TIP-624: Allow claimed vote reward sent to appointed address #624
Comments
|
This proposal will indeed increase the flexibility of withdrawing rewards. But I have a question, and sorry for not getting the point below. Withdrawing reward to self account or withdrawing reward to other address both needs to be signed by the account's privatekey. After the user withdraws the reward, then he/she can send the TRX to other address directly. So why does the user need to login to their account to access the claimed TRX? and why this proposal can eliminate the need for users to login to their accounts frequently? |
Hi! Thank you for your question. We apologize, we should've been clearer in our description. We'll update it. Currently, when rewards are claimed, they go to the owner account automatically. This is the case whether the claim rewards operation is done directly from the main account (A) or from an account (B) that has claim rewards permissions in the main account. This new operation (withdrawrewardsto) will make it possible for a user to claim rewards and send the trx to another address without the user logging into account A, as long as account A gives permission to account B to make this operation. With this new operation, the user just needs to login to account B and make this transaction in account A and send the trx to any account. |
Got it. That is reasonable, if an account B has the withdraw reward permission of account A, when the account B withdraws reward of account A, the TRX should can be into account B or any other specified account. A universal withdrawal reward API (withdrawrewardsto) will be more flexible. |
|
As I can see , this tip will eliminate the need for users to login to their accounts frequently, so why not give an option to withdraw the rewards automatically without any user logins? |
Hi! In order for an account to do any state-changing transaction on a blockchain, it has to authenticate itself by signing the transaction with its private key. If you are proposing voter rewards be sent to voting accounts automatically at the end of each voting period, that is a separate issue. This proposal suggests allowing voter rewards to be sent to any address by introducing a new operation type. |
|
If it is secure enough, this design aims to provide users with a more convenient way to claim rewards. |
Hi @CarlChaoCarl! In our opinion, this proposal increases security and facilitates account safe-guarding by making redundant the need to login to the voting account to access the claimed TRX. |
|
I don't think the addition of the |
Hi @yanghang8612! If we understood you correctly, the voting account needs to call this contract method to transfer the claimed trx to a different address. In this case, the user still needs to login to their voting account first to call this method, which is what our proposal aims to obviate. Please let us know if we interpreted your comment incorrectly. |
|
A user login is not required because the voting account referred to here is the contract account, not the account that initiated the method call. For instructions, the account that is operated on when the instruction is executed is actually the contract account. For example, when a voting instruction is executed, it is actually the contract account that casts the vote for the super representative. Since the contract is deployed on the chain, there is no way for it to initiate the voting operation on its own, so it needs an external account to initiate a voting transaction and interact with the contract so that the contract account can complete the voting operation. |
Got it. Thanks for the clarification. So, this is only when the voted TRX is on a contract, correct? Our proposal is mainly aimed at helping user owned external accounts claiming their TRX rewards to a different account. |
|
Great idea |
Hi @TokenGoodies, I'm not sure whether I understand your case right, will this work for your situation: account A also give the transfer permission to B, then after B claimed A's rewards, B make a transaction to transfer the rewards to another account. Maybe the permission authorization here is not rational. |
Hi @yuekun0707! Giving TRX transfer permission to account B is a big security risk if account B were to be compromised. The point of this proposal is to minimize account A compromise risk by doing the withdrawto operation from account B. In this case, even if B were to be compromised, it would have minimal impact on the security of account A. |
Yes, I agree with your point, transfer permission should be processed very carefully. Thus I think add a new System Contract to support this situation is reasonable. |
|
@TokenGoodies |
Hi @lxcmyf. The toAddress can be any user account address. If the owner account makes this transaction, there is no need for multi signature. The owner can however give multi signature access to this operation to other accounts so they can make this transaction and send the voter rewards to any address. We only mentioned multi signature in the description because we wanted to explain how the voter rewards can safely be transfered out of owner's account without using owner's private key. For the implementation of this new operation, the explanation on multi signature can be ignored since all current and future TRON operations can be accessed by other accounts through multi signature mechanism anyway. |
@TokenGoodies |
vivian1912
changed the title
|
@TokenGoodies |
Thank you! |
|
@TokenGoodies One concern is that the receiver_address is manually input, which raises the possibility of human error. While we can certainly validate the format of the address to ensure it meets the required standards, we cannot verify whether the address is trusted by the owner. In scenarios like payment deductions, for example, users typically select a recipient from a pre-approved or trusted list of bank accounts. Therefore, it would be ideal if the owner could have a list of trusted addresses that they can choose from when withdrawing their rewards. This way, there is less risk of funds being sent to an unintended or untrusted address. I would like to know your thoughts on this matter. Do you agree that implementing a trusted address list for the owner would enhance the security and trustworthiness of the withdrawbalanceto feature? If so, do you have any specific requirements or suggestions on how this list should be managed and maintained? I look forward to your feedback and ideas on this matter. Thank you for considering my concerns and for your valuable input. |
@lxcmyf, thank you for raising this concern; we appreciate your suggestions to improve this TIP. While security is always an important issue and one that this TIP is partly trying to address, we are not sure if maintaining a whitelist of approved recipients is the way to go for this operation. To us, this operation is no different than a regular TRX transfer from one account to another, except the TRX transferred is the unclaimed voter rewards TRX instead of available TRX in this case. Our philosophy is that blockchains should support transactions in their raw form and allow the wallet/dapp creators and centralized exchanges to implement additional security measures, like whitelists of recipients, if they want to. Since, currently, TRX from an account can be transferred to any account, and this new operation is essentially similar to a TRX transfer, we do not see a need to involve the complexity of maintaining a trusted address list for this operation. Thanks! |
|
@TokenGoodies |
|
@TokenGoodies |
@lxcmyf, this is fine. You can update the spec of this TIP to make the receiver address a mandatory field instead of optional, if that is what you are suggesting. |
@TokenGoodies |
Yes, this verification makes sense when the receiver address is the same as the owner address. Thank you for thinking through all the edge cases. |
Thank you, @lxcmyf ! Seeing as how it's been 4 months since this TIP was created, we'd like to do a quick refresher on what this TIP is about in the form of a few bullet points.
