No "trust the dealer". No black-box RNG. Every outcome on ShinyLuck is the keccak256 of three values you can audit yourself - server seed, client seed, and a monotonic nonce. We commit to the server seed before you bet, and reveal it after.
The House Manager Agent pre-commits 200 server-seed hashes at a time. Each hash is keccak256(serverSeed) - published before any bet binds to it. The seed itself stays sealed until reveal.
You sign your bet with your own 32-byte client seed. Pick anything - we suggest random bytes. Stake + seed + chosen slot is binding the moment the tx confirms.
Randomness is computed on-chain via keccak256(serverSeed‖clientSeed‖blockhash‖nonce). Four Somnia agents independently re-derive it as a redundancy check - money never depends on this signal; it tracks agent health.
Server seed becomes public on settlement. Anyone can re-hash and verify - there is no version of the seed that could have produced a different outcome.
For each bet the casino derives keccak256(serverSeed ‖ clientSeed ‖ blockhash(commitBlock+3) ‖ nonce). No LLM is in the money path - Somnia agents only re-derive the same hash off-chain as a redundancy check.
No - keccak256(serverSeed) is committed on-chain before any bet binds to that slot. A different revealed seed would produce a different hash, which the contract rejects.
A 3-of-4 redundancy check across the LLM Inference Agent's workers. Even if one signer drops, three must agree; money does not depend on this signal - it's a liveness/health indicator for the agent layer.
The blockhash window is 256 blocks. If reveal is missed, anyone (including the player) can call refundExpired(betId) and the stake is credited back via pull-payment.
Yes - every bet generates a fresh 32-byte client seed in your browser. You can also supply your own via the SDK.
Solidity contracts are verified on the explorer; addresses below are clickable. The browser-side verifier above re-implements deriveRandomness exactly as the contract does.