wallet.ton.org

[aigerimu]

closes #138

[github-actions]

To fix the formatting issues:

1. Install necessary dependencies: npm ci
2. Then, run this command:

npx remark -o --quiet --silently-ignore ecosystem/wallet-apps/web.mdx 

[github-actions]

Thanks for the updates to the wallet docs. A few blocking issues remain in the web wallet page that need fixes before we can merge.

Findings (3)

High (3)

[HIGH] Misleading link target for “wallet.ton.org”

Location: https://github.com/tact-lang/mintlify-ton-docs/blob/92ebdfa3eb5293bcc1dafe1932aba197357f3018/ecosystem/wallet-apps/web.mdx?plain=1#L5-L5

Description:
The link text “wallet.ton.org” points to the GitHub repository instead of the live wallet site. This misleads readers who expect to reach the wallet app and can derail task completion.

Suggestion:

- [wallet.ton.org](https://github.com/ton-blockchain/ton-wallet) is the self-custodial wallet developed by TON Core.
+ [wallet.ton.org](https://wallet.ton.org/) is the self-custodial wallet developed by TON Core.

[HIGH] Incomplete sections and placeholder steps block use

Location: https://github.com/tact-lang/mintlify-ton-docs/blob/92ebdfa3eb5293bcc1dafe1932aba197357f3018/ecosystem/wallet-apps/web.mdx?plain=1#L23-L37

Description:
“Wallet setup” introduces instructions but contains only “1. Open” and several empty sections (“Testnet”, “First transactions”, “See also”). These placeholders prevent readers from completing a task and reduce clarity. The phrasing also violates second‑person guidance.

Suggestion:

-## Wallet setup
-
-We demonstrate wallet setup using the **web version** of [wallet.ton.org](https://wallet.ton.org/).
-This allows developers to complete all steps on a single device without switching platforms.
-
-1. Open
-
-
-### Testnet
-
-
-## First transactions
-
-
-## See also

[HIGH] Incomplete procedure step blocks task execution

Location: https://github.com/tact-lang/mintlify-ton-docs/blob/92ebdfa3eb5293bcc1dafe1932aba197357f3018/ecosystem/wallet-apps/web.mdx?plain=1#L28-L28

Description:
The numbered list contains a single placeholder step “Open” with no target or action, leaving readers without a concrete next step and blocking setup.

Suggestion:

-1. Open
+1. Open https://wallet.ton.org/.

[github-actions]

To fix the formatting issues:

1. Install necessary dependencies: npm ci
2. Then, run this command:

npx remark -o --silent --silently-ignore ecosystem/wallet-apps/web.mdx 

[github-actions]

Thanks for the update to the wallet docs. I found a few blocking issues in ecosystem/wallet-apps/web.mdx that need fixes before merge.

Findings (4)

High (4)

[HIGH] Missing security warning for recovery words

Location: https://github.com/tact-lang/mintlify-ton-docs/blob/c3416afe8fc5eb3ecfd711bdc153d3ab0e130586/ecosystem/wallet-apps/web.mdx?plain=1#L104-L106

Description:
The recovery words step uses a “caution” Aside with a brief note that does not meet the required security callout structure. Exposing mnemonics requires a Warning that explicitly states risk, scope, rollback/mitigation, and environment; otherwise readers may underestimate the consequences of leakage.

Suggestion:
Replace the Aside with a structured Warning.

-<Aside type="caution">
-  The following recovery words are shown only for demonstration purposes.
-</Aside>
+<Aside type="warning">
+  Warning — funds and keys at risk
+  Exposing or storing recovery words can compromise your wallet.
+  Scope: anyone with these words can take your funds.
+  Rollback: none. If leaked, move funds to a new wallet.
+  Environment: applies to TON Mainnet and TON Testnet.
+  The words below are for demonstration only.
+</Aside>

[HIGH] Step numbering skips 4–5 and continues at 6–10

Location: https://github.com/tact-lang/mintlify-ton-docs/blob/c3416afe8fc5eb3ecfd711bdc153d3ab0e130586/ecosystem/wallet-apps/web.mdx?plain=1#L75-L116

Description:
The ordered list jumps from step 3 to 6, omitting 4 and 5, and continues through 10. This breaks sequential flow and can confuse readers following the setup.

