Executive Summary
From Aug 20, 2024, to Sept 1, 2024, the TOMO team engaged Fuzzland to conduct a thorough security audit of their wallet projects. The primary objective was to identify and mitigate potential security vulnerabilities, risks, and coding issues to enhance the project's robustness and reliability. Fuzzland conducted this assessment over 40 person-days, involving 4 engineers who reviewed the code over a span of 10 days. Employing a multifaceted approach that included static analysis, fuzz testing, formal verification, and manual code review, the Fuzzland team identified 27 issues across different severity levels and categories.
Scope
TOMO Telegram MiniApp
The TOMO Telegram MiniApp is a wallet product encompasses several interconnected components, including a frontend application, authentication server, and backend services.
| Project Name |
TOMO Telegram MiniApp Frontend |
| Repository Link |
https://github.com/FansTech/tgbot_app |
| Commit |
09f480fca5c4331829764814b3dbf1cb1b2a0837 |
| Fix Commit |
N/A |
| Language |
Typescript (React) |
TOMO Social Login
The TOMO Social Login is a web component that allows users to authenticate and access their wallets using their social media credentials.
TOMO Apps
TOMO offers mobile applications for both iOS and Android platforms, providing users with convenient access to their wallet services on phones.
Methodology
Whitebox Testing