Skip to content

Latest commit

 

History

History
63 lines (46 loc) · 1.86 KB

tip-534.md

File metadata and controls

63 lines (46 loc) · 1.86 KB
tip: 534
title: Remove Vulnerable APIs	
author: [email protected]
discussions to: https://github.com/tronprotocol/TIPs/issues/534
status: Final
type: Standards Track
category: Core
created: 2023-04-14

Simple Summary

Propose to remove potential vulnerable APIs.

Abstract

Previously some APIs could lead to the leakage of sensitive information, such as private keys. Although developers have been advised not to make remote calls to these APIs, I think it is better to remove the relevant APIs for security concerns and mitigate risks for developers.

Motivation

For network stability and user data security, I suggest deleting the relevant APIs.

Specification

The following APIs should be removed.

1. HTTP

API Description
createaddress create address by password
generateaddress create address randomly
easytransfer transfer TRX with password
easytransferbyprivate transfer TRX with private key
easytransferasset transfer asset with password
easytransferassetbyprivate transfer asset with private key
gettransactionsign sign transaction with private key
addtransactionsign sign transaction with private key

2. gGRPC

API Description
CreateAddress create address by password
GenerateAddress create address randomly
EasyTransfer transfer TRX with password
EasyTransferByPrivate transfer TRX with private key
EasyTransferAsset transfer asset with password
EasyTransferAssetByPrivate transfer asset with private key
GetTransactionSign sign transaction with private key
GetTransactionSign2 sign transaction with private key
AddSign sign transaction with private key

Rationale

Vulnerable APIs may lead to the leakage of sensitive information, such as private keys.

Implementation

Delete the relevant APIs.