🔐 Admin Control in TON Stablecoins: What Every User Must Know

🧭 Introduction

One day I needed to choose a stablecoin for use in one of my startups.

Initially, I had only two options:

• Tether USD (USDT)
• Ethena USDe

They are the most popular stablecoins on the TON blockchain.

To make a proper decision, I decided to explore their source codes.

I was surprised when I saw that admins of these contracts are able to perform operations that can potentially lead to loss of user funds and that go beyond standard fungible token functionality.

---

🛡️ Stablecoin Admin Permissions

I explored the following smart contracts in detail:

• TON Standard Jetton contracts
• TON Standard Stablecoin contracts
• Tether USD contracts
• Ethena USDe contracts

Both stablecoins are based on the stablecoin sample smart contract from the TON Foundation GitHub:

https://github.com/ton-blockchain/stablecoin-contract

In the README file of the repository, we can find the following text:

This project was created to allow users to exchange and buy assets in the TON DeFi ecosystem for a jetton (token or currency) that is not subject to volatile fluctuations.

To meet regulatory requirements, the issuer of the tokens must have additional control over the tokens.

Thus this jetton represents a standard TON jetton smart contract with additional functionality:

• Admin of jetton can make transfers from user's jetton wallet.
• Admin of jetton can burn user's jettons.
• Admin of jetton can lock/unlock user's jetton wallet (set_status). Admin can make transfer and burn even if wallet locked.
• Admin of jetton can change jetton-minter code and its full data.

I intentionally made the “To meet regulatory requirements” excerpt bold.

I think all stablecoins, in order to work normally without restrictions around the world, have to include the operations mentioned above.

But users have to be aware of that — they do not have full, exclusive control over their funds.

---

⚙️ Implementation Details

USDT contracts’ code is identical to the standard stablecoin contract.

USDe contracts’ code differs slightly in burn and mint mechanics, but in terms of regulatory features, they are the same.

If we look at the code, we will see the following operations that the admin can perform in a jetton wallet contract:

• transfer
• burn
• set_status

Compared with the standard jetton contract, the standard stablecoin contract has an additional field named status.

So now every wallet smart contract has a status.

There are 4 statuses:

• Status = 0 — No restrictions. The owner can transfer and receive funds. (Default status)
• Status = 1 — User cannot send funds from the wallet.
• Status = 2 — User cannot receive funds to the wallet.
• Status = 3 — User cannot either send or receive funds.

The admin of the stablecoin can set any status for any wallet.

Even if a wallet is locked for sending funds, the admin of the jetton can still transfer.

But if a wallet is locked for receiving funds, no one can send funds to that wallet, including the admin.

---

🔥 Important Difference from Standard Jetton

In a stablecoin wallet, only the admin of the jetton can burn funds.

In the standard jetton contract, only the owner of the wallet can burn jettons.

This is a critical architectural difference.

---

🧾 Conclusion

I think it’s acceptable that an admin can perform some regulatory functions on a stablecoin user’s wallet.

But users must be aware of these mechanics.

Stablecoins on TON are not purely owner-controlled assets — they are controlled assets with administrative override.

Understanding this distinction is critical when choosing which stablecoin to trust and use.