Trail of Bits
Audit Open Original ↗

Whales Holders

Type

Security review

Client

Whales DMCC

Date

2025-05

Domain

Blockchain

Effort

4 wks

Section

TON

Trail of Bits's security review of Whales DMCC (May 2025) identified 11 issues: 3 medium, 3 low, and 5 informational.

Findings · 11

  1. 1 Payment card authority could potentially bypass whitelist limits for jetton transfers Informational
  2. 2 User card balance can become permanently locked Medium
  3. 3 A closed card can be reopened Medium
  4. 4 Users can be prevented from syncing their balance Low
  5. 5 The execution operation is vulnerable to denial-of-service attacks Medium
  6. 6 User code update procedure is insufficiently constrained Low
  7. 7 Updates to treasure code and data are irreversible Informational
  8. 8 The public key of the signature verification scheme is immutable Informational
  9. 9 Sequence numbers are not enforced to be sequential Low
  10. 10 Deployment process for card contracts can be vulnerable to front-running Informational
  11. 11 Time zone handling does not account for varying time zones Informational

Findings extracted from the published report PDF. See the full report below for details and remediation.

Related