Dice Game Audit [Duel]

To reproduce this audit, complete the following commands:

Dice - Game Rules

Dice is a prediction game where players bet on whether a randomly generated number will fall above or below a chosen target. Its transparent mechanics and verifiable math make it a natural starting point for provably fair auditing.

Game Rules

Dice is a prediction game where players bet on whether a randomly generated number will fall above or below a target threshold they choose. The game offers complete control over risk and reward: players who accept lower win probability receive higher payouts, while those preferring safer bets receive smaller multipliers.

Risk vs Reward

The core mechanic of Dice is the inverse relationship between win probability and payout:

• High risk, high reward: Setting a target of 90 with "Roll Over" gives only a 10% chance to win, but pays approximately 9.99x

• Low risk, low reward: Setting a target of 50 with "Roll Over" gives a 50% chance to win, but pays approximately 1.998x

• Players control the math: Unlike slots or other games with fixed odds, Dice lets players choose their exact risk profile on every bet

Seed Formats

Every Dice bet uses three cryptographic inputs to generate the result:

The combination of these three inputs, using HMAC-SHA256, produces the random roll. Because the player controls the client seed and the server seed is committed before betting, neither party can manipulate the outcome.

Multiplier Calculation

Payouts in Dice are calculated mathematically based on win probability and house edge:

With Duel's 0.1% house edge:

Why Provably Fair Matters

Traditional online casinos require players to trust that games are fair. Provably fair systems eliminate this trust requirement by allowing players to mathematically verify that outcomes were not manipulated. In a Provably Fair system:

• The casino commits to a result before the player bets

• The player contributes randomness that the casino cannot predict

• Anyone can verify the outcome after the fact

High-Level Flow

To get an overview of how the process works, here is a high-level diagram alongside details

1. Player Bets → Initial input from the player

2. Seeds Combined → Combining serverSeed, clientSeed, and nonce

3. RNG Output → Random number generation using HMAC-SHA256 with rejection sampling

4. Game Logic → Generates a value (0.00-100.00) compared against the target

5. Payout Result → Final outcome (Win/Lose) multiplied by the multiplier

Provably Fair Model

Provably fair gambling systems use cryptographic primitives to guarantee the integrity of outcomes. The model relies on three components: a server seed committed via hash before play, a player-controlled client seed, and an incrementing nonce. These inputs are combined using HMAC-SHA256 to produce deterministic, verifiable results. This section documents the global provably fair architecture used by almost all Casinos and all relevant games.

Commit-Reveal Model

The Commit-Reveal model is integral to ensuring fairness and transparency in online gambling. This model involves several key phases:

• Commit Phase: Before any bets are placed, the casino generates a random server seed. To prove its authenticity and prevent later manipulation, only the SHA-256 hash of this seed is sent to the player. This ensures that while the player cannot know the seed initially, they can verify it later.

• Bet Phase: The player places their bet, incorporating their client seed. This phase combines the client seed with the server seed to influence game outcomes, ensuring player participation in the randomness.

• Reveal Phase: Once the bet is resolved, the casino reveals the actual server seed. By disclosing this information, players can verify that the hash provided during the commit phase corresponds to the server seed used, ensuring no tampering occurred.

• Verify Phase: The player can now confirm the fairness of the outcome by hashing the server seed revealed so far. If the hash matches the one provided during the commit phase, it proves the integrity of the process and ensures that outcomes were not manipulated by the casino.

Technical Glossary

Core Concepts

Provably Fair A cryptographic system that allows players to mathematically verify that game outcomes were not manipulated. Unlike traditional "trust-based" systems, provably fair games provide cryptographic proof of fairness.

Commit-Reveal Protocol A two-phase process in which the casino commits to a result (by showing its hash) before the player bets, then reveals the actual value after the bet. This prevents the casino from changing outcomes based on player actions.

Determinism The property that identical inputs always produce identical outputs. In provably fair systems, using the same server seed, client seed, and nonce must always generate the same game result.

