Description
The contract README explicitly notes that the current winner selection uses env.prng(), which is not cryptographically secure enough for production fairness.
User Story
As a giveaway creator,
I want to select winners using stronger randomness,
so that participants cannot predict or influence the result.
Requirements and Context
- Files:
contracts/geev-core/src/giveaway.rs, contracts/geev-core/src/test.rs
- Replace ledger PRNG winner selection with a stronger randomness source or commit-reveal pattern
- Preserve the existing giveaway lifecycle and winner indexing logic
- Keep tests for deterministic verification
Suggested Implementation
// WINNER SELECTION
// 1. Replace env.prng().gen::<u64>() with a stronger entropy source.
// 2. Use the entropy to compute the winner index.
// 3. Preserve giveaway status transitions and event emission.
Acceptance Criteria
Submission Guidelines
- Branch:
feat/secure-giveaway-randomness
- Depends on: existing giveaway lifecycle
- PR:
feat(contracts): harden giveaway winner randomness
Description
The contract README explicitly notes that the current winner selection uses
env.prng(), which is not cryptographically secure enough for production fairness.User Story
As a giveaway creator,
I want to select winners using stronger randomness,
so that participants cannot predict or influence the result.
Requirements and Context
contracts/geev-core/src/giveaway.rs,contracts/geev-core/src/test.rsSuggested Implementation
Acceptance Criteria
Submission Guidelines
feat/secure-giveaway-randomnessfeat(contracts): harden giveaway winner randomness