How should I implement something like a faucet to give user tokens safely

I am working on a game-fi project. One key function is to give the user some reward in format of our own tokens when the user performs a certain activity in the game.

I came up with a few ways to do it, but I find each of them problematic.

  1. Create a public function in the token canister to collect reward (transfer a certain amount from the admin account to the caller’s account as reward). Then in the game frontend, call this function.
  2. Create a public function in the token canister with the receiver as a parameter and requiring the caller to be the admin account . Deploy a centralized API to hold the admin private key and to call this function.

I am not sure if I have explained it clearly. But I find the use case similar to “faucet”, which enables the users to collect some tokens.

I really appreciate what is the best practice here. I think it should be pretty common in game-fi related projects.

Thanks!

1 Like

I don’t think the first approach would work, because the game frontend won’t have permissions to transfer X tokens from an admin account to the caller’s account. (Only the admin can do that.)

What if the game frontend called some backend canister, which then checked if the reward conditions are met and if so calls the token canister to transfer X tokens from the admin account (owned by the backend canister) to the caller’s account?

2 Likes

I think this is a good idea, thanks!