Trail of Bits
Audit Open Original ↗

TON Foundation Multisignature Wallet

Type

Security review

Client

TON Foundation

Date

2024-03

Domain

Blockchain

Effort

4 wks

Section

TON

Trail of Bits's security review of TON Foundation (Mar 2024) identified 9 issues: 3 high, 2 medium, 3 informational, and 1 undetermined.

Findings · 9

  1. 1 The wallet cannot execute new orders if the threshold is set to 0 High
  2. 2 Assumptions about sequential execution of order actions may be incorrect Informational
  3. 3 Assumptions about signer compromise may be inaccurate Informational
  4. 4 A non-executed order can be marked as executed Medium
  5. 5 TON balance of non-executed or expired orders is not recoverable Medium
  6. 6 Malicious orders can approve existing orders on behalf of any signer High
  7. 7 Malicious orders can create and execute new orders High
  8. 8 No upper limit on the expiration date of the orders Undetermined
  9. 9 Invalid orders can be executed, as order invalidation is not permanent Informational

Findings extracted from the published report PDF. See the full report below for details and remediation.

Related