wallets-overview #556
wallets-overview #556
Conversation
|
To fix the formatting issues:
npx remark -o --quiet --silently-ignore ecosystem/wallet-apps/overview.mdx |
|
Thanks for the updates to the wallet apps overview. A few high‑severity doc fixes are needed before merge, focused in Findings (3)High (3)[HIGH] TODO placeholders left in contentDescription: Suggestion: -**TODO: clarify account moments**
-
-**TODO: add links**[HIGH] Unresolved placeholder in account initializationDescription: Suggestion: - However, its **wallet address** can already be computed from the wallet’s **TODO**.
+ However, its wallet address can already be computed from the contract’s `StateInit`.[HIGH] Missing code formatting for literal seqnoDescription: Suggestion: - - Sequence number (seqno) — ensures uniqueness and prevents replay attacks.
+ - Sequence number (`seqno`) — ensures uniqueness and prevents replay attacks.
@@
- Each processed transaction increments the wallet's seqno and updates its state.
+ Each processed transaction increments the wallet's `seqno` and updates its state. |
|
To fix the formatting issues:
npx remark -o --quiet --silently-ignore ecosystem/wallet-apps/overview.mdx standard/wallets/mnemonics.mdx |
|
Thanks for the updates to the wallet apps documentation. A couple of safety callouts need fixes to meet the style guide before merge. Findings (2)High (2)[HIGH] Safety callout lacks required structure for funds riskDescription: Suggestion: --- a/ecosystem/wallet-apps/overview.mdx
+++ b/ecosystem/wallet-apps/overview.mdx
@@
-<Aside type="caution">
- Developer wallets, such as TonDevWallet, are intended for Testnet only. Do **not** use them on Mainnet, as this may result in irreversible loss of funds.
-</Aside>
+<Aside type="warning" title="Funds at risk — Testnet only">
+ Risk: Using developer wallets on TON Mainnet can irreversibly transfer or expose funds.
+ Scope: Applies to developer wallets (e.g., TonDevWallet).
+ Environment: Use on TON Testnet only; do not use on TON Mainnet.
+ Rollback: None — on-chain transfers are final.
+</Aside>[HIGH] Safety callout lacks required details for mnemonic secrecyDescription: Suggestion: -<Aside type="caution">
- Keep it secret. Keep it safe.
-</Aside>
+<Aside type="warning" title="Secrets at risk">
+Exposing or storing your mnemonic can allow account takeover and loss of funds.
+Scope: your wallet and any derived subwallets.
+Rollback: none. If exposed, move funds to a new wallet and abandon the old mnemonic.
+Environment: use testnet mnemonics for tutorials; never reuse them on mainnet.
+</Aside> |
ecosystem/wallet-apps/overview.mdx
Outdated
|
|
||
| ## How wallet apps work | ||
|
|
||
| Wallets manage accounts, control keys, sign messages, and initiate transactions. This process starts with mnemonic decoding and continues through transaction execution. |
There was a problem hiding this comment.
Wallets or wallet apps?
There was a problem hiding this comment.
Should probably start with an explanation of what "custodial" means.
ecosystem/wallet-apps/overview.mdx
Outdated
|
|
||
| A wallet account starts in the [nonexist state](/ton/statuses#status-variety), which is the default for accounts with no transaction history, code, data, or balance. At this stage, the account does not exist on-chain. | ||
|
|
||
| However, its **wallet address** can be computed from the [workchain_id](/ton/addresses/addresses-general-info#workchain-id) and [account_id](/ton/addresses/addresses-general-info#account-id). This address can be used to receive funds even before the wallet is initialized. |
There was a problem hiding this comment.
From its initial state, as for any other contract.
