- Assurance
  Smart Contract Assessment
  Securing code integrity, protecting digital assets
  Smart Contract Assessment
  Securing code integrity, protecting digital assets
  Blockchain Layer 1 Assessment
  Assessing protocols, securing blockchain foundations
  Blockchain Layer 1 Assessment
  Assessing protocols, securing blockchain foundations
  Code Security Audit
  Uncovering flaws, strengthening software integrity
  Code Security Audit
  Uncovering flaws, strengthening software integrity
  Web