If I am integrating Firebase and flutter using the SDK integrations and not using any server side functions, what would be the possible ways the attackers could attack my app even if I secure the app with Firebase Authentication and use strict database rules. Iam planning on using RazorPay as the payment gateway which is also SDK integrated with the flutter app.
Basically what I am trying to ask is : If all of my Firebase Authentication, Firebase Database crud operations and RazorPay payment gateway is integrated into the client-side flutter app, is it going to be secure and if not what are the main negatives that an attacker can utilise?
And if there are lots of negatives and 0 positives why are they allowing the SDK integration option in the first place?
Firebase is a very secure BaaS as it gives you many options to secure your data. It's only insecure if the developer didn't secure it properly (incorrect/insufficient security rules, not protecting API keys, etc). I recommend their security checklist before you push to production to ensure your application is following Firebase guidelines.
Make sure to check out this other answer for more detail.