PSA: Don't break your EOS accounts!

in #eos6 years ago (edited)

You're EOS account is valuable - don't break it

Cryptocurrency and blockchain is a relatively new technology, for some exciting and revolutionary, for others mysterious and even dangerous. EOS has the mission of making blockchain easy and accessible for the entire world, but there are still dangers.

TL;DR

When changing account permissions be cautious - if you put a dummy key, your own account, or an account that has no key, you could lose your account forever. Use due diligence and understand what you're doing!

Blockchain doesn't hold your hand

EOS contracts are written with "assert" statements that attempt to prevent "bad things" from happening. However, sometimes you can do an "acceptable" thing that has unintended consequences, or known consequences that you just simply weren't aware of. Not everyone is an expert. That doesn't mean be afraid, but it does mean educate yourself as much as possible.

ACCOUNT BREAKING actions that seem innocent

Screen Shot 2018-07-20 at 9.47.17 am.png

Settings active and owner permission to your own account

As seen at eosflare this poor soul used the eostoolkit to change his permissions to the account. What this means is there is no longer ANY keys associated with the account.

Normally when you set an "actor" (i.e. another account) as your permissions, the keys on THAT account can now control this one. If you set the permissions to your own account, there is suddenly no keys at all. This is the same as setting your account with dummy keys.

Screen Shot 2018-07-20 at 9.51.46 am.png

Screen Shot 2018-07-20 at 9.51.54 am.png

Circular account permissions

This poor soul created a new account from his genesis account, but later went on to set the permissions on his genesis account to the actor of the new account, and updated his new account to use the actor of his genesis account.

Because of this circular permission structure there is once again NO KEYS associated. Account permissions structures must always have PUBLIC KEYS at the starting stage of the permission structure.

Why was this allowed?

EOS allows you to set keys, accounts, and waits (timers) as your permission structure. You can also specify JSON that has a multisig combination of these. All of that is 100% ok.

EOS has no way of knowing if this "good action" will cause a "bad thing". That's up to you!

Screen Shot 2018-07-20 at 9.56.13 am.png

EOSToolkit and other wallets make things easy - for better and worse

When using eostoolkit.io permission changer you can specify both EOS public keys and EOS accounts in the active and owner permission. This is super powerful, super easy, and potentially super dangerous.

This is why its always especially important to verify your transaction in Scatter

Double check what you are actually doing!

Helping you help yourself

The eostoolkit.io will soon be adding the ability to use the toolkit on various testnets so you can test your actions before you do them on the mainnet. We hope this new upcoming feature will make everyone feel more confident in using the EOS network.

About Us

GenerEOS is a social enterprise block producing candidate with a mission of promoting and supporting scalable and highly reliable block production whilst giving back block rewards to charities.

Based out of Sydney, Australia, GenerEOS is founded by a team of like minded blockchain enthusiasts with diverse backgrounds and a passion to make a difference in the world and fostering the spirit of generosity by giving back.

GenerEOS: Helping EOS Change the World

Public Presence

Website: https://www.genereos.io
Twitter: https://twitter.com/genereossydney
Steem: https://steemit.com/@genereos
Telegram: https://t.me/generEOS
Reddit: https://www.reddit.com/user/GenerEOS
Github: https://github.com/generEOS
Medium: https://medium.com/@generEOS
Facebook: https://www.facebook.com/generEOS

Sort:  

Also, the "!Allergy advice..." 😂

haha thats right

What is an EOS account?

EOS, tokens are held in accounts, not by the keys themselves. ... The EOS Active Key and the EOS Owner Key work as passwords in EOS to unlock and use an EOS account. The difference is the Owner Key acts as the "master password" and can be used to reset the keys associated with an account.

Sorry, that explains exactly nothing to me. Never mind though
I'm ignorant of this stuff, so when I asked "What is an EOS
Account" I assumed you'd begin be saying what EOS
Stands for. See, ignorant. Thanks anyway. ♥

EOS is another, 'new' cryptocurrency ... and just like you have a STEEM account, same thing with EOS... both blockchains require accounts in order for you to interact with them.

EOS doesn't stand for anything in particular, I think Eos is some Greek Goddess ... but beyond that can't tell you too much, ther than EOS is founded by the same person who made Steem and Bitshares, @dan Larimer...

Okay thanks.
In Greek mythology, Eos "dawn", pronounced [ɛːɔ̌ːs] or [héɔːs] is a Titaness and the goddess of the dawn, who rose each morning from her home at the edge of the Oceanus.

Eos had a brother and a sister, Helios, god of the sun, and Selene, goddess of the moon.

I thought if your are going to be promoting this new thing, you should know the history of the name. ☺

It means absolute care has to be taken and sort professional advice in any technical applicational device issues and programs

Yes that right if in doubt feel free to ask up for help, our telegram group has been great for general advice as well

https://t.me/generEOS

Is there any way that these type of things can be prevented by user interface design or something for the average user? Wouldn't want to dumb down the blockchain to the lowest possible foolish mistake but eliminate mistakes like that by innocent users? How can mainstream adoption ever happen when users need to understand these things which aren't valuable to them if they just want to use an app for example?

When it comes to mass-adoption, it's a bit of a trade off... like the article says, 'Blockchain doesn't hold your hand' and requires much more accountability and responsibility when it comes to dealing with your private keys, security etc. and come to think of it, you're right... many people just aren't prepared/capable of this... many people of course have lost funds because of misplaced private keys, scams, security compromises, etc... But it's going to require people to learn some things... otherwise things will just remain as they are, with people not being in direct control of their own finances, as well as of course those finances being slowly skimmed off through various fees/taxes etc...

And at the end of the day, though it's not that complicated, it's easy for me to say though. But while things are starting to become more 'user friendly,' you bring up some great points; How to give people options to do what they need to do but eliminate 'errors' such as this. I think the wallet would have to be 'aware' of both wallet in this case in order to prevent such a 'circular permission structure;' Amazing how much damage simple human errors can cause haha. Unfortunately for the person who's accounts got lost, I hope they didn't lose much. This sort of thing can help drive forward innovation, as people encounter all the weird 'use-cases' that can bring about unwanted results... such as that time a couple of weeks ago when the whole steem blockchain went down for a bit because of one invalid transaction. Thankfully the system was designed to stop but some other things may not be so preventable, such as users fiddling with their account permissions! 😱

And I only have a very basic understanding of this stuff, hats off to all the programmers, engineers, developers etc. this stuff is really insane, quite crazy to think of how far people have come in the past number of years! Like the technology in your average smartphone is beyond what they had for the entire freaking Appllo missions... and while we've come a long way, we've still got a long way to go in terms of living in harmony with each other as well as our planet our home... a lot of naysayers out there and it's easy to get down sometimes but still-this is the most exciting time to be alive.🙂

I need to look into this.

Another excellent article that focuses solely on helping the members of the eos community. That's why we love recommending you in our list of top 30 block producers. https://steemit.com/eos/@datajunky/eos-watchdogs-proxy-vote-with-the-wisdom-of-the-crowd

Thank's for your good post. I follow you, please follow me, sir. I'm totally new to Steemit. Hope you will follow me and help me get filled up by Upvoting. Thank you so much.