I’m happy about this new COZ forum. Hope we will all have a good time here together.
Anyways, I’m currently working on an NFT game and currently iterate on the fighting system. The next step will be an iteration about the blockchain integration. Currently, the system support Neo 2, but as N3 is getting closer and closer a switch towards N3 need to be done.
One of the weaknesses of the current integration is how transactions get signed on the client side. Short summary of how the system works at the moment:
user signs up for the game
– set username
– type a password
– click create keys, which creates an encrypted key and address based on the typed password
– click sign up (to store username, encrypted key and address - password isn’t stored!)
user log in to the game
– type username (refers to the stored encrypted key)
– type password
– client receives the encrypted key and decrypt the key with the typed password
– the resulted address gets submitted to the server and is compared with the stored address - if they fit the user can login
– if login is successful password gets stored locally in the clients browser
sign a transaction
– password is stored client side
– for a transaction the player gets the encrypted key from the server, decrypt the key with the password and signs the transaction with the key
The biggest vulnerability is the client side stored password, which I’d love to get rid of. No solution for me would be to use a 3rd party tool, which need to be installed on the clients browser to manage the keys. For blockchain newbies this step is a pain regarding UX.
I’m happy to discuss the topic with you guys.