|
|
@TokenGoodies |
|
@TokenGoodies |
Hi @GuipaiQigong111! Yes, your understanding is correct. With this new operation type, passive TRON users can extract rewards without needing to login to their voting account and not worry about their accounts getting compromised on account of logging in frequently. |
|
@TokenGoodies It seems that what I was thinking is right. Thank you. |
Hi, @TokenGoodies! This proposal is quite useful, I'd like to know how you got these feedbacks from the holders? Do you have a platform or other ways? I think this is very beneficial for the ecological of TRON if we can get more feedbacks in the future. |
Thank you, @barbatos2011! |
Thank you very much for this information and look forward to your more proposals in the future. |
|
According to TIP-271 Solidity example and TIP-467 Solidity example, users can write smart contracts with stake/vote/reward withdrawal functionality on TRON. I think if you adopt this way of writing contracts to host your TRX assets, you will be able to implement customized stake/vote/reward withdrawal. |
Hi @yanghang8612! That only works if the TRX is on a smart contract. The majority of TRX in circulation is in individual user accounts. This proposal's aim is to reduce the risk of a user account compromise by natively providing a new operation type that the users can use to safely access their rewards without having to login to their main accounts. |
Yes, I understand your intent. There is practically no difference between a smart contract account and a individual user account except for the way the account is controlled. Benefitting from the unique instruction set in TVM, a smart contract account can do most of the operations of a individual user account by deploying a specific bytecode, such as TRX transfers, TRC10 transfers, TRC20 transfers, staking/unstaking, delegating/claiming resources, voting, reward withdrawal and so on. For existing individual users, they can transfer their assets to a smart contract account that is pre-deployed with a specific permission control, and then invoke the contract to perform the above operations. At the same time, users can customize different control permissions for different operations, which is more flexible compared with the native multi-signature permission control system on the chain. More recently, the ERC-4337: Account Abstraction can be considered to be introduced into the TRON network to bring better access experience to users. The ERC-4337 is very much in line with the solution I mentioned above. |
We are aware that this can be achieved through a contract, but if you look at the rationale we offered for making this proposal, you'll notice that the target audience are new/less-savvy TRON users who keep their TRX in their accounts and don't usually send it to a contract they know nothing about. Building contracts like these can in themselves be an attack vector where anyone can build a contract claiming to do this but which ends-up stealing user funds. Your mention of ERC-4337 which abstracts away the concept of an EOA is interesting, but most crypto users still believe in the maxim, "Not your keys, not your coins", and prefer to keep their assets in their accounts. The current withdraw rewards operation should've been implemented in a way where the extracted rewards can be sent to any address from the beginning. TRON consistently attracts new users in huge numbers and one of the unfortunate negative side-effects of TRON's popularity is that it is a prime target for scammers who target new entrants to the chain. Providing this functionality natively on chain will make one of the most frequently made operations more secure. |
|
@TokenGoodies Thanks for the explanation. I was just trying to provide an existing solution. Also, as you know, it takes a long process to propose a TIP that modifies the protocol on the TRON network to the point where it is implemented and activated on the mainnet. |
and others
Simple Summary
This TIP aims to extract vote rewards to any address that is specified.
Abstract
At present, the extraction of vote rewards is achieved by calling the/wallet/withdrawbalance interface to extract the rewards to the owner account. This TIP will add a new transaction type that supports extracting the rewards to any specified address.
Motivation
When an account initiates a vote rewards claim transaction, the rewards are claimed and deposited into the account. There are several advantages and security benefits to depositing the claimed rewards into any account and not just the owner account. One of the primary motivations for suggesting this feature is based on the feedback from TRON users on various workings of TRON. With the proliferation of questionable wallet apps and suspect contracts that compromise user accounts, there is a genuine concern among users for the security of their accounts. Wallet apps that have built up a great reputation can turn rogue - by design or by way of a hackable exploit - and empty out user accounts of even the most careful users.
TRON's multi-signature mechanism mostly eliminates this concern by letting the users configure access to allow select operations in their accounts from other accounts. Claiming vote rewards, however, is the only day-to-day operation done by TRON users and the multi-signature permission mechanism doesn't give as much flexibility as it does to other operations. Currently, if a user wants to utilize the claimed rewards, they'll need to log in to their account to access the claimed TRX. Allowing the claimed TRX to be deposited to any account will eliminate the need for users to log in frequently by making it possible to still claim their rewards from an account that is given multi-signature access for this new operation which reduces the risk of an account compromise.
With the rise of TRX value in recent months, and the favorable view institutions and a few governments are adopting towards crypto, there is a general willingness in the community to sit on their holdings for the long run. Providing a way for users to access their vote rewards without putting their account security on the line every time they log in would improve user confidence and will have an overall useful impact on TRON altogether.
Specifications
Add
wallet/withdrawbalancetoAPI, the user can call this API to extract vote rewards to any address.Params:
owner_address- address of transaction initiator, data type is stringreceiver_address- recipient address of vote rewards, is owner_ address by default if leave blank, data type is stringvisible- Whether the address is in base58 format, data type is boolReturns: unsigned transaction, data type is JSON string
Example:
The text was updated successfully, but these errors were encountered: