A step-by-step tutorial of how to use Secret Network's randomness API to generate a coin flip
In this tutorial, you will learn how to access the randomness feature and use it with a smart contract that returns a truly random coin flip 🎉
For a detailed feature explainer head to the network technical documentation
In your Cargo.toml file, add secret-toolkit-storage 0.10.1:
What follows is a step-by-step tutorial of how to use Secret Network's randomness API to generate a coin flip (returning either 0 or 1) with true randomness. You can follow along and/or view the .
To consume the random number, you need to import the necessary dependencies in your contract.rs file in order to access the random number from the env parameter.
In your contract, import the necessary dependencies (these are already imported in the cloned repo):
In the contract's entry point (e.g., execute, instantiate, or query), you can access the random number from the env parameter:
The env and block_info structures are defined as:
Where random is 32 bytes and base64 encoded.
Below is a simple coin flip function that uses the randomness feature:
try_flip() uses the config function to update the state of the smart contract by flipping a coin and storing the result in the flip field in the state variable. Specifically, it generates a random number using the random field of the env.block object, which is an optional value representing the most recent block's metadata, and takes the modulo 2 to obtain a value of either 0 or 1. It then updates the flip field of the state variable to this value.
Now, let's compile, upload, instantiate, and execute the contract to see it in action!
To compile your contract, run make build-mainnet-reproducible
This returns the optimized contract wasm file, ie contract.wasm.gz
Upload and instantiate your contract to Secret Network testnet with the upload script .
If you would like to use your own wallet addres, be sure to update the .
Now that you have a contract address you can execute the coin flip with the randomness feature!
To flip the coin, update the and with your parameters and run:
And to query that it was successful, update the and with your parameters and run:
Congrats! In this step-by-step tutorial on creating a coin flip contract, you learned how to compile, upload, instantiate, and execute a contract on Secret testnet using Secret Network's randomness API to generate random numbers 🎉 For documentation on Secret VRF in a contract on another IBC-connected chain, .
[dependencies]
cosmwasm-std = { package = "secret-cosmwasm-std", version = "1.1.10" }
cosmwasm-storage = { package = "secret-cosmwasm-storage", version = "1.1.10" }
secret-toolkit-storage = "0.10.1"use cosmwasm_std::{Binary, Env, MessageInfo, Response, Result};#[entry_point]
pub fn execute(
deps: DepsMut,
env: Env,
_info: MessageInfo,
msg: ExecuteMsg,
) -> Result<Response, ContractError> {
match msg {
ExecuteMsg::Flip {} => try_flip(deps, env),
}
}pub struct Env {
pub block: BlockInfo,
pub contract: ContractInfo,
pub transaction: Option<TransactionInfo>,
}
pub struct BlockInfo {
/// The height of a block is the number of blocks preceding it in the blockchain.
pub height: u64,
pub time: Timestamp,
pub chain_id: String,
#[cfg(feature = "random")]
#[serde(skip_serializing_if = "Option::is_none")]
pub random: Option<Binary>,
}pub fn try_flip(deps: DepsMut, env: Env) -> Result<Response, ContractError> {
config(deps.storage).update(|mut state| -> Result<_, ContractError> {
let coin_flip = env.block.random.unwrap().0[0] % 2;
state.flip = coin_flip;
Ok(state)
})?;
deps.api.debug("flipped!");
Ok(Response::default())
}make build-mainnet-reproduciblecd node
npm i
node indexnode try-flipnode query-flipAn introduction to Secret VRF, a secure and verifiable random number generator
Secret Network's randomness API allows developers to access random numbers in their CosmWasm contracts, enhancing the capabilities of the platform. The randomness feature is accessible within Secret Contracts through the Env struct. It includes an optional random field, which contains a random number as a Binary type. The random field is only available when the "random" feature is enabled.
Randomness is essential in many applications, including:
Gaming and gambling platforms, where fair and unpredictable outcomes are crucial
Cryptographic systems that require secure random keys or nonces
Randomized algorithms for various use cases, such as distributed systems or optimization problems
The proposer for each block generates a strong, random seed inside SGX.
This seed is then included in the block header and signed by all validators who can verify its authenticity inside their SGX.
Secret Network's in-SGX light client prevents the proposer from simulating a block before all other validators sign it. Consequently, the proposer cannot gain maximal extractable value (MEV) by generating random seeds until they find a favorable simulation of the block.
Before calling the contract, the chain injects env.block.random = hkdf_sha256(block_random_seed + unique_contract_key + wasm_call_count).
Thus, each contract call gets a unique and secure derivative of the block seed so that nobody can deduce anyone else's secret.
Secret VRF provides perfectly private randomness. The env.block.random is secure enough to be used as a private key if needed. It cannot be deduced by anyone after the fact.
The contract's VRF value env.block.random cannot be reconstructed or seen outside of the contract execution (assuming the contract itself does not leak it).
The only place where the block VRF seed exists in plaintext is inside the enclave.
It is impossible to derive or access the block VRF seed outside the enclave. Even validators do not have access to the unencrypted seed once a block is committed.
This level of security enables developers to leverage env.block.random for cryptographic purposes, such as key generation, without worrying about external extraction or reconstruction.
However, contract developers must still exercise caution regarding key storage and handling. Proper security measures should be taken to ensure that even the contract admin cannot recover generated private keys if the use case requires it.
Each block has a unique and private (secure) VRF seed.
This seed is used to cryptographically derive a random value for each contract, ensuring that every contract instance receives its own secure randomness without revealing the original seed.
The VRF seed is not compiled into the contract. Instead, it is accessed through the Secret Network API, which is part of the core network code running inside the enclave.
Only the light client inside the enclave has access to the VRF seed. Any attempt by a bad actor to run modified code would result in their exclusion from the network, as they would not be able to decrypt or manipulate the seed.
By integrating this robust mechanism, Secret Network ensures that its VRF-based randomness remains secure, private, and resistant to external tampering.