can anyone explain to me the safest/securest way to interact with a smart contract via cloud functions?
Say I have a smart contract deployed on EVM, I want the user to sign the tx but I would like a cloud function to alter the parameters of the tx before doing so to make sure the user doesnt change the inputs of the tx.
Is this even possible? If yes can you please explain how. If No, can you please explain a potential alternative?
Thanks
Here are some recommendation you can refer to for using Moralis cloud.
Yes, the moralis cloud can be used to alter tx params.
If the tx parameters are stored on front-end/user-side/browser-side it can be altered.
Alternatively,
if you want to prevent the user to change the tx parameters, you can store the hash of the tx params on moralis DB or your own server before passing it to the user for signing.
If the hashes are same there was no change in tx parameters.
Thanks
can you please explain more the part about comparing hashes of the tx parameters?
could you please explain briefly how would I compare the hashes? (if you have a link or some documentation you can point me to that would be appreciated)
I assume the comparison happens after tx sign, but before sending to evm? Is this done with a cloud trigger?
thank you
I don’t understand what parameters a user could change before signing the transactions that you would want to prevent from happening. The idea is that a user could create the transaction and sign it and send it to the blockchain by its own without even interacting with your interface. You have no control on what parameters the user wants to put in its transaction unless there is a validation on smart contract side.
im basically trying to create a token bridge between evm and moralis db.
I want people to be able to send their erc20 to a smart contract which locks it. the token then shows up on the moralis db. (this is the easy part)
When the token is on the moralis db it can be manipulated, the user balance can change etc etc. The benefit of this is that altering balances is free, downside is its happening on a centralized server. but nevertheless thats not part of the discussion.
Now the problem is when the user is ready to bridge from moralis db back to evm how could this be achieved by the user simply calling the amount they are eligible to withdraw from the contract, which would be goverened by their balance on the Moralis DB (because it most likely will not be the same balance they sent to the bridge in the first place).
So this is where I dont want the user to be able to change the tx parameters. I want the withdraw amount to be dictated by the Moralis DB and the user can not change it, they can only sign the tx.
Once signed the smart contract releases the tokens back to the user on the EVM, and the balance in the Moralis DB is deducted accordingly.
At the end you’ll be the one that will make/sign the transaction for the user in order to get back his tokens. If you want to complicate what you could do would be to use two signatures for that transaction, your signature and users signature and validate both signatures at smart contract level.
actually the 2 signature method might be the way to go. good thinking!