Security

TIX Protocol implements multiple layers of security to prevent fraud, ensure ticket authenticity, and protect all participants.

Ownership Verification

Cryptographic Proof

Every ticket has a single, verified owner at any time:

  • Ownership is tied to a Solana public key

  • Transfers require cryptographic signatures from the owner

  • No possibility of duplicate or counterfeit tickets

┌─────────────────────────────────────────────────────────────┐
│                  OWNERSHIP VERIFICATION                     │
├─────────────────────────────────────────────────────────────┤
│                                                             │
│  Permit                         Verification                │
│  ┌─────────────────┐            ┌─────────────────┐         │
│  │ owner: 7xKz...  │ ◀────────▶ │ Wallet signs    │         │
│  │ status: Active  │            │ transaction     │         │
│  │ version: 3      │            └─────────────────┘         │
│  └─────────────────┘                                        │
│                                                             │
│  Only the owner (or authorized integrator) can transfer     │
│                                                             │
└─────────────────────────────────────────────────────────────┘

No Counterfeit Tickets

  • Each ticket ID exists exactly once per event

  • Tickets can only be created by authorized integrators

  • On-chain records are immutable and auditable

Listing Locks

When a ticket is listed for sale, it's "locked" to prevent double-spend scenarios.

Lock Mechanism

Double-Spend Prevention

The lock ensures:

  • A ticket can only be sold through one active listing

  • Direct transfers are blocked while a listing exists

  • Buyers are protected from receiving already-sold tickets

Version Tracking

Every permit has a version number that increments on any change.

Version Increment Events

Operation
Version Change

Initial issuance

0 → 1

Transfer

+1

Mark as used

+1

Mark as void

+1

Resale completion

+1

Stale Listing Protection

Listings store the expected permit version:

This prevents:

  • Buying a ticket that was transferred after listing

  • Purchasing a used/voided ticket

  • Race conditions in concurrent purchases

Integrator Controls

Suspended Integrator Restrictions

Action
Allowed?

Issue new tickets

Facilitate transfers

Create new events

Existing tickets still valid

Holders can still transfer

Authority Checks

Every instruction validates that the signer has appropriate authority:

Protocol-Level

Integrator-Level

Owner-Level

Error Codes

TIX Protocol returns specific error codes for security violations:

Error
Description

Unauthorized

Signature or authority mismatch

IntegratorSuspended

Integrator is not active

ListingActive

Cannot transfer while listing exists

ListingExpired

Listing has passed expiry time

ListingVersionMismatch

Permit changed since listing

PermitNotActive

Ticket is used or voided

NotPermitOwner

Signer doesn't own the permit

On-Chain Validation

Anchor constraints provide compile-time safety:

Best Practices

For Integrators

  1. Validate Users — Verify buyer identity before issuing tickets

  2. Monitor Activity — Watch for suspicious patterns (bulk purchases, rapid resales)

  3. Secure Keys — Protect integrator authority keys with HSMs or MPC

  4. Audit Logs — Maintain off-chain records of all operations

For Ticket Holders

  1. Secure Wallet — Use hardware wallets for valuable tickets

  2. Verify Listings — Check permit version before purchasing

  3. Check Expiry — Ensure listings haven't expired

  4. Direct Purchases — Buy through official integrator channels

PreviousFees & RoyaltiesNextGetting Started

Last updated