⛰️Security Bounty Program

[oleganza]

Tonkeeper security bounty program rewards researchers who identify and disclose vulnerabilities in the upcoming Wallet Version 5 ("W5") smart contract that is a candidate to become the industry standard in TON ecosystem.

• Source: https://github.com/tonkeeper/w5 (commit fa1b372)
• Developers discussion group: https://t.me/w5discussion
• Original announcement: https://telegra.ph/W5-Security-Bounty-02-23

How to report vulnerabilities

1. Report your vulnerability publicly as an issue in our repository: https://github.com/tonkeeper/w5, or privately to [email protected] or https://t.me/oleganza.
2. We do not reward disclosures of already known or previously reported issues.
3. Multiple vulnerabilities caused by one underlying issue will be rewarded once.
4. Security Bounty reward payments are made at our sole discretion and are based on the type of issue, the level of access or execution achieved, and the quality of the report. A high-quality research report is critical to help us confirm and address an issue quickly, and could help you receive a Security Bounty reward.
5. We reserve the right to amend the awards and categories at any time. The bounty offer is valid as of Feb 23, 2024 and may be terminated or rephrased at a future date when the project evolves from its current state.

Top Category

Reliable loss of funds with no or little user interaction.

Reward: 5000–10000 TON

Example: tricking the wallet to perform actions that user did not authorize, or forcing the wallet to enter inconsistent state that prevents access to the funds bypassing any reasonable checks in the user agent.

Medium Category

Limited access to funds or confidential data, not reliable or requiring substantial user interaction.

Reward: 1000–2500 TON

Example: tricking a user to sign a transaction that spends funds differently from what the wallet showed in the confirmation screen.

Low Category

Low probability attack vectors and potential issues beyond explicit design choices.

Reward: 250–500 TON

Out of scope

• Issues in prior versions of the contract (before fa1b372),
• issues in documentation are not considered vulnerabilities,
• issues due to a fault outside the scope of the wallet contract code and its immediate toolchain and libraries,
• risks due to explicit design choices, such as attaching a malfunctioning extension and disabling public key auth check.

[Arte170399]

---

[duythuan1234]

• #

[Asai123-stake]

UQDZoiZKMnxFvXt6uT3ikrNfQAhkxi4Ltp2b-vz6FfOgg5kK
Help me please 🙏🥺 I need toncoin

[mhranpp]

UQCHtfnVHP-y7RvxtcBtGGLn3EtcRmA8wMyj5nLUR7B5LDfx

[yalan2ny]

Problems and updates to fix them, my TonKeeper wallet does not receive any transactions or tokens and nft, it is generally disabled and cannot be updated even in Google Play, last week I added the Github link version and it did not install, now I need these updates to start again, should I uninstall and try to reinstall with the recovery phrase, is there a problem? Because my transactions are pending,