Is it possible to create a cloud function that transfers (erc20) from my wallet to some other one? I did not find any suitable POST method in the API, so itβs impossible?
It is possible but not recommended for security reasons. You need to use your Wallet private Key and the transaction itself uses ethers.js lib that Moralis cloud functions can provide. If you still want to try even knowing It is not recommended, I can share a code snippet.
1 Like
I will be grateful.
What are the risks of such an approach? And are there alternatives to my solution?
as an alternative you can have a separate server that does the transactions
1 Like
The utmost risk is to lose all funds on that particular wallet you are using to sign the transactions on the blockchain. Use this code at your own risk:
I. You will need to define the cloud function:
Moralis.Cloud.define("signTx", async (request) => {
// When you call this function, you will need to give it
// an argument as a query parameter that will be the
// ERC20 token receiver and token ammount you want to send
const receiver = request.params.receiver;
const amount = request.params.amount;
// Obtain logger
const logger = Moralis.Cloud.getLogger();
// Moralis.ethersByChain gives you access to ethers.js library
// See list of supported chains on the docs
// Here we are using Rinkeby Testnet (0x4)
const eth = Moralis.ethersByChain("0x4");
// Define your provider, you need a RPC Provider
// You can use Moralis' Speedy Nodes for that
const ethersProvider = new eth.ethers.providers.JsonRpcProvider(
"YOUR_SPEEDY_NODE_RPC_ENDPOINT_GOES_HERE"
);
// Now that is where things get funky, here you need
// to instatiate your wallet using your wallet Private Key
const wallet = new eth.ethers.Wallet(
"YOUR_PRIVATE_KEY_GOES_HERE",
ethersProvider
);
// Now define the contract your are interacting with
// You will need an Address and an ABI
const contractAddress = "YOUR_CONTRACT_ADDRESS";
const contractABI = JSON.parse('[{YOUR_CONTRACT_ABI}]');
// And instatiate it
const myContract = new eth.ethers.Contract(
contractAddress,
contractABI,
wallet
);
// Now you can create the function to interact with
// the contract you just instantiated above
const makeTx = async (myContract_, receiver_, amount_) => {
try{
myContract_
.transfer(receiver_, amount_)
.then((transferResult) => {
logger.info(JSON.stringify(transferResult));
})
} catch (error){
logger.error(error.status)
};
};
// And ultimately, call this makeTx function
makeTx(myContract, receiver, amount);
});
II. To call this function, you will need to give it a few arguments that will be your query parameters:
const params = { receiver: "RECEIVER_WALLET_ADDRESS",
amount: 1000000000000 // Remember this value is wei
};
const Tx = await Moralis.Cloud.run("signTx", params);
4 Likes
Risk are that your private key will be uploaded to the cloud which is accessible to multiple parties and can be leaked
Check this thread for more info: Web3 on clouds: can not sign transactions?
1 Like
Do you mean that attackers can get access to certain fields inside cloud functions?
More like you could get your Moralis account hacked and then have sensitive data exposed.
I have implemented the function I mentioned above, but rather than using a Wallet that holds funds or is a contract Owner, I have implemented Authorized roles on my smart contracts and onlyAuthorized modifiers to grant sporadic access to restricted methods. This way If my private Key ever gets exposed, some damage is prevented.
2 Likes
If you want to do this it would be best to use your own backend that you control.
1 Like
How can I regulate the gas with this solution?
You can set gas price and gas limit:
myContract_.transfer(receiver_, amount_,
{
gasPrice: 50000000000,
gasLimit: 500000000000000
})
2 Likes