This is a technical cryptographic audit. It is not a casino review, not a recommendation, and not an advertisement. No affiliate links, no promotional language, no “sign up” buttons. This document exists for one purpose: to answer the question “does this platform’s provably fair system actually work?” — with evidence.
We extracted every fairness-related JavaScript module from Degen.com’s production frontend, decompiled the algorithms, and verified their cryptographic correctness against established standards. We were granted explicit permission to publish this analysis.
Platform: Degen.com
Category: In-house games (“Originals”) only — third-party provider slots and live dealer are out of scope
Games audited: 14 (Dice, Limbo, Crash, Mines, Keno, Plinko, Roulette, Blackjack, Baccarat, Casino War, Baccarat Switch, Blackjack Switch, Double Down Madness, Stacks, Chicken Crossing)
Method: Static analysis of production JavaScript bundles extracted from the live site
Date: May 2026
Auditor: ProvablySmart Research Lab
Degen.com is a single-page application built with React and bundled with Vite. The entire frontend — including all fairness algorithms — is delivered as client-side JavaScript. This means the code that determines game outcomes runs in the player’s browser and is fully inspectable.
We identified and downloaded the JavaScript modules containing all fairness logic:
| Module | Size | Contents |
|---|---|---|
index-Bb1DGAvz.js (main) | 2.96 MB | Core HMAC primitives, all game-specific verifiers (Dice, Limbo, Crash, Roulette, Mines, Keno, Plinko, Stacks, Card Games). |
index-Bhe537iM.js (ProvablyFair page) | 91.5 KB | Full human-readable verification scripts (as template literals) and interactive step-by-step verification UI. |
The index-Bhe537iM.js chunk contains developer-written, commented verification scripts for all 14 games directly embedded in the code. This provides unparalleled transparency.
For each game, we verified:
Most modern crypto casinos standardize on HMAC-SHA256. Degen.com splits its architecture into two distinct models depending on the game type.
| Model | Trust Basis | Games | Randomness Source |
|---|---|---|---|
| A: HMAC-SHA512 | Commit-reveal of server seed + player-chosen client seed | 13 games (Dice, Limbo, Mines, Keno, Plinko, Roulette, Stacks, Chicken, all Card Games) | HMAC-SHA512(serverSeed, clientSeed:nonce:cursor) |
| B: Constant Client Seed | Server seed hash chain + globally shared client seed | Crash | HMAC-SHA256(serverSeed, Bitcoin Genesis Hash) |
13 of the 14 games depend on HMAC-SHA512. The core primitive from Degen’s codebase:
async function hmacSHA512(serverSeed, message) {
const key = await crypto.subtle.importKey(
'raw', new TextEncoder().encode(serverSeed),
{ name: 'HMAC', hash: 'SHA-512' }, false, ['sign']
);
const sig = await crypto.subtle.sign('HMAC', key, new TextEncoder().encode(message));
return bytesToHex(new Uint8Array(sig));
}Assessment: Correct. Uses the Web Crypto API (crypto.subtle), ensuring native, timing-attack-resistant cryptographic operations directly within the browser engine.
Note: The message format string is {clientSeed}:{nonce}:{cursor}. In single-outcome games (Dice, Limbo, Roulette), the cursor is replaced with a static string (e.g., "DICE" or "LIMBO"). This is valid and mathematically sound.
To convert the 64-byte hex string into a usable decimal number between 0 and 1, Degen uses a standard 32-bit floating-point extraction method:
function bytesToFloat(hash) {
const b = [0, 2, 4, 6].map(i => parseInt(hash.slice(i, i + 2), 16));
return b[0] / 256 + b[1] / 65536 + b[2] / 16777216 + b[3] / 4294967296;
}Assessment: Standard implementation (commonly seen in Stake-derived algorithms). It takes the first 4 bytes (8 hex chars) and maps them to a float with a precision of 1 in 4.29 billion.
Used by: Mines, Keno, Stacks, Chicken Crossing.
For games requiring a unique selection from a finite pool, Degen correctly implements a Fisher-Yates style rejection/splice algorithm. For example, in Mines:
let available = Array.from({ length: 25 }, (_, i) => i);
let mines = [];
for (let cursor = 0; cursor < mineCount; cursor++) {
const hash = await hmacSHA512(serverSeed, `${clientSeed}:${nonce}:${cursor}`);
const float = bytesToFloat(hash);
const index = Math.floor(float * available.length);
mines.push(available[index]);
available.splice(index, 1);
}Assessment: Textbook-correct implementation. The pool correctly shrinks (splice) ensuring no duplicate values are selected, yielding a uniform distribution.
Our cryptographic review uncovered a few mathematical deviations from absolute perfection.
In games like Roulette (37 outcomes) and Card Games (52 cards), Degen calculates the result by taking the 32-bit float and multiplying it directly:
Math.floor(float * 37)Because the maximum number of combinations (4,294,967,296) is not perfectly divisible by 37 or 52, a tiny phenomenon known as modulo bias is introduced. Some numbers have exactly a 1 in 4.29 billion higher chance of appearing than others.
