Verification logic uses inconsistent hash/derivation versus gameplay
The off-chain Verifier used a different hash or derivation path than the in-flight gameplay engine. This created cases where a game ran one way at play time but the verifier reproduced a different outcome (or vice versa).
Description
Provably-fair verification depends on the verifier using exactly the same hash function, seed mixing, and outcome-derivation as the gameplay engine. The audited verifier diverged from the live gameplay derivation in subtle ways, so reproducing an outcome from (serverSeed, clientSeed, nonce) did not always match what the engine produced at play time.
Impact
- Players may verify a game and get a different outcome than what occurred, eroding trust.
- Operator-side gameplay can subtly drift from publicly verifiable behavior, weakening the provably-fair contract.
Recommendation
Extract the outcome-derivation routine into a single shared library used by both the gameplay engine and the verifier (or compiled to both backends). Add cross-checks at gameplay close that re-run the verifier code path against the recorded inputs and assert equality.
Fair Casino: Fixed. Zealynx: Verified.