Seed System

Server Seed A random value generated by the casino, typically 64 hexadecimal characters (32 bytes). The server seed is hashed and shown to players before betting, then revealed after the bet is complete.

Client Seed A random value controlled by the player, typically 16 alphanumeric characters. Players can set or change their client seed at any time to ensure they contribute entropy that the casino cannot predict.

Nonce A sequential counter (0, 1, 2, 3...) that increments with each bet under the same seed pair. The nonce ensures each bet produces a unique result even when using the same server and client seeds.

Seed Pair The combination of a server seed and a client seed. A seed pair remains active across multiple bets, with the nonce incrementing for each round. When a player rotates seeds, a new seed pair begins with the nonce reset to 0.

Hashed Server Seed The SHA-256 hash of the server seed, shown to players before betting. After the bet, players can verify that SHA-256(revealed server seed) equals the originally shown hash, proving the casino didn't change the seed.

Cryptographic Functions

HMAC-SHA256 Hash-based Message Authentication Code using SHA-256. A cryptographic function that combines the server seed, client seed, and nonce to produce a deterministic, unpredictable hash used for random number generation.

SHA-256 Secure Hash Algorithm 256-bit. A one-way cryptographic hash function that converts any input into a unique 64-character hexadecimal output. Cannot be reversed to discover the original input.

Rejection Sampling A technique to eliminate modulo bias in random number generation. Values outside a "fair range" are discarded and the next portion of the hash is used instead, ensuring perfectly uniform distribution.

Verification Terms

Verifier A tool (usually web-based or code snippet) that independently calculates game outcomes using provided seeds and nonce. A proper verifier should produce identical results to the live game.

Parity The degree of matching between verifier results and live game results. 100% parity means every single outcome matches perfectly, which is required for provably fair certification.

Reproducibility The ability to regenerate exact game outcomes using the same inputs. Players should be able to reproduce any historical bet result using the revealed seeds and nonce.

Game Mechanics

RNG (Random Number Generator) The algorithm that produces random outcomes. In provably fair systems, the RNG must be deterministic and based only on seeds + nonce (no hidden entropy sources).

RTP (Return to Player) The percentage of wagered money returned to players over time. Calculated as (1 - House Edge) × 100%. For Duel Dice, RTP = 99.9%.

House Edge The casino's mathematical advantage, expressed as a percentage of each bet. For Duel Dice, house edge = 0.1%, meaning the casino expects to keep 0.1% of all wagers long-term.

Multiplier The payout ratio for a winning bet. Calculated as: (100 - House Edge) / Win Probability. For example, a 50% win chance with 0.1% house edge yields a 1.9980x multiplier.

Win Condition The rule that determines if a bet wins or loses. In Dice: "Roll Over" wins if result > target; "Roll Under" wins if result < target. Rolling exactly on target always loses.

Audit Terms

Fairness Violation A condition where a player or casino could predict, alter, or unfairly influence outcomes. Examples include seed prediction, nonce replay, or hidden entropy injection.

Entropy Randomness or unpredictability in a system. In provably fair games, entropy comes from both the casino (server seed) and player (client seed).

Bias Non-uniform probability distribution. An unbiased RNG gives all outcomes equal likelihood. Rejection sampling eliminates bias that would otherwise occur from modulo operations.

Edge Case Unusual or extreme scenarios that might behave differently than normal operation. Examples: concurrent betting, nonce overflow, malformed seeds, or maximum bet limits.

Data Formats

Hexadecimal (Hex) Base-16 number system using digits 0-9 and letters A-F. Server seeds and hashes are typically shown in hex format (e.g., 4f775f81301c7fe8...).

Hash The output of a cryptographic hash function. In provably fair systems, hashes serve as commitments that cannot be reversed but can be verified.

Bet ID A unique identifier assigned to each bet (e.g., #308953686). Used to reference specific rounds during verification.

