-
|
Originally posted by a community member on stack overflow I am writing a app, where user can deposit APT coins and receive points in the app. So, I have to be 100% sure that the user has transferred APT to the escrow, in order to give him points. What I want to do is to sign transfer transaction on the client side using user wallet and send the signature to the server, where the transaction is verified and submitted to the blockchain. If everything is correct, user will receive points on the app. My question is how can I submit already signed transaction on the backend and verify that it transferred coins to the escrow account? I've tried signing transaction on the client side and sending a signature buffer to the server. Then I wanted to use AptosClient.submitTransaction(), but it didn't work. |
Beta Was this translation helpful? Give feedback.
Replies: 2 comments
-
|
Instead of trying to submit the transaction on the server side, there are a few things you can do on the contract (or even backend) side to ensure they've made a deposit: Emit an event in your contract on the users' account when they escrow the coins, and have your backend server check their account for that |
Beta Was this translation helpful? Give feedback.
-
|
Additionally if you want to sign but not broadcast a tx, you can do this // ====== run on client ======
// create and sign raw tx
const rawTxn = await aptos.transaction.build.simple({
sender: sender.accountAddress,
data: {
function: `${MARKETPLACE_CONTRACT_ADDRESS}::list_and_purchase::list_with_fixed_price`,
typeArguments: [APT],
functionArguments: [aptogotchiObjectAddr, 10],
},
});
const signedAuthenticator = aptos.sign({
signer: sender,
transaction: rawTxn,
});
// send raw txn and signed authenticator to server
// ====== run on server ======
const pendingTxn = await aptos.transaction.submit.simple({
transaction: rawTxn,
senderAuthenticator: signedAuthenticator,
});
const response = await aptos.waitForTransaction({
transactionHash: pendingTxn.hash,
}); |
Beta Was this translation helpful? Give feedback.
Instead of trying to submit the transaction on the server side, there are a few things you can do on the contract (or even backend) side to ensure they've made a deposit:
Emit an event in your contract on the users' account when they escrow the coins, and have your backend server check their account for that
Run an indexer, and check for the expected interactions that way
If you send their signed txn to your backend, you open yourself up to the race condition of a user completing another txn after/during sending the signed txn to the backend, which increments the users seq_no, making the previously signed txn invalid