★ HOLDERS: 0·★ FEE POOL: 0.000 SOL·★ VAULT: 0 slabs·★ VAULT VALUE: —·★ NEXT DRAW: at $100k mcap·★ GRAILS WON: 0·★ MARKET CAP: launch soon·★ HOLDERS: 0·★ FEE POOL: 0.000 SOL·★ VAULT: 0 slabs·★ VAULT VALUE: —·★ NEXT DRAW: at $100k mcap·★ GRAILS WON: 0·★ MARKET CAP: launch soon·★ HOLDERS: 0·★ FEE POOL: 0.000 SOL·★ VAULT: 0 slabs·★ VAULT VALUE: —·★ NEXT DRAW: at $100k mcap·★ GRAILS WON: 0·★ MARKET CAP: launch soon·★ HOLDERS: 0·★ FEE POOL: 0.000 SOL·★ VAULT: 0 slabs·★ VAULT VALUE: —·★ NEXT DRAW: at $100k mcap·★ GRAILS WON: 0·★ MARKET CAP: launch soon·

Provably fair

Fairness & verification

The winner is decided by a commit-reveal scheme we can't game and you can fully reproduce. Below is the exact algorithm, a live in-browser verifier, and the limits of what we can and can't do.

Commit

Before the window opens we publish only the SHA-256 hash of a secret 256-bit server seed on-chain. We are locked in.

Snapshot

At close we read every eligible token account at the finalized slot, convert each balance to tickets (50,000 $PRIZED = 1 ticket, minimum 1 to enter), and publish a Merkle root over the entries.

Reveal

We publish the original seed. Anyone checks SHA-256(seed) equals the committed hash.

Roll

We HMAC the seed with the Solana slot hash (unknown at commit) and draw id, then map it across the ticket-weighted holders.

Live verifier

verified test vector

This runs the real roll function in your browser against a known test vector (draw #242). If our math is honest, the output matches the published roll exactly.

serverSeedff5e7adbd3148cc0b0d123e4acd09e9d658b7511871ad781f3578da3dbd92ede

slotHashbe1c983c5a45ae9a6ef8a3c55dd67f065cfcd8633b2250c239d1fd24aecd303d

drawId242

expectedRolld9542483e1521be2cf1eff00c90f579e3a6f95771fa71efaf306e11576da73f2

Reference implementation

// roll = HMAC-SHA256(key = serverSeed, msg = slotHash || drawId) function roll(serverSeedHex, slotHashHex, drawId) { const mac = createHmac('sha256', Buffer.from(serverSeedHex, 'hex')) mac.update(Buffer.from(slotHashHex, 'hex')) mac.update(Buffer.from(String(drawId), 'utf8')) return mac.digest('hex') } // map roll into [0, totalWeight) and walk the weighted prefix sum function pickWinner(entries, rollHex) { const total = entries.reduce((s, e) => s + e.weight, 0n) const offset = BigInt('0x' + rollHex) % total let acc = 0n for (const e of entries) { acc += e.weight; if (offset < acc) return e.wallet } }

What we can't do

Change the seed after committing — the hash is on-chain first.
Pick the winner — the slot hash isn't known at commit time.
Hide holders — the snapshot + Merkle root are public.
Fake a payout — every airdrop is a real on-chain transfer.

What still needs trust

The operator hot wallet custodies slabs until airdrop.
Snapshot timing depends on RPC finality.
Collector Crypt valuations are third-party.
This is a demo UI — not audited, not legal advice.

Home Vault How it works History Fairness Holders FAQ

18+ only · Not financial advice · Lottery-adjacent, restricted in some regions · Pre-launch: $PRIZED is not live yet — draws begin automatically at $100k market cap · Vault cards are real Collector Crypt graded Pokémon assets.