Token-2022 Program

Findings · 12

1. 1 Ok returned for malformed extension data Informational
2. 2 Missing account ownership checks Undetermined
3. 3 Use of a vulnerable dependency Undetermined
4. 4 Large extension sizes can cause panics Informational
5. 5 Unexpected function behavior Informational
6. 6 Out of bounds access in the get_extension instruction Low
7. 7 Iteration over empty data Informational
8. 8 Missing check in UpdateMint instruction could result in inoperable mints Low
9. 9 Incorrect test data description Informational
10. 10 The Transfer and TransferWithFee instructions are identical Informational
11. 11 Some instructions operate only on the lo bits of balances Undetermined
12. 12 Instruction susceptible to front-running Informational

Findings extracted from the published report PDF. See the full report below for details and remediation.