I have a custom contract deployed on bsctestnet. it is 2 file. one of them is the main token contract, other one has withdraw and deposit functions for players. here is deposit and withdraw functions.
function deposit(uint256 _amount, address _sender) external {
tfmToken.transferFrom(_sender, address(this), _amount);
emit Deposit(_sender, _amount);
deposits[_sender] += _amount;
}
function withdraw(uint256 _amount, address _sender) external {
tfmToken.transfer(_sender, _amount);
emit Withdraw(_sender, _amount);
withdraws[_sender] += _amount;
}
I have next.js app to execute this function. A user requests withdraw or deposit. Goes to admin panel. Admin will accept the request and it will be executed but when i want to execute this code;
const gameContract = new web3.eth.Contract(GameContractABI, gameContractAddress);
await gameContract.methods.deposit(weiamount, playerAddress).send({ from: playerAddress });
it gives this error:
MetaMask - RPC Error: The requested account and/or method has not been authorized by the user
i know it should be gathered by eth_accounts method. But i cant because another persons wallet address can't be in my metamask wallet.
As an admin, i will accept the transaction, but the address is taken from player. So players wallet address is going to be inside the function and i will need to execute the function for another persons wallet address. I am A and i will execute the function for B's wallet address. There is a issue i think about authorization or etc but i dont know what exactly it is and how can i make that logic work? Maybe need i need to define the owner in somewhere? but how? Probably i shouldnt use metamask as a provider for this specific use. But what to use? What logic or things generally used for like this situations. I am trying to understand and solve this situation for a long time but couldn't find anything. Help!
tried using web3 without metamask,
const web3 = new Web3('https://endpoints.omniatech.io/v1/bsc/testnet/public');
gives unknown address error
i saw some signing things but i couldnt understand what is signing, a person or admin can sign anything?
tried it without .send part.
await gameContract.methods.deposit(weiamount, playerAddress);
but i think it is needed.
i have tried to search it but everything on internet uses their own address and sends anything to another address.
I EXPECT:
await gameContract.methods.deposit(weiamount, playerAddress); when i execute this as an admin, the amount in the user's account decreases and the balance of the token increases.
Player (P) wants to deposit some tokens and adds request Admin (A) checks it from its panel, accepts the offer and deposit function executed. Some token is transferred from Players (P) wallet to Token (T).
No, you absolutely can't do that. If you can move the fund from the user's wallet simply because you're an "admin" of some website, what prevents you (or someone) from taking all the funds and transfer to some personal wallet?
The general flow here is:
If you need the backend or admin's approval, send the user a signature signed by your (backend's) wallet, and the user uses that signature to call the deposit function. The contract then verifies the call using that signature. The signature can contain additional information, like username, email, amount, etc.
You'll still need to listen to the emitted events though.