You’re EOS account is valuable – don’t break it

Cryptocurrency and blockchain is a relatively new technology, for some exciting and revolutionary, for others mysterious and even dangerous. EOS has the mission of making blockchain easy and accessible for the entire world, but there are still dangers.

TL;DR

When changing account permissions be cautious – if you put a dummy key, your own account, or an account that has no key, you could lose your account forever. Use due diligence and understand what you’re doing!

Blockchain doesn’t hold your hand

EOS contracts are written with “assert” statements that attempt to prevent “bad things” from happening. However, sometimes you can do an “acceptable” thing that has unintended consequences, or known consequences that you just simply weren’t aware of. Not everyone is an expert. That doesn’t mean be afraid, but it does mean educate yourself as much as possible.

ACCOUNT BREAKING actions that seem innocent

Screen Shot 2018-07-20 at 9.47.17 am.png

Settings active and owner permission to your own account

As seen at eosflare this poor soul used the eostoolkit to change his permissions to the account. What this means is there is no longer ANY keys associated with the account.

Normally when you set an “actor” (i.e. another account) as your permissions, the keys on THAT account can now control this one. If you set the permissions to your own account, there is suddenly no keys at all. This is the same as setting your account with dummy keys.

Screen Shot 2018-07-20 at 9.51.46 am.png

Screen Shot 2018-07-20 at 9.51.54 am.png

Circular account permissions

This poor soul created a new account from his genesis account, but later went on to set the permissions on his genesis account to the actor of the new account, and updated his new account to use the actor of his genesis account.

Because of this circular permission structure there is once again NO KEYS associated. Account permissions structures must always have PUBLIC KEYS at the starting stage of the permission structure.

Why was this allowed?

EOS allows you to set keys, accounts, and waits (timers) as your permission structure. You can also specify JSON that has a multisig combination of these. All of that is 100% ok.

EOS has no way of knowing if this “good action” will cause a “bad thing”. That’s up to you!

Screen Shot 2018-07-20 at 9.56.13 am.png

EOSToolkit and other wallets make things easy – for better and worse

When using eostoolkit.io permission changer you can specify both EOS public keys and EOS accounts in the active and owner permission. This is super powerful, super easy, and potentially super dangerous.

This is why its always especially important to verify your transaction in Scatter

Double check what you are actually doing!

Helping you help yourself

The eostoolkit.io will soon be adding the ability to use the toolkit on various testnets so you can test your actions before you do them on the mainnet. We hope this new upcoming feature will make everyone feel more confident in using the EOS network.