AboutContactBlogGet in touch

6 min read

How to Secure Verifiable Random Numbers in Web3 Apps with Chainlink VRF?

Interested in generating passive income? Join our partnership program and receive a commission on each new client referral. Learn more.

Chainlink

Random numbers have been a problem since computers existed; you might think that using some random() function in your favorite programming language generates a truly random number, but all these methods are scientifically called pseudo-random generators. There have been cases when some heavily random dependent programs showed deterministic nature and included easily discernible patterns. With smart contracts and blockchain, the random numbers problem goes even further.

Random numbers can be mimicked on blockchain by hashing some unique data if your project is not heavily random number dependent. But if you distribute NFT-s and your product gains considerable community attention and attracts significant finances, you also become a target of "poor randomness" hackers.

Before diving into the solution that Chainlink presents, let's see why the problem of random numbers gets more complicated with blockchain.

The Problem With Random Numbers in Blockchain

Random numbers in Blockchain

We recently worked on TryHards, an NFT-based blockchain shooter powered by Polygon, where players play to earn. In TryHards, we pre-distribute game characters and game items for upcoming multiplayer games, so it is crucial to have industry-standard randomness while minting NFT items to fulfill considerable community demands. However, before we discuss how we managed to achieve that, let's first see how the blockchain works and where the problem with random numbers lies.

Independent peers operate blockchain; the principle is that if reproduced by anyone, each piece of smart contract code execution should be the same; this is how blockchain miners reach consensus.

If there was a native random number generation possibility in Solidity, the language used to implement smart contracts, every miner would come up with their random number for the same code execution, and the execution result would be different for everybody making it impossible ever to reach a consensus. For this reason, the nature of blockchain dictates that there will not be native random number generators in smart contracts.

Another option is outsourcing the random number generation outside of the blockchain. However, that force the users/developers to trust this centralized source of randomness. It would also introduce a central point of failure since there is a chance that the source can provide poorly randomized output, can be hacked, or the source owner can manipulate the blockchain in case of interest.

Dangers of Blockchain

There should be a way to produce verifiable random numbers in the following manner: first, your code requests a random number with your predetermined seed. Then someone provides randomness signed by a private key in the upcoming blocks by calling your contract back. Finally, the transaction is recorded on the blockchain and can be checked anytime with the public key and input data by reproducing the same random number. That's where Chainlink comes into play.

What Does Chainlink Do?

The Chainlink VRF (Verifiable Random Function) is a decentralized oracle network that blockchain developers use as a tamper-proof random number generator to build reliable smart contracts by producing a provably fair and verifiable source of randomness. The service might seem trivial, but having a fair and verifiable source of randomness is especially important for tasks that rely on unpredictable outcomes, such as NFTs, DeFi, or blockchain games, or choosing a representative sample for consensus mechanisms. It helps accomplish these tasks by enabling smart contracts to access randomness without compromising security or usability.

Chainlink VRF follows the Request & Receive Data cycle, which works like this: we send a request for a random number to an oracle in one transaction. Then Chainlink generates one or more random values and cryptographic proof of how these values were determined. Before any application can use it, the generated proof is published and verified on-chain. Chainlink ensures that the generated results cannot be tampered with by developers, oracle operators, miners, or users through this process. So then, in a second transaction, the oracle sends a response with the data back. To make this request to the oracle, our smart contract must be funded with enough LINK to pay the specified fee. The LINK token follows an ERC-677 token standard that is backward compatible with the popular ERC-20 token and contains some improvements that make working with oracles cheaper, easier, and much more efficient.

Efficient

Our Two Cents

Chainlink VRF is the most secure and safe source of fair and verifiable randomness for building reliable smart contracts necessary for any applications that rely on unpredictable outcomes. It's also quite convenient to work with since it's compatible with all the major networks. Plus, it is pretty easy to set up and integrate with your project. You can find all the details, best practices, and example contracts to get you started here: https://docs.chain.link/docs/chainlink-vrf/.

 

Author: Vakho Zardiashvili

Editor: Keti Getiashvili

Meet the authors

We are a 200+ people agency and provide product design, software development, and creative growth marketing services to companies ranging from fresh startups to established enterprises. Our work has earned us 100+ international awards, partnerships with Laravel, Vue, Meta, and Google, and the title of Georgia’s agency of the year in 2019 and 2021.

Contact us