Security

TIX Protocol implements multiple layers of security to prevent fraud, ensure ticket authenticity, and protect all participants.

Ownership Verification

Cryptographic Proof

Every ticket has a single, verified owner at any time:

Ownership is tied to a Solana public key
Transfers require cryptographic signatures from the owner
No possibility of duplicate or counterfeit tickets

┌─────────────────────────────────────────────────────────────┐
│                  OWNERSHIP VERIFICATION                     │
├─────────────────────────────────────────────────────────────┤
│                                                             │
│  Permit                         Verification                │
│  ┌─────────────────┐            ┌─────────────────┐         │
│  │ owner: 7xKz...  │ ◀────────▶ │ Wallet signs    │         │
│  │ status: Active  │            │ transaction     │         │
│  │ version: 3      │            └─────────────────┘         │
│  └─────────────────┘                                        │
│                                                             │
│  Only the owner (or authorized integrator) can transfer     │
│                                                             │
└─────────────────────────────────────────────────────────────┘

No Counterfeit Tickets

Each ticket ID exists exactly once per event
Tickets can only be created by authorized integrators
On-chain records are immutable and auditable

Listing Locks

When a ticket is listed for sale, it's "locked" to prevent double-spend scenarios.

Lock Mechanism

┌─────────────────────────────────────────────────────────────┐
│                     LISTING LOCK FLOW                       │
├─────────────────────────────────────────────────────────────┤
│                                                             │
│  1. list_ticket                                             │
│     ├── Create Listing account                              │
│     ├── Set permit.padding[0] = 1 (locked)                  │
│     └── Store expiry in permit.padding[1..9]                │
│                                                             │
│  2. While locked:                                           │
│     ├── transfer_permit ❌ BLOCKED                          │
│     ├── list_ticket ❌ BLOCKED (already listed)             │
│     ├── accept_offer ✅ ALLOWED                             │
│     └── cancel_listing ✅ ALLOWED                           │
│                                                             │
│  3. On completion (accept/cancel):                          │
│     ├── Clear permit.padding[0] = 0 (unlocked)              │
│     └── Permit becomes transferable                         │
│                                                             │
└─────────────────────────────────────────────────────────────┘

Double-Spend Prevention

The lock ensures:

A ticket can only be sold through one active listing
Direct transfers are blocked while a listing exists
Buyers are protected from receiving already-sold tickets

Version Tracking

Every permit has a version number that increments on any change.

Version Increment Events

Operation

Version Change

Initial issuance

0 → 1

Transfer

Mark as used

Mark as void

Resale completion

Stale Listing Protection

Listings store the expected permit version:

// When listing is created
listing.permit_version = permit.version; // e.g., 3

// Between listing and purchase, permit changes
permit.version++; // Now 4

// On accept_offer
if (permit.version !== listing.permit_version) {
  // Version 4 ≠ 3
  throw Error("ListingVersionMismatch");
}

This prevents:

Buying a ticket that was transferred after listing
Purchasing a used/voided ticket
Race conditions in concurrent purchases

Integrator Controls

Suspended Integrator Restrictions

Action

Allowed?

Issue new tickets

❌

Facilitate transfers

❌

Create new events

❌

Existing tickets still valid

✅

Holders can still transfer

✅

Authority Checks

Every instruction validates that the signer has appropriate authority:

Protocol-Level

// Only protocol authority can:
// - Initialize protocol
// - Register/suspend integrators
// - Update protocol fees
constraint = authority.key() == protocol_config.authority

Integrator-Level

// Only integrator authority can:
// - Create events
// - Issue permits
// - Mark tickets used/void
constraint = authority.key() == integrator.authority

Owner-Level

// Only permit owner can:
// - List ticket for sale
// - Cancel own listing
constraint = signer.key() == permit.owner

Error Codes

TIX Protocol returns specific error codes for security violations:

Error

Description

Unauthorized

Signature or authority mismatch

IntegratorSuspended

Integrator is not active

ListingActive

Cannot transfer while listing exists

ListingExpired

Listing has passed expiry time

ListingVersionMismatch

Permit changed since listing

PermitNotActive

Ticket is used or voided

NotPermitOwner

Signer doesn't own the permit

On-Chain Validation

Anchor constraints provide compile-time safety:

#[derive(Accounts)]
pub struct TransferPermit<'info> {
    // Verify permit page belongs to event
    #[account(
        mut,
        seeds = [b"permit_page", event.key().as_ref(), &page_idx.to_le_bytes()],
        bump,
        has_one = event,
    )]
    pub permit_page: Account<'info, PermitPage>,

    // Verify integrator is active
    #[account(
        constraint = integrator.status == IntegratorStatus::Active
            @ ErrorCode::IntegratorSuspended
    )]
    pub integrator: Account<'info, Integrator>,

    // Signer must be owner or integrator authority
    #[account(
        constraint = signer.key() == permit.owner
            || signer.key() == integrator.authority
            @ ErrorCode::Unauthorized
    )]
    pub signer: Signer<'info>,
}

Best Practices

For Integrators

Validate Users — Verify buyer identity before issuing tickets
Monitor Activity — Watch for suspicious patterns (bulk purchases, rapid resales)
Secure Keys — Protect integrator authority keys with HSMs or MPC
Audit Logs — Maintain off-chain records of all operations

For Ticket Holders

Secure Wallet — Use hardware wallets for valuable tickets
Verify Listings — Check permit version before purchasing
Check Expiry — Ensure listings haven't expired
Direct Purchases — Buy through official integrator channels

PreviousFees & Royalties NextGetting Started

Last updated 1 month ago

Good night

hashtagOwnership Verification

hashtagCryptographic Proof

hashtagNo Counterfeit Tickets

hashtagListing Locks

hashtagLock Mechanism

hashtagDouble-Spend Prevention

hashtagVersion Tracking

hashtagVersion Increment Events

hashtagStale Listing Protection

hashtagIntegrator Controls

hashtagSuspended Integrator Restrictions

hashtagAuthority Checks

hashtagProtocol-Level

hashtagIntegrator-Level

hashtagOwner-Level

hashtagError Codes

hashtagOn-Chain Validation

hashtagBest Practices

hashtagFor Integrators

hashtagFor Ticket Holders