Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Enhancing Permission Security in Tron #676

Open
zonanaza opened this issue Sep 4, 2024 · 4 comments
Open

Enhancing Permission Security in Tron #676

zonanaza opened this issue Sep 4, 2024 · 4 comments

Comments

@zonanaza
Copy link

zonanaza commented Sep 4, 2024

Context: The increasing number of phishing attacks through cloned websites offering fake airdrops or rewards is compromising the security of Tron accounts. Users unknowingly delegate full control of their accounts to malicious actors by signing transactions, losing control despite still holding the private keys.

Problem: Currently, when the Owner permission is delegated to another account, the original private key holder cannot recover control. This issue not only impacts individual users targeted by scams but also affects businesses using multisignature systems. If an employee with critical permissions leaves the company, the original account owner cannot revoke those permissions, leaving the account vulnerable.

Practical Examples:

Phishing Attacks: A user signs a transaction to claim an airdrop but unknowingly delegates the Owner permission to a fraudulent account, losing access to their account.
Business Management: In a multisignature setup, if an employee leaves and has delegated permissions, the account remains exposed if those permissions cannot be revoked.
Proposed Improvement: Introduce a feature allowing the private key holder to reverse any permission updates, including the Owner permission. This would ensure that the legitimate account owner retains ultimate control over the account.

Justification:

User Security: Protect users from phishing scams and frauds that could result in the loss of control over their accounts.
Business Flexibility: Enable businesses to manage multisignature systems more efficiently, maintaining control over permissions even in case of personnel changes.
Increased Trust in Tron: Strengthening control over permissions will enhance the platform’s security and boost user confidence, making Tron more resilient against attacks.
Conclusion: The private key holder must have the ultimate authority to revoke any permission, ensuring they always retain full control of the account. This improvement would protect users from phishing attacks and enhance overall security for assets managed in Tron, offering more effective and secure account management.

@tomatoishealthy
Copy link
Contributor

Very valuable point, but I have some different views on the scope of private key permissions:

Problem 1: From the perspective of general multi-signature usage scenarios, if an address is a multi-signature account, it will not be allowed for an administrator address to skip multi-signatures and directly manipulate the address. I personally think that the first problem is not in line with the spirit of decentralization and blockchain.

Considering that users may indeed lose their permissions without knowing it, an optimization solution that can be considered is to emphasize transactions involving permission changes through the wallet UI so that users understand the risks of each operation.

Problem 2: I understand that it is also a general multi-signature usage scenario, and even multi-signature addresses on other chains will also face the problem of permission delegation.

The workflow of TRON's multi-signature can be simply understood as TRON abstracting a permission layer for the address, that is, the user set in the permission has the address permission, each user has a permission weight, and the permission defines the minimum weight threshold for manipulating the address. In other words: ignore the inactive user, as long as the weight of the remaining other users exceeds the specified threshold, they can delete the inactive user, so as long as the address permissions are properly allocated, there will be no problem. This problem is mainly a weight management issue, not a problem with TRON itself.

@zeusoo001
Copy link

@zonanaza There are pros and cons. If the private key holder has the final power to revoke any permissions, if the private key is stolen, the assets will be lost.

@KrisdiaPaul
Copy link

@zonanaza I completely agree with your point about the problems caused by losing permissions, and I am also thinking about it. Strengthening the private key holder was once an idea that I thought of, but I quickly rejected it. It just involves more problems and none of block chain multi-signature method allow this.

@halibobo1205
Copy link
Contributor

Add permission for a limited period, e.g. 1 year by default?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

5 participants