PROVABLY FAIR

Every pack selection on Rollick is cryptographically verifiable. We can't manipulate outcomes, and you can prove it. Here's exactly how it works.

How It Works

Four steps ensure every outcome is predetermined and tamper-proof
01

Server Seed Generated

Before you open a pack, our server generates a random seed and shows you its SHA-256 hash. This commits us to the outcome before you act — we cannot change it after.

02

Client Seed Added

You provide a client seed (or we auto-generate one). This ensures we couldn't have predicted your input when creating the server seed. Combined, they make the outcome unique and unriggable.

03

Outcome Calculated

The result is computed as: HMAC-SHA256(serverSeed, clientSeed + ":" + nonce). The first 8 hex characters are converted to a number between 0-100, which determines the outcome against the pack's probability table.

04

Verification

After the selection, we reveal the unhashed server seed. You can independently compute SHA-256(serverSeed) and confirm it matches the hash we showed before the selection. Then recompute the HMAC to verify the outcome.

Verify a Selection

Enter the details from any past selection to independently verify the outcome

🔍 Selection Verifier

Server Seed (unhashed)
Client Seed
Nonce (selection #)
Expected Hash (pre-selection)

Your Selection History

All your selections with cryptographic proof — click any hash to copy
#PackResultResult ValueServer HashClient SeedVerified

Technical Details

For developers and auditors

🔐 Algorithm

HMAC-SHA256 with server seed as key and "clientSeed:nonce" as message. First 8 hex chars converted to uint32, modulo 10000, divided by 100 for 2-decimal result value.

🔄 Seed Rotation

Server seeds rotate every 250 selections or on manual rotation by the user. Old seeds are revealed immediately upon rotation. Active seeds only show their SHA-256 hash.

📊 Audit Log

Every selection is logged with timestamp, seeds, nonce, result value, and outcome. Full history is exportable as JSON. Third-party audits conducted quarterly.

💻 Open Source

The complete fairness algorithm is open source on GitHub. Anyone can review, fork, and independently verify the implementation matches this specification.

🎲 RNG Quality

Server seeds generated using crypto.getRandomValues() (Web Crypto API) — cryptographically secure PRNG. No Math.random() anywhere in the outcome pipeline.

🛡 No Manipulation

The server commits to the outcome hash before the user acts. The client seed ensures the server can't predict the full input. Neither party alone controls the outcome.