How to Play

A 6-digit secret code is locked inside the vault. Your goal is simple: guess the code and win 1,000,000 $BLUFF tokens.

The code is generated server-side, hashed with SHA-256, and never exposed to anyone — not even the frontend. Every guess is evaluated on the server using constant-time comparison to prevent timing attacks. This is a fair game.

Each vault lasts 7 days. If nobody cracks it, the prize rolls over to the next vault.

Enter a 6-digit code (000000–999999). After each guess, you get feedback:

You also see how many digits are correct position and how many are correct but wrong position — use this to narrow down the code.

Each guess costs 1 guess attempt. When you run out, earn more through tasks below.

Every guess from every player feeds into the public Hint Board. The actual guessed code is hidden (shown as "????"), but you can see the feedback: how many correct positions and correct digits each guess had.

Use this to your advantage — if someone got 3 correct positions, the code is almost cracked!

The Heat Meter shows how close the community has gotten to cracking the vault. It tracks the best guess so far — the most correct positions anyone has achieved.

We take fairness seriously:

• The vault code is never sent to the browser
• All guesses are evaluated server-side with constant-time comparison
• Guess balance is tracked atomically in the database — no double-spending
• Rate limiting prevents brute-force attacks (1 guess per 10 seconds)
• All authentication uses SIWE (Sign In With Ethereum) — your wallet is your identity

• One account per wallet address. Multi-accounting may result in a ban.
• Automated guessing tools, bots, or scripts are prohibited.
• The $BLUFF prize is distributed on-chain to the winner's connected wallet.
• We reserve the right to modify game rules, reset vaults, or adjust prizes at any time.
• Play responsibly. This is a game — have fun!