Suggestion:
Renumber steps 6–10 to 4–8.

-6. Read the **Use Responsibly** notice and check the box to _confirm that you have read and accepted this information_.
+4. Read the **Use Responsibly** notice and check the box to _confirm that you have read and accepted this information_.

-7. After confirming, you’ll be prompted to manually back up your secret key.
+5. After confirming, you’ll be prompted to manually back up your secret key.

-8. Read the **Safety Rules** carefully, check all the boxes to confirm that you understand them. Then click **Understood** to continue.
+6. Read the **Safety Rules** carefully, check all the boxes to confirm that you understand them. Then click **Understood** to continue.

-9. Write down your 24 recovery words and store them in **a safe place**.
+7. Write down your 24 recovery words and store them in **a safe place**.

-10. In the **Let’s Check** step, enter the requested words to make sure your recovery phrase was saved correctly.
+8. In the **Let’s Check** step, enter the requested words to make sure your recovery phrase was saved correctly.

[HIGH] Placeholder faucet link is broken

Location: https://github.com/tact-lang/mintlify-ton-docs/blob/c3416afe8fc5eb3ecfd711bdc153d3ab0e130586/ecosystem/wallet-apps/web.mdx?plain=1#L217-L219

Description:
The “TON Testnet Faucet” link uses a placeholder “(link)”, producing a broken hyperlink at a critical step (funding the wallet). This blocks readers from completing the guide.

Suggestion:
Point the faucet reference to a valid HTTPS URL.

-- On Testnet, request free Testnet Toncoins from the [TON Testnet Faucet](link).
+- On Testnet, request free Testnet Toncoins from the [TON Testnet Faucet](https://t.me/testgiver_ton_bot).

[HIGH] Incorrect account status term (“nonexistent” vs canonical “nonexist”)

Location: https://github.com/tact-lang/mintlify-ton-docs/blob/c3416afe8fc5eb3ecfd711bdc153d3ab0e130586/ecosystem/wallet-apps/web.mdx?plain=1#L193-L193

Description:
The default account status is labeled “nonexistent,” but the canonical status used elsewhere is “nonexist.” Inconsistent terminology can mislead readers and conflict with explorer/UI terms used on the page.

Suggestion:
Replace “nonexistent” with “nonexist”.

-Newly created wallets have the default state **nonexistent**, meaning the account has _no code, data, or balance_.
+Newly created wallets have the default state **nonexist**, meaning the account has _no code, data, or balance_.

[github-actions]

To fix the formatting issues:

1. Install necessary dependencies: npm ci
2. Then, run this command:

npx remark -o --silent --silently-ignore ecosystem/wallet-apps/web.mdx 

[github-actions]

To fix the formatting issues:

1. Install necessary dependencies: npm ci
2. Then, run this command:

npx remark -o --silent --silently-ignore ecosystem/wallet-apps/web.mdx 

[verytactical]

PR fails formatting and link rot checks.

[github-actions]

To fix the formatting issues:

1. Install necessary dependencies: npm ci
2. Then, run this command:

npx remark -o --silent --silently-ignore ecosystem/wallet-apps/web.mdx 

[github-actions]

To fix the formatting issues:

1. Install necessary dependencies: npm ci
2. Then, run this command:

npx remark -o --silent --silently-ignore ecosystem/wallet-apps/web.mdx 

[aigerimu]

it suggests:

1. Open wallet.ton.org.
2. Click Create Wallet to create a new wallet.

So, could we ignore it?