Common Abbreviations

1.1 Server Seed Commitment

Before any bet is placed, the casino generates a secret server seed and publicly commits to it by displaying its SHA-256 hash to the player. This cryptographic commitment prevents the casino from changing the seed after seeing player actions. Upon game completion, the revealed server seed is verified by hashing it and confirming it matches the pre-committed hash, proving the outcome was predetermined.

Code Implementation:

Real Example from Live Data:

Verification:

1.2 Player Client Seed Control

Players have full control over their client seed through the Duel UI, allowing them to view, modify, or randomize it at any time before placing bets. This ensures players contribute their own entropy to the RNG process. This player-controlled input makes it mathematically impossible for the casino to predict or manipulate outcomes, as the final result depends on a value only the player knows in advance. Players can view and change their client seed at any time via the Duel UI.

Code Implementation:

Real Data Evidence: From the test data, client seeds are player-controlled and vary:

• "G3blCQBWQdVfM8sx"

• "13aS4FO1Iz"

• "32GD7vC9fH"

• "ewGBx04VbY"

• "0ygEXdJyQm"

1.3 Nonce Incrementation

The nonce begins at 0 and increments sequentially by 1 for each bet under the same server/client seed pair, ensuring every bet produces a unique RNG input even with identical seeds. This prevents outcome repetition. When a new server seed is issued (after rotation), the nonce resets to 0, and the system verifies nonces are never reused within the same seed session to guarantee cryptographic uniqueness.

Code Implementation:

Real Data Verification:

1.4 Deterministic Mapping

The RNG algorithm is fully deterministic; given the same server seed, client seed, and nonce, it will always produce the exact same output, allowing any party to independently verify results at any time. This mathematical certainty is the cornerstone of provably fair gaming: the test confirms that all 100+ live game results from the dataset match precisely when recalculated using the revealed seeds.

Code Implementation:

Real Example Verified:

Verification:

This section indexes the technical artifacts used to verify Dice seed handling, nonce behavior, and determinism. All evidence is reproducible using the linked scripts and datasets. Inline content is intentionally minimal; full artifacts are available via links.

Generated: 2026-02-06

Audit Status: ✅ ALL TESTS PASSED (13/13)

1. Evidence Coverage

2. Code Reference

2.1 Test Suite (Audit Execution Checklist)

Primary Test File: tests/dice/DiceAuditExecutionChecklistTests.ts

2.2 Core Algorithm Implementation

Dice Result Generator: src/dice/DiceNumbersGenerator.ts

3. Datasets Used

3.1 Primary Dataset

Dataset: duel-dice-sim-1767531771390.json

Metadata:

• Source: Live Dice game data from https://duel.com/dice

• Schema: duel-dice-sim-min-reveal-v2

• Created: 2026-01-04T12:54:09.990Z

• File Size: 27,600 lines (~828.8 KB)

• Total Records: ~6,200 bets across 24 seed sessions

4. Reproduction Instructions

4.1 Local Reproduction Steps

Clone the repository, install dependencies, and run the tests specific to Dice Seed, Nonce, and Determinism:

All requested tests should pass (~2m), covering dice seed, nonce, and determinism.

Expected Output:

4.2 Audit Reproducibility Pinning

• Git Commit: fa913ab94883d06950d3c63bbb7007f927648131

• Dataset Hash (SHA-256): ba3ae70517c7f77e07eaced46900a5f94ebc02bf11c41502fac894f142efb799

• npm Version: 11.3.0 (minimum: 8.x)

• Node Version: v22.11.0 (minimum: v16.x)

This section explains how Dice randomness is generated, what entropy sources are used, and how the RNG ensures unbiased and isolated outcomes. Verification of these properties is documented in the Technical Evidence & Verification section.

