Skip to main content
Solana VRF proofs are cryptographically bound to the input caller_seed and to MagicBlock’s VRF signer identity. Your callback enforces this with: 
#[account(address = ephemeral_vrf_sdk::consts::VRF_PROGRAM_IDENTITY)]
pub vrf_program_identity: Signer<'info>,
Only the official MagicBlock oracle can trigger the callback, preventing spoofed or manipulated results. Invalid proofs automatically fail, and other programs cannot front-run the request. MagicBlock Solana VRF checks for conditions like InvalidProof and Unauthorized so incorrect signatures or unauthorized callers are rejected before your game logic runs. The VRF program has a published audit, so treat that report as the source of truth before going live. Because everything executes inside the same deterministic ephemeral rollup that runs your game logic, the random value cannot be reused or delayed. For actionable integration guidance — seed selection, callback validation, and state management — see Best Practices.

Security & Audits

Read the audit report and security notes.

Solana VRF

Return to the Solana VRF overview.