System Architecture Overview

Luck.io’s system comprises a Solana on-chain backend (the Proov Protocol) coupled with Luck.io’s off-chain game servers and web interface. The architecture can be summarized as follows:

• Proov On-Chain Programs: The core of Luck.io’s casino operations runs on two Solana smart contracts provided by Proov[4]:

• Vault Program – an on-chain vault that escrows player funds during gameplay. Players deposit SOL or SPL tokens into the Vault (also referred to as a “bankroll contract”), which locks funds and later releases payouts or burns losses according to game outcomes[11]. The vault holds the pooled bankroll and, if necessary, a cold reserve for large payouts[25][26].

• Slot (Game) Program – an on-chain program that interfaces with games, tracking bets and outcomes. It records metrics like total wagered/won and triggers settlement by instructing the Vault to credit or debit player balances based on game results[12]. This program does not contain the full game logic for determining wins; it relies on inputs from the off-chain game engine.

• Decentralized VRF Oracles: Randomness is sourced via Proov’s VRF (Verifiable Random Function) network. When a player places a bet, a request is sent to multiple off-chain oracle nodes (run by Proov/Luck.io) which generate a random seed and return a signed VRF output on-chain[1][2]. The VRF uses Ed25519 cryptographic signatures to allow anyone to verify that the random number is authentic and unmodified[6]. In theory, this provides provably fair entropy recorded on-chain for each bet.

• Luck.io Off-Chain Game Engine: The actual game outcome logic – e.g. slot reel generation, card draws, Plinko paths, etc. – is executed by Luck.io’s backend servers using the VRF random seed as input[42]. The mapping from random input to win/lose result occurs off-chain in proprietary code. Once the outcome is determined, the result (win amount, if any) is sent to the on-chain Slot program, which instructs the Vault to pay the player or update balances accordingly[11][12]. The user’s web client only sees the front-end result but can theoretically cross-verify the randomness on-chain.

• Player Wallet and UI: Players interact via Luck.io’s web interface, connecting a Solana wallet. A user session begins by depositing tokens into the on-chain Vault (via a transaction the user signs). The casino front-end then lets the user place bets, which are authorized by the user (often via an off-chain signature for convenience) and relayed to the backend. Each bet triggers an on-chain VRF request and, after the outcome is resolved, the smart contracts handle payout from the Vault to the user’s wallet automatically if the user wins[24]. Withdrawals of remaining balance are done on-chain from the Vault back to the user’s wallet on demand.

• Administrative Keys & Upgrade Authority: The deployment is currently not trustless in terms of governance. The Luck.io/Proov team retains upgrade or admin authority over the Solana programs (as is common for upgradable Solana programs), though details are not publicly disclosed[30]. Likewise, the VRF oracle nodes are permissioned by the team. There is no indication of a DAO or external governance controlling contract upgrades, parameter changes, or oracle operations[31][32].

This architecture provides non-custodial fund management and transparent randomness on-chain, but it centralizes control over game logic and critical configuration. The following sections analyze the implications and risks in each area.