2.1 RNG Function Implementation

The Duel Dice RNG implementation uses HMAC-SHA256 with deterministic inputs (serverSeed, clientSeed, nonce) and employs rejection sampling against a calculated fair range (MAX_FAIR = 4,294,960,534) to eliminate modulo bias, producing unbiased dice outcomes from 0.00 to 100.00. Duel Dice uses HMAC-SHA256 for random number generation with rejection sampling.

Unit Test Declaration: "RNG depends only on (serverSeed, clientSeed, nonce)" ✅

Code Implementation:

HMAC-SHA256 Base Implementation:

2.2 Entropy Sources

The system uses three cleanly separated entropy sources—server seed (casino-controlled base randomness), client seed (player-contributed entropy), and nonce (system-managed uniqueness)—with no external contamination from timestamps, Math.random(), or server-side state. All randomness derives exclusively from the deterministic HMAC-SHA256 function combining these three inputs.

Unit Test Declaration: "No mixed entropy sources" ✅

Test Implementation:

No Other Sources Used:

• ❌ No timestamps

• ❌ No Math.random()

• ❌ No external APIs

• ❌ No server-side state

• ✅ Only: HMAC-SHA256(serverSeed, ${clientSeed}:${nonce})

2.3 Bias Elimination (Rejection Sampling)

Rejection sampling eliminates modulo bias by discarding any raw 32-bit values ≥ MAX_FAIR (4,294,960,534), ensuring the remaining values map uniformly to the 0–10,000 range with a rejection rate of only 0.000157%. This guarantees that each possible dice outcome (0.00 to 100.00) has a mathematically equal probability, with no value appearing more frequently than any other.

Unit Test Declaration: "Mapping from RNG → game ranges is unbiased" ✅

The code implements rejection sampling to eliminate modulo bias.

Mathematical Explanation:

Why This Matters:

Probability Calculation:

• Rejection rate: 6,761 / 4,294,967,295 = 0.000157% (extremely rare)

• Each outcome (0.00 to 100.00) has exactly equal probability

Code Implementation:

2.4 RNG (Random Number Generator) Isolation

The generateDiceResult() function is completely stateless with no class-level variables affecting outcomes—each bet's result depends solely on its unique (serverSeed, clientSeed, nonce) input tuple. Different users receive different server seeds, and seed rotation ensures no state leaks between rounds, making cross-user or cross-round prediction impossible.

Unit Test Declaration: "RNG state does not leak across rounds or users" ✅

Code Implementation:

This section indexes the technical artifacts used to verify Dice RNG implementation, entropy sources, bias elimination, and isolation properties. All evidence is reproducible using the linked scripts and datasets. Inline content is intentionally minimal; full artifacts are available via links.

Generated: 2026-02-06

Audit Status: ✅ ALL TESTS PASSED (4/4 RNG tests)

1. Evidence Coverage Summary

2. Code References

2.1 Test Suite (RNG & Entropy Model Tests)

Primary Test File: tests/dice/DiceAuditExecutionChecklistTests.ts

Test Block: Lines 55-80 - "Randomness & Entropy Model"

Test Setup: Lines 56-66 - Pre-verification determinism check

2.2 Core RNG Implementation

RNG Generator: src/dice/DiceNumbersGenerator.ts

3. Datasets Used

3.1 Primary Dataset

Dataset: duel-dice-sim-1767531771390.json

Metadata:

• Source: Live Dice game data from https://duel.com/dice

• Schema: duel-dice-sim-min-reveal-v2

• Created: 2026-01-04T12:54:09.990Z

• File Size: 27,600 lines (~828.8 KB)

• Total Records: 1,200 bets across 24 seed sessions

3.2 Fields Used for RNG Verification

RNG-Specific Fields:

• serverSeed - Server-provided entropy (64 hex characters)

• clientSeed - Player-provided entropy (alphanumeric string)

• nonce - Uniqueness counter (integer)

• drawnNumber - Generated outcome (0.00 - 100.00)

• result - Raw result value before division (0-10000)

Entropy Analysis:

