Daml - Diff Review - Temple

Prepared by:

HALBORN

Last Updated 03/26/2026

Date of Engagement: March 23rd, 2026 - March 23rd, 2026

Summary

100% of all REPORTED Findings have been addressed

All findings

Critical

High

Medium

Low

Informational

1. Summary
2. Introduction
3. Assessment summary
4. Scope
5. Findings overview

1. Summary

2. Introduction

Temple engaged our security analysis team to conduct a targeted security audit of their DAML smart contract ecosystem deployed on the Canton distributed ledger. The primary aim was to assess the security architecture of the incremental changes introduced between release tags 4.0.1 and 4.1.1, with a focus on identifying authorization flaws, asset accountability gaps, and logic correctness issues within the settlement and delegation framework. Our assessment was strictly confined to the modified non-test DAML modules within those two releases, ensuring a focused and evidence-driven analysis.

3. Assessment Summary

Our engagement with Temple spanned a 1 day period, during which we dedicated one full-time security engineer with extensive experience in blockchain security, distributed ledger protocols, and DAML/Canton smart contract semantics. The objectives of this assessment were to:

Verify the correct handling of asset lifecycle operations across the delegation and settlement workflows.
Identify authorization, access control, and logic vulnerabilities introduced in the 4.0.1 → 4.1.1 delta.
Evaluate the integrity of critical flows including allocation splitting, allocation merging, settlement request signing, and fee processing.
Provide actionable recommendations to harden the security and correctness of Temple's settlement infrastructure.

4. SCOPE

REPOSITORY

(a) Repository: temple-daml-contracts

(b) Assessed Commit ID: 145c443

/package/temple-settlement-impl/daml/Temple/Settlement/Delegation.daml
/package/temple-settlement-impl/daml/Temple/Settlement/Orchestrator.daml
/package/temple-settlement-impl/daml/Temple/Settlement/Request.daml

↓ Expand ↓

Remediation Commit ID:

https://github.com/Temple-Digital-Group/temple-daml-contracts/releases/tag/4.1.2

Out-of-Scope: New features/implementations after the remediation commit IDs.

5. Findings Overview

Security analysis	Risk level	Remediation
Remainder Holding Not Returned on Partial Split	Informational	Acknowledged - 03/25/2026
Receiver Party Silently Replaced After Allocation Consolidation	Informational	Solved - 03/25/2026
Cross-Role Delegation Usage Not Prevented at Settlement Signing	Informational	Solved - 03/25/2026
Optional Deadline Produces Misleading Assertion Messages	Informational	Solved - 03/25/2026

Halborn strongly recommends conducting a follow-up assessment of the project either within six months or immediately following any material changes to the codebase, whichever comes first. This approach is crucial for maintaining the project’s integrity and addressing potential vulnerabilities introduced by code modifications.

1. Summary
2. Introduction
3. Assessment summary
4. Scope
5. Findings overview

// Download the full report

Daml - Diff Review

* Use Google Chrome for best results

** Check "Background Graphics" in the print settings if needed