Trust

Fairness and Safety

Last Pixel is engineered so that nobody, including the team behind the platform, can predict or manipulate the outcome of a grid round or a PackDraw opening.

Provably fair: Pixel Grids

Every pixel grid round on Last Pixel is resolved using our provably fair database algorithm. The target round seed is recorded on the round before the algorithm runs, so the source of randomness is locked in publicly long before the result exists.

  1. Announce. When a round opens, the upcoming round seed is pre-announced on the round and timestamped.
  2. Wait. Players keep buying pixels until the round closes - either by selling out or by hitting its scheduled close.
  3. Reveal. Once the announced seed is committed, we feed it together with the round id into the provably fair database algorithm and compute parseInt(seed, 16) % totalPixels to deterministically pick a single pixel index.
  4. Pay out. The owner of the winning pixel receives 50% of the round revenue as the prize pool, plus free PackDraw tickets.
  5. Archive. The result is stored in the Winners Hall with the round seed, the algorithm output, the winning pixel and the winner.
winningIndex = parseInt(seed, 16) % totalPixels

Same seed, same total pixels, same answer - every time. Anyone with a calculator and the published round seed can recompute the winner.

Provably fair: PackDraw

PackDraw uses the same anchor as the grids. When you open a box, the server reads the latest committed seed from the provably fair database algorithm, mixes it with your user id, the box id, a 16-byte cryptographic nonce and the current timestamp, then digests the lot with SHA-256. Two independent floats are derived from the digest: one picks the prize bucket according to the published odds, the other picks the prize value uniformly inside that bucket.

  1. Read the seed. The PackDraw open endpoint requests the latest seed from the provably fair database algorithm using the same helpers used to resolve grid winners.
  2. Mix. userId, boxId, nonce, timestamp and the algorithm seed are concatenated and digested with SHA-256.
  3. Pick a bucket. The first 13-hex slice of the digest is converted to a float in [0,1) and walked across the cumulative probabilities of the box odds table.
  4. Pick the prize. The second slice picks a uniform value in the chosen bucket between its prize_min and prize_max.
  5. Credit. The prize is credited to your USD balance the moment the reveal animation finishes.
mix    = SHA256(userId + boxId + nonce + timestamp + seed)
bucket = walk(odds, floatFrom(mix[0:13]))
prize  = lerp(bucket.min, bucket.max, floatFrom(mix[13:26]))

The odds tables for every box tier are public and admin-editable in real time on the admin panel. The fallback when the provably fair database algorithm is temporarily unreachable uses crypto.randomBytes(32), so the prize is still uniformly drawn from the same odds table - only the external anchor is temporarily missing.

No manipulation possible

Because every outcome ultimately depends on the provably fair database algorithm, no human, no script and no admin can decide who wins. For grids, the seed is announced before it is committed, so we cannot wait to see the output and pick a favourable round size. For PackDraw, the user id, nonce and timestamp are combined with the seed, so even rolling the same box multiple times in the same second yields independent results.

Admins can pause a raffle or adjust PackDraw odds going forward, but they cannot retroactively change a result. The archive snapshots for every grid round are immutable JSON blobs and the prize commissions table has a primary key on the round id, so duplicate webhooks can never double-pay.

Public source of randomness

  • Every grid round announces a future round seed before the provably fair database algorithm runs.
  • Every PackDraw opening uses the latest committed seed from the provably fair database algorithm as its anchor.
  • Round seeds are produced by our public provably fair database algorithm, not by any opaque partner.
  • Every algorithm output is universally observable on any round detail page.

Verifiable winner formulas

  • Grid: winningIndex = parseInt(seed, 16) % totalPixels.
  • PackDraw: SHA-256(userId + boxId + nonce + timestamp + seed).
  • Same inputs always produce the same outputs - the math is deterministic.
  • Anyone can recompute either result with a calculator and the public round seed.

Account and data security

  • Authentication is handled by Supabase Auth with email and password.
  • Sessions are managed via httpOnly cookies that client-side scripts cannot read.
  • Row-level security ensures every user can only access their own records.
  • The service-role key never leaves the server runtime.

Transparent operations

  • Every completed grid round is permanently archived with its round seed, algorithm output and winner.
  • PackDraw odds tables for every box tier are publicly visible and admin-editable.
  • Live counters on the home page show aggregated, anonymised totals.
  • Admin actions never touch winner selection - they only manage user reports.

Verify it yourself

  1. Open the Winners Hall and pick any past round. Note the grid width, the announced round seed and the recorded algorithm output.
  2. Open any public round detail page on Last Pixel and look up that round seed. Confirm the algorithm output matches the one we archived.
  3. Compute parseInt(seed, 16) % totalPixels and map the result to (x, y) coordinates using x = index % width, y = floor(index / width).
  4. Compare to the winner pixel recorded on the archive page. The coordinates will match exactly.

The Winners Hall and the raffle archive are both public, so you do not even need an account to perform the verification.

Transparency reports

Three public surfaces let anyone audit the platform in real time:

  • Winners Hall

    Every revealed grid round with the winning user, the prize amount, the round seed and the provably fair database algorithm output.

  • Raffle archive

    Every completed raffle draw with the winner and the date the random draw was performed.

  • PackDraw odds

    Each box tier exposes its full odds table, including the prize buckets, the probabilities and the jackpot value.

  • Live stats

    The home page renders live, anonymised counters for users, rounds, prizes paid and total packs opened.

Security checklist

  • HTTPS enforced site-wide.
  • Strict Content Security Policy in production.
  • Database row-level security (Supabase RLS).
  • Server-only service role key, never exposed to the browser.
  • Oxapay webhook signatures verified on every callback.
  • httpOnly session cookies that mitigate XSS theft.
  • Atomic SECURITY DEFINER RPCs for every balance mutation.
  • Idempotent referral and prize commission payouts.

Found something?

We welcome responsible disclosure. If you spot a security issue, please contact us privately first so we can patch and protect users.