Randomness
Last updated
Last updated
Typically, where a smart contract requires randomness, the use of an external oracle is the recommended route. Chainlink VRF is the dominant provider here and the process is simple, as per the steps in their own documentation:
However, in practice the use of Chainlink VRF has detrimental effects in both game play and cost to play. We conducted a detailed UX test in November 2022 involving 1000 simulated game plays using typical real-world Chainlink VRF callback delays.
A typical VRF play fulfillment takes an average of 12 blocks, but with 8% taking upwards of 15 blocks and 0.2% going unfulfilled entirely.
Using our in-house blockchain event monitoring solution (“wundaflow”), a typical play takes just 5 blocks to fulfill, with <0.5% (1 in 200) taking over 10 blocks and, importantly, 0% non-fulfilment.
The results also show that the churn of first-time players was 5% greater for Chainlink VRF plays than non-Chainlink VRF plays. Ultimately, each of those players could have had (1) significant LTV (lifetime value) to the Wundaverse, and (2) aided customer growth through future word of mouth acquisitions.
In terms of costs; a typical Chainlink VRF play costs the player 40% more Wei than a non-Chainlink VRF play. Wundalab also needs to cover the cost of funding the contract with LINK (Chainlink’s native token), further increasing running costs and eroding prize pools.
Additionally to UX and cost analysis, we conducted further research into potential attack vectors on our contracts without a VRF in order to determine the risks involved and develop any necessary mitigations. These attack vectors included:
Malicious miners/validators
Coordinated malicious players
Internal malicious actors (employees)
Based on this research, we ultimately settled on a unique dual-randomness approach, with on-chain randomness being used for standard plays and Chainlink VRF being used for both large stakes and also for any plays that could result in jackpot payouts.
On wundaflip, this means that on-chain randomness is used on winning streaks of 0-7 and VRF for flips 8, 9, 10 and 11.
How does on-chain randomness work?
We use a simple time delay method whereby the outcome will be determined on a future blockhash. As the player must stake their bet prior to both the block and block hash being known, there is no way for them to determine or manipulate the result. A simple way to look at this process is that it’s similar to sports betting where the player must guess the final score prior to the game being played.
What if the player is also the miner/validator?
As we do not determine the fulfillment block until the stake is made, a malicious miner/validator would need to be able to control an arbitrary future block at will in order to control the result. We fulfill bets at anywhere from block n+2 up to block n+5.
What if the house is malevolent?
The house cannot control the choice made by the player. The house also has no control over which future block is used for the result fulfillment, or any control over the transactions that make up that block and ultimately determine the blockhash.
What if I make two bets in the same block with different wallets, will they have the same result?
No. We use two methods to ensure each game is unique. Firstly we choose the result block during the play function call, which can be anywhere from block n+2 to block n+5. Secondly, the result is determined using the blockhash and the wallet address as a seed; as each wallet is different, the result will be unique for each invocation. In the case of a coin flip: two individual wallets may generate the same result on one flip, and different results on the next (therefore, the divide and conquer brute force strategy would not work).
Why not use a Wundaflow workflow to generate randomness instead of using Chainlink VRF?
While we absolutely could use our own RNG, it would go against our core values of transparency and auditable fairness. While we would never do so, using our own RNG would, theoretically, afford us the opportunity to tamper with outcomes and this would completely erode player trust in the games. We do plan to offer an RNG solution as part of Wundaflow in the future, but we cannot and will not use this ourselves for the reasons outlined above.