tonwhales / wallet Goto Github PK
View Code? Open in Web Editor NEWFast, secure and modern wallet for TONCOIN
Fast, secure and modern wallet for TONCOIN
Hey, check this out!
👀Bitcoin BTC ₹2.16 M -0.52% @CoinMarketCap 🚀https://coinmarketcap.com/link/currencies/bitcoin![cmcshare1687169242068.jpg](https://github.com/tonwhales/wallet/assets/133816356/8dd80722-7bea-4495-9690-ba0d980ad1a0)
Security
1- Open your TonHub.
The APP opens normally without requiring a password.
The APP should ask for password or fingerprint so intruders don't get to know the user's balance.
Vulnerability
Smartphone (please complete the following information):
Security
1- Open your TonHub.
2- Head to Settings then Backup keys.
3- Take a screenshot of the recovery phrase.
The APP takes a screenshot with the recovery phrase visible (not black screened).
Such a sensitive info should be black screened (such as in the android APP version of wallet.ton.org), this is because other APPs might have access to this screenshot. Or maybe the device has some spyware.
Vulnerability
Smartphone (please complete the following information):
Add a push notification about the start of a new cycle.
Not bad in the push notification is also to see the count of coins earned for the last cycle
UX
1- You need to have an obsolete wallet and use the same recovery phrase to open a wallet on TonHub.
2- Migrate old coins to TonHub using the migration feature.
3- Observe the migration take forever if you have an old wallet with very low balance.
When it comes turn for the wallet with very low balance to be migrated, the app will just get stuck trying to migrate it. This might be problematic because it might prevent other wallet version to be migrated after it.
This page will keep there forever:
Get some error about that wallet being very low balance and keep on migrating other wallets.
Medium
Smartphone (please complete the following information):
Hello! I tried to use transaction like https://tonhub.com/transfer/${address}?amount=${amount}&bin=${payload}
How I generated payload:
beginCell()
.storeUint(777, 32)
.storeDict(someDictAsCell)
.storeRef(someRefAsCell)
.endCell()
.toBoc() // or with idx: false. Same result
.toString('base64')
What I did
When I try to use it via Sandbox wallet (with test.tonhub.com) it's looks like everything is fine. I saw popup with message info and can tap on send button but sandbox environment didn't see my testnet ton coins I guess it's another network.
I decided to try it on mainnet with Tonhub wallet (ios version) and real coins but when I open link nothing happened. No error messages, just nothing. (I used same link like for Sandbox but without 'test.')
Question
I wanna ask, have it is implemented on mainnet wallet (ios/android) and can I use it for sign my custom payload in transactions or I should use another way for to do this? If it's not implemented do you have some plans and estimates for doing it?
p.s. Sorry, if it's wrong place for asking about it. I didn't find any tech channels for questions to whales.
Functional
When sending jettons from a jetton account the receiver cannot be chosen from the contacts.
The contacts allow for sending TONs only.
When sending using Contacts the expected behavior is either
High
Android
No response
Functional
The transaction is displayed in history without SPAM mark
The transaction is displayed in history with SPAM mark
High
Bug Type
UX
Reproduction steps
Actual result
Red Coin missing
Expected result
Red Coin is here
Suggested Severity
Medium
Device
Device: Apple iPhone 11
OS: iOS 15.6.1
App Version 1.19.7
Additional Context
No response
Sending transactions with long comment text
Functional
Tonhub application is trying to send the transaction but can't. Then, It's asked a user to confirm the transaction again, and loop in these two steps infinitely.
The application should not allow inserting/sending text, which could harm sending the transactions.
Medium
Smartphone:
Name | About | Labels | Assignees |
---|---|---|---|
QR code scanner and flash not working | You can't send TON by scanning QR code because camera loads infinitely | Bug report |
Functional
Infinile loading screen, flash button also doesn't work. You can't use image from gallery, because such button doesn't exist
QR scanner opens, flash button works, using images from gallery is possible
High
Smartphone: Redmi Note 8
OS: MIUI Global 12.5.2 Stable
App version: 1.19.7
Thank you for your work on the wallet! Cool!
It would be great if you added the ability to choose from which version of the wallet contract (for example, v3 or v4, i.e. from which address) the tones will be sent.