[github-actions]

Thanks for the focused docs update in the ecosystem wallet guide. I found several style‑guide blockers that need fixes before merge.

Findings (3)

High (3)

[HIGH] UI/log messages are styled in bold instead of quoted

Location: https://github.com/tact-lang/mintlify-ton-docs/blob/845ae55b5c4d01439b746efe2fdcf4a2de2c7308/ecosystem/wallet-apps/web.mdx?plain=1#L31-L31

Description:
Literal UI strings (buttons, labels, notifications) are styled in bold instead of appearing verbatim in quotation marks, which the style guide requires for copy‑exactness and searchability. This pattern occurs throughout the page; the primary instance is at the location above, with additional cases nearby. See contribute/style-guide-extended.mdx §6.2 (and related quoting rules).

Suggestion:
Replace bold UI strings with quoted strings. Apply across the page.

--- a/ecosystem/wallet-apps/web.mdx
+++ b/ecosystem/wallet-apps/web.mdx
@@ -31 +31 @@
-2. Click **Create Wallet** to create a new wallet.
+2. Click "Create Wallet" to create a new wallet.
@@ -39 +39 @@
-3. Next, choose **Use Password** to protect your wallet:
+3. Next, choose "Use Password" to protect your wallet:
@@ -259 +259 @@
-1. Click **Send**, enter your wallet address in **Recipient Address**, and the **Amount** of TON. Optionally, add a comment. Click **Send TON**.
+1. Click "Send", enter your wallet address in "Recipient Address", and the "Amount" of TON. Optionally, add a comment. Click "Send TON".
@@ -267 +267 @@
-2. In the confirmation popup, verify the transaction details and click **Confirm** if correct; otherwise, **Edit**.
+2. In the confirmation popup, verify the transaction details and click "Confirm" if correct; otherwise, "Edit".
@@ -275 +275 @@
-3. After confirmation, the wallet will display a notification: **Coins have been sent!**
+3. After confirmation, the wallet displays the notification "Coins have been sent!"

[HIGH] Safety callout for mnemonic handling is incomplete (missing risk, scope, rollback, environment)

Location: https://github.com/tact-lang/mintlify-ton-docs/blob/845ae55b5c4d01439b746efe2fdcf4a2de2c7308/ecosystem/wallet-apps/web.mdx?plain=1#L85-L89

Description:
The section that displays recovery words uses a simple caution that lacks the required safety‑critical elements: risk, scope, rollback/mitigation, and environment. Handling mnemonics requires a complete Warning/Caution via the <Aside> component with those fields per contribute/style-guide-extended.mdx §11.1–§11.2.

Suggestion:
Replace the existing callout with a complete Danger callout that includes all required elements.

-<Aside
-  type="caution"
->
-  The following recovery words are shown only for demonstration purposes.
-</Aside>
+<Aside type="danger" title="Secrets at risk">
+  Risk: Exposing recovery words lets others take your wallet and funds.
+  Scope: Affects this wallet and any accounts derived from its mnemonic.
+  Rollback: If exposure is suspected, move funds to a new wallet and stop using the old mnemonic.
+  Environment: Handle mnemonics offline and in private; do not enter them on untrusted sites. Prefer Testnet for demos.
+</Aside>

[HIGH] Missing required safety callout before moving funds

Location: https://github.com/tact-lang/mintlify-ton-docs/blob/845ae55b5c4d01439b746efe2fdcf4a2de2c7308/ecosystem/wallet-apps/web.mdx?plain=1#L251-L260

Description:
The “Send the first transaction” section instructs a funds transfer without a required safety callout. Any step that moves funds must present a Warning/Caution covering risk, scope, mitigation/rollback, and environment, placed before the numbered steps to prevent accidental mainnet execution (see contribute/style-guide-extended.mdx §11.1–§11.2).

Suggestion:
Insert a Danger callout immediately before the steps.

 ### Send the first transaction

 With TON in the account, the wallet can be deployed. Deployment occurs when _the wallet processes its first transaction_.
 
