"Pure RNG promises nothing. A shuffled deck promises everything - eventually."
When designing the reward system for active users at SolChekers, we hit a classic Web3 wall.
Usually, projects just roll a digital dice. You get a 1% chance to hit a jackpot on every action. Mathematically, it’s completely fair. Psychologically, it’s a disaster.
With pure independent probabilities, a dedicated user could perform 500 actions and win absolutely nothing, simply because they hit the bad end of the variance curve. That means frustration, churn, and a flooded support inbox.
We needed a system that offered guarantees. So, we killed the dice and brought in the Card Deck.
The Concept: Decks over Dice
Instead of generating a random number on the fly, we assign each user a personalized virtual "deck" of cards. The deck's composition is based on their activity tier.
If there is one Flush (Jackpot) card in a 10-card deck, pure RNG cannot guarantee you'll roll it in 10 tries. A deck does. You are guaranteed to hit it; the only mystery is when.
Here is how we built this pattern in Rust.
1. The Deck State
Every deck tracks its remaining cards, the user's current session strength (Tier), and a soft-pity counter (bad_streak).
use rand::{Rng, rngs::StdRng, SeedableRng};
use sqlx::Row;
/// A user's personal deck. Each card represents one future outcome.
/// When empty, the deck is reshuffled — guaranteeing the user *will* win,
/// just not when. Pure RNG can't promise that.
#[derive(Debug, Clone)]
struct Deck {
cards: Vec<Card>, // remaining cards, FIFO
cursor: u16, // position for tamper-proof commit
tier: Tier, // current "session strength"
bad_streak: u8, // soft-pity counter
}
#[derive(Debug, Clone, Copy, PartialEq, Eq)]
enum Card { Crumbs, Small, Medium, Good, Flush, Reserve, Buffer }
#[derive(Debug, Clone, Copy)]
enum Tier { Tiny, Small, Medium, Big, Whale }
2. Rebuilding and Drawing
When a deck runs out, we build a new one. If a user has a long bad_streak (too many empty draws), we bump up their Tier to inject better cards into their next shuffle.
impl Deck {
/// Build a fresh deck with composition shaped by tier and pity.
/// Higher tier → more "Good"/"Flush" cards. Long bad streak → upgrade tier.
fn rebuild(tier: Tier, bad_streak: u8, rng: &mut impl Rng) -> Self {
// The exact mix is the secret sauce — left abstract on purpose.
let mut cards = compose_deck(tier, bad_streak);
shuffle(&mut cards, rng);
Self { cards, cursor: 0, tier, bad_streak: 0 }
}
/// Draw the next card. The deck *commits* to its remaining future
/// the moment it's shuffled — players can't reroll, can't skip.
fn draw(&mut self) -> Option<Card> {
let c = self.cards.pop()?;
self.cursor += 1;
Some(c)
}
}
3. The UI Twist: Showing the Future
Because the deck is finite and already shuffled, the system actually "knows" the user's future. This unlocks a killer UI feature: *Expected Value (EV) Remaining.
*
Instead of just showing users what they’ve already won, we can show them the mathematical value currently trapped inside their remaining deck. It’s an incredibly powerful retention hook.
impl Deck {
/// Expected value of *what's left*. A deck knows its own future.
fn ev_remaining(&self, pool: u64) -> u64 {
self.cards.iter().map(|c| card_value(*c, pool)).sum::<u64>()
/ self.cards.len().max(1) as u64
}
}
- Atomic Execution (The Ledger)
In Web3, distribution logic has to be bulletproof. The prize pool, the deck state, and the ledger must move together atomically. We use
sqlxto lock the rows and ensure idempotency. No race conditions, no double spends.
/// One lottery event — atomic and idempotent.
/// The pool, the deck, the ledger: all move together or not at all.
async fn deal_card(
db: &sqlx::PgPool,
user_id: i32,
activity: u64,
source_id: &str,
) -> anyhow::Result<Outcome> {
let mut tx = db.begin().await?;
// Lock the row to prevent concurrent draws
let row = sqlx::query(
"SELECT deck, cursor, tier, bad_streak, pool_balance \
FROM lottery_state WHERE user_id = $1 FOR UPDATE"
)
.bind(user_id)
.fetch_one(&mut tx)
.await?;
let mut deck = decode_deck(&row);
let pool: u64 = row.get::<i64, _>("pool_balance") as u64;
// Empty deck = a fresh promise. Tier may shift based on activity.
if deck.cards.is_empty() {
let mut rng = StdRng::from_entropy();
let tier = upgrade_tier(deck.tier, deck.bad_streak, activity);
deck = Deck::rebuild(tier, deck.bad_streak, &mut rng);
}
let card = deck.draw().expect("just rebuilt");
let prize = card_value(card, pool);
// Pity accumulates on weak draws — feeds back into tier upgrades.
deck.bad_streak = if prize == 0 { deck.bad_streak + 1 } else { 0 };
sqlx::query(
"UPDATE lottery_state SET deck = $1, cursor = $2, tier = $3, \
bad_streak = $4, pool_balance = pool_balance - $5 \
WHERE user_id = $6"
)
.bind(encode_deck(&deck))
.bind(deck.cursor as i32)
.bind(deck.tier as i32)
.bind(deck.bad_streak as i32)
.bind(prize as i64)
.bind(user_id)
.execute(&mut tx)
.await?;
// Replay-safe ledger: same source_id = same outcome, always.
sqlx::query(
"INSERT INTO ledger (user_id, card, amount, source_id) \
VALUES ($1, $2, $3, $4) ON CONFLICT (source_id) DO NOTHING"
)
.bind(user_id)
.bind(format!("{:?}", card))
.bind(prize as i64)
.bind(source_id)
.execute(&mut tx)
.await?;
tx.commit().await?;
Ok(Outcome {
card,
prize,
ev_remaining: deck.ev_remaining(pool) // Revealing the future to the UI
})
}
struct Outcome {
card: Card,
prize: u64,
ev_remaining: u64,
}
The Takeaway
The crypto space can feel like a chaotic casino. But by applying strict, pedantic engineering principles-what I call the disciplined degen approach-you can build systems that are reliably fair.
The Card Deck pattern completely eliminates the "infinite loss" problem. Users are no longer fighting variance; they are actively playing out a guaranteed set of rewards, earning better decks through their engagement.
How are you handling fair RNG and user retention in your Web3 stacks? Drop a comment below, or let's argue about the Rust borrow checker.