SDK-SEC-1: Critical RNG Vulnerability Allowed Deterministic Outcome Manipulation in BetManager

A critical security vulnerability in the `BetManager.getBlockHash()` function allowed for the potential manipulation of random number generation in a commit-reveal gambling protocol. The flaw was not a typical bug but a systemic failure in the core security assumption: the function silently caught all errors, including node unavailability or unexpected data, and defaulted to returning a deterministic string, `'placeholder_block_hash'`. This transformed the supposed source of external entropy into a predictable value.

In this protocol, the block hash serves as the sole source of unpredictability controlled by the house. The function's error handling created a fatal condition. If a node was unreachable, the reveal phase would proceed using this known fake hash. Consequently, the calculation `SHA256('placeholder_block_hash' || secret)` becomes entirely deterministic. A player with knowledge of their own secret could, in theory, pre-select a secret that, when combined with the known placeholder, produces a cryptographic hash corresponding to a winning outcome, fundamentally breaking the game's fairness.

The fix removes the blanket try/catch, allowing node errors to propagate and fail the reveal explicitly. It also implements defense-in-depth by throwing a `BetError` for missing or empty block hashes and proactively rejecting known fake hash strings even if a compromised node returns them. This vulnerability underscores the extreme sensitivity of cryptographic gambling systems, where a single line of overly defensive code can collapse the entire security model by eliminating genuine randomness.