TRC20 signature validation: "not contained of permission" error with address mismatch (TRX works, USDT fails)

[slaenov]

Software Versions

Note: I apologize for posting a Go implementation question in the Java TRON repository. While Go implementations exist, I'm following the official TRON documentation and API specifications, yet encountering this protocol-level signature validation issue. I'm hoping the core protocol experts here can help understand the TRON-specific signature validation differences between TRX and TRC20 transactions.

Client: Custom Go implementation using TRON API
TRON Network: Testnet
API Endpoint: TronGrid
Crypto Library: go-ethereum/crypto (latest)

Expected behaviour

TRC20 (USDT) token transfers should be signed and accepted by the TRON network using standard ECDSA signature, similar to how native TRX transfers work with the same signing implementation.

Actual behaviour

TRC20 transfers fail with signature validation error:
API error: Validate signature error: cc1de6c85da363c051ca6206a957b49a741fc1325ea6f03ec3c781886ebacbd80eff1e73d8072a9bc3e6058bf8c6043c72b0b369479cc7e25472115c388c93dc1c is signed by TJSabY59bePRMUpERghYKvfNrD8ZbYuq4Y but it is not contained of permission.

Key Issue: The address in the error (TJSabY59bePRMUpERghYKvfNrD8ZbYuq4Y) doesn't match either sender or recipient address.

Frequency

100% - Every TRC20 (USDT) transfer attempt fails with this error, while TRX transfers work perfectly.

Steps to reproduce the behaviour

1. Create TRC20 (USDT) transfer transaction using TronGrid API triggersmartcontract
2. Extract raw_data from transaction response, serialize to protobuf bytes
3. Calculate SHA256 hash of the raw_data bytes
4. Sign hash using go-ethereum/crypto ECDSA implementation
5. Add signature to transaction and broadcast via TronGrid
6. Observe signature validation error

Files to reproduce the error: https://gist.github.com/slaenov/1676ac20fc9f5cdd4989b562850162d3

TRON-Specific Questions

• Is there a difference in permission requirements between TRX and TRC20 signature validation?
• Could this be related to TRON's account permission model or multisig features?
• Are there specific requirements for TRC20 smart contract transaction signing that differ from native transfers?

Cross-References

Also investigating on:

• Stack Overflow: https://stackoverflow.com/staging-ground/79723675
• ethereum/go-ethereum: TRON TRC20 (USDT) "Validate signature error" when using go-ethereum/crypto for signing ethereum/go-ethereum#32331

[King31T]

You mentioned that Key Issue: The address in the error TJSabY59bePRMUpERghYKvfNrD8ZbYuq4Y doesn't match either sender or recipient address. So firstly, make sure whether the private key you used to sign is the private key of the sender address in your usdt transfer transaction.

[slaenov]

You mentioned that Key Issue: The address in the error TJSabY59bePRMUpERghYKvfNrD8ZbYuq4Y doesn't match either sender or recipient address. So firstly, make sure whether the private key you used to sign is the private key of the sender address in your usdt transfer transaction.

Thank you. That's not it. It's deeper here (I consider). tronweb works like clockwork. there may be a problem with the go-lib. TJSabY59bePRMUpERghYKvfNrD8ZbYuq4Y - these addresses always fly to the console in different ways (which is also a mystery). With the same private key. That's not the mistake. There's nothing wrong with the addresses.

[waynercheung]

API error: Validate signature error: cc1de6c85da363c051ca6206a957b49a741fc1325ea6f03ec3c781886ebacbd80eff1e73d8072a9bc3e6058bf8c6043c72b0b369479cc7e25472115c388c93dc1c is signed by TJSabY59bePRMUpERghYKvfNrD8ZbYuq4Y but it is not contained of permission.

Hi @slaenov , according to the error you mentioned, it appears to be related to multisig permissions. Please provide the failed transaction information, including the owner address.
Is the address TJSabY59bePRMUpERghYKvfNrD8ZbYuq4Y the one you used for signing?
Does it match the transaction's from (owner) address?

Besides, you can get the detailed permission information from https://nile.tronscan.org/#/address/[ADDRESS]/permissions to check which account has the owner permission.

[slaenov]

API error: Validate signature error: cc1de6c85da363c051ca6206a957b49a741fc1325ea6f03ec3c781886ebacbd80eff1e73d8072a9bc3e6058bf8c6043c72b0b369479cc7e25472115c388c93dc1c is signed by TJSabY59bePRMUpERghYKvfNrD8ZbYuq4Y but it is not contained of permission.

Hi @slaenov , according to the error you mentioned, it appears to be related to multisig permissions. Please provide the failed transaction information, including the owner address. Is the address TJSabY59bePRMUpERghYKvfNrD8ZbYuq4Y the one you used for signing? Does it match the transaction's from (owner) address?

Besides, you can get the detailed permission information from https://nile.tronscan.org/#/address/[ADDRESS]/permissions to check which account has the owner permission.

Thanks for the reply. Permissions have nothing to do with it. I can't remember the address or anything right now. There is key point here: we run the code that I attached (see -> Files to reproduce the error: https://gist.github.com/slaenov/1676ac20fc9f5cdd4989b562850162d3), and we get from console: 1. different addresses with ever new iteration that are unrelated to my addresses (what's with the one I'm sending from, what's with the one I'm sending to). 2. Signature error. the solution was found by installing https://github.com/ethereum/go-ethereum with the latest commit (they have a mess in the documentation and the corresponding versions). If we take it from the last commit, then the transaction is subscribed.