Conversation
jlucus
added
milestone: M2
|
review the merge conflicts and resolve them |
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 5c00fc0803
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| const value = view[0] / 0xffffffff; | ||
| return value; |
There was a problem hiding this comment.
In seededShuffle, value is calculated as view[0] / 0xffffffff, which can produce exactly 1 when the hash chunk is 0xffffffff. That makes j = Math.floor(rand * (i + 1)) evaluate to i + 1, an invalid Fisher–Yates index, so the shuffle can swap with an out-of-bounds slot and corrupt the permutation (e.g., introducing undefined values). This is rare but deterministic for specific seeds, so it can break fairness verification.
Useful? React with 👍 / 👎.
| const maxInsuranceBet = getMaxInsuranceBet(hand); | ||
| if (balance < maxInsuranceBet) { | ||
| return false; |
There was a problem hiding this comment.
canPlaceInsurance currently rejects players unless their balance covers the full getMaxInsuranceBet(hand), even though validateInsuranceBet accepts any positive amount up to that maximum. This creates inconsistent behavior where a bet amount can be valid by validator rules but impossible to place because eligibility fails first, blocking legitimate insurance bets for lower balances.
Useful? React with 👍 / 👎.
|
@codex resolve the problems: P1 Badge Clamp seeded RNG result to avoid out-of-range swap index In seededShuffle, value is calculated as view[0] / 0xffffffff, which can produce exactly 1 when the hash chunk is 0xffffffff. That makes j = Math.floor(rand * (i + 1)) evaluate to i + 1, an invalid Fisher–Yates index, so the shuffle can swap with an out-of-bounds slot and corrupt the permutation (e.g., introducing undefined values). This is rare but deterministic for specific seeds, so it can break fairness verification. Useful? React with 👍 / 👎. —- P1 Badge Clamp seeded RNG result to avoid out-of-range swap index In seededShuffle, value is calculated as view[0] / 0xffffffff, which can produce exactly 1 when the hash chunk is 0xffffffff. That makes j = Math.floor(rand * (i + 1)) evaluate to i + 1, an invalid Fisher–Yates index, so the shuffle can swap with an out-of-bounds slot and corrupt the permutation (e.g., introducing undefined values). This is rare but deterministic for specific seeds, so it can break fairness verification. Useful? React with 👍 / 👎. —- Resolve merge conflicts then update package lock and dependencies installed. Once passing finalize merge |
Summary
Testing
|
|
@codex clone staging and resolve the conflicts with this merge. In your branch commit the fixes and then merge them into staging |
Summary
Testing
|
|
@codex review and recommend what is required to finalize merge safely. |
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 5c00fc0803
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
|
|
||
| const view = new Uint32Array(hashBuffer); | ||
| // Convert first 4 bytes to number in range [0, 1) | ||
| const value = view[0] / 0xffffffff; |
There was a problem hiding this comment.
Dividing by 0xffffffff can return 1 when the first 32-bit word is 0xffffffff, which makes j = Math.floor(rand * (i + 1)) become i + 1 and causes an out-of-bounds swap that injects undefined into the shuffled output. This is rare but a real correctness bug in production shuffles and breaks permutation integrity when it occurs.
Useful? React with 👍 / 👎.
| const maxInsuranceBet = getMaxInsuranceBet(hand); | ||
| if (balance < maxInsuranceBet) { | ||
| return false; |
There was a problem hiding this comment.
canPlaceInsurance currently requires balance >= maxInsuranceBet, but validateInsuranceBet accepts any amount up to that max. This means players with a positive balance below half their original bet are blocked from placing a smaller valid insurance bet, creating inconsistent behavior between eligibility checks and bet validation.
Useful? React with 👍 / 👎.
|
|
||
| // Verify seed hash | ||
| try { | ||
| const calculatedHash = await hashSeed(proof.seed); |
There was a problem hiding this comment.
verifyShuffleProof assumes invalid seed formats will throw in the hash step, but hashSeed hashes arbitrary strings. A proof with a non-hex seed and matching hash can therefore be marked valid even though it is not a well-formed shuffle seed and cannot be used by seededShuffle, which undermines the function’s “well-formed proof” guarantee.
Useful? React with 👍 / 👎.
- Enforce seed hex format validation in verifyShuffleProof before hashing (P2: prevents accepting invalid seeds with matching hashes) - Use exclusive upper bound (0x100000000) for seeded RNG normalization to prevent out-of-bounds swaps (P1: fixes correctness bug when first 32-bit word is 0xffffffff) - Allow insurance when balance covers any valid bet amount instead of requiring balance >= maxInsuranceBet (P2: removes inconsistency between canPlaceInsurance and validateInsuranceBet)
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
3 participants
No description provided.