you can use abi.decode to reverse answer. This means _pass is useless.
Also the function is public so anyone can get up to 1000 wei per day.
If the person uses a contract to do this then he can get a lot of tokens fast
Well idk but here is an idea of a game maybe it'll help.
A player can join a game and whenever the game is full (2 players) the server will see that and start the game. After the game was completed the server will call the smart contract and tell the smart contract who won. You can do whitelisted address so that only the server can set the winner. This would be an example but Idk how axie does it
Sadly not there is a "Decompile Bytecode" function but it probably won't help you a lot. You can go to contract and then there is a orange "Decompile Bytecode" button. The code is sometimes not making a lot of sense and it's looking more like Assembly then solidity.
Anyways there is no real way to see what's going on. You can just guess.
hey everyone wondering how to do this, i have implemented a custom API for my own game and i think it works.
seems to be the safest way to do this. security is on server side (not inside the game) so it is not hackable unless your server is hacked.
you will need NodeJs and ExpressJs (very basic JS) to setup this API
basically the work flow is like this
deploy a verify signature contract (standalone contract) which will check that a secret wallet address signed a transaction with a 'secret message'
reference tutorial: https: // www . youtube . com/watch?v=vYwYe-Gv_XI
in the minting contract for the game item to be minted, it should require a 'true' check from the verify sig contract above before allowing minting
now setup a Node app (using ExpressJs + ethers/web3 modules) which is an API app. the API app should accept POST request of a 'secret message' and sign this secret message with the secret wallet private key. (all these are server side so only your hosting provider and you know the private key). (its a POST that doesn't really post since this API app will have no database, but a POST call is more secure from what i understand as the secret message is hidden)
you can also setup custom logic here in the API
when user mints something from the game, the game will send a POST request to the API. the game receives the signed transaction, and then feed this to the minting contract which then verifies it.
note: the game app will hold the secret message, but not the secret wallet private key.