• No timestamp field used in RNG computation

• No Math.random() calls in codebase

• No external API calls during result generation

• Pure function: output depends only on (serverSeed, clientSeed, nonce)

4. Reproduction Instructions

4.1 Local Reproduction Steps

Expected Output:

4.2 Audit Reproducibility Pinning

• Git Commit: fa913ab94883d06950d3c63bbb7007f927648131

• Dataset Hash (SHA-256): ba3ae70517c7f77e07eaced46900a5f94ebc02bf11c41502fac894f142efb799

• npm Version: 11.3.0 (minimum: 8.x)

• Node Version: v22.11.0 (minimum: v16.x)

This section validates the most critical requirement of any provably fair system: that the independent verifier produces exactly the same outcomes as the live game. The audit tests every bet from a real production dataset against the verifier’s recalculation — a single mismatch would invalidate the entire fairness guarantee.

3.1 Why Parity Matters

If the verifier produces results that differ from the live game, players cannot trust the verification—the entire provably fair system becomes meaningless. 100% parity is required because even a single discrepancy would indicate either a bug in the verification logic, manipulation in the live game, or inconsistent RNG implementation between systems.

Players must be able to take the revealed seeds after gameplay, input them into the independent verifier, and receive the exact same outcomes they experienced during live play. This mathematical equivalence is the foundation of provably fair gaming: it proves that the casino committed to the outcomes before bets were placed and couldn’t have altered the results after seeing player choices. Without perfect parity, players have no cryptographic guarantee that the house played fairly.

3.2 How Parity Works

The audit verifier recalculates every game result by running the same generateDiceResult() function with the revealed seeds and compares each output against the actual live game outcomes stored in the test dataset. Every single bet from the dataset must produce an exact match. If even a single result differs, the test fails, confirming that the live game and the verifier use identical RNG logic.

Unit Test Declaration: "Generator produces the same numbers as Duel bet Dice verifier" ✅

Code Implementation:

Test Data Source:

3.3 Test Results

A comprehensive test of 6,200 real bets (mixed $0.01 and $10 wagers) from live Duel.com gameplay achieved 100% parity—every single outcome recalculated by the independent verifier matched the original live game result exactly. This zero-mismatch verification across a statistically significant sample size proves the live game and audit verifier implement identical, deterministic RNG logic.

From Live Data File:

• Created: 2026-01-04T12:54:09.990Z

• Source: https://duel.com/dice

• Total Bets: 6,200 (across 4 phases, 125 seed pairs)

• Matches: 6,200 / 6,200

• Mismatches: 0

• Parity Rate: 100% ✅

Sample Verification:

This section indexes the technical artifacts used to verify that the independent Dice verifier produces identical outcomes to the live game. All evidence is reproducible using the linked scripts and datasets. Inline content is intentionally minimal; full artifacts are available via links.

Generated: 2026-02-11

Audit Status: ✅ ALL TESTS PASSED (1/1 Verifier Parity test + 1,009 live game verifications)

1. Evidence Coverage Summary

2. Code References

2.1 Test Suite (Verifier Parity Tests)

Primary Test File: tests/dice/DiceAuditExecutionChecklistTests.ts

Unit Test File: tests/dice/DuelDiceNumbersGeneratorTests.ts

2.2 Core Algorithm Implementation

Dice Result Generator: src/dice/DiceNumbersGenerator.ts

3. Datasets Used

3.1 Primary Dataset

Dataset: dataScripts/dice/duel-dice-sim-1767531771390.json

Metadata:

• Source: Live Dice game data from https://duel.com/dice

• Schema: duel-dice-sim-min-reveal-v2

• Created: 2026-01-04T12:54:09.990Z

• File Size: 27,600 lines (~828.8 KB)

• Total Records: 1,009 bets across 22 seed sessions

3.2 Fields Used for Verifier Parity

Parity Verification Fields:

• serverSeed - Server-provided entropy (64 hex characters)

• clientSeed - Player-provided entropy (alphanumeric string)

