How to get production ready Ethreum Play and Earn MINT function?

Ethereum Game Programming
#1

Hello,

Unfortunately I didn’t find a similar question.

I’m following the Ethereum Game developement course and in the beginning the instructor said that we will get the MINT function production ready and secure, because it’s open to any one how wants to MINT. However I could not find it by the end of the course. Do you know how we can secure the mint function so only a person who really won the token get it. I know we can add Minter Role and only minter can Mint but that would not be the correct solution. Do you know how we can the MINT function production ready ? maybe in solidy or in a custom backend ? thanks !

PS: I just found this Discussion: How to mint GameToken the "proper" way but is a mapping really secure ? because anyone can have access to the mapping function because it’s be external without any role requirement ! So someone can add himself as player and then mint my token. am I wrong ?

When I read for exemple axie infinity mint function:

contract ERC20Mintable is HasMinters, ERC20 {
function mint(address _to, uint256 _value) public onlyMinter returns (bool _success) {
return _mint(_to, _value);
}

there’s onlyMinter role. But how can we manage this in the game ?

#2

Hello Tarikus, greetings

That’s one way of doing it, having a custom backend (of the game) where you have the control when/who/how to mint. The user doesn’t have to be the one to interact with the smart contract rather the backend solution.

The mapping approach can also be possible but that will mean additional on chain computation, say your backend solution have the role/access to add (via a function call) who can mint inside a private mapping, and if the user interacts with the smart contract (triggers the minting) a check will just refer to that private mapping.

Hope this clears the idea a bit for you.
With kind regards

#3

Hello,

Thanks a lot for you answer. It’s very clear that how I imagined it.

There a last little thing. Let’s say I use Moralis/infura or another Node provider and I want to give a role to my backend. Do you have an idea on how I can package a sort of private key in backend that can sign transactions ? I’ve never tried and I have no idea how to do it :slight_smile:

Thank you very much !

#4

Yes, I may explain the overview how do it however I can refer you to the Moralis Web3 forum (https://forum.moralis.io/) so you can get more ideas (like from CryptoKid, and others as well) and technical support.

With kind regards

#5

After couple of months of web3 experience after asking that question, what I would do is make a backend server that signs the message hash of _to, _value, and _nonce. And in the contract, I will make a function that checks that the signature is signed by the backend server. That way, users cannot put random variable in the parameter, they can only put what backend server provides. The nonce is for avoiding double minting.

Here’s a sample code:

  mapping(bytes32 => bool) public nonceUsed;

  function mint(
    address _to, 
    uint256 _value,
    bytes32 _nonce,
    bytes32 r,
    bytes32 s,
    uint8 v
   ) external returns(bool){
    //Check if nonce is used or not
    //Check if the signature is correct
    //Mark nonce as used
    _mint(_to, _value);
    return true;
  }

Here’s a sample code for verifying signature:
https://solidity-by-example.org/signature/

@alp257, @Tarikus

1 Like
#6

Hello @REGO350

Exactly, the backend server will be the one to interact with the contract. Thank you so much for giving a concrete solution. Hope it will help @Tarikus greatly.

With kind regards