--- issue: 129 title: "Scanner: TON processTransfer doesn't verify JettonMasterAddress vs intent.TokenAddress" severity: low domain: Scanner labels: [bug, scanner, token-verification] status: open created: 2026-05-30 source: Full Codebase Audit 2026-05-30 --- # Scanner: TON processTransfer doesn't verify JettonMasterAddress vs intent.TokenAddress **Severity:** low **Domain:** Scanner **Labels:** bug, scanner, token-verification ## Description `scanner/ton_chain.go:203` processes TON jetton transfers without explicitly verifying that `tr.JettonMasterAddress` equals `intent.TokenAddress`. It trusts the API filtering to return only the correct jetton, but a compromised API or a jetton with the same wallet address could pass silently. ## Options 1. Assert `tr.JettonMasterAddress === intent.TokenAddress` before confirming. 2. Trust API filtering but log mismatches. 3. Verify and reject on mismatch. ## Recommendation Add an explicit equality check and reject mismatches rather than trusting API filtering. ## Affected Files - `scanner/ton_chain.go:203` ## References - [Full Codebase Audit 2026-05-30](../09%20-%20Audits/Full%20Codebase%20Audit%20-%202026-05-30.md) — DEC-65