CODEWITHSUNDEEP
soliditysmartcontractsnft
Noah B
Noah B

Reputation: 47

How to prevent Users from calling my Smart Contract Function While still being able to call it in my dApp

I'm currently working on a Web3 Game and I need a function to give the player some coins. However I know that Smart Contracts are easily accessible. From what I understand I can not use onlyOwner as I want to call it from my Dapp, where other users would be connected that are not the contract owner.

// Add Coins to an Account
function addCoinsToAccount(uint256 tokenId, uint256 coins)
    public
{
    // Add Coins to Account
    attributes[tokenId].coins += coins;
}

I was going to use a SecretPassword Method However after reading this I now see even this is easily hackable. https://medium.com/coinmonks/a-quick-guide-to-hack-private-variables-in-solidity-b45d5acb89c0

If anyone knows how I could accomplish this it would mean a lot! Thank you for taking the time to help me.

Upvotes: 1

Views: 701

Answers (2)

chixx.eth
chixx.eth

Reputation: 36

u can sign with a private key in the backend so only user who are "whitelisted" can redeem the coin.

Upvotes: 1

Yilmaz
Yilmaz

Reputation: 49551

You could have a Request struct:

struct Request{
        string description;
        uint value;
        address payable recipient;
        bool complete;
    }

so when you need to send coins, you create an object set the complete false. You keep those requests in an array.

Request[] public pendingRequests;

// maybe add a modifier onlyPlayers can call this
function createRequest(string memory description, uint value, address payable recipient) public {
        // add require logic to decide who can call it
        // maybe players who are stored in a mapping, winnign certain rewards can call this. depends on your game
        Request memory newRequest=Request({
            description:description,
            value:value,
            recipient:recipient,
            complete:false,

        });
        pendingRequests.push(newRequest);
  }

then you create a finalizeRequests function that can be called by the admin only. Not necessarily the owner. you can add a function to decide who can be the admin. Then admin will go through the pending requests and mark complete property as true.

Upvotes: 0

Related Questions