tip: 534
title: Remove Vulnerable APIs
author: halibobo1205@gmail.com
discussions to: https://github.com/tronprotocol/TIPs/issues/534
status: Final
type: Standards Track
category: Core
created: 2023-04-14
Propose to remove potential vulnerable APIs.
Previously some APIs could lead to the leakage of sensitive information, such as private keys. Although developers have been advised not to make remote calls to these APIs, I think it is better to remove the relevant APIs for security concerns and mitigate risks for developers.
For network stability and user data security, I suggest deleting the relevant APIs.
The following APIs should be removed.
| API | Description |
|---|---|
| createaddress | create address by password |
| generateaddress | create address randomly |
| easytransfer | transfer TRX with password |
| easytransferbyprivate | transfer TRX with private key |
| easytransferasset | transfer asset with password |
| easytransferassetbyprivate | transfer asset with private key |
| gettransactionsign | sign transaction with private key |
| addtransactionsign | sign transaction with private key |
| API | Description |
|---|---|
| CreateAddress | create address by password |
| GenerateAddress | create address randomly |
| EasyTransfer | transfer TRX with password |
| EasyTransferByPrivate | transfer TRX with private key |
| EasyTransferAsset | transfer asset with password |
| EasyTransferAssetByPrivate | transfer asset with private key |
| GetTransactionSign | sign transaction with private key |
| GetTransactionSign2 | sign transaction with private key |
| AddSign | sign transaction with private key |
Vulnerable APIs may lead to the leakage of sensitive information, such as private keys.
Delete the relevant APIs.