search

About TRON account permissions

hashtag
About TRON Account Permissions

hashtag
What Are TRON Permissions:

TRON account management is divided into Owner (administrator) and Active (operational permission).

Owner Permission: this is the highest level privilege of an account. It controls ownership, adjusts the permission structure, and can execute every smart contract.

Key characteristics of Owner permission include:

  1. An address that holds the OwnerPermission can modify the OwnerPermission information.

  2. When the OwnerPermission is empty, the account’s own address is treated as having owner permission by default.

  3. When a new account is created, the system automatically populates OwnerPermission with the account’s own address. The default threshold is 1, and the keys array contains only that account address with a weight of 1.

  4. This permission inherits every optional permission available to Active permissions.

Active Permission: this permission lets you define combinations of capabilities—for example, authorizing only account creation and transfer operations.

Key characteristics of Active permission include:

  1. An address with the OwnerPermission can modify Active permissions.

  2. An address that can execute the AccountPermissionUpdateContract may also modify Active permissions.

  3. Up to eight different combinations are supported.

  4. When a new account is created, an Active permission is generated automatically. The default threshold is 1, and the keys array contains only the account’s own address with a weight of 1.

hashtag
Usage Notes for TRON Permissions:

  1. Private key management: Whether it is an owner or active key, apply strict security measures. Use hardware wallets, cold storage, or encrypted devices, and avoid storing private keys on internet-connected devices.

  2. Multisignature: Where possible, enable multisignature on the owner permission so that multiple approvals are required to perform sensitive operations, thereby improving account security.

  3. Defending against attacks: Attacks on permissions generally fall into two categories. The first is proactive modification, where you intentionally adjust owner or active permissions through your wallet to gain full control over on-chain assets. The second is passive (malicious) modification, which usually happens after signing a transaction from a malicious link that silently alters your permissions.

  4. Operate with caution: Always double-check details and confirmation prompts before executing critical actions to avoid mistakes or scams that could lead to asset loss. TokenPocket provides pop-up alerts when TRON permissions are being elevated or modified, warning you when a malicious process is attempting to change your permissions.

hashtag
Common Scams Involving TRON Permissions:

  1. One-time-code recharge scams that lure users into executing links with malicious code under the guise of making TRC20 deposits.

  2. QR code scams, where scanning a code supplied by someone else opens a malicious link.

  3. Other TRC20 deposit-related scams.

TokenPocket provides pop-up warnings when TRON permissions are being elevated or modified. If malicious code is executed, you will see an alert indicating that your permissions are about to change. Whenever you encounter this kind of permission escalation warning, stop the authorization immediately, close the current operation, and send the link to [email protected]envelope. Our team will analyze the link and mark the risk accordingly.

Properly configuring TRON multisignature can effectively safeguard your assets. Refer to the TRON Multisig Wallet Creation Tutorialarrow-up-right for detailed guidance.

PreviousRegarding frozen USDT on the TRON network.NextTON Wallet

Last updated

Was this helpful?