Audit-first contracts
Tolk source for JettonMinter and JettonWallet ships with a 60/60 unit + integration test suite. Every storage layout change re-runs the full bench before tagging.
Security
Built audit-first, broadcast last
Phalanx is on-chain by default. Anything we sign, mint, or send is verifiable on TON without trusting our backend. Below is the short version — the canonical document lives in the public repo.
On-chain transparency
PLX testnet supply, holders, and admin authority are public on Tonviewer. Any treasury or supply movement is visible without trusting the dashboard.
Secret hygiene
No production credentials live in this repo. Every .env is gitignored, OAuth client IDs only load when both ID and SECRET are set, and the credentials provider is hard-blocked in production.
Disclosure
Found something? Email [email protected] or open a private advisory on the repository. We aim to acknowledge within 48h and patch within 14 days for high-severity issues.
Reporting an issue
Mail [email protected] with reproduction steps. Please don't open a public issue for anything that could let a third party drain or mint tokens.
For non-security questions, see the contact page or email [email protected].