I saw the video tutorial about the security level/ACL/CLP, but I still have some doubts.
Let’s suppose I have a web game where a user log in with his wallet and then pay some tokens (like BNB, ETH or some other tokens) to buy some tickets to play the games on the website. So he pays 1BNB and he gets 100 tickets. Now in my code I update the “tickets” column for that user and set the value to “100”. But if the logged user see my code, he can easily call the same function I use to update the value, but passing 300 instead of 100 for example, and getting free ticket. How can I prevent that? If I disable read/write even for the current logged user, I suppose I can’t update the value when he buys his tickets.