Polyflip smart contract communicates with an off-chain service powered by Chainlink which ensures the randomness of the results and prevents the system from being exploited and hacked. In order to ensure transparency and unbiased randomness within the games, we need access to a secure random number generator (RNG) that any user could independently audit. However, RNG solutions for smart contracts require several security considerations to prevent manipulation and ensure system integrity. For instance, RNG solutions derived from blockchain data like block hashes can be exploited by miners/validators, while off-chain RNG solutions derived from off-chain APIs are opaque and don’t provide users with definitive proof about the integrity of the process.
After reviewing various solutions, we selected Chainlink VRF because it’s based on cutting-edge academic research, supported by a time-tested oracle network, and secured through the generation and on-chain verification of cryptographic proofs that prove the integrity of each random number supplied to smart contracts.
Chainlink VRF works by combining block data that is still unknown when the request is made with the oracle node’s pre-committed private key to generate both a random number and a cryptographic proof.
The Polyflip smart contract will only accept the random number input if it has a valid cryptographic proof, and the cryptographic proof can only be generated if the VRF process is tamper-proof. This provides our users with automated and verifiable assurances directly on-chain that the randomness underlying Polyflip’s games is provably fair and was not tampered with by the oracle, outside entities, or the Polyflip team. At these links you can check by yourself and explore everything in matter of VRF (Verifiable source of randomness) and RNG (Random number generation for smart contracts):