 In this example, we send TON to the account itself on Testnet to observe the transaction and wallet deployment on-chain.
 
+<Aside type="danger" title="Funds at risk">
+  Risk: The next steps transfer funds. Mainnet transfers are irreversible.
+  Scope: Your wallet balance and the specified recipient address.
+  Mitigation/Rollback: Use TON Testnet for this example. On mainnet, double‑check the recipient and amount before confirming; there is no rollback after submission.
+  Environment: Prefer TON Testnet for testing; switch to mainnet only when ready.
+</Aside>
 
 To send TON to your own account:

[anton-trunov]

@aigerimu merge conflicts + failing CI

[github-actions]

To fix the formatting issues:

1. Install necessary dependencies: npm ci
2. Then, run this command:

npx remark -o --silent --silently-ignore ecosystem/wallet-apps/web.mdx 

[aigerimu]

@aigerimu merge conflicts + failing CI

done

[anton-trunov]

this section says it is not covered by ton-blockchain/bug-bounty:
https://github.com/ton-blockchain/bug-bounty?tab=readme-ov-file#frontend

[github-actions]

Thanks for the focused work on the wallet-apps guide. There are a few high‑severity style and safety items that need addressing before this can merge.

Findings (4)

High (4)

[HIGH] UI strings not quoted per house rule; tokens need code font

Location:

docs/ecosystem/wallet-apps/web.mdx

Lines 22 to 30 in 3c04b3b

	1. Click **Create Wallet** to create a new wallet.
	<Image
	src="/resources/images/wallets/wallet-ton-org/welcome_page_light.png"
	darkSrc="/resources/images/wallets/wallet-ton-org/welcome_page_dark.png"
	alt="Web wallet welcome page"
	/>
	2. Next, choose **Use Password** to protect your wallet:

Description:
Literal UI/log strings are formatted in bold instead of quoted verbatim, which violates the style guide. This pattern repeats across the page (also update lines: 47, 57, 65, 82, 92, 124, 132, 178, 250, 258, 266, 284). Additionally, tokens like version identifiers should use code font. See https://github.com/ton-org/docs/blob/main/contribute/style-guide-extended.mdx?plain=1#L254-L266 and https://github.com/ton-org/docs/blob/main/contribute/style-guide-extended.mdx?plain=1#L284-L286.

Suggestion:
Replace bold UI strings with quoted strings and use code font for tokens.

--- a/ecosystem/wallet-apps/web.mdx
+++ b/ecosystem/wallet-apps/web.mdx
@@
-1. Click **Create Wallet** to create a new wallet.
+1. Click “Create Wallet” to create a new wallet.
@@
-2. Next, choose **Use Password** to protect your wallet:
+2. Next, choose “Use Password” to protect your wallet:
@@
-Once you’re ready, click **Let’s Check** to verify your recovery phrase.
+Once you’re ready, click “Let’s Check” to verify your recovery phrase.

-1. Click **Create Wallet** to create a new wallet.
+1. Click "Create Wallet" to create a new wallet.

-2. Next, choose **Use Password** to protect your wallet:
+2. Next, choose "Use Password" to protect your wallet:

-3. After confirmation, the wallet will display a notification: **Coins have been sent!**
+3. After confirmation, the wallet will display a notification: "Coins have been sent!"

-1. Click **Create Wallet** to create a new wallet.
+1. Click “Create Wallet” to create a new wallet.

-2. In the **Wallet Versions**, you can see which contract your wallet uses.
+2. In “Wallet Versions”, you can see which contract your wallet uses.

-3. After confirmation, the wallet will display a notification: **Coins have been sent!**
+3. After confirmation, the wallet displays the notification: “Coins have been sent!”

-You will also see a **Contract Type** field indicating **v5**.
+You will also see a “Contract Type” field indicating `v5`.

