Do you offer smart contract audits for San Francisco Bay Area startups?

Yes, VLN provides professional smart contract audits for Web3 startups and DeFi teams in San Francisco, Silicon Valley, and the greater Bay Area. We offer both remote and on-site engagements.

What types of blockchain security services does VLN offer?

VLN offers smart contract audits, EVM penetration testing, blockchain forensics and incident response, secure Solidity development consulting, and security training workshops for development teams.

How much does a smart contract audit cost?

Smart contract audit pricing starts at $2,000 for small contracts (under 500 lines), $5,000-$8,000 for medium projects, and $10,000+ for large or complex protocols. We offer a free 30-minute initial security scan.

← Blog•RNG Analysis•February 28, 2026•16 min read

RNG Manipulation Attacks: How Casino Platforms Get Exploited

Random Number Generation is the single most security-critical component in any gambling system. A flawed RNG doesn't just create unfairness — it creates an exploitable advantage that sophisticated attackers can turn into reliable profit at scale. This article documents five RNG attack classes VLN has encountered across on-chain and off-chain platforms.

RNG SecurityiGamingEVMBlock HashPRNGChainlink VRF

Block Hash Prediction (On-Chain)

CVSS 9.5 Critical

The most common on-chain RNG exploit. Smart contracts that derive game outcomes directly from `block.hash`, `block.timestamp`, or `block.prevrandao` are vulnerable to miner/validator manipulation and contract-to-contract prediction attacks.

Attack Mechanic

A malicious smart contract can call the gambling contract and read the same block hash that the RNG function will use. If the computed outcome is unfavorable, the attacker can revert their transaction — effectively getting unlimited free rolls until they win. Validators can also withhold blocks or orphan blocks to influence outcomes in high-value games.

Real-World Example

In 2019, the Fomo3D-style contract "LastWinner" was drained by an attacker who deployed a prediction contract that only executed bets when the computed block hash yielded a jackpot outcome. The attacker won the jackpot in under 50 attempts, bypassing the intended 1-in-1000 odds.

Defenses

01Never use block.hash, block.timestamp, or block.prevrandao alone as entropy
02Use Chainlink VRF v2+ for tamper-proof on-chain randomness with cryptographic proofs
03Implement a two-transaction commit-reveal with multi-party entropy contributions
04Add a minimum block delay between bet placement and outcome resolution

Commit-Reveal Bypass via Front-Running

CVSS 8.5 High

Commit-reveal schemes are a common defense against block hash prediction, but they introduce a new attack surface: front-running. If the reveal transaction is publicly visible in the mempool before it is mined, an attacker can compute the outcome and either front-run a winning bet or back-run to cancel a losing position.

Attack Mechanic

When the house reveals the random seed in the reveal phase, the reveal transaction sits in the mempool for 1–12+ seconds on congested networks. A monitoring bot can compute the winning outcome from the revealed seed and submit a higher-gas bet in the same block, ahead of other players, to capture the prize.

Real-World Example

A dice contract on BSC used a commit-reveal scheme but allowed bet modifications up until the reveal transaction was mined. A searcher bot monitoring the BSC mempool identified high-value reveal transactions, computed outcomes, and submitted maximum-size bets with 10x gas priority, consistently extracting expected value above statistical chance for 3 weeks before the team detected the pattern.

Defenses

01Lock all bet parameters at commit time — no modifications allowed after commit
02Use flashbots-style private mempools or PBS to hide reveal transactions
03Require the player's own signed entropy to be included in outcome computation
04Use a VRF oracle that delivers randomness asynchronously, not via user-initiated reveal

PRNG Seed Reconstruction (Off-Chain)

CVSS 8.8 High

Off-chain casino platforms using weak pseudo-random number generators (PRNGs) seeded from observable or predictable data — server time, session identifiers, or counter values — can be reverse-engineered once an attacker collects enough outputs to reconstruct the internal state.

