A reference for TRC-20 approvals, calldata, AML signals, phishing patterns, risk scores, and other on-chain concepts you encounter in the TRONSEC terminal.
TRON is a high-throughput public blockchain launched in 2018. TRX is its native cryptocurrency — used to pay fees, stake for network resources, and vote for Super Representatives.
TRONSEC analyzes TRON Mainnet only (chain ID used by TronGrid and TronScan). Testnets and other chains are out of scope.
TRC-20 is TRON's standard for fungible tokens — the equivalent of ERC-20 on Ethereum. Every TRC-20 is a smart contract exposing transfer(), balanceOf(), approve(), and allowance().
When you hold USDT on TRON, your wallet balance is a number inside the USDT contract — not TRX. Swaps, transfers, and drains all happen through TRC-20 calls that TRONSEC can decode and flag.
Wallet scannerA token approval lets a spender contract pull a specific TRC-20 from your wallet without you signing each transfer. You call approve(spender, amount) once; the spender later calls transferFrom().
Approvals are the #1 silent drain vector on TRON: a malicious or compromised dApp can empty approved tokens months after you interacted with it. TRONSEC lists active spenders and allowance sizes per token.
Approvals monitorAn unlimited approval sets allowance to 2²⁵⁶−1 — the maximum uint256 value. dApps request this so users never re-approve, but it means the spender can take your entire token balance at any time.
Best practice: approve only what you need, revoke unused spenders, and treat unlimited USDT approvals to unknown contracts as critical risk. The approvals monitor highlights uint256-max allowances in red.
Approvals monitorA smart contract is bytecode deployed at a TRON address. It can hold TRX and TRC-20, execute logic on incoming calls, and emit events visible on TronScan.
TRONSEC contract scan checks for proxy patterns, mint functions, owner-only controls, unverified bytecode, and ABI entries that commonly appear in honeypots and rug pulls — without executing the contract.
Contract scanTXID (transaction ID) is the unique 64-character hex hash of a TRON transaction. It appears in wallets, TronScan URLs, and block explorer APIs — paste it into the TX decoder to inspect what you are about to sign.
The same TXID is used across all indexers. If a transaction fails on-chain it still has a TXID, but state changes are reverted — the decoder shows intent even for failed txs.
TX decoderCalldata is the payload of a contract call — usually ABI-encoded hex specifying which function to run and with what arguments. Wallets often hide this behind a one-line summary.
TRONSEC maps calldata to method names like transfer, approve, increaseAllowance, and swapExactTokensForTokens, with decoded addresses and amounts — so you can spot a hidden approval inside a "claim reward" transaction.
TX decoderAML screening in TRONSEC means cross-checking an address against public scam reports, community watchlists, and heuristic fund-flow patterns — not a regulated identity check.
High-risk labels (sanctions-adjacent tags, mixer exposure, peel chains) increase the wallet score. TRONSEC shows why a flag fired and links to the underlying public source when available.
AML risk checkA phishing dApp is a website or Telegram mini-app that clones a real TRON service — SunSwap, staking portals, airdrop claim pages — to trick you into signing approvals or revealing a seed phrase.
TRONSEC phishing scanner matches domain typosquats, newly registered lookalikes, wallet-drainer JS patterns, and URLs reported via the community scam module.
Phishing scannerThe TRONSEC watchlist is a community-sourced set of scam addresses, drainer contracts, and malicious domains aggregated from user reports and public blocklists.
A single watchlist hit does not prove guilt — it raises priority for manual review. Scores weight confirmed community reports higher than heuristic matches.
Docs — WatchlistThe wallet risk score is a 0–100 composite of on-chain signals: watchlist exposure, approval hygiene, interaction with flagged contracts, account age, and inbound/outbound patterns.
Scores are heuristic, not legal verdicts. A low score does not guarantee safety; a high score means more red flags fired and deserves extra caution before sending funds.
Docs — MethodologyRead-only means TRONSEC queries public chain data via TronGrid and TronScan — it never receives your private key, cannot sign transactions, and does not custody assets.
You can verify this by opening DevTools → Network while scanning: requests go to public TRON APIs, not a TRONSEC backend holding your address.
Security modelBandwidth pays for simple transfers and account creation; energy pays for smart-contract execution. Both can be obtained by freezing TRX or rented from the market.
When energy is insufficient, TRX is burned automatically — expensive during congestion. Network analytics shows live burn rate, energy price, and TPS so you can time heavy contract interactions.
Network analyticsTronGrid is the official JSON-RPC / REST gateway to TRON nodes, used for balances, transactions, and contract calls. TronScan is a block explorer with labels, verification status, and human-readable contract pages.
TRONSEC combines both: TronGrid for raw data throughput, TronScan for contract names, token logos, and verified-source metadata that improves decoder output.
A proxy contract separates storage from logic: users interact with a stable proxy address while an owner can point it to new implementation bytecode — enabling upgrades without migrating user approvals.
Malicious proxies can swap implementation to a drainer overnight. TRONSEC flags proxy patterns, uninitialized implementations, and upgrade events in contract scan and TX decoder output.
Contract scan