Moralis Service Clarifications

Boby · December 26, 2022, 1:30pm

Hello everyone! I am investigating the Moralis service to see if it would be a good solution for a blockchain-based open world game which we are building. Although I have a rough idea of the features you are offering, I need some clarifications regarding how things are working under the hood in order for me to correctly asses if Moralis is suitable for our needs or not. So, here are a few initial questions which I have.

1 - Can players log in with an already existing wallet? Or is your platform creating a new wallet for each player? If they can log in with their existing wallets, how are you fetching the wallet’s private key and how are you storing it?

2 - Do you support a secondary marketplace feature? Eg. ability for players to transfer NFTs or tokens between themselves. If you do support this, I believe that my first question related to storing private keys used to sign transactions is also relevant here.

3 - On your landing page it says you have C# backend support, but in the documentation I can only find the NodeJS javascript guide.

I should mention that my main expertise is in game development, and although I have 10+ years of experience there, the blockchain universe is still new to me, so if any of the questions are dumb, please bare with me and feel free to ping me is anything is unclear.

Thanks,
Boby

cryptokid · May 3, 2022, 8:16am

Moralis doesn’t store the private key. The user authenticates with an existing wallet and it only signs a message in order to authenticate.

There is a separate sdk in c#.

Boby · May 3, 2022, 8:22am

@cryptokid Thanks for the answer. But how does this relate to my second question then: can we do peer to peer transaction? If so, how do those transactions get signed?

cryptokid · May 3, 2022, 8:28am

The transactions get signed by the user directly when he wants to make a transaction.

Boby · May 3, 2022, 8:54am

@cryptokid Sorry, I think I didn’t ask the correct question. What I actually want to understand is how this happens, for example, in a Unity game. Does the game open an external browser where the player uses Metamask to sign a transaction? Or do you have some kind of mechanism where the player can transact from the game without going to an external browser?

cryptokid · May 3, 2022, 9:17am

From what I know a browser window is opened to be able to authenticate with walletconnect, where you can scan a QR code.

This may give you more info:

Boby · May 3, 2022, 9:41am

Yeah seems like authentication and transaction signing is done externally. I wonder if there are any plans of creating a system which can do these things internally…

cryptokid · May 3, 2022, 10:10am

You can also join discord and ask more questions in a channel specific to game-dev.

I don’t know of plans now of making it work without opening a browser window.
It can also depend on what is needed in your specific use case.

Boby · May 3, 2022, 10:28am

Got it @cryptokid, thanks a lot for your answers!

nrlz · June 29, 2022, 8:15am

Would it be possible to generate a random wallet using Moralis cloud functions when a user signs up for a new account? And then store the private key inside the Moralis User object? Then when the user wants to buy an NFT, then on the client side, the web app can retrieve the private key from the User object to instantiate a new Ethers.js signing wallet to authorize the transaction? Would storing the private key in this way be ill-advised?

How about setting the private key ACL to admin only and then writing a custom Moralis cloud function to retrieve the private key from the User object to instantiate a new Ethers.js wallet to submit transactions?

cryptokid · June 29, 2022, 8:20am

this doesn’t seem like a good idea from a security perspective, I think that it is possible to do it, but we don’t recommend to save private keys on the server

nrlz · June 29, 2022, 10:13am

Do you know why Moralis doesn’t implement this feature? The niche that Moralis has IMHO is the complete serverless nature like Firebase. The wallet is the last bit of complexity that I cannot solve without some backend support. And if I have to implement my own database for the wallet support, then I might as well implement the other features that Moralis provides such as the user account and product tables.

cryptokid · June 29, 2022, 10:22am

The main reason is security in this case. Private keys will have direct access to user wallet.

nrlz · June 29, 2022, 1:56pm

Do you think Moralis would ever consider supporting it in the future. Perhaps a fully server managed private key that is never exposed to the user or the admin? All the blockchain calls would need to be made on the server side.

cryptokid · June 29, 2022, 2:00pm

there are plans in the future to open source the server, and at that time you could host everything on your own server

alex · June 29, 2022, 9:35pm

Yes this is possible as cloud functions have access to ethers.js or web3.js libraries which you can use to generate wallets. But as cryptokid mentioned, it wouldn’t be recommended.