Attack Mechanic

Many off-chain PRNGs (Mersenne Twister, LCG, PCG) have internal states that can be fully reconstructed from a small number of observed outputs. Once the state is known, all future outputs are deterministic. An attacker plays minimum bets, collects outputs, runs a state-recovery attack, then switches to maximum bets when a jackpot outcome is predicted.

Real-World Example

A licensed online poker platform was found to be seeding its PRNG with a millisecond-resolution Unix timestamp at session start. Two researchers demonstrated they could reconstruct the full deck order from the first three community cards dealt, allowing them to determine all hole cards and future streets. The bug was present for approximately 11 months before disclosure.

Defenses

01Use a CSPRNG (ChaCha20, Fortuna) seeded from OS-level entropy (/dev/urandom)
02Never expose raw PRNG outputs — apply one-way transformations before sending to client
03Re-seed the PRNG frequently from fresh entropy, never run a single seed for many outputs
04Use hardware security modules (HSMs) for entropy generation on high-value game servers

Timing Attack on Server-Side RNG

CVSS 7.5 High

Server-side RNG systems that generate randomness at a predictable time relative to the player request can be exploited by precisely timing API requests to align with favorable internal states — particularly when the RNG is called on a fixed schedule or when server clock leakage is possible.

Attack Mechanic

If a game server generates outcomes on a fixed-interval timer (e.g., every 50ms) and the network latency from a co-located attacker is measurable, the attacker can synchronize their bets to always hit specific time windows. Combined with weak seeding, even a few milliseconds of timing information can narrow the entropy search space dramatically.

Real-World Example

A mobile slots platform used a server-side PRNG that was re-seeded every 60 seconds based on the system clock. Players co-located in the same data center (via cloud VPS) could measure request latency to determine the approximate server clock offset, then calculate the current seed epoch and predict high-payout spin windows with 30–40% accuracy above chance.

Defenses

01Decouple RNG generation from client request timing using pre-generated outcome queues
02Add jitter to RNG calls so they don't occur on predictable intervals
03Monitor for statistical deviation from expected outcome distributions per player session
04Rate-limit API endpoints to prevent high-frequency sampling attacks

Chainlink VRF Misconfiguration

CVSS 7.0 High

Chainlink VRF is widely adopted as a secure on-chain randomness source, but incorrect integration patterns can reintroduce vulnerabilities — particularly around fulfillment callback security, subscription management, and the handling of VRF responses in multi-round game logic.

Attack Mechanic

Common integration mistakes include: (1) accepting VRF callbacks from unverified callers; (2) using a single VRF request for multiple game outcomes without separation; (3) allowing bets to be placed after a VRF request is submitted but before it is fulfilled, enabling front-running of known-pending randomness; (4) using requestIds as game state keys without collision-resistance validation.

Real-World Example

An NFT-based battle game used Chainlink VRF v1 but accepted the fulfillRandomWords callback from any address — not just the registered VRF coordinator. An attacker deployed a contract that called the fulfillRandomWords function directly with a crafted randomness value, setting the battle outcome for any pending game to their preferred result.

Defenses

01Always restrict VRF callback acceptance to the registered Chainlink VRF Coordinator address
02Use separate VRF requests per game round — never share randomness across multiple outcomes
03Lock bet acceptance windows before VRF request and after fulfillment only
04Upgrade to Chainlink VRF v2+ with subscription management and proof verification

The RNG Security Bottom Line

Every attack class documented above has been observed in production systems — not theoretical exercises. The common thread is that RNG security is treated as an afterthought: developers choose the first available randomness source, don't model adversarial interaction with the commit-reveal flow, and don't instrument their systems to detect statistical deviation from expected outcomes.

VLN's RNG analysis service covers cryptographic quality assessment, entropy source evaluation, output distribution testing, and adversarial modeling of all bet-placement and outcome-resolution flows — both on-chain and off-chain.

Is Your RNG Vulnerable?

VLN conducts dedicated RNG analysis and provable-fairness audits for on-chain and off-chain iGaming platforms. Get a scoped assessment before adversaries do it for you.

Get RNG Audit→

View All Services