ton-blockchain / bug-bounty Goto Github PK

Admins can access user wallet and make transfers out,many errors with this

0. Address for test: EQADXaOqEmIzxvJBN9oQeaNYEA9Q5EBIYxQUYF7uM6InWJCr
1. Copy the address of the nominator from the website via Android from page
   https://tonwhales.com/staking/pool/EQCY4M6TZYnOMnGBQlqi_nyeaIB1LeBFfGgP4uXQ1VWhales
2. Send TON for staking (the case when the transaction will be processed longer)
3. -NaN TON + automatically changed transaction history in tonkeeper

Android 12
Samsung A71
Tonkeeper 2.6.1
Google Chrome Mobile

If you try to add funds to wallet using the P2P market snd you select bank Transfer or sepa instant there must be a extra field with the seller name because the buyers need this information to make the bank Transfer.

From the point of view of a buyer if you select bank Transfer or sepa instant and you create a order and the seller approve the order, after that you get the bank account details of the seller , but you not get the bank account benefitiary name to attach at the bank Transfer and It is needed , you only get the bank account , and you need to get the bank benefitiary name to use when you make the bank Transfer to seller (there must be a extra field to buyers with this information)

Exploring fragment.com. I decided to check out addresses that were placing huge bets on usernames. Looking at the history of transactions, I saw that all these incredible sums of money were received during the testnet. It turns out that the addresses that received funds in the testnet can now use them in the mainnet, I think this is ridiculous. How could Telegram make such a mistake? Telegram should reset these wallets. It can ruin TON market.

https://tonapi.io/account/Ef_p-2q8gqO0fORaf60CAvW0gFo9EM0Fq7tD94G-6U8V5Hf_
https://tonapi.io/transaction/afedab3bd94ae9d553719fde6239b687eb0c8cc0c4e0d7dc890f0afb9c0ae982
https://tonapi.io/account/Ef8zMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzM0vF
hash afedab3bd94ae9d553719fde6239b687eb0c8cc0c4e0d7dc890f0afb9c0ae982
https://imgur.com/a/gY1O9Rl
https://explorer.toncoin.org/transaction?account=-1:67358ebd4b7fe178105252da474612338e3a98d0286e81ea9b59c406b468fe81&lt=8272373000001&hash=afedab3bd94ae9d553719fde6239b687eb0c8cc0c4e0d7dc890f0afb9c0ae982

https://tonapi.io/account/Ef8acpBAmfTonu2kfXjx7qP7cEPqbLPm5W8niVXaQOjV0yBJ
https://tonapi.io/account/Ef95yO_AT7oi4M2Py55spUTC9_g161nl7FerluhWZfkNv3bM
https://tonapi.io/account/Ef-zqJWZh3JddLCyNQHuAmsNL1Ra9DmAusPHDJxGolDSfFwE
https://tonapi.io/account/Ef-exuKIGuFDFVB0ldQzCJxVV6U-YT4B3nrg1VE8Mj1yOEp0

Whem you create a ad and you want to access to the ads panel from a smartphone there is a bug if you try to push the options button

See photo , after push the campaing options button the options list do not appear (only froms smartphones)

Hello, the problem is as follows : my phone number is +7 903 448-44-87, my nickname is Ambassadors_Telegram , has been blocked by your service!!!! This phone number has been mine for over 5 years! It's registered to me! I am the owner of this asset!  Telegram messenger stored a huge number of photos, videos, PDF files, documents, presentations, my groups and channels with a huge amount of content and information, and also had my wallet and TON wallet with a positive balance! How can I store a TON in telegram if you blocked and stole my money, I want to note that I do not understand on what basis my phone numbers were blocked. I estimate the cost of the damage at $ 1,000,000,000 based on the value and importance of everything that was stored there . I have repeatedly tried to write letters to you through all available communication channels that you provide on the official website ton.org/ru and through the telegram channel, today the time is 3 months as I try to contact the support service, to understand the reason for blocking my account, both the Russian and Dubai numbers +971524772060. Nickname is your privacy .  where all my correspondence with the whole world was stored and how I can restore all my existing files.  I have repeatedly written that I have a clear and reasonable plan on How to make an increase of 1 billion users in less than 2 years of Telegram, I asked that this letter be considered and handed over to Pavel Durov, to which I received no response, today I clearly state that if throughout the entire time and for all no one will hear me through possible communication channels and no one will answer me, I will be forced to go to the magistrate's court, I will be forced to involve the media, I will be forced to tell the whole world that Telegram can disconnect you from your account at any time, steal all your data that is of great value and value, and all the money which you store on your telegram wallet will be stolen without refund, that it is dangerous to use this service , such an attitude towards users is unacceptable! what has happened now requires a lot of publicity, it is tedious to make this situation as public as possible!!! Consider this theft , This is a crime against me and telegram users !!!! I estimate this damage at $1,000,000,000 .

website: https://ton.org/zh/gamefi

There is a problem when you try to ads funds to wallet using credit or debit cards.

If you try to use a Germany bank card to add funds, there appear a message saying " spanish cards are not accepted"

But the card is from Germany...