example, player clicks a button in-game that collects a 'weapon NFT'
this sends a 'mint weapon NFT' call to the smart contract which then presents player with the metamask page to approve transaction.
one workaround i thought of would be to include a passphrase from within the game code that gets input into the 'mint weapon NFT' call as well, which then gets checked at the contract level
i.e.
mint (address player, bytes32 passphrase) public {
require ( passphrase == "abc")
safemint (player, someWeaponNFTtokenID)
}
problem is that "abc" is openly visible to all on the blockchain!
would this concept work if the contract is not verified on the explorer?
Dont think so, someone dedicated enough would just reverse compile the code and extract the string. Or extract it from the games source code. Besides having unverified source code would be a pretty big flag for most users
Dont really know much about how blockchain based games work though, so cant offer a solution to that
true but how i would implement this is the game contract will be a separate layer interfacing on top of the NFT contract. The main NFT contract can be exposed but the 'require' check will be on the hidden game contract
i was about to ask this. but couldn't the private key of an address used to sign transactions be reverse engineered too?
thank you for the replies though. lets see what others say.