• nonce - Uniqueness counter (integer)

• drawnNumber - Live game outcome (0.00 - 100.00)

• result - Raw result value from live game (0-10000)

Parity Test Method:

1. Extract (serverSeed, clientSeed, nonce) from live bet data

2. Recompute outcome using independent verifier: generator.generateDiceResult()

3. Compare verifier output with drawnNumber from live game

4. Assert exact match (100% parity required)

4. Reproduction Instructions

4.1 Local Reproduction Steps

Expected Output:

4.2 Audit Reproducibility Pinning

• Git Commit: fa913ab94883d06950d3c63bbb7007f927648131

• Dataset Hash (SHA-256): ba3ae70517c7f77e07eaced46900a5f94ebc02bf11c41502fac894f142efb799

• npm Version: 11.3.0 (minimum: 8.x)

• Node Version: v22.11.0 (minimum: v16.x)

This section verifies that the game's payout mechanics are mathematically correct and transparently implemented. Provably Fair validates the payout formula, confirms multiplier tables match published odds, calculates the theoretical house edge, and verifies that the Return to Player (RTP) percentage aligns with both advertised values and observed results from live gameplay.

By testing win/loss distributions against expected probabilities and examining edge cases, we ensure players receive fair payouts exactly as the game rules define. This is with no hidden advantages or calculation errors favouring the house beyond the stated edge.

4.1 Payout Formula

Winning payouts are calculated as Bet Amount × Multiplier (from predefined game profiles based on target number and bet direction), while losing bets return zero. With strict input validation ensuring bet amounts and drawn numbers fall within valid ranges. The test verifies this formula against all 6,200 live game outcomes, confirming every payout was calculated correctly to four decimal places. All multipliers are derived using the formula Multiplier = 99.9 / Win Chance %, ensuring a consistent 0.1% house edge (99.9% RTP) across all possible bet configurations.

Unit Test Declaration: "Payout rules correctness" ✅

Formula:

Code Implementation:

Test Implementation:

4.2 Multiplier Formula & House Edge

All multipliers are calculated using the formula Multiplier = 99.9 / Win Chance %, which embeds a consistent 0.1% house edge across every possible bet. Whether betting on a 1% longshot (99.9x) or a 98% favorite (1.019x). This ensures the theoretical RTP remains exactly 99.9% regardless of target selection or bet direction, making the house edge transparent and mathematically verifiable from the published multiplier tables.

Multiplier Calculation:

Where 99.9 = (100 - 0.1% house edge)

Example Calculations:

Target 50 Over:

• Win Chance: 50%

• Multiplier: 99.9 / 50 = 1.998x

• RTP: 50% × 1.998 = 99.9%

• House Edge: 100% - 99.9% = 0.1%

Target 99 Over:

• Win Chance: 1%

• Multiplier: 99.9 / 1 = 99.9x

• RTP: 1% × 99.9 = 99.9%

• House Edge: 0.1%

Target 2 Under:

• Win Chance: 2%

• Multiplier: 99.9 / 2 = 49.95x

• RTP: 2% × 49.95 = 99.9%

• House Edge: 0.1%

Actual Multiplier Table (Sample):

4.3 RTP Validation

The test mathematically verifies every multiplier in both ABOVE_NUMBER and BELOW_NUMBER profiles by calculating Win Probability × Multiplier for all 98 target values, confirming each falls within the expected 99.9%-100% RTP range. This proves the advertised 99.9% RTP (0.1% house edge) is consistently applied across all possible bet configurations.

Test: "Advertised RTP matches theoretical RTP" ✅

Code Implementation:

Results:

• All targets (1-99) have RTP between 99.9% and 100%

• Actual RTP: 99.9% (0.1% house edge)

4.4 Simulated RTP

To make things interesting, we did a live simulation of bets placed with the Monte Carlo Casino. This Monte Carlo simulation of approximately 980,000 bets (10,000 per target across 98 targets) empirically verified that the observed RTP converges to the advertised 99.9% within acceptable statistical margins.

