← Transparency

Chain Integrity Verification

Independently verify every transaction hash — no trust required.

How verification works

Every transaction contains a SHA-256 hash computed from:

// Hash input format

<tx_id>|<x>,<y>|<seller_id>|<buyer_id>|<unix_epoch>|<price>|<prev_hash>

Each hash also includes the previous transaction's hash, forming a chain. Altering any record would invalidate every hash that follows it — this is verifiable without any server.

This verification runs entirely in your browser using the Web Crypto API. It downloads all transactions from Supabase and recomputes every hash locally.

🔗

Ready to verify

This may take a few seconds for large chains.

Reproduce a hash yourself

You can verify any single transaction hash with this JavaScript snippet (Node.js or browser):

async function verifyTx(tx) {
  const input = [
    tx.id,
    `${tx.pixel_x},${tx.pixel_y}`,
    tx.seller_id ?? 'genesis',
    tx.buyer_id,
    Math.floor(new Date(tx.created_at).getTime() / 1000),
    tx.amount_paid,
    tx.prev_hash
  ].join('|');

  const data = new TextEncoder().encode(input);
  const buf  = await crypto.subtle.digest('SHA-256', data);
  const hex  = Array.from(new Uint8Array(buf))
    .map(b => b.toString(16).padStart(2, '0')).join('');

  return hex === tx.integrity_hash; // true = valid
}

Admin restrictions

  • • Admins have no database policy allowing them to UPDATE or DELETE transactions.
  • • The integrity hash is set by a server-side SECURITY DEFINER trigger — it cannot be overridden by client code.
  • • All admin moderation actions (pixel deletions, user bans) are permanently logged in the public admin log.
  • • Even if an admin deletes a pixel, the pixel_history and all transactions remain untouched.