Info
Source on GitHub
Smart Contract Address
kQAPOWhm7i8cdoUgdxTU3LcT6d0ntchloEAVFUWvFAhNycuL
Source on GitHub
Smart Contract Address
kQB-VapA5yTCL5FVEhJZ4iICdMv8dlmnTuzMLsTzDuOyXzjR
Testing and Issues
You can test this entry and submit issues during the testing period of the Blockchain Contest, Stage 2 contest.
Entries with serious issues will not be able to win the contest, but even minor issues might be important for overall results.
Voting
Comments
1) Decentralized exchange with the support of the exchange of grams, extra currencies and TRC20 tokens.
You can interact with the exchange in the usual way using binary messages or using the assistant bot @gram100_bot and TON wallet app.
https://coding.studio/dexbot.mp4
You can interact with the exchange in the usual way using binary messages or using the assistant bot @gram100_bot and TON wallet app.
https://coding.studio/dexbot.mp4
2) TRC20 standard interface and implementation for tokens in TON (like ERC20 in Etherium).
I made a ridiculous mistake and corrected it after the deadline, the current address of the contract kQBiu8a3NB2A3KRhMNLK1IQiEEK-FBlf8VCErRn8NUZzd8xa
I made a ridiculous mistake and corrected it after the deadline, the current address of the contract kQBiu8a3NB2A3KRhMNLK1IQiEEK-FBlf8VCErRn8NUZzd8xa
You have not added any comments yet...
by rating
Issues
TRC20: recv_external() security issue.
Creator of the token may drain his balance and reinitialize contract effectively gaining his initial balance back.
Creator of the token may drain his balance and reinitialize contract effectively gaining his initial balance back.
This is not for the contest: we want to show you the web wallet gram-wallet.org developed by Merry Ant and me.
Wallet has UI like wallet.ton.org.
All wallet functionality is implemented on the client side on JS
(including serialize/deserialize TLB, Bag of Cells, signing, etc.),
Open-source backend, pyTON deployed on toncenter.com, is only used as bridge to TON blockchain and is easily interchangable with any other pyTON server.
We want to know the opinion of the TON team about this project and find out whether it is possible to become the official TON web wallet.
Wallet has UI like wallet.ton.org.
All wallet functionality is implemented on the client side on JS
(including serialize/deserialize TLB, Bag of Cells, signing, etc.),
Open-source backend, pyTON deployed on toncenter.com, is only used as bridge to TON blockchain and is easily interchangable with any other pyTON server.
We want to know the opinion of the TON team about this project and find out whether it is possible to become the official TON web wallet.
We found some issues in your contract additionally to the mentioned by other users issues:
Critical:
- In TRC20 standard design bugs are also ported. For example, approve function is race-prone.
- Exchange contract pays for all outgoing queries itself, which can be used to still funds to a user-defined address pretending to be a TRC20 token.
- recv_external calls accept_message for all incoming messages in the Exchange contract, effectively allowing to drain contract's balance.
Minor:
- Initial balance of the TRC20 contract is read from the first external message, which isn't protected in any way. Someone can initialize the contract before the real owner with a wrong balance.
- Simple transfer with empty body is not accepted, because action is read first
Critical:
- In TRC20 standard design bugs are also ported. For example, approve function is race-prone.
- Exchange contract pays for all outgoing queries itself, which can be used to still funds to a user-defined address pretending to be a TRC20 token.
- recv_external calls accept_message for all incoming messages in the Exchange contract, effectively allowing to drain contract's balance.
Minor:
- Initial balance of the TRC20 contract is read from the first external message, which isn't protected in any way. Someone can initialize the contract before the real owner with a wrong balance.
- Simple transfer with empty body is not accepted, because action is read first
Nobody added any issues yet...