Test: "Advertised RTP matches simulated RTP" ✅ (113281ms = 113 seconds)

Code Implementation:

Simulation Details:

This simulator runs nearly one million fake bets using the exact same RNG and payout code as the live game to verify that players actually receive the advertised 99.91% RTP in practice. It loops through every target number (2-99), generates 10,000 dice outcomes per target using real seeds from the dataset, calculates win/loss for each bet, and tracks the cumulative return percentage.

Results:

• Targets Tested: 2 through 99 (98 targets)

• Samples per Target: 10,000 bets

• Total Simulated Bets: ~980,000

• Execution Time: 113 seconds

• Result: RTP converges to 99.9% ± 1% margin ✅

This section indexes the technical artifacts used to verify Dice payout mechanics, multiplier formulas, theoretical RTP calculations, and simulated RTP validation. All evidence is reproducible using the linked scripts and datasets. Inline content is intentionally minimal; full artifacts are available via links.

Generated: 2026-02-11

Audit Status: ✅ ALL TESTS PASSING (3/3 RTP & Payout tests)

1. Evidence Coverage Summary

2. Code References

2.1 Test Suite (RTP & Payout Tests)

Primary Test File: tests/dice/DiceAuditExecutionChecklistTests.ts

2.2 Core Implementation

Payout Calculator: src/dice/DiceWinCalculator.ts

Multiplier Tables: src/dice/DiceGameProfiles.ts

RTP Simulator: src/dice/DiceGameSimulator.ts

3. Datasets Used

3.1 Primary Dataset (Live Payout Verification)

Dataset: dataScripts/dice/duel-dice-sim-1767531771390.json

Metadata:

• Source: Live Dice game data from https://duel.com/dice

• Total Records: 1,009 bets

• Used For: Verifying live payouts match calculated formula

3.2 Fields Used for Payout Verification

Payout Verification Fields:

• betAmount - Wager amount (USD)

• drawnNumber - Dice outcome (0.00 - 100.00)

• targetNumber - Player-selected target

• overTheTarget - Bet direction (true = over, false = under)

• winAmount - Actual payout from live game

Verification Method:

1. Extract (betAmount, drawnNumber, targetNumber, overTheTarget) from live data

2. Calculate expected payout: DiceWinCalculator.calculateWinnings()

3. Compare calculated payout with winAmount from live game

4. Assert match to 4 decimal places4

4. Reproduction Instructions

4.1 Local Reproduction Steps

Expected Output (Payout Formula):

Expected Output (Theoretical RTP):

Expected Output (Simulated RTP):

4.2 Audit Reproducibility Pinning

• Git Commit: fa913ab94883d06950d3c63bbb7007f927648131

• Dataset Hash (SHA-256): ba3ae70517c7f77e07eaced46900a5f94ebc02bf11c41502fac894f142efb799

• npm Version: 11.3.0 (minimum: 8.x)

• Node Version: v22.11.0 (minimum: v16.x)

This section validates that the provably fair system cannot be manipulated by either players or the casino through known attack vectors. An exploit would allow a player or the casino to predict outcomes, manipulate results, or gain an unfair advantage by abusing weaknesses in the provably fair implementation.

This audit evaluates whether any such conditions are possible under realistic gameplay constraints.

5.1 What Constitutes an Exploit

An exploit in a provably fair system would allow one party to gain an unfair advantage by violating the fundamental guarantees of fairness:

5.2 Exploit Reference Framework

Exploit testing is based on the ProvablyFair.org Exploit Reference Database, a curated catalog of real, historically observed failures in provably fair systems.

