Blog

🔒 HASHSCORE Now Provably Fair

By @pinkfloyd87812/14/2025hivegc

🔒 HASHSCORE Now Provably Fair - Thanks to @minus-pi!

HASHSCORE Token

New Waiting

New Results

TL;DR

HASHSCORE games are now provably fair using cryptographic secrets that change every minute. Players can no longer predict scores before sending transactions, and every game result can be independently verified. This upgrade was inspired by feedback from @minus-pi.

What Changed?

The Problem

@minus-pi discovered that our hash scores could be predicted before sending transactions. Since transaction hashes are known immediately after signing (but before broadcasting), a clever player could:

  1. Sign a transaction locally
  2. Calculate the resulting hash score using our public algorithm
  3. Only broadcast transactions with favorable scores
  4. Reject unfavorable scores and try again

This defeated the randomness of the game. Props to @minus-pi for bringing this to our attention and demonstrating it responsibly!

The Solution: Provably Fair Gaming

We've implemented a provably fair system inspired by @magicdice's approach:

How it works:

  1. Server-side secrets - Our server generates a random 16-character secret every minute
  2. Salted hash calculation - Your score is calculated from SHA256(transaction_hash + secret) instead of the raw transaction hash
  3. Unpredictable - Since you don't know the secret when you send your transaction, you can't predict your score
  4. Transparent - After your game completes, we reveal the secret in your reward memo
  5. Verifiable - You can independently verify your score was calculated fairly

The Formula:

salted_hash = SHA256(your_transaction_hash + server_secret)
your_score = sum of all hex characters in salted_hash

Instant Verification

Every reward transaction now includes:

Example memo:

Result: HASHSCORE Default | Win High | Your HASHSCORE: 463 | 
Secret: K1jyq5sV3PHZuhSs | 
Verify: https://hashscore.fun/verify.php?tx=abc123...&s=K1jyq5sV3PHZuhSs

Click the verify link and you'll see:

  • ✅ Your transaction hash
  • ✅ The secret used
  • ✅ Recalculated score (matches your result)
  • ✅ Proof the game was fair

Why This Matters

Before: Trust-Based

You had to trust that our system was fair. There was no way to verify.

After: Cryptographically Verifiable

  • Transparent - The exact formula is public
  • Unpredictable - Secrets change every minute
  • Verifiable - You can prove every game was fair
  • Fair - Neither player nor house can manipulate results

This is the same proven system used by other successful blockchain gaming platforms like @magicdice.

Real-Time Results

We've also upgraded the user experience:

Old way: Instant preview showing predicted score (now we know this was wrong!)

New way:

  • Transaction sent → Shows "Processing..."
  • Polls server every 10 seconds
  • When complete → Shows real results:
    • Your actual hash score (with secret)
    • Win result (High/Low/Average)
    • Reward amount
    • Secret and verification link
    • One-click to verify fairness

Technical Details (For the Nerds 🤓)

Secret Rotation:

  • New secret generated every 60 seconds
  • Secrets are cryptographically random (16 alphanumeric characters)
  • Secret determined by transaction timestamp, not processing time
  • Same transaction always uses same secret (deterministic)

Database Storage:

  • Every transaction stores which secret was used
  • Full audit trail for transparency
  • Secrets stored in indexed table for fast verification

Verification Process:

// What you can verify:
$salted_hash = hash('sha256', $your_tx_hash . $revealed_secret);
$your_score = calculate_score($salted_hash);
// Compare with the score we gave you - they match!

Shoutout to @minus-pi 🎉

Big thanks to @minus-pi for:

  • Discovering the vulnerability
  • Reporting it responsibly
  • Demonstrating it clearly (even spelling "Rising" to prove it!)
  • Recommending the provably fair approach
  • Pointing us to @magicdice's implementation

This is exactly the kind of community feedback that makes Hive projects better. Thank you! 🙏

What This Means for Players

Fair gameplay - No one can game the system anymore
Transparency - Every result is verifiable
Trust - Don't trust us, verify us!
Same great games - All games still work exactly the same
Better UX - Real-time results with verification links

Try It Out!

  1. Play any HASHSCORE game: https://hashscore.fun
  2. After your game, check your reward memo
  3. Click the verification link
  4. See the cryptographic proof your game was fair!

Play fair. Verify everything. Welcome to the new HASHSCORE.

🎲 https://hashscore.fun
🔒 Provably Fair | Built on Hive | Powered by Community Feedback

#hive #gaming #hashscore #provablyfair #blockchain #gaming #transparency

comments