Dev update on Hive Scratchit, the instant scratch card game I'm building on Hive. This round was focused on authentication, fairness, and a complete frontend redesign.
Keychain + HiveSigner Auth
The site now supports both Hive Keychain and HiveSigner for login. Keychain users sign a timestamped message with their posting key, which the server verifies against on-chain key authorities using @hiveio/dhive. HiveSigner goes through the standard OAuth flow.
Improved Hashing Algorithm
The outcome hashing algorithm has been significantly improved. Scratch card results are still deterministic and verifiable after purchase, but the seed now incorporates additional entropy that makes outcomes impossible to predict ahead of time. The hash runs through multiple iterations of SHA256 for added security.
RTP Transparency
The card types API now returns an rtp (Return to Player) field so players can see exactly what to expect:
| Card Type | Price | Win Rate | RTP |
|---|---|---|---|
| Lucky 7s | 1 HIVE | 25% | 70% |
| Gold Rush | 3 HIVE | 20% | 68% |
| Diamond Dreams | 5 HIVE | 18% | 65% |
Rate Limiting
Added express-rate-limit with tiered limits across the API to prevent abuse. Auth endpoints are more restrictive than general endpoints.
Frontend Redesign
Completely rebuilt the frontend from scratch. The old cyberpunk theme has been replaced with a clean, minimal design: dark zinc palette, Inter typeface, subtle borders and shadows, no animations beyond basic transitions. The whole thing feels faster and more readable now. All the same functionality is there (card purchasing, verification, winners feed, multi-card quantity selector), just without the visual noise.
Tests
Added 54 new tests covering auth logic, input validation, hashing, RTP accuracy, and provably fair verification. 100 tests across 6 suites, all passing.
Check it out at hive-scratch.com. Feedback welcome.