Securing input from malicious users

_Ty · January 20, 2022, 3:21am

I have a contract that takes payment to start a game, when the game is finished the score is recorded in the contract and the highest score after a certain amount of blocks takes all that has been paid to play, and the cycle restarts.

What are some ways I can secure the input of the score so a user doesn’t set up a bot to wait till the last block and send in a randomly high score and take the winnings?

Is it possible to have a user sign a transaction that produces an ID that can be checked before the score is recorded?

cryptokid · January 20, 2022, 8:23am

you will have first to make sure that you got the right score on your server, then you can use chainlink or sign the data that is sent to the smart contract

_Ty · January 20, 2022, 4:09pm

when you say sign do you mean using a gasless tx with something like biconomy, or is there another way of doing that?

cryptokid · January 20, 2022, 4:14pm

I mean to sign some data with a private key so what you can check it in the smart contract

_Ty · January 20, 2022, 4:30pm

Is this what EIP712 is used for? Or does that not apply

cryptokid · January 20, 2022, 4:37pm

something similar with that one, but usually you will have to sign the messages and not the users, then send the signed message to the user so that the user makes the smart contract call with that signed data so that the user will end paying the gas fees for that transaction

_Ty · January 20, 2022, 4:47pm

Do you know of any articles explaining or key words i could use to search? I couldn’t find anything helpful searching signing data private key etc.

cryptokid · January 20, 2022, 5:07pm

https://medium.com/mycrypto/the-magic-of-digital-signatures-on-ethereum-98fe184dc9c7