Joined September 2025
- Tweets 78
- Following 318
- Followers 1,038
- Likes 310
34 Photos and videos
Pinned Tweet
Jun 10
Is a provably fair game actually fair? How would a player know?
"Provably fair" has become a badge casinos award themselves. Almost every casino claims it. Almost none can prove it.
Today we're launching ProvablyFair.org Certification
An independent open-source audit standard for casino built games.
Here's why it exists:
The casino builds the game.
The casino builds the verifier.
Then they tell you to use that verifier as proof the game is fair.
Of course it matches.
That only proves the casino is consistent with itself.
It doesn't prove the game is fair.
And the gap is real.
Every one of these surfaced in the last 6 months.
All marketed provably fair, all passing the casino's own verification:
-Pay table quietly swapped to lower RTP, the verifier updated to match
- A client seed accepted but never used. Decoration
- Server seed rotated every bet, nonce stuck at zero, discarding unfavorable seeds
- A committed hash swapped after the player locked their seed. Defeats commit-reveal entirely
- A verifier running different code from the live game
None of these were caught by the casinos own protocols, because a self-verification system can't catch a problem its own author built into both sides.
And none of them are things a normal player can realistically detect.
So here's how we built it.
The method rests on one decision: we rebuild each game from its published rules, not the casino's code.
Re-running a casino's own code only proves it's consistent with itself. Rebuilding it independently tests whether the live game does what the casino publicly claims.
From that rebuild, for every game we:
- Capture and recompute thousands of real bets independently
- Run the entire provably fair chain, every cryptographic rule in order
- Derive the true RTP from first principles, never trusting the casino's own number
- Confirm it across millions of simulated rounds
Break even one core rule and the game can be rigged.
Pass them all, with the RTP holding up, and it's provably fair.
It's binary. It's math, not opinion.
That's the standard we think provably fair gaming should be held to.
Not a black box audit. Not a trust-us bro PDF.
Every audit is public, every verifier is public, every repository is open source.
Anyone can clone the code and reproduce the findings themselves.
Self-verification proves a casino is consistent with itself.
Independent verification proves it's consistent with what it publicly claims.
Only the second tells you whether the games are actually fair.
15
9
35
12,039
Jun 13
Should you choose your own client seed, or leave the default?
Short answer: yes, it matters, and almost nobody checks it.
Set your own. Here's why
Everyone checks the server seed.
Almost nobody asks where the client seed comes from. That's the part that should worry you.
Your client seed feeds the randomness of every outcome. It's your half of the input, the half the casino isn't supposed to control.
So where it comes from matters.
Every default client seed has a source: either it's generated locally in your browser, or the casino's server hands it to you.
Looks identical in the box. Completely different in practice.
Here's the problem.
If the casino controls the server seed AND supplies the client seed, it controls both halves. It can generate seed pairs, see which ones start out house favorable, and serve you one of those.
Commit-reveal still passes. Every bet still verifies.
You "contributed" nothing. Both sides came from them.
Setting your own is the fix. The casino can't pre test against a value it never chose.
The catch: most players never change the default, and plenty of big-name casinos serve it server side.
So the casino can be holding both halves, and nothing on screen tells you which.
This is exactly what our audit checks.
First we find where the client seed actually comes from. Then we run our cherry-pick test: hundreds of real casino-generated seed pairs, scanned for bias in the first 10,000 bets, where real players play and a stacked seed gives itself away.
If a casino is selecting favorable seeds, that's where it shows up.
Does the casino you play on:
– Let you set your own custom client seed?
– Serve the default from your browser, or its own server?
Tag them below
2
1
11
1,595
Jun 12
First Audit Live: Duel.com
10 in-house games certified
How it works: we rebuild each game from scratch, using only the rules Duel publishes, never their own code.
Testing a casino with its own code only proves it agrees with itself.
From that rebuild, every game faces a scored chain of 15–33 checks in our open-source test suite, scaled to complexity: the full provably fair chain, the RTP math, and real bets from the live site.
Inside that chain, statistical analysis tests results for bias and links between bets. Every revealed seed is screened for cherry-picking: casinos quietly discarding seeds that pay too well.
Fail one check, fail the whole audit. No partial credit.
The numbers:
53,475 real bets, placed through anonymous accounts so Duel couldn't tell audit traffic from any other player. Re-run through our rebuild: every card, reel position, and cascade. All 53,475 identical. 100% parity.
253,000,000 simulated rounds to test the RTP. We calculated what each game should pay using nothing but its published rules, then ran the simulations as a cross-check that the live games agree. Duel's own figures were never part of the test.
Some specific examples:
4,294,967,296 slot outcomes tested on Groomer's Van. Not a sample: every spin the game can ever produce, calculated twice, once on CPU, once on GPU. Both gave the same answer.
2,598,960 Video Poker hands. Every hand that can ever be dealt, checked one by one.
2,450 Crash and Castle Roulette rounds. Multiplayer has no client seed, so every round is tied to drand, a public source of randomness nobody controls. Not even Duel. Their seed was locked in before each drand number existed.
