tip-534.md
April 3, 2025 ยท View on GitHub
tip: 534
title: Remove Vulnerable APIs
author: halibobo1205@gmail.com
discussions to: https://github.com/tronprotocol/TIPs/issues/534
status: Final
type: Standards Track
category: Core
created: 2023-04-14
Simple Summary
Propose to remove potential vulnerable APIs.
Abstract
Previously some APIs could lead to the leakage of sensitive information, such as private keys. Although developers have been advised not to make remote calls to these APIs, I think it is better to remove the relevant APIs for security concerns and mitigate risks for developers.
Motivation
For network stability and user data security, I suggest deleting the relevant APIs.
Specification
The following APIs should be removed.
1. HTTP
| API | Description |
|---|---|
| createaddress | create address by password |
| generateaddress | create address randomly |
| easytransfer | transfer TRX with password |
| easytransferbyprivate | transfer TRX with private key |
| easytransferasset | transfer asset with password |
| easytransferassetbyprivate | transfer asset with private key |
| gettransactionsign | sign transaction with private key |
| addtransactionsign | sign transaction with private key |
2. gGRPC
| API | Description |
|---|---|
| CreateAddress | create address by password |
| GenerateAddress | create address randomly |
| EasyTransfer | transfer TRX with password |
| EasyTransferByPrivate | transfer TRX with private key |
| EasyTransferAsset | transfer asset with password |
| EasyTransferAssetByPrivate | transfer asset with private key |
| GetTransactionSign | sign transaction with private key |
| GetTransactionSign2 | sign transaction with private key |
| AddSign | sign transaction with private key |
Rationale
Vulnerable APIs may lead to the leakage of sensitive information, such as private keys.
Implementation
Delete the relevant APIs.
Copyright
Copyright and related rights waived via CC0.