[HIGH] Mnemonic safety callout is incomplete (missing required elements)

Location:

docs/ecosystem/wallet-apps/web.mdx

Lines 76 to 80 in 3c04b3b

	<Aside
	type="caution"
	>
	The following recovery words are shown only for demonstration purposes.
	</Aside>

Description:
The callout shown during mnemonic handling lacks required elements (risk, scope, rollback/mitigation, environment). Handling recovery words is safety‑critical and must include these items. See contribute/style-guide-extended.mdx:505-512 and 516-521.

Suggestion:
Replace the existing Aside with a Danger warning that includes all required elements.

-<Aside
-  type="caution"
->
-  The following recovery words are shown only for demonstration purposes.
-</Aside>
+<Aside type="danger" title="Secrets at risk">
+  Risk: Anyone who sees or records these 24 words can take control of your wallet and funds.
+  Scope: This affects your wallet on both mainnet and testnet.
+  Rollback: If exposed, create a new wallet and transfer all funds immediately; do not reuse the compromised mnemonic.
+  Environment: Record the words offline on a trusted device; never enter them on untrusted websites or apps.
+</Aside>

[HIGH] Missing safety callout for funds transfer

Location:

docs/ecosystem/wallet-apps/web.mdx

Lines 242 to 251 in 3c04b3b

	### Send the first transaction
	With TON in the account, the wallet can be deployed. Deployment occurs when _the wallet processes its first transaction_.
	In this example, we send TON to the account itself on Testnet to observe the transaction and wallet deployment on-chain.
	To send TON to your own account:
	1. Click **Send**, enter your wallet address in **Recipient Address**, and the **Amount** of TON. Optionally, add a comment. Click **Send TON**.

Description:
The “Send the first transaction” section moves funds but lacks the required safety callout with risk, scope, rollback, and environment labeling (prefer Testnet). A visible warning is required before the steps. See https://github.com/ton-org/docs/blob/main/contribute/style-guide-extended.mdx?plain=1#L507-L527.

Suggestion:
Insert a Danger Aside immediately after the section heading and before the steps.

--- a/ecosystem/wallet-apps/web.mdx
+++ b/ecosystem/wallet-apps/web.mdx
@@
 ### Send the first transaction
+
+<Aside type="danger" title="Funds at risk">
+  This step transfers funds.
+  Scope: the selected wallet/account.
+  Environment: uses Testnet by default. Prefer Testnet for experiments.
+  Rollback: on-chain transfers are irreversible; verify the recipient and amount before sending.
+  If you must use mainnet, double-check fees, recipient, and amount. There is no rollback on mainnet.
+</Aside>
@@
 In this example, we send TON to the account itself on Testnet to observe the transaction and wallet deployment on-chain.

[HIGH] Secrets shown in example image (mnemonic words)

Location:

docs/ecosystem/wallet-apps/web.mdx

Lines 84 to 88 in 3c04b3b

	<Image
	src="/resources/images/wallets/wallet-ton-org/secret_words_light.png"
	darkSrc="/resources/images/wallets/wallet-ton-org/secret_words_dark.png"
	alt="24 Secret words"
	/>

Description:
The screenshot displays the 24 recovery words. The style guide forbids exposing secrets (including mnemonics) in examples; use redacted/mock images instead. See https://github.com/ton-org/docs/blob/main/contribute/style-guide-extended.mdx?plain=1#L486-L489.

Suggestion:
Swap to redacted images and adjust alt text.

-<Image
-  src="/resources/images/wallets/wallet-ton-org/secret_words_light.png"
-  darkSrc="/resources/images/wallets/wallet-ton-org/secret_words_dark.png"
-  alt="24 Secret words"
-/>
+<Image
+  src="/resources/images/wallets/wallet-ton-org/secret_words_light_redacted.png"
+  darkSrc="/resources/images/wallets/wallet-ton-org/secret_words_dark_redacted.png"
+  alt="Recovery words (redacted)"
+/>