3,487 server seeds revealed and checked across all 10 games. Every one matched the hash shown before play. Not one swapped.
151 game integrity checks, a fixed matrix run on every game: a replayed bet must not pay twice, an injected payout value must be ignored, a tampered seed or nonce must be rejected, malformed and simultaneous requests must be handled safely. 147 passed.
4 minor flags, all server-side input validation. Zero fairness failures. Disclosed to Duel and published in full.
Full audit, datasets, test suite, simulations and an independent verifier tool built by us. All open source. Anyone can re-run the entire audit and check every finding.
audit.provablyfair.org/casin…
6
1
21
17,990
Jun 12
Go deeper:
Certification summary: provablyfair.org/casinos/due…
Verify your own Duel bets with our verifier build: audit.provablyfair.org/casin…
Every game repo: github.com/orgs/ProvablyFair…
More audits are underway. Results will drop as they complete.
3
708
Jun 10
Is a provably fair game actually fair? How would a player know?
"Provably fair" has become a badge casinos award themselves. Almost every casino claims it. Almost none can prove it.
Today we're launching ProvablyFair.org Certification
An independent open-source audit standard for casino built games.
Here's why it exists:
The casino builds the game.
The casino builds the verifier.
Then they tell you to use that verifier as proof the game is fair.
Of course it matches.
That only proves the casino is consistent with itself.
It doesn't prove the game is fair.
And the gap is real.
Every one of these surfaced in the last 6 months.
All marketed provably fair, all passing the casino's own verification:
-Pay table quietly swapped to lower RTP, the verifier updated to match
- A client seed accepted but never used. Decoration
- Server seed rotated every bet, nonce stuck at zero, discarding unfavorable seeds
- A committed hash swapped after the player locked their seed. Defeats commit-reveal entirely
- A verifier running different code from the live game
None of these were caught by the casinos own protocols, because a self-verification system can't catch a problem its own author built into both sides.
And none of them are things a normal player can realistically detect.
So here's how we built it.
The method rests on one decision: we rebuild each game from its published rules, not the casino's code.
Re-running a casino's own code only proves it's consistent with itself. Rebuilding it independently tests whether the live game does what the casino publicly claims.
From that rebuild, for every game we:
- Capture and recompute thousands of real bets independently
- Run the entire provably fair chain, every cryptographic rule in order
- Derive the true RTP from first principles, never trusting the casino's own number
- Confirm it across millions of simulated rounds
Break even one core rule and the game can be rigged.
Pass them all, with the RTP holding up, and it's provably fair.
It's binary. It's math, not opinion.
That's the standard we think provably fair gaming should be held to.
Not a black box audit. Not a trust-us bro PDF.
Every audit is public, every verifier is public, every repository is open source.
Anyone can clone the code and reproduce the findings themselves.
Self-verification proves a casino is consistent with itself.
Independent verification proves it's consistent with what it publicly claims.
Only the second tells you whether the games are actually fair.
15
9
35
12,039
Jun 10
First certified casino is Duel.com
10 games
53,475 live bets verified
253M simulation rounds
Clone any repo and reproduce it yourself: audit.provablyfair.org/casin…
2
8
1,149
Mar 16
We conducted an independent technical audit of Winna.com's Plinko game following their March 10 incident report.
Our analysis shows that for nearly 3 months, players were playing Plinko on worse odds than the site publicly stated.
If you played Winna Plinko between Dec 17 and March 10, your bets were placed under those probabilities.
Here’s what the code shows. 🧵
56
21
84
39,231
Mar 16
VERIFICATION TOOL
We’re publishing a tool where affected players can input their seed pairs and see which bets would have produced different outcomes under fair binomial probabilities vs the extracted tables.
If you played Winna Plinko during the affected period, you can check your results here:
🔗 provablyfair-org.github.io/w…
1
1
5
2,884
Mar 16
MARCH 14
We extracted the live code again.
Low, Medium and High modes now use fair binomial coin-flip logic, restoring ~99% RTP.
If you played Plinko between Dec 17 and March 10, we recommend contacting support to understand how your play was reviewed.
This case is also a good example of why independent third-party verification matters when casinos build and deploy their own games.
Github:
github.com/ProvablyFair-org/…
1
1
7
2,401
Jan 28
Common Provably Fair marketing claims that most players will see and just believe because it sounds technical.
Jan 28
First time seeing gambulls had a quick Look. Reviewing Gambulls provably fair section.
Claims: “Every game outcome is recorded on the blockchain.”
But I can't find any visible PF games, no seed system, no verifier, no on chain logs?
Can you clarify? Looks like marketing
2
2
13
2,005
14 Nov 2025
1/ After multiple player reports, we reviewed @moonroll Plinko.
What we found: the “provably fair” system is FAKE.
The verifier and the live game do not even use the same logic.
Full case study below.
50
44
120
18,482
15 Nov 2025
Which casino’s “provably fair” system should we check next?
Tag them
17
3
13
3,123