|---|
| Bookmark official URL | Click random links |
| Verify transactions | Approve blindly |
| Keep SOL for fees | Drain entire balance |
| Use official channels | Trust random DMs |
| Store recovery phrase offline | Share private keys |
Scam Warnings
No admin will ever DM you first.
No one from Pachinko will ask for your recovery phrase.
Only use official links from this documentation.
FAQ
For common questions about Security and Fairness, see the FAQ → Security & Fairness section.
Resources
| Resource | Link |
|---|---|
| ORAO Network | orao.network |
| Solscan | solscan.io |
| Solana Explorer | explorer.solana.com |