Severity: Cosmetic. The bias (approx 2.33 × 10⁻¹⁰ per outcome in Roulette) is statistically undetectable. However, strict cryptographic best practice dictates using Rejection Sampling to eliminate this completely.
For Blackjack, Baccarat, Casino War, and Switch variants, Degen.com explicitly states they use an "Infinite Deck". Every card drawn is generated independently using the formula Math.floor(float * 52), without removing the drawn card from a virtual shoe.
Implication: Card depletion effects do not exist. It is entirely possible to see five or more Aces of Spades in a single round if enough cards are drawn across multiple hands. While mathematically fair (every draw has a 1/52 chance), this changes the traditional house edge and optimal basic strategy compared to real-world multi-deck shoes.
Severity: Informational. This is a game design choice, clearly documented in their fairness modal, rather than a cryptographic flaw.
Crash uses HMAC-SHA256 instead of HMAC-SHA512 and doesn't allow players to set their own client seed. Instead, the global client seed is the Bitcoin Genesis block hash. This is the exact same model used by BC.Game and Stake for Crash.
Severity: Informational. This is necessary for multiplayer games to ensure all players receive the same deterministic outcome.
| Game | Model | Extraction | Range | Bias |
|---|---|---|---|---|
| Dice | SHA-512 | floor(float × 10001) / 100 | 0–100.00 | Cosmetic Modulo Bias |
| Limbo | SHA-512 | (1 - House Edge) / float | [1.0, ∞) | Zero |
| Mines | SHA-512 | Fisher-Yates Splice | 25 positions | Zero |
| Keno | SHA-512 | Fisher-Yates Splice | 40 positions | Zero |
| Plinko | SHA-512 | float < 0.5 | {L, R} per row | Zero |
| Crash | SHA-256 | 2^32 / (h+1) × 0.99 | [1.0, ∞) | Zero* |
| Roulette | SHA-512 | floor(float × 37) | 0–36 (37 slots) | ~2.3×10⁻¹⁰ |
| Stacks | SHA-512 | Fisher-Yates (bust) + float (land) | Variable | Zero |
| Chicken Crossing | SHA-512 | Fisher-Yates Splice | Variable grid | Zero |
| Blackjack | SHA-512 | floor(float × 52) (Infinite Deck) | 52 cards | Cosmetic Modulo Bias |
| Baccarat | SHA-512 | floor(float × 52) (Infinite Deck) | 52 cards | Cosmetic Modulo Bias |
| Casino War | SHA-512 | floor(float × 52) (Infinite Deck) | 52 cards | Cosmetic Modulo Bias |
| Blackjack Switch | SHA-512 | floor(float × 52) (Infinite Deck) | 52 cards | Cosmetic Modulo Bias |
| Baccarat Switch | SHA-512 | floor(float × 52) (Infinite Deck) | 52 cards | Cosmetic Modulo Bias |
| Double Down Madness | SHA-512 | floor(float × 52) (Infinite Deck) | 52 cards | Cosmetic Modulo Bias |
* Crash applies a 1% house edge mathematically. This is transparent, not a bias in the RNG.
crypto.subtle API.value % N without rejection sampling in games like Roulette and Cards. Bias is negligible in practice but inconsistent with perfect bias elimination. Severity: Low.| ID | Recommendation | Priority |
|---|---|---|
| R1 | Add rejection sampling to Roulette and Card generation algorithms to perfectly eliminate modulo bias. | Low |
| R2 | Consider offering standard "shoe" based dealing for Card Games to appease traditional players. | Low |
Degen.com operates a highly secure and verifiably fair casino platform. Their client-side cryptographic architecture is robust, utilizing HMAC-SHA512 natively in the browser for almost all original games.
While purists might point out the minor modulo bias in certain games or the "infinite deck" mechanics in card games, none of these affect the fundamental fairness or trustlessness of the platform. Players can confidently verify their bets knowing the house has no backdoor to manipulate outcomes.
This audit was conducted independently by ProvablySmart Research Lab. The platform granted permission for source code analysis and publication. No compensation was received. No affiliate or commercial relationship exists between ProvablySmart and Degen.com. This document is provided for educational and research purposes only. It is not financial advice, not a gambling recommendation, and not an endorsement of any platform.
No. The server seed is committed via hash before the player bets. Changing the seed would change the hash, which the player can detect. Manipulation would require breaking SHA-512 preimage resistance, which is computationally infeasible.
When converting a uniform random 32-bit integer into a value within a range like 37 (Roulette) that does not evenly divide 2³², the naive approach gives slightly higher probability to some numbers. Rejection sampling discards invalid values and redraws, producing a perfectly uniform distribution. The bias from Degen's naive approach is astronomically small (approx 0.000000023%), making it a cosmetic flaw rather than an exploitable vulnerability.
Degen provides the exact Javascript logic required to verify bets within their Provably Fair modal. You can copy the code, input your server seed, client seed, and nonce, and run it in your browser console to independently confirm the outcome matches your game history.