7

I have built a web game where users can purchase virtual items for their avatar with tokens obtained during an ICO.

What is the best solution for delivering the items to the correct web game user? I can imagine 4 solutions (1A2A, 1A2B, 1B2A and 1B2B) that all require an off-chain backend component.

1A) off-chain backend with own Ethereum account generation

  • the web game backend creates an ethereum account when a user signs up and connects the private key to his account.
  • the user can then send ETH to this new address to 'top up'.

1B) off-chain backend without own Ethereum account generation

  • During signup the user has to register a wallet id with his off-chain web game account. He receives a random challenge, then needs to sign it (somehow) and submit the address, the signed message and the signature in a webform to the backend where the signature is verified.
  • Upon successful verification, the wallet id is added to the web game account of the logged-in user.
  • The user can henceforth 'top up' his web game account by paying from his registered account to the web game account address (same address for all users).

2A) on-chain frontend (dapp)

  • Purchases are done by sending ItemTokens together with item ids to the web game's smart contract on Ethereum (for example from a 3rd party wallet)
  • The smart contract checks whether the type and amount of items add up to the total value of the transaction and then either rejects the transaction or...
  • accepts the transaction and writes item amount and type into the smart contract state (as item inventory)
  • the web game frontend checks the blockchain, calculates the web game token balance for the logged-in user and makes items available in the game as they appear on the blockchain.

2B) off-chain frontend

  • The web game backend periodically keeps track of blockchain payments (they're public) and updates the user's web game balance accordingly.
  • purchases are done in the web app UI, and the cost is subtracted in the web game backend, and items are made available.

My questions:

  • Are these processes correct, implementable and safe?
  • are there other, better or different purchase processes possible
  • Is there a way a wallet can be safely connected with a user account entirely without the use of an off-chain backend (and also without browser extensions such as metamask)?
Talha Sajid Chaudhary
  • 830
  • 1
  • 23
Mario
  • 173
  • 4
  • I think your first question is suitable for this stack exchange; the second question is maybe a bit broad and/or opinion-based without some rewording; and your third question might be a bit too broad/open-ended as is. Perhaps you can be more specific as to your requirements? (E.g., cost to users, speed of transactions, minimizing server resource use, etc.) – lungj Aug 02 '17 at 21:00
  • @lungj - updated questions. – Mario Aug 02 '17 at 21:06
  • 1
    IMHO your have to first answer the question "should the user be aware of the blockchain?" and then "how much they should be aware?". Most of the technicall chalenges you propose have been solved, one way or another, for example in exchanges. But you need a very capable team to do that. Also how many user is your target? If you use the mainnet you will be competing with all other users for resources when there is an ICO, degrading the user experience of your game. – Ismael Aug 02 '17 at 22:42
  • Why does this even need Blockchain at all..? Credit people with their coins based on an ICO at the get go. No other aspect requires blockchain.. – Thomas Clowes Aug 07 '17 at 17:53
  • @ThomasClowes users can also sell their tokens on secondary markets... what then? – Mario Aug 10 '17 at 08:41
  • Hello@Mario have you found any solution ?I have similar requirement. Thanks – Mangesh Sep 13 '18 at 11:05
  • 1
    @Mangesh the most viable solution is asking the user to enter his private key during a validation process. The validation process signs a (random, secret or plain?) message with the private key in the frontend. Then on the server side the user's public key is used to verify the hash and the user's address can be set as verified in the backend. – Mario Sep 13 '18 at 15:54

0 Answers0