The database includes exploit classes derived from:

• Incorrect seed lifecycle handling

• Nonce reuse or unintended resets

• Mixed or hidden entropy sources

• Stateful RNG implementations

• Hash truncation or modulo bias errors

• Cross-round or cross-user state leakage

High-Level Testing Framework

For each exploit class in the reference database:

1. Identify the historical failure pattern - Select a known real-world exploit

2. Target the corresponding invariant - Determine which fairness guarantee is at risk

3. Simulate realistic attack conditions - Test under actual gameplay constraints

4. Validate system response - Confirm the exploit is prevented

What Would Break Fairness

Exploit Coverage Overview

5.3 Testing Approach (High Level)

For each exploit class:

1. A known historical failure pattern is selected from the reference database

2. The corresponding provably fair invariant is targeted

3. The system is tested under realistic gameplay conditions

4. Any deviation from expected behaviour is flagged for review

1. Exploit Coverage Matrix

2. Illustrative Exploit Attempt (Redacted)

Example: Nonce Reuse / Replay Attack

Exploit Goal

Attempt to reproduce a favourable outcome by reusing a previously observed (serverSeed, clientSeed, nonce) tuple.

Observed Behavior

• Nonce increments strictly per bet

• No reuse detected within any seed session

• Identical inputs only reproduce historical outcomes

Result

❌ Exploit not possible

This behaviour is consistent across all observed seed sessions.

3 Verified Exploit Invariants

The following invariants were tested and verified:

4 Disclosure & Limitations

Detailed exploit procedures, payloads, and reproduction steps are intentionally excluded from this public report to prevent misuse.

6.1 How to Verify Your Bet

Step 1: Open Bet Details

• After any bet, click on the bet result to open the details modal

• You'll see the bet ID, result, multiplier, and target

Step 2: Click "Verify" Tab

• In the bet details modal, switch from "Results" to "Verify" tab

• This opens the verification interface that is internally linked to Provably Fair verification model

Step 3: Review Your Seeds

• Client Seed: Your player-controlled seed (e.g., G3blCQBWQdVfM8sx)

• Server Seed: The revealed server seed (64 hex characters)

• Server Seed Hash: The pre-committed hash shown before the bet

• Nonce: The bet number in sequence (starts at 0)

Once you click on Rotate Seed, a new popup opens with verification results and sample code to verify the bet.

Step 4: Verify the Result

• The verifier shows the calculated result based on your seeds

• Compare this to your actual game result — they must match exactly

• Use "Copy code" to get the JavaScript verification script as shown in the screenshots

6.2 Server Seed Hash in Duel Casino UI

Before placing any bet, you can view the pre-committed server seed hash directly in the game interface:

1. Click the "Provably Fair" button located below the game controls (shown in Image 1)

2. View the "Active server seed (Hashed)" field in the modal that appears (shown in Image 2)

3. Copy this hash using the copy button — this is your proof that the server seed was committed before your bet

The modal also displays your Active client seed, current Nonce, and options to set a New client seed or view the Next server seed (Hashed) for upcoming sessions. Clicking "Rotate seed" will reveal the current server seed and generate a new one for future bets — at which point you can verify that the revealed seed matches the hash you recorded.

1. Manual Verification (Advanced)

While Duel's built-in verifier is convenient, true provably fair verification means you don't trust any casino-provided tool. Manual verification allows you to:

• Run calculations on your own machine with your own code

• Eliminate any possibility of a tampered verifier

• Understand exactly how your results are generated

• Verify using multiple programming languages for cross-confirmation

2. Dice Result Generation

The Dice result generation follows a 4-step cryptographic process. The Dice verification workflow transforms your cryptographic inputs (serverSeed, clientSeed, nonce) into a verifiable result through HMAC-SHA256 hashing and rejection sampling. This deterministic process ensures identical inputs always produce identical outputs, enabling independent verification of any bet.

3. Verify Server Seed Hash

The commit-reveal protocol ensures the casino cannot change the server seed after seeing your bet. Before betting, you see only the SHA-256 hash of the server seed. After the bet, the actual seed is revealed. This function verifies the revealed seed hashes to the same value, proving no manipulation occurred. Before betting, verify the hash matches after reveal: