Source on GitHub

Smart Contract Address


Source on GitHub

Smart Contract Address


Testing and Issues

You can test this entry and submit issues during the testing period of the Blockchain Contest, Stage 2 contest.

Entries with serious issues will not be able to win the contest, but even minor issues might be important for overall results.




1) Decentralized exchange with the support of the exchange of grams, extra currencies and TRC20 tokens.

You can interact with the exchange in the usual way using binary messages or using the assistant bot @gram100_bot and TON wallet app.
2) TRC20 standard interface and implementation for tokens in TON (like ERC20 in Etherium).

I made a ridiculous mistake and corrected it after the deadline, the current address of the contract kQBiu8a3NB2A3KRhMNLK1IQiEEK-FBlf8VCErRn8NUZzd8xa
You have not added any comments yet...
by rating


TRC20: recv_external() security issue.
Creator of the token may drain his balance and reinitialize contract effectively gaining his initial balance back.
Merry Ant Dec 23, 2019 at 22:12
Thanks! This is an absurd mistake that made recv_external critically wrong. I fixed it in the repository.
Good job, I hope there will be place for tokens on TON!
This is not for the contest: we want to show you the web wallet developed by Merry Ant and me.

Wallet has UI like
All wallet functionality is implemented on the client side on JS
(including serialize/deserialize TLB, Bag of Cells, signing, etc.),

Open-source backend, pyTON deployed on, is only used as bridge to TON blockchain and is easily interchangable with any other pyTON server.

We want to know the opinion of the TON team about this project and find out whether it is possible to become the official TON web wallet.
Clever Turkey Feb 11, 2020 at 01:52
We found some issues in your contract additionally to the mentioned by other users issues:
- In TRC20 standard design bugs are also ported. For example, approve function is race-prone.
- Exchange contract pays for all outgoing queries itself, which can be used to still funds to a user-defined address pretending to be a TRC20 token.
- recv_external calls accept_message for all incoming messages in the Exchange contract, effectively allowing to drain contract's balance.
- Initial balance of the TRC20 contract is read from the first external message, which isn't protected in any way. Someone can initialize the contract before the real owner with a wrong balance.
- Simple transfer with empty body is not accepted, because action is read first
Nobody added any issues yet...