Issue
Since the transaction needs to be signed, it requires a private key, so how can the users interact with the backend API and send the private key securely.
I wonder what is the purpose of signing a smart contract from the backend API? Is there any solid real-world use case where a number of users need to interact through the backend to smart contract instead of frontend metamask to smart contract?
Solution
Mostly automated actions from your own wallet, so that you don't have to sign the transactions manually.
- Trading bot sending automated buy and sell orders to a DEX contract from your own wallet based on some off-chain analysis. The script can run 24/7 not having to prompt you to sign the transaction each time.
- Oracle pattern. Your own wallet is an authorized address on your sports bets contract, feeding it off-chain data who won a match. This way you can automate the process and not have to sign the transaction manually after each match.
As always in IT security, a chain is as strong as its weakest link. There are ways to securely store and use private keys. For example use a secrets management system, exclude sensitive values from logs, set up and review access to sensitive data (only certain users or apps are able to access it), ... Specifics depend on your implementation and how much value is at stake.
Answered By - Petr Hejda Answer Checked By - Candace Johnson (PHPFixing Volunteer)
Posts
0 Comments:
Post a Comment
Note: Only a member of this blog may post a comment.