英文:
Can I make this transaction on behalf of someone else as a contract owner?
问题
Here is the translated code and relevant information from your request:
我在bsctestnet上部署了一个自定义合同,它有两个文件。其中一个是主要的代币合同,另一个具有玩家的提款和存款功能。以下是存款和提款函数。
function deposit(uint256 _amount, address _sender) external {
tfmToken.transferFrom(_sender, address(this), _amount);
emit Deposit(_sender, _amount);
deposits[_sender] += _amount;
}
function withdraw(uint256 _amount, address _sender) external {
tfmToken.transfer(_sender, _amount);
emit Withdraw(_sender, _amount);
withdraws[_sender] += _amount;
}
我有一个用于执行这些函数的next.js应用程序。用户请求提款或存款。然后进入管理面板。管理员将接受请求并执行,但是当我尝试执行此代码时:
const gameContract = new web3.eth.Contract(GameContractABI, gameContractAddress);
await gameContract.methods.deposit(weiAmount, playerAddress).send({ from: playerAddress });
它会出现以下错误:
MetaMask - RPC错误:用户未授权所请求的帐户和/或方法
我知道应该使用eth_accounts方法来获取授权。但是我不能这样做,因为其他人的钱包地址不能在我的Metamask钱包中。
作为管理员,我将接受交易,但地址是从玩家那里获取的。因此,玩家的钱包地址将出现在函数中,而我需要执行另一个人的钱包地址上的函数。我是A,我将为B的钱包地址执行函数。我认为这涉及授权或其他问题,但我不知道具体是什么问题,以及如何使该逻辑工作。也许我需要在某处定义所有者?但是如何做?可能我不应该在特定用途中使用Metamask作为提供者。但要使用什么?通常在这种情况下使用什么逻辑或方法。我一直在尝试理解并解决这个问题很长时间,但一直找不到答案。帮助!
尝试使用没有Metamask的Web3:
const web3 = new Web3('https://endpoints.omniatech.io/v1/bsc/testnet/public');
但是会出现未知地址错误。
我看到一些签名的东西,但我不明白签名是什么,一个人或管理员可以签名任何东西吗?
尝试删除.send部分:
await gameContract.methods.deposit(weiAmount, playerAddress);
但我认为这是必要的。
我尝试搜索过,但互联网上的所有内容都使用他们自己的地址并将任何东西发送到另一个地址。
我期望:
当我作为管理员执行以下操作时:
await gameContract.methods.deposit(weiAmount, playerAddress);
用户帐户中的金额减少,代币的余额增加。
玩家(P)想要存入一些代币并添加请求。
管理员(A)从其面板中检查它,接受提案并执行存款函数。
一些代币从玩家(P)的钱包转移到代币(T)。
Please note that the translation provided is based on the content you provided, and I have excluded the parts where you requested not to translate. If you have any further questions or need assistance with specific parts of your code or explanation, please let me know.
英文:
I have a custom contract deployed on bsctestnet. it is 2 file. one of them is the main token contract, other one has withdraw and deposit functions for players. here is deposit and withdraw functions.
function deposit(uint256 _amount, address _sender) external {
tfmToken.transferFrom(_sender, address(this), _amount);
emit Deposit(_sender, _amount);
deposits[_sender] += _amount;
}
function withdraw(uint256 _amount, address _sender) external {
tfmToken.transfer(_sender, _amount);
emit Withdraw(_sender, _amount);
withdraws[_sender] += _amount;
}
I have next.js app to execute this function. A user requests withdraw or deposit. Goes to admin panel. Admin will accept the request and it will be executed but when i want to execute this code;
const gameContract = new web3.eth.Contract(GameContractABI, gameContractAddress);
await gameContract.methods.deposit(weiamount, playerAddress).send({ from: playerAddress });
it gives this error:
MetaMask - RPC Error: The requested account and/or method has not been authorized by the user
i know it should be gathered by eth_accounts method. But i cant because another persons wallet address can't be in my metamask wallet.
As an admin, i will accept the transaction, but the address is taken from player. So players wallet address is going to be inside the function and i will need to execute the function for another persons wallet address. I am A and i will execute the function for B's wallet address. There is a issue i think about authorization or etc but i dont know what exactly it is and how can i make that logic work? Maybe need i need to define the owner in somewhere? but how? Probably i shouldnt use metamask as a provider for this specific use. But what to use? What logic or things generally used for like this situations. I am trying to understand and solve this situation for a long time but couldn't find anything. Help!
tried using web3 without metamask,
const web3 = new Web3('https://endpoints.omniatech.io/v1/bsc/testnet/public');
gives unknown address error
i saw some signing things but i couldnt understand what is signing, a person or admin can sign anything?
tried it without .send part.
await gameContract.methods.deposit(weiamount, playerAddress);
but i think it is needed.
i have tried to search it but everything on internet uses their own address and sends anything to another address.
I EXPECT:
await gameContract.methods.deposit(weiamount, playerAddress); when i execute this as an admin,
the amount in the user's account decreases and the balance of the token increases.
Player (P) wants to deposit some tokens and adds request
Admin (A) checks it from its panel, accepts the offer and deposit function executed.
Some token is transferred from Players (P) wallet to Token (T).
答案1
得分: 1
不,你绝对不能这样做。如果你可以从用户的钱包转移资金,只是因为你是某个网站的“管理员”,那是什么阻止了你(或其他人)将所有资金转移到个人钱包?
一般流程如下:
- 用户调用存款功能。
- 后端侦听事件或余额变化,并在数据库中更新其值。
如果你需要后端或管理员的批准,请向用户发送由您(后端的)钱包签名的签名,并让用户使用该签名调用存款功能。然后合同使用该签名验证调用。签名可以包含其他信息,如用户名、电子邮件、金额等。
但你仍然需要侦听发出的事件。
英文:
No, you absolutely can't do that. If you can move the fund from the user's wallet simply because you're an "admin" of some website, what prevents you (or someone) from taking all the funds and transfer to some personal wallet?
The general flow here is:
- User calls deposit function.
- The backend listens for the events or balance changes, and updates its value in the database.
If you need the backend or admin's approval, send the user a signature signed by your (backend's) wallet, and the user uses that signature to call the deposit function. The contract then verifies the call using that signature. The signature can contain additional information, like username, email, amount, etc.
You'll still need to listen to the emitted events though.
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论