Home / Provably fair

Don't trust us. Recompute it.

Every REDLINE outcome is sealed before you bet and revealed after the round. Anyone can recompute the exact result from public inputs and confirm the operator did not cheat. Here is the full mechanism.

The two guarantees

Provable fairness rests on two properties, and REDLINE delivers both:

The crash formula

For a round with secret seed and a public salt, the crash multiplier is a pure function:

# a uniform in [0,1), derived by a keyed hash
U = HMAC_SHA256(key = seed, message = "crash:" + salt)
U = top 52 bits of U, divided by 252 # exact, no bias

# invert the target distribution P(crash ≥ x) = (1 - edge) / x
crash = floor( (1 - edge) / U ) # floored to 0.01x, capped at the max

# therefore, for ANY cash-out target x:
# RTP = x · P(crash ≥ x) = x · (1 - edge) / x = 1 - edge

Because the return to player is identical for every target, no cash-out point and no bet size can beat the declared edge. At a 3% edge that is a fixed 97% RTP, and it is configurable per operator.

The pre-committed hash chain

REDLINE does not commit one round at a time. It commits to tens of thousands of rounds at once. A secret tail seed is hashed repeatedly to build a chain, and the chain is consumed in reverse so each revealed seed hashes to the previously revealed one. The single published chain commitment seals every future outcome before play begins. The operator cannot insert, drop, or reorder a result anywhere in the chain.

The public beacon, against grinding

A hash chain alone proves the operator cannot change a committed outcome, but on its own it does not stop the operator from generating many chains and keeping a favourable one. REDLINE salts every round with a public randomness beacon (a value from the drand network) that did not exist when the chain was committed. Because the operator commits first and the beacon is only known later, it cannot have ground the chain against it. If the beacon is ever unavailable, REDLINE degrades to a deterministic value derived from the committed chain, never to operator-chosen randomness, and records which source was used.

Verify any round yourself

After every round the secret seed is published. To verify a result:

  1. Take the revealed seed and the round's public salt, edge, and max multiplier.
  2. Compute U = HMAC_SHA256(seed, "crash:"+salt) and take its top 52 bits over 252.
  3. Compute crash = floor((1 - edge) / U), floored to 0.01x and capped at the max.
  4. Confirm SHA256(seed) equals the commitment published before the round, and that it chains to the next round.

The result is exact and reproducible on any machine. We publish an in-browser verifier that does this for you, and an offline lab kit that reproduces the full distribution over a hundred million rounds against the same code the live game runs.

The standard cryptographic primitives are SHA-256 and HMAC-SHA256 from a vetted library. There is no custom or home-grown cryptography anywhere on the outcome path. The only entropy source is the operating system secure random generator.

Open the verifier.

Recompute a real round from its published inputs, in your browser.

OPEN VERIFIER ▸