search

Evidence

RNG & Oracles (Control, centralization, manipulation risk)

hashtag
[1] Oracle signer transactions list

hashtag
[2] Same signer used across multiple users/games

hashtag
[3] No public instructions to run an oracle node

hashtag
[4] No on-chain commit to bet (no commit–reveal)

hashtag
[5] VRF not bound to block/slot

hashtag
[6] Off-chain oracle generates VRF, only final posted

hashtag
[7] Demonstration of re-roll risk (concept or tool)

hashtag
[8] Timing gap: bet → VRF post

hashtag
[9] No on-chain function to rotate oracle signers

hashtag
[10] Halborn: reliance on off-chain logic

Halborn Audit PDFarrow-up-right

Game Logic (off-chain black box, unverifiable fairness)

hashtag
[11] Slot/Vault contract extracts show no outcome logic

No Game logic provided:

hashtag
[12] Data flow (RNG → off-chain → payout)

hashtag
[13] No published RTP/odds per game on-chain

hashtag
[14] Backend distributions

hashtag
[15] No user-verifiable reproduction path (no client seed binding)

hashtag
[16] Winner wallet page (5or7BF…): full TX history

https://solscan.io/tx/5s1N4ZfXETh3AgpJfUR57xMkGtetmKQ5UMMtVWxXdQa85XjrFi9m5A8rBZwnk6yQa98Hyd7Ar3xujV687zn8cjSoarrow-up-right

hashtag
[17] Kraken-funded deposits (2× >600 SOL)

hashtag
[18] Micro-tx burst to gambling dApps

hashtag
[19] No DeFi/NFT usage (ephemeral wallet)

hashtag
[20] Timeline: Kraken → play burst → jackpot → withdraw

hashtag
[21] Jackpot payout TX (sender not vault)

hashtag
[22] Probability graph (Poisson) for 2 in 5,000

hashtag
[23] Statement: no jackpot transparency report

Payouts, Liquidity, Proof-of-Reserves

hashtag
[24] Vault settlement log (typical small win auto-settled)

hashtag
[25] Cold reserve described (marketing)

hashtag
[26] Cold reserve is a wallet, not a contract

hashtag
[27] Jackpot payout not routed via vault contract

hashtag
[28] No timelock/multisig on reserve

hashtag
[29] No on-chain proof-of-liabilities

Admin / Upgradeability / Governance

hashtag
[30] Program marked upgradeable (BPF Loader)

hashtag
[31] Upgrade authority is team-controlled

hashtag
[32] No public DAO governance (no SPL governance links)

hashtag
[33] No pause/override functions publicly exposed

hashtag
[34] Halborn “authority transfer not enforced” fixed

hashtag
[35] Settlement batching acknowledged (delay possible)

  • IST to UST Time (At least 2 minutes settlement delay)

Halborn Scope / Audit Transparency

hashtag
[36] Halborn scope omits RNG/oracles/game logic

hashtag
[37] No public GitHub/IPFS for audited code

Trustless vs Reality (Marketing vs facts)

hashtag
[38] Screenshot of “provably fair for every spin” claim

hashtag
[39] Screenshot of “decentralized oracles” claim

hashtag
[40] Screenshot of “non-custodial, you control funds” claim

hashtag
[41] Claims vs Reality table (final)

hashtag
[42] No Client seed input UI

Earlier, no Client Seed Input provided.

Recently, Client Seed UI added but no verification that it is used for RNG with Proov VRF hash (Server Seed).

hashtag
[43] No path to reproduce outcome from seed

hashtag
[44] Explorer shows logs, not pre-commit proofs

Public Explorer (“we show everything now”) rebuttal

hashtag
[45] Example: bet log with no player-seed binding

Custom Seed (i.e. Player Seed) not used with Proov VRF to generate RNG for game outcome.

In simple terms, Custom seed parameter which is just taken in the bet request but not combined with RNG which is the least for any online crypto casino.

hashtag
[46] 3 real bets with full fields (CSV)

hashtag
[47] One bet timeline

hashtag
[48] Admin/Reserve safety

hashtag
[49] No multisig on reserve (EOA ownership)

hashtag
[50] Comparision and Architecture upgrades

PreviousRecommendations

Last updated