1

I used the standard IERC20 to create an ERC20 smart contract.

I made a gambling game, that if the current user loses, he/she will have to transfer one token to the dealer (also the deployer aka msg.sender of the smart contract).

With the scenario above, I think that transferFrom("CURRENT_USER_PRIVATEKEY", "DEPLOYER_PUBLICKEY", 1) should be the answer.

However, with web3js and and metamask, I'm not sure how to get the "CURRENT_USER_PRIVATEKEY", since Metamask won't allow web3js to get the private key. In other StackOverflow posts, I found that we can hardcode this privatekey, but it's not ideal for a system with several users. What should I do to execute this transferFrom() function?

Here is my smart contract and code for the transaction:

async playerLoseMoney(){
    // Transfer money from player to the dealer
    const AMOUNT = 1;
    try{
      const contract = await this.getContract(erc20_abi_json);
      const computerChoice = await contract.methods.TransferFrom(
        "0x8a2a3a1dacF2B4b57734eB3DB71c33d3EBe263B6",
        "0xc00432E08770B9be73fB2303203B407d7B2E2cf2",
        AMOUNT
      ).call();
      alert("You lose 1 coin!")
    }catch(err){
      alert(err.stack);
      window.location.reload(); 
    }
  }

contract ERC20Token is IERC20 {
    ....
    function transferFrom(address owner, address buyer, uint256 numTokens) public returns(bool){
        require(numTokens <= balances[owner]);
        require(numTokens <= allowed[owner][msg.sender]);

        balances[owner] = balances[owner].sub(numTokens);
        allowed[owner][msg.sender] = allowed[owner][msg.sender].sub(numTokens);
        balances[buyer] = balances[buyer].add(numTokens);
        emit Transfer(owner, buyer, numTokens);
        return true;
    }
}
Yilmaz
  • 35,338
  • 10
  • 157
  • 202
VEvergarden
  • 105
  • 11
  • why do you need the private key? – Yilmaz Apr 16 '22 at 16:39
  • I thought it should be a private key rather than a public key? – VEvergarden Apr 16 '22 at 23:06
  • nope. not in this case. you probably used if you initalized hdwalletProvider, so you got confused – Yilmaz Apr 16 '22 at 23:33
  • Thanks Yilmaz, I used the public address as you said and it work correctly. Do you want to answer below so I can upvote you? Two follow up question: 1) If you just need public address, will it be to easy to steal token from other people? 2) How can web3.js recognise the dealer public address, if metamask does not give it? I had to import the dealer Private key into metamask so my web3js can recognise the dealer public IP address. – VEvergarden Apr 17 '22 at 03:02

1 Answers1

1

Private key gives you control of that account. So instead of using private key, erc20 implements allowance and approve. I explained them here: what approve and allowance methods are really doing in ERC20 Standard?

Basically your account address is allowing contract address for a specified token amount to be withdrawn.

So instead of passing private key, you should be passing the public address

Yilmaz
  • 35,338
  • 10
  • 157
  • 202