Content
@
0 reply
0 recast
0 reaction
Graeme
@graeme
Excited to share this channel on Farcaster. We're seeing a few projects building Farcaster Frames and integrating Stack points using the SDK. It takes a few minutes to set up, and it's a great combo! Check out the docs: https://docs.stack.so/points-system.html
1 reply
0 recast
6 reactions
jaybuidl.eth
@jaybuidl.eth
Real question: the track() operations running client side look easily abused, especially with the number of points passed directly. Is this mitigated in some way that I’m not seeing?
1 reply
0 recast
0 reaction
Graeme
@graeme
Can you be more specific about the issue you foresee with this? Isn’t this similar to running an alchemy client for example, with an API key that is specific to a domain?
1 reply
0 recast
0 reaction
Graeme
@graeme
Most of the cases we have seen so far involved backend assignment of points rather than fronted. If you want to limit by domain on frontend, we have this set up already in our infra and can ship an interface for setting this within 24 hours.
1 reply
0 recast
0 reaction
jaybuidl.eth
@jaybuidl.eth
Oh right running it server-side is safe indeed. Not sure why I was imagining the code examples running in the browser from reading the docs. Thanks for the reply!
1 reply
0 recast
1 reaction
Graeme
@graeme
It’s an extremely valid assumption that the event logging can happen in the browser and we’ve seen that already a few times. Just need to lock down the domain, like with the Alchemy example, to prevent abuse. We will ship an interface for this asap
1 reply
0 recast
0 reaction
jaybuidl.eth
@jaybuidl.eth
Locking down the origin and also some parameters where possible (eg contract addresses on Alchemy) helps a lot. Just gave Stack a follow 🫡
1 reply
0 recast
1 reaction
