💥 CrashBurst
← Back to Casino
🛡️

Provably Fair

Every round on CrashBurst is mathematically verifiable. The outcome is committed to before you bet via a public hash, and revealed after the round so you can independently reproduce it. We can't change a single roll without breaking the hash — and you can prove it.

⚙️ How verification works

1️⃣

Server commits

Before each round, the server picks a random serverSeed and publishes its SHA-256 hash. The seed itself stays secret until the round ends.

2️⃣

Round resolves

Outcome = HMAC-SHA256(serverSeed, clientSeed:nonce:tag). Each game has its own tag. The server can't fudge — its hash already locked the seed.

3️⃣

Server reveals

After the round you get the serverSeed. Hash it yourself, confirm it matches the one published earlier, then replay the HMAC to reproduce the outcome.

For finished rounds you can fetch the seeds from the API: GET /api/<game>/verify/:roundId. The verifiers below let you paste those values and reproduce the outcome right in your browser — no backend, no trust required.

📋 Per-game formulas

🔬 Live verifier

Paste the seed material from any finished round and reproduce the outcome locally. All math runs in your browser via SubtleCrypto — no requests are made to our servers when you click Verify.

Reproduces the crash multiplier for a finished round. Formula: HMAC-SHA256(serverSeed, "clientSeed:nonce") → first 13 hex chars as a 52-bit integer → if divisible by 20, instant 1.00× bust; otherwise floor((100·2⁵² − h) / (2⁵² − h)) / 100.

HMAC tag :limbo. Same multiplier curve as Crash. Edge is enforced by forcing 1.00× when the first 13 hex chars (parsed as decimal) are divisible by round(1/edge) — i.e. every 20th roll at 5%.

HMAC tag :dice. The first 4 bytes of the digest become a uint32; if that's below the unbiased rejection limit floor(2³² / 10000) × 10000, return uint32 % 10000; otherwise resample with extension tag :dice:ext:<n>. Roll display = result / 100 (e.g. 4267 → 42.67).

HMAC tag :mines. The 32 digest bytes seed a Fisher–Yates shuffle of [0..24]; on exhaustion the bytestream is extended via SHA-256(state). The first minesCount elements after shuffling are the mine positions.

HMAC tag :plinko. Each row consumes one bit from the digest's bit stream (LSB-first within each byte). Bit = 0 → ball falls left at that peg, bit = 1 → right. Final bucket is the count of right-falls.

Each click uses TWO HMACs: :moles:<hitIndex> picks the M mole positions in 7 holes via Fisher–Yates, and :molesfail:<hitIndex> rolls a fail probability — first 4 bytes / 2³². If the click landed on a mole AND failRoll < edge, the click counts as a miss.

TWO HMACs per room: :dungeon:<K> picks the trap door (rejection-sampled mod doors-count, unbiased), and :dungeonfail:<K> rolls the per-room edge fail — first 4 bytes / 2³². If failRoll < edge, the room busts even if the player picked the safe door. Multipliers are the clean fair N/(N-1) ladder; the edge bites into the win probability instead.

Confirm a revealed serverSeed matches the serverSeedHash the server published before the round. If the hash doesn't match, the server changed the seed after seeing your bet — that's caught by this check.

FAQ

Where do I get the seeds for a finished round?

Hit GET /api/<game>/verify/<roundId> while logged in. For Crash specifically the round and its seeds are public via /api/recent-rounds. Round IDs come from your bet history.

Can the server change the seed after seeing my bet?

No. The seed's SHA-256 hash is published before any bet is placed. If we reveal a different seed afterward, the hash check (above) will fail — and you have proof.

What's the difference between seeds and nonces?

The serverSeed + clientSeed identify a session. The nonce increments per round/bet, so the same seed pair produces different outcomes for each bet without needing a fresh seed every time.

Can I rotate my own clientSeed?

Yes. The clientSeed defaults to a random value but can be changed any time from your account. After rotation, all subsequent rounds use the new seed.

What about Blackjack, Roulette, Baccarat?

Same model. Each card draw or wheel spin is one HMAC step. Their verifiers aren't on this page yet (more state to track), but the /verify/:id endpoint returns enough info to reproduce them with the formulas listed above.