Devnet

Test funds only. Transactions are not real.

Proof of Chance

AI Audit Flow

How to use AI to audit the complete lottery lifecycle end-to-end.

Overview

The AI Audit Flow helps verify lottery integrity using on-chain evidence and deterministic winner recomputation.

Important Disclaimer

AI assistants provide analysis assistance only. Final trust must come from on-chain data and reproducible calculations.

TLDR: Audit With AI

  1. Open a settled lottery and click Audit
  2. Export the audit package (events + accounts)
  3. Ask AI to recompute the draw from reveal-included participants and tickets

The Audit Flow

┌──────────────────┐     ┌──────────────────┐     ┌──────────────────┐
│    Gather        │────▶│    Prepare       │────▶│    Query AI      │
│   On-Chain Data  │     │   Audit Package  │     │   with Evidence  │
└──────────────────┘     └──────────────────┘     └──────────────────┘

Step-by-Step Guide

Step 1: Open the Audit Modal

  1. Navigate to a settled lottery
  2. Click the Audit button
  3. Review event sequence and account snapshots

Step 2: Validate Event Sequence

Event TypeWhat to Check
Lottery CreatedParameters and windows are sane
Tickets PurchasedTicket totals and commitments are present
Upload Phase BeganUpload timing is valid
Attestation SubmittedVotes and attestation counts match
Reveals UploadedReveals match commitment hashes (when attesters exist)
Winners FinalizedWinners and merkle data finalized
Payouts CompleteAmounts and recipients are correct

Step 3: Ask AI Deterministic Questions

Use prompts like:

1

Verify Commitments

"Given these reveals (if present), verify each reveal hashes to the stored proof_of_chance_hash."

2

Recompute Seed

"Sort reveal-included participants by wallet, then recompute seed chain from (wallet, tickets_bought) and lottery header fields plus poc_aggregate_hash."

3

Recompute Draw Rounds

"For each round j, compute SHA256(0x494B494741495F5250445F56325F44524157 || seed || j_le64), modulo remaining tickets, and walk ticket ranges to select winners."

4

Validate Payout Commitment

"Recompute merkle root from (index, recipient, amount) winner tuples and compare with on-chain winners_merkle_root."

Human-Followable Draw Logic

Winner selection rule version: reveal-plaintext-draw-v2

  1. Sort reveal-included eligible participants by wallet bytes.
  2. Build deterministic seed from lottery fields + poc_aggregate_hash + participant (wallet, tickets) tuples.
  3. For each round, hash (seed + round) and modulo remaining tickets.
  4. Walk ticket ranges, select winner, remove winner, repeat.

No oracle or VRF dependency is required for reproducibility.

What to Look For

Green Flags ✅

  • Canonical wallet sorting is consistent
  • Seed recomputation matches report seed
  • Round-by-round modulo/ticket-range selection matches winners
  • Merkle root matches finalized winners/payout amounts

Yellow Flags ⚠️

  • Incomplete off-chain reveal evidence when attesters exist
  • Unclear participant list ordering in audit tooling
  • Missing commitment bytes for any winner candidate

Red Flags ❌

  • Winner cannot be reproduced from seed + ticket ranges
  • On-chain winners diverge from deterministic recomputation
  • Merkle root mismatch for finalized payouts

Edge Case: No Attesters

If attested_count == 0, winner finalization is rejected and refunds are issued via FinalizeNoAttesters. If attested_count > 0 but zero reveals are uploaded by deadline, refunds are also issued.

Beyond AI

For strongest assurance:

  1. Recompute the seed and rounds yourself from exported inputs
  2. Verify account snapshots directly from chain RPC/explorer
  3. Cross-check transaction signatures against emitted events

AI helps explain and accelerate audits, but chain data remains the source of truth.

Edit this pageLast updated: January 2026