So I'm making a play-to-earn game, that is a web game and its logic runs on the user's machine. After the player finishes a session, the game will call the following mint function:
contract GoldCoin is ERC20, Ownable, ReentrancyGuard {
uint256 public maxSupply = 200000000 * 10 ** decimals();
mapping(address => uint256) public canClaimDate;
bytes32 private answer = 0x7b2be995daa5546c8be8af8968994a3e99baa3aba4c69818b3abbd9c8a9af88a;
constructor() ERC20("Gold Coin", "GC") {
_mint(msg.sender, 100000000 * 10 ** decimals());
}
function mint(uint256 amount, string memory _pass) public nonReentrant{
require (amount <= 1000, "suspicious amount detected");
require (keccak256(abi.encodePacked(_pass)) == answer, "keyword doesn't match, stop trying to cheat and do some good in the world");
require (block.timestamp >= canClaimDate[msg.sender], "24 hous haven't passed");
require (maxSupply < amount + totalSupply(), "max supply exceeded");
canClaimDate[msg.sender] = block.timestamp + 1 days;
_mint(msg.sender, amount);
}
}
What I'm currently doing:
Limitating the amount of tokens that can be minted in a single function call, to what would be possible by playing.
Asking for a keyword that will be sent from the game, so it is more difficult to mint directly from the block explorer.
Limiting the minting to once per day, per player.
I know all this can be circumvented. What other measures would you put in place?
Passing all the logic through blockchain is not realistic for an action game, only for turn-based games.
you can use abi.decode to reverse answer. This means _pass is useless.
Also the function is public so anyone can get up to 1000 wei per day.
If the person uses a contract to do this then he can get a lot of tokens fast
Well idk but here is an idea of a game maybe it'll help.
A player can join a game and whenever the game is full (2 players) the server will see that and start the game. After the game was completed the server will call the smart contract and tell the smart contract who won. You can do whitelisted address so that only the server can set the winner. This would be an example but Idk how axie does it
Sadly not there is a "Decompile Bytecode" function but it probably won't help you a lot. You can go to contract and then there is a orange "Decompile Bytecode" button. The code is sometimes not making a lot of sense and it's looking more like Assembly then solidity.
Anyways there is no real way to see what's going on. You can just guess.
But when sending the "claim" transaction on metamask, the function name appears, the parameters it takes, and the hex data. Is this not enough to claim directly on the contract without playing?
hey everyone wondering how to do this, i have implemented a custom API for my own game and i think it works.
seems to be the safest way to do this. security is on server side (not inside the game) so it is not hackable unless your server is hacked.
you will need NodeJs and ExpressJs (very basic JS) to setup this API
basically the work flow is like this
deploy a verify signature contract (standalone contract) which will check that a secret wallet address signed a transaction with a 'secret message'
reference tutorial: https: // www . youtube . com/watch?v=vYwYe-Gv_XI
in the minting contract for the game item to be minted, it should require a 'true' check from the verify sig contract above before allowing minting
now setup a Node app (using ExpressJs + ethers/web3 modules) which is an API app. the API app should accept POST request of a 'secret message' and sign this secret message with the secret wallet private key. (all these are server side so only your hosting provider and you know the private key). (its a POST that doesn't really post since this API app will have no database, but a POST call is more secure from what i understand as the secret message is hidden)
you can also setup custom logic here in the API
when user mints something from the game, the game will send a POST request to the API. the game receives the signed transaction, and then feed this to the minting contract which then verifies it.
note: the game app will hold the secret message, but not the secret wallet private key.
Games where you can earn money are cool because they offer a unique opportunity to have fun while also earning some extra cash. These games often require skill, strategy, and persistence, providing players with a sense of accomplishment when they win. Additionally, these games can be a great way for people to earn money in their spare time, especially if they enjoy playing games. However, it's important to note that not all of these games are created equal, and players should be cautious and do their research to ensure they are playing legit cash games that are fair and offer a reasonable chance of winning.
Considering the real-time nature of your action game, relying solely on blockchain for logic might be impractical, as you mentioned. To further enhance security, maybe you could explore dynamic keyword generation tied to specific in-game events, making it even harder to predict. Also, consider periodic smart contract audits from reputable firms to identify vulnerabilities and ensure the overall robustness of your system. I recently stumbled upon a discussion about "90+ Apps That Pay You Real Money," and someone highlighted the phrase legit apps that pay instantly. It could be worth checking out to see if there's any relevant advice or experiences shared.