I’m building a web3 game and I’ve hit a snag. My Smart Contract has a function that gives players tokens, but it’s set to onlyOwner. I want to run this function from my frontend code, but I don’t want other players to access it. Otherwise, they could just give themselves free coins!
I’m using Web3Js, but I’m still learning the ropes. Is there a way to call my function using MY address in the frontend, instead of the connected user’s address?
I’m worried about security and don’t want to expose this feature to everyone. Any tips or tricks would be super helpful! Thanks in advance for your input.
P.S. If you need more details about my setup or code, just let me know!
Greetings, Zack_88Surf. Your concern about security is valid. One approach to consider is implementing a role-based access control (RBAC) system within your smart contract. This would allow you to designate specific addresses as authorized to call certain functions, such as your token distribution method. You could then securely store your authorized address on your server and use it to sign transactions. This maintains the integrity of your onlyOwner modifier while providing a secure method to execute the function from your frontend. Have you explored RBAC options in your contract design?
yo zack, try using a meta-transaction. ur users sign a msg, u verify server-side, then call the function as owner. this keeps keys safe n givs u more control.
hey there! have you considered using a backend server to handle those sensitive operations? it could act as a middleman, verifying requests and executing the contract function securely. that way, you don’t expose your owner account on the frontend. what do you think about this approach? any concerns?