You’re EOS account is valuable – don’t break it
Cryptocurrency and blockchain is a relatively new technology, for some exciting and revolutionary, for others mysterious and even dangerous. EOS has the mission of making blockchain easy and accessible for the entire world, but there are still dangers.
TL;DR
When changing account permissions be cautious – if you put a dummy key, your own account, or an account that has no key, you could lose your account forever. Use due diligence and understand what you’re doing!
Blockchain doesn’t hold your hand
EOS contracts are written with “assert” statements that attempt to prevent “bad things” from happening. However, sometimes you can do an “acceptable” thing that has unintended consequences, or known consequences that you just simply weren’t aware of. Not everyone is an expert. That doesn’t mean be afraid, but it does mean educate yourself as much as possible.
ACCOUNT BREAKING actions that seem innocent
Settings active and owner permission to your own account
As seen at eosflare this poor soul used the eostoolkit to change his permissions to the account. What this means is there is no longer ANY keys associated with the account.
Normally when you set an “actor” (i.e. another account) as your permissions, the keys on THAT account can now control this one. If you set the permissions to your own account, there is suddenly no keys at all. This is the same as setting your account with dummy keys.
Circular account permissions
This poor soul created a new account from his genesis account, but later went on to set the permissions on his genesis account to the actor of the new account, and updated his new account to use the actor of his genesis account.
Because of this circular permission structure there is once again NO KEYS associated. Account permissions structures must always have PUBLIC KEYS at the starting stage of the permission structure.
Why was this allowed?
EOS allows you to set keys, accounts, and waits (timers) as your permission structure. You can also specify JSON that has a multisig combination of these. All of that is 100% ok.
EOS has no way of knowing if this “good action” will cause a “bad thing”. That’s up to you!
EOSToolkit and other wallets make things easy – for better and worse
When using eostoolkit.io permission changer you can specify both EOS public keys and EOS accounts in the active and owner permission. This is super powerful, super easy, and potentially super dangerous.
This is why its always especially important to verify your transaction in Scatter
Double check what you are actually doing!
Helping you help yourself
The eostoolkit.io will soon be adding the ability to use the toolkit on various testnets so you can test your actions before you do them on the mainnet. We hope this new upcoming feature will make everyone feel more confident in using the EOS network.
Hi,
Can you tell me if I changing my owner key affect my airdrops?
Is the Genesis snapshot linked to my account name, my owner key, my active key, or a combination of these 3?
I want to be Absolutely sure that I am not forfeiting any drops by changing my keys
Thanks
Hi Jiame,
Changing your keys should not affect your airdrops. The snapshot should be linked to your EOS account name
Cheers
Tom
GenerEOS