ton-blockchain / bug-bounty Goto Github PK
View Code? Open in Web Editor NEWTON security bug bounty description
TON security bug bounty description
If you try to add funds to wallet using the P2P market snd you select bank Transfer or sepa instant there must be a extra field with the seller name because the buyers need this information to make the bank Transfer.
From the point of view of a buyer if you select bank Transfer or sepa instant and you create a order and the seller approve the order, after that you get the bank account details of the seller , but you not get the bank account benefitiary name to attach at the bank Transfer and It is needed , you only get the bank account , and you need to get the bank benefitiary name to use when you make the bank Transfer to seller (there must be a extra field to buyers with this information)
Admins can access user wallet and make transfers out,many errors with this
I think the wallet not enough safety. Password is not enough should be have google authenticator and verification from email when withdraw.
Android 12
Samsung A71
Tonkeeper 2.6.1
Google Chrome Mobile
website: https://ton.org/zh/gamefi
We have submitted the issue to ton monorepo issue and ton research as well.
While writing and testing the Merkle Distributor airdrop contract, @ipromise2324 and I discovered a vulnerability in the funC smart contract. This vulnerability is related to left-shift operations and boolean comparisons. In theory, assume variable k=0
when we compute x = (1 << k)
and then compare x == 1
, we expect the result to be true (-1
). However, we received false (0
), which deviates from the expected outcome.
Bitwise operations are commonly used in smart contracts to reduce gas fees and are often employed in validity checks. For instance, in an airdrop contract, a user should not be able to claim the airdrop more than once, so we mark the user as true to indicate they have already claimed. If developers are unaware of this vulnerability, malicious users could potentially claim the airdrop repeatedly until the rewards are depleted. Similarly, if this error is present in access control mechanisms, it could enable hackers to execute contract logic under different identities, leading to significant financial losses.
When we call the is_claimed function with the index
parameter set to 0
, the claim_bit_index is calculated as 0 % 256
, which results in claim_bit_index = 0
. Consequently, int mask = 1 << 0
, meaning mask = 1
.
As we start using the mask variable for some comparisons, we notice an interesting situation. The mask currently equals 1, but when we compare it with mask == 1
, the result dumped is 0
, which is not what we expected. It should be -1
, because mask = 1
and 1 == 1
. Then, when we compare mask != 1
, the dumped result turns out to be -1
, which is also contrary to common logic.
We found that appending a division by 1 after the left-shift operation resolves the issue and yields the expected result.
We are using @ton/blueprint": "^0.21.0
MacOS (Macbook M2 air) built-in SSD.
MacOS (Macbook M1 pro) built-in SSD.
Hello, the problem is as follows : my phone number is +7 903 448-44-87, my nickname is Ambassadors_Telegram , has been blocked by your service!!!! This phone number has been mine for over 5 years! It's registered to me! I am the owner of this asset! Telegram messenger stored a huge number of photos, videos, PDF files, documents, presentations, my groups and channels with a huge amount of content and information, and also had my wallet and TON wallet with a positive balance! How can I store a TON in telegram if you blocked and stole my money, I want to note that I do not understand on what basis my phone numbers were blocked. I estimate the cost of the damage at $ 1,000,000,000 based on the value and importance of everything that was stored there . I have repeatedly tried to write letters to you through all available communication channels that you provide on the official website ton.org/ru and through the telegram channel, today the time is 3 months as I try to contact the support service, to understand the reason for blocking my account, both the Russian and Dubai numbers +971524772060. Nickname is your privacy . where all my correspondence with the whole world was stored and how I can restore all my existing files. I have repeatedly written that I have a clear and reasonable plan on How to make an increase of 1 billion users in less than 2 years of Telegram, I asked that this letter be considered and handed over to Pavel Durov, to which I received no response, today I clearly state that if throughout the entire time and for all no one will hear me through possible communication channels and no one will answer me, I will be forced to go to the magistrate's court, I will be forced to involve the media, I will be forced to tell the whole world that Telegram can disconnect you from your account at any time, steal all your data that is of great value and value, and all the money which you store on your telegram wallet will be stolen without refund, that it is dangerous to use this service , such an attitude towards users is unacceptable! what has happened now requires a lot of publicity, it is tedious to make this situation as public as possible!!! Consider this theft , This is a crime against me and telegram users !!!! I estimate this damage at $1,000,000,000 .
G
Exploring fragment.com. I decided to check out addresses that were placing huge bets on usernames. Looking at the history of transactions, I saw that all these incredible sums of money were received during the testnet. It turns out that the addresses that received funds in the testnet can now use them in the mainnet, I think this is ridiculous. How could Telegram make such a mistake? Telegram should reset these wallets. It can ruin TON market.
https://tonapi.io/account/Ef_p-2q8gqO0fORaf60CAvW0gFo9EM0Fq7tD94G-6U8V5Hf_
https://tonapi.io/transaction/afedab3bd94ae9d553719fde6239b687eb0c8cc0c4e0d7dc890f0afb9c0ae982
https://tonapi.io/account/Ef8zMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzM0vF
hash afedab3bd94ae9d553719fde6239b687eb0c8cc0c4e0d7dc890f0afb9c0ae982
https://imgur.com/a/gY1O9Rl
https://explorer.toncoin.org/transaction?account=-1:67358ebd4b7fe178105252da474612338e3a98d0286e81ea9b59c406b468fe81<=8272373000001&hash=afedab3bd94ae9d553719fde6239b687eb0c8cc0c4e0d7dc890f0afb9c0ae982
https://tonapi.io/account/Ef8acpBAmfTonu2kfXjx7qP7cEPqbLPm5W8niVXaQOjV0yBJ
https://tonapi.io/account/Ef95yO_AT7oi4M2Py55spUTC9_g161nl7FerluhWZfkNv3bM
https://tonapi.io/account/Ef-zqJWZh3JddLCyNQHuAmsNL1Ra9DmAusPHDJxGolDSfFwE
https://tonapi.io/account/Ef-exuKIGuFDFVB0ldQzCJxVV6U-YT4B3nrg1VE8Mj1yOEp0
When you mint token with 2 decimals it will be 1.00, if you later decided to get more digits, then tokens q may looks like:
decimals 3: 0.101
decimals 18: 0.000000000000000001 (like ETH)
It will change past transactions, change number of digits in portfolio in other side 10.00, 1000.00, etc.!
image
image
and pools stay same
I think this bug may be used to hide past over transactions or delete them at all from visible code
end
A
I have identified a critical vulnerability in the TON blockchain that could potentially result in severe financial consequences for users. This issue has been thoroughly tested and confirmed across multiple wallets and setups.
Due to the nature of this vulnerability, I am withholding specific details from this public issue to prevent potential exploitation. I have already submitted a detailed report through the appropriate channels.
Severity: High
Impact: This vulnerability could lead to significant financial losses if left unaddressed.
Please reach out to me directly for more information and to coordinate a resolution.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.