I found that the Chainlink VRF do not really support all the networks.
So, I am considering to use off-chain and make my oracle to generate random number.
I have a vague idea just down below
- Create a Js file that create random number once a specific event received from target smart contract.
- Running the file on digital ocean ($5 monthly)
- User executes "requestRandomNumber" function, the function will emit the event that the JS file will listen to.
- Once the JS file listen to the event, it will create random number and send a transaction to store random number to the smart contract that user interacted with.
- User can interact with "getRandomNumber" function to see the random number.
I found that Crypto.getRandomValues() is safer than Math.rand() in JS.
So I am going to use Crypto.getRandomValues() to create a random numnber.
However, I am wondering if there is securities vulnerabilities of my idea?
If so, Would you please let me know what to improve ?
Is digital ocean the best option to run my js file 24/7 ?
Is there any free server?
Best Answer
It's much easier to create 'good' randomness off-chain. So you have lots of options to choose from off-chain.
The difficult part is getting that randomness on-chain in a trustless manner. With your solution, users have to trust that you provide good randomness and don't cheat. The point of Chainlink's solution is that the system is as trustless as possible.
Furthermore, what happens if your backend service is offline? Or someone infiltrates it?
You should probably ask about hosting options in some other forum.