How to Verify a Rust Coinflip Round in 30 Seconds
Verifying any coinflip outcome takes about 30 seconds. The verifier is open source — no trust in us required.
Step 1: find the round
Account → History → Coinflip → click the specific round. Each entry shows the server seed (revealed after the round), the client seed (yours or auto-generated), the nonce (per-game monotonic counter), and the actual outcome.
Note the values. You'll plug them into the verifier in a second.
The point isn't that you'll verify every round. The point is that any round you're suspicious about, you can verify in under a minute.
Step 2: hit verify
The Verify button on each round opens the inline verifier with the three inputs pre-filled. Click Run verification.
The verifier computes HMAC-SHA256(serverSeed, "${clientSeed}:${nonce}" + game salt), reduces the result to a 0/1 outcome, compares to the stored result. Match means the round was fair. Mismatch is a critical incident — we've never had one.
Step 3: re-derive locally if you want
For maximum certainty, install the library locally. Run npm install @rustsnowball/provably-fair, then in a Node REPL: import { resolveCoinFlip } from '@rustsnowball/provably-fair'; resolveCoinFlip(serverSeed, clientSeed, nonce, 2). The return value contains the result and the hash.
Compare the result to the round's displayed outcome. Same library the engine uses, no separate "verifier engine." If the local re-derivation matches the recorded outcome, the round was honest.
Why this works
HMAC-SHA256 is deterministic. Identical inputs always produce identical outputs. The server commits SHA-256(seed) before the round, reveals the raw seed after. A different seed would produce a different hash, breaking the commitment.
Because the verifier is open source AND identical to the engine code, you have full assurance the outcome was determined by the published inputs. No trust required, just one library call.
Frequently asked questions
- What if the verifier disagrees with the round outcome?
- Critical incident — email [email protected] with the round ID immediately. We treat verifier mismatches as production-down.
- Does the verifier work for all games?
- All 10. Each game has a dedicated resolveX function in @rustsnowball/provably-fair.
- What's the rngVersion parameter?
- v2 is the current domain-separated format. v1 is legacy for rounds before late 2026. The history page shows which version each round used.
- Can I verify someone else's rounds?
- Yes. All rounds publish seeds after settlement. You don't need to be the player to verify.