An example of a situation where this is necessary: I staked a coin with v3 using the nominator’s contract, the wallet application has been updated to v4, but in order to withdraw coins from the nominator’s contract, you need to send a withdrawal request from the v3 wallet.
I did it
TonHub v1.19.7
Iphone 11 iOS 15.3.1
Steps:
Actual Result:
app crashed
Expected result:
entering two commas in amount field is imposible
Functional
Biometrics not accepted, unable to create wallet
Biometrics accepted
Critical
Smartphone (please complete the following information):
logcat could be useful:
01-26 21:23:52.717 2188 2188 D BiometricPrompt/AuthContainerView: pendingCallback: 4
01-26 21:23:52.717 2188 2188 D AuthController: onDialogDismissed: 4
01-26 21:23:52.720 1542 1969 D BiometricService/AuthSession: addAuthToken: 0
01-26 21:23:52.721 1542 1969 D BiometricService/AuthSession: sensorId: 0, shouldCancel: true
01-26 21:23:52.721 1542 1969 D FingerprintService: cancelAuthenticationFromService, sensorId: 0
01-26 21:23:52.721 1542 1969 D Fingerprint21: cancelAuthentication, sensorId: 0
01-26 21:23:52.721 1542 1969 E Biometrics/Fingerprint21/OplusFingerprint21ServiceProviderExtImpl: Current client is null
01-26 21:23:52.721 1542 1969 E BiometricScheduler/Fingerprint21: Unable to cancel authentication, null operation
01-26 21:23:52.722 2188 3091 I BufferQueueProducer: [ViewRootImpl[OplusBiometricPrompt]#634(BLAST Consumer)634](id:88c00000280,api:1,p:2188,c:2188) disconnect: api 1
01-26 21:23:52.723 648 648 D TlcTeeKeyMaster: TEE_Begin 4.1
01-26 21:23:52.723 648 648 D TlcTeeKeyMaster: purpose = 0x00000000
01-26 21:23:52.723 2188 3091 E BLASTBufferQueue: BLASTBufferItemConsumer::onDisconnect()
01-26 21:23:52.723 2188 2188 D View : [Warning] assignParent to null: this = com.android.systemui.biometrics.AuthContainerView{3391add IFE...... .F.....D 0,0-1080,2400 aid=202}
01-26 21:23:52.724 1542 2973 D OplusDisplayPolicy: com.android.systemui, change system app cutoutMode: oplus always
01-26 21:23:52.724 1542 2973 I OplusScreenSecurityMask: remove WindowsName list: Window{3782dae u0 OplusBiometricPrompt} list size: 0 isFromSetSecure: false , surfaceShown = false , displayId = 0
01-26 21:23:52.724 1542 2973 I OplusScreenSecurityMask: onSecurityPageFlagChanged size: 0 , surfaceShown = false , displayId = 0
01-26 21:23:52.724 648 648 E TlcTeeKeyMaster: (keymaster_error_t)tci->response.header.returnCode == -26
01-26 21:23:52.724 648 648 E TlcTeeKeyMaster: transact(session_handle, tci) == -26
01-26 21:23:52.725 648 648 D TlcTeeKeyMaster: TEE_Begin exiting with -26
01-26 21:23:52.725 1542 2973 W WindowManager: Changing focus from Window{3782dae u0 OplusBiometricPrompt} to Window{ddb49bc u0 com.tonhub.wallet/com.tonhub.wallet.MainActivity} displayId=0 Callers=com.android.server.wm.RootWindowContainer.updateFocusedWindowLocked:492 com.android.server.wm.WindowM
anagerService.updateFocusedWindowLocked:6011 com.android.server.wm.WindowManagerService.relayoutWindow:2601 com.android.server.wm.Session.relayout:247
01-26 21:23:52.725 647 31494 E keystore2: keystore2::error: In create_operation: Failed to begin operation.
01-26 21:23:52.725 647 31494 E keystore2:
01-26 21:23:52.725 647 31494 E keystore2: Caused by:
01-26 21:23:52.725 647 31494 E keystore2: 0: In upgrade_keyblob_if_required_with: Called closure failed.
01-26 21:23:52.725 647 31494 E keystore2: 1: Error::Km(ErrorCode(-26))
01-26 21:23:52.727 1542 2973 D Theia.NoFocusWindow: FocusWindowErrorScene cancelCheckFreezeScreen
TonHub v1.19.7
Iphone 11 iOS 15.3.1
Steps:
Actual Result:
Main screen opened
Balance decreased due to commissions
In operations list i got 2 operations -0.2 and +0.09 but really, I lost my money =(
Expected result:
errror "...you don't have enougth coins staked"
withdrawal request screen still open
Name | About | Labels | Assignees |
---|---|---|---|
App randomly changes last characters of receiver wallet for user not telling user about that | When sending coins, after entering wallet it will be shown with different 2 last characters | Bug report |
other
Confirmation screen and operation log shows receiver address with 2 different last characters, which can confuse user about why it changed
The address is exactly the same to exclude possibility of misunderstanding
Low
Smartphone: Redmi Note 8
OS: MIUI Global 12.5.2 Stable
App version: 1.19.7
Functional
Got the error "Invalid domain"
Successful sending funds
Medium
Smartphone (please complete the following information):
Video
UX
Phrase is pasted into one line. Impossible to pass the flow fast, a little inconvenient every time to write it manually
Phrase is parsed for words and each of them pasted into fields
Medium
The same behavior is tested on Tonkeeper and it works as expected.
TonHub v1.19.7
Iphone 11 iOS 15.3.1
Steps:
Actual result:
wallet address does not match with address from step 3
Expected result:
wallet address from step 3
UX
1- In an account with zero balance (brand new) go to staking extension.
2- Select any staking pool.
3- Press MAX
button on the top right.
The APP chooses a staking balance of -0.2
instead of 0
.
The APP should select 0
or fire a prompt that the account is balance-less.
Low
Smartphone (please complete the following information):
Current version 1.13.3 won't load entire transaction history for the account, and after updating the app older entries are removed too.
Even more than that, new feature of showing jettons will only work if the transaction in which these tokens were added was loaded by the app.
TonHub v1.19.7
Iphone 11 iOS 15.3.1
Steps:
Actual result:
app crashed
Expected result:
number added to the end amount
Among basic features like sending / showing balances, the wallet should also support the standard call "burn".
This is needed for WTON token which enable reedem of native toncoin via token burning.
Creator of the open source Jetton Deployer here.
We have chosen to store jettons deployed with our tool on-chain.
Quoting from our readme on the issue:
Where is this metadata stored? - The Jetton standard supports storing metadata either on-chain or in an off-chain URL (a JSON file hosted somewhere). It is our belief that the best practice is storing metadata on-chain. Why? Let's explore the alternatives:
On-chain - On-chain data is immutable, users can be guaranteed that important fields like the symbol will not change without their consent. On-chain data is also guaranteed to always be available. This deployer always stores metadata on-chain.
Off-chain IPFS (ipfs://
URL) - IPFS data is immutable so it's safe like on-chain. But IPFS data is not guaranteed to always be available. Availability depends if someone is willing to pin the data (similar to seeding in torrents). If this someone goes out of business or suffers downtime, token metadata will disappear. This is an unnecessary risk in our eyes.
Off-chain website (https://
URL) - This is by far the worst option. The owner of the website could change the metadata without user consent (not necessarily on purpose if the website is hacked). The website can also be taken down and the metadata will disappear. Users should never invest money in tokens that have their metadata stored this way.
What about the Jetton Logo URI, if it's stored on a website, can't it change? Yes, it can change and this is a feature. We believe that logos can go through rebranding without putting users at risk. Satoshi Nakamoto didn't design the current logo of Bitcoin when he wrote the initial code.
An example code for parsing such metadata can be found here
We believe it would be an important addition to support this, both in tonhub wallet and the tonwhales chain explorer.
Functional
App Immediately crash
App run correctly
Critical
Smartphone:
App run normally before v1.21.4 update. After update crash immediately after start. UI not rendering, just boot logo and closing.
Al entrar en la billetera que descargue de PlayStore no te deja crear una cuenta se mantiene en "Protect you wallet" y no pasa de ahí.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.