Games that implement in-game minting - can't a user simply mint items directly from explorer page?

Hypothetically, in games where players do challenges and then get rewarded with NFT items that they mint directly from within the game...

What is stopping players or even non-players from going to the explorer page for the smart contract and directly minting what they want?

Is there a workflow that acts as a 'gate' so that the only way to mint is from in-game itself?

any game that you got as an example?

1 Like

not sure but i intend to make one such game!

example, player clicks a button in-game that collects a 'weapon NFT'

this sends a 'mint weapon NFT' call to the smart contract which then presents player with the metamask page to approve transaction.

one workaround i thought of would be to include a passphrase from within the game code that gets input into the 'mint weapon NFT' call as well, which then gets checked at the contract level

i.e.
mint (address player, bytes32 passphrase) public {
require ( passphrase == "abc")
safemint (player, someWeaponNFTtokenID)
}

problem is that "abc" is openly visible to all on the blockchain!

would this concept work if the contract is not verified on the explorer?

Dont think so, someone dedicated enough would just reverse compile the code and extract the string. Or extract it from the games source code. Besides having unverified source code would be a pretty big flag for most users :sweat_smile:

Dont really know much about how blockchain based games work though, so cant offer a solution to that

1 Like

true but how i would implement this is the game contract will be a separate layer interfacing on top of the NFT contract. The main NFT contract can be exposed but the 'require' check will be on the hidden game contract

i was about to ask this. but couldn't the private key of an address used to sign transactions be reverse engineered too?

thank you for the replies though. lets see what others say.

no, at least not computationally feasible. Reverse engineering bytecode is quite different, because there is no cryptography involved

1 Like

a game i can think of is axie infinity. winning games earns the player SLP tokens. how this works in the backend im not too sure!

answering my own question here hehe :rofl: