Unlock an Ethereum/Polygon account through Moralis

Hey everyone!

New member here… :slightly_smiling_face: I am working on a dApp that calls a Smart Contract function (in order to store data on-chain). The dApp does this automatically whenever it “requires” to. Obviously, I don’t want to approve each call to the Smart Contract manually, it needs to do this on the fly, without interruption.

If I’m not mistaken (I’m fairly new to web3 development), I can call the web3.eth.personal.unlockAccount function for this purpose.

Is this the correct procedure? Or does Moralis offer other solutions for this?

Thank you!

Hey @roel018

Where will you store this logic, on a backend? This method you mentioned is highly unsecure.

Please tell us more about your use case and we will be able to suggest you the most convenient solution

Hi @Yomoo,

Thanks so much for your reply!

My dApp will run on PHP (backend) and obviously use Moralis on the frontend.

Here’s a simplified break-down of the intended use-case:

Each time a front-end user (who is not logged in or supposed to log in, not in the classic way nor with a crypto account/wallet) clicks a certain link, a function on a Smart Contract (send()) should be called. This function will simply store a value on the blockchain, in a new transaction.

The way I’m envisioning it is that when the user clicks a link, a function on the backend (PHP) should be called through ajax. It’s in the backend, that the Smart Contract (its send() function) should be called. It’s always the same, known and (if needed) hard-coded Ethereum account (address) that calls the Smart Contract.

I understand how the Smart Contract should work and function, and also how to trigger it through ajax and PHP. The challenge I’m facing is that I need to the above to function on the fly, without anyone (me or anyone else that has access to the system) manually approving the call to the Smart Contract. It should work automatically.

I thought I could use the web3.eth.personal.unlockAccount function for this purpose - but maybe I’m wrong? Should I instead unlock the account manually, once, and keep it it unlocked?

Thanks so much!

Regards,
Roel

if you use web3.eth.personal.unlockAccount funciton in the not safe inter
Sending your account password over an unsecured HTTP RPC connection is highly unsecure.
But you think you can use these if the local network is safe

you can use web3 to call a smart contract function on the backend with a hardcoded private key (this is not provided in Moralis SDK, you’ll have to write it).

you can do that on your backend but it is not always recommended as if your backend gets compromised then also the private key will be compromised.

another thing to take in consideration is that you’ll also have to pay gas fees for every transaction that you make.

About the gas fee - I’m using the Polygon network to reduce the gas fee to a minimum, so that should be fine.

Does anyone know of a better method to realize this kind of feature for a dApp ? If using web3.eth.personal.unlockAccount isn’t safe, how else should one approach this automatic calling of a Smart Contract?

You can do it with the private key hardcoded in your code/some env file

But wouldn’t I still need to use the web3.eth.personal.unlockAccount function?

you can export a private key directly from metamask if you want from the interface.