Fairness 'Verifier' can produce 'Verification Successful' for games that never occurred
The user-facing Fairness Verifier produced 'Verification Successful' results for arbitrary (serverSeed, clientSeed, nonce) inputs that were never bound to a real game history, undermining the verifier's credibility.
Description
The Verifier tool accepted any (serverSeed, clientSeed, nonce) input and ran the outcome-derivation, reporting "Verification Successful" whenever the inputs were syntactically valid. It did not check that the inputs corresponded to a real game in the user's history, so synthetic inputs produced a misleadingly positive verification result.
Impact
Verifier output cannot be relied upon as proof that a specific game was fair, only that the inputs are mathematically self-consistent. Trust in the public verification surface is weakened.
Recommendation
Bind verification results to game IDs the platform records. The Verifier should fetch the recorded (serverSeedHash, clientSeed, nonce) for a game ID and check the user-supplied serverSeed against the recorded hash, instead of accepting freeform inputs.
Fair Casino: Fixed. Zealynx: Verified.