Sending "tamper-proof" function arguments via transaction from web3 to contract

Hey everyone. I have a question that I was unable to find the answer for.

Currently my method for transferring funds from the user is to use web3.eth.sendTractions({from, to, value, data}), where the contract accepts the payment through a payable function.

Now, let's suppose that I want to do some proprietary stuff off-chain because it will reduce the overall gas fee of the transaction by reducing its overall complexity. For example, I have an array of length 6
const arr = [1,3,4,2,1,6] which denotes the type of an NFT being created through the numbers within the array. In the backend of the application, there is logic that ensures that the same combination cannot be created again, and removes the possibility from a pre-generated array of arrays once it's used.

let contract = new web3.eth.Contract(contractAbi, contractAddress);

let encodedFunction = contract.methods.testPayable([1,2,3,4,5,6]).encodeABI();

web3.eth.sendTransaction({ from: userAddress, to: contractAddress, value: web3.utils.toWei("0.5", "ether"), data: encodedFunction}

From my understanding and testing, I can simply make a simple console call to generate any possibility that I would like. For example, if I knew that the combination [3,2,1,3,2,1] would produce the result I wanted, I could send the function with those arguments to "cheat" the system. With some basic reverse engineering, I could predict what each value is for and produce the result I wanted specifically. Is there any way to work around this, while still making the function payable?

Currently, I think it is essential that the array data is built off-chain, but I am looking for any options to transmit this data in a way which non-susceptible to being manipulated by the end-user.

1 Like