Initial state for some wallet contracts do have workchain id, but in fact the list of fields depends on the exact wallet contract used.
ecosystem/wallet-apps/overview.mdx
Outdated
|
|
||
| However, its **wallet address** can be computed from the [workchain_id](/ton/addresses/addresses-general-info#workchain-id) and [account_id](/ton/addresses/addresses-general-info#account-id). This address can be used to receive funds even before the wallet is initialized. | ||
|
|
||
| After receiving coins, the account enters the [uninit state](/ton/statuses#status-variety). In this state, it holds a balance and metadata but cannot execute transactions or process messages. |
There was a problem hiding this comment.
It can be a part of transaction. It cannot execute code, because it doesn't have the code.
Please refer to corresponding section of block.tlb.
ecosystem/wallet-apps/overview.mdx
Outdated
|
|
||
| When making a transaction, the wallet goes through these steps: | ||
| - **Message creation** — builds an external message with the recipient, amount, and optional payload. | ||
| - **Sequence number check** — reads the account's current on-chain `seqno` and includes it to prevent [replay attacks](/standard/wallets/how-it-works#how-replay-protection-works). |
There was a problem hiding this comment.
Not necessarily. Not all wallets have or must have seqno.
There was a problem hiding this comment.
The article doesn't describe things mentioned in the ticket, but instead repeats "How it works" article (in some parts even better than that article).
In order not to waste this good effort, most of this text might be landed to that article. For an "Overview" article please stick closer to the ticket.
|
To fix the formatting issues:
npx remark -o --silent --silently-ignore ecosystem/wallet-apps/overview.mdx standard/wallets/mnemonics.mdx |
|
To fix the formatting issues:
npx remark -o --silent --silently-ignore ecosystem/wallet-apps/overview.mdx standard/wallets/mnemonics.mdx |
|
Thanks for the work in the wallet apps docs area. One safety callout needs specific additions before merge. Findings (1)High (1)[HIGH] Safety callout missing required elementsDescription: Suggestion: --- a/ecosystem/wallet-apps/overview.mdx
+++ b/ecosystem/wallet-apps/overview.mdx
@@
- Developer wallets, such as TonDevWallet, are intended for Testnet only. Do **not** use them on Mainnet, as this may result in irreversible loss of funds.
+ Developer wallets such as TonDevWallet are for testnet only.
+ Risk: irreversible loss of funds on mainnet.
+ Scope: keys and funds in wallets used on mainnet.
+ Rollback: none — on-chain transfers are final. Mitigation: create a separate mainnet wallet and never import dev mnemonics on mainnet.-<Aside
- type="caution"
->
- Developer wallets, such as TonDevWallet, are intended for Testnet only. Do **not** use them on Mainnet, as this may result in irreversible loss of funds.
-</Aside>
+<Aside type="caution" title="Funds at risk">
+ Risk: Running developer wallets on mainnet can transfer or expose funds irreversibly.
+ Scope: Developer wallets only (for example, TonDevWallet).
+ Mitigation: Use TON Testnet for development; do not import mainnet mnemonics. If a key is exposed, move funds to a new wallet and rotate keys.
+ Environment: Use testnet by default. Mainnet: no rollback—on-chain transfers are final.
+</Aside>--- a/ecosystem/wallet-apps/overview.mdx
+++ b/ecosystem/wallet-apps/overview.mdx
@@
-<Aside
- type="caution"
->
- Developer wallets, such as TonDevWallet, are intended for Testnet only. Do **not** use them on Mainnet, as this may result in irreversible loss of funds.
-</Aside>
+<Aside
+ type="caution"
+>
+ - Risk: Using developer wallets on mainnet can cause irreversible loss of funds.
+ - Scope: Developer wallets (e.g., TonDevWallet) only.
+ - Mitigation: Do not use on mainnet. If you did, move remaining funds to a secure wallet and rotate exposed keys. Rollback: none—on-chain transfers are final.
+ - Environment: Use TON Testnet for development by default.
+</Aside> |
|
To fix the formatting issues:
npx remark -o --silent --silently-ignore ecosystem/wallet-apps/overview.mdx standard/wallets/mnemonics.mdx |
2 participants
closes #135