ton-blockchain / bug-bounty Goto Github PK
View Code? Open in Web Editor NEWTON security bug bounty description
TON security bug bounty description
Admins can access user wallet and make transfers out,many errors with this
Android 12
Samsung A71
Tonkeeper 2.6.1
Google Chrome Mobile
If you try to add funds to wallet using the P2P market snd you select bank Transfer or sepa instant there must be a extra field with the seller name because the buyers need this information to make the bank Transfer.
From the point of view of a buyer if you select bank Transfer or sepa instant and you create a order and the seller approve the order, after that you get the bank account details of the seller , but you not get the bank account benefitiary name to attach at the bank Transfer and It is needed , you only get the bank account , and you need to get the bank benefitiary name to use when you make the bank Transfer to seller (there must be a extra field to buyers with this information)
Exploring fragment.com. I decided to check out addresses that were placing huge bets on usernames. Looking at the history of transactions, I saw that all these incredible sums of money were received during the testnet. It turns out that the addresses that received funds in the testnet can now use them in the mainnet, I think this is ridiculous. How could Telegram make such a mistake? Telegram should reset these wallets. It can ruin TON market.
https://tonapi.io/account/Ef_p-2q8gqO0fORaf60CAvW0gFo9EM0Fq7tD94G-6U8V5Hf_
https://tonapi.io/transaction/afedab3bd94ae9d553719fde6239b687eb0c8cc0c4e0d7dc890f0afb9c0ae982
https://tonapi.io/account/Ef8zMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzM0vF
hash afedab3bd94ae9d553719fde6239b687eb0c8cc0c4e0d7dc890f0afb9c0ae982
https://imgur.com/a/gY1O9Rl
https://explorer.toncoin.org/transaction?account=-1:67358ebd4b7fe178105252da474612338e3a98d0286e81ea9b59c406b468fe81<=8272373000001&hash=afedab3bd94ae9d553719fde6239b687eb0c8cc0c4e0d7dc890f0afb9c0ae982
https://tonapi.io/account/Ef8acpBAmfTonu2kfXjx7qP7cEPqbLPm5W8niVXaQOjV0yBJ
https://tonapi.io/account/Ef95yO_AT7oi4M2Py55spUTC9_g161nl7FerluhWZfkNv3bM
https://tonapi.io/account/Ef-zqJWZh3JddLCyNQHuAmsNL1Ra9DmAusPHDJxGolDSfFwE
https://tonapi.io/account/Ef-exuKIGuFDFVB0ldQzCJxVV6U-YT4B3nrg1VE8Mj1yOEp0
Hello, the problem is as follows : my phone number is +7 903 448-44-87, my nickname is Ambassadors_Telegram , has been blocked by your service!!!! This phone number has been mine for over 5 years! It's registered to me! I am the owner of this asset! Telegram messenger stored a huge number of photos, videos, PDF files, documents, presentations, my groups and channels with a huge amount of content and information, and also had my wallet and TON wallet with a positive balance! How can I store a TON in telegram if you blocked and stole my money, I want to note that I do not understand on what basis my phone numbers were blocked. I estimate the cost of the damage at $ 1,000,000,000 based on the value and importance of everything that was stored there . I have repeatedly tried to write letters to you through all available communication channels that you provide on the official website ton.org/ru and through the telegram channel, today the time is 3 months as I try to contact the support service, to understand the reason for blocking my account, both the Russian and Dubai numbers +971524772060. Nickname is your privacy . where all my correspondence with the whole world was stored and how I can restore all my existing files. I have repeatedly written that I have a clear and reasonable plan on How to make an increase of 1 billion users in less than 2 years of Telegram, I asked that this letter be considered and handed over to Pavel Durov, to which I received no response, today I clearly state that if throughout the entire time and for all no one will hear me through possible communication channels and no one will answer me, I will be forced to go to the magistrate's court, I will be forced to involve the media, I will be forced to tell the whole world that Telegram can disconnect you from your account at any time, steal all your data that is of great value and value, and all the money which you store on your telegram wallet will be stolen without refund, that it is dangerous to use this service , such an attitude towards users is unacceptable! what has happened now requires a lot of publicity, it is tedious to make this situation as public as possible!!! Consider this theft , This is a crime against me and telegram users !!!! I estimate this damage at $1,000,000,000 .
website: https://ton.org/zh/gamefi
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.