Trail of Bits
Audit Open Original ↗

TONCO CLAMM DEX v1.6

Type

Security review

Client

TONCO

Date

2026-01

Domain

Blockchain

Effort

11 wks

Section

TON

Trail of Bits's security review of TONCO (Jan 2026) identified 28 issues: 3 high, 6 medium, 4 low, 11 informational, and 4 undetermined.

Findings · 28

  1. 1 Fee calculation mismatch in PositionNFT burn operation causes incorrect fee growth tracking for token1 High
  2. 2 owner_address can be spoofed to bypass the pool lock in the swapOperation function Medium
  3. 3 timelock_delay cannot be updated Low
  4. 4 ALM mint path sends ALM address instead of user address in message body Undetermined
  5. 5 Occupied ticks guard blocks addition of liquidity to existing ticks and allows MAX_USER_TICKS overflow Medium
  6. 6 Proxy TON balance of the router can be stolen High
  7. 7 Missing slippage protection for mint and burn orders Medium
  8. 8 price_sqrt can be manipulated by swapping through an empty pool Medium
  9. 9 Zero-liquidity positions can be minted and deposited into an account Informational
  10. 10 Missing zero address check in the reforgeOperation function can lead to loss of funds Low
  11. 11 Multihop shortcut allows a position to be minted through the router contract’s account Informational
  12. 12 Malformed multihop cell can lead to jetton loss Medium
  13. 13 Router will keep the jettons if the transfer notification contains an unsupported operation Low
  14. 14 Pool reinitialization risks Low
  15. 15 Return value of modifyPosition is ignored inside burnPosition Informational
  16. 16 Router does not check for pool existence Informational
  17. 17 Lack of transparency in timelocked code updates Informational
  18. 18 Manual balance calculation instead of raw_reserve Informational
  19. 19 Users are able to route positions to the ALM Undetermined
  20. 20 Excess TON refunded to the wrong address in swaps Informational
  21. 21 The router’s TON balance can be drained via negative amount calculation High
  22. 22 Overflow in getMaxLiquidityForAmount0Precise can result in fund loss Medium
  23. 23 Incomplete handling of swap exceptions Informational
  24. 24 Depositing more than four positions causes failure Informational
  25. 25 Incorrect price caching corrupts legacy tick format Informational
  26. 26 Rounding difference between Uniswap v3 and TONCO amount delta calculations Undetermined
  27. 27 Potential overflow in fee growth computation Undetermined
  28. 28 Functions missing the impure specifier Informational

Findings extracted from the published report PDF. See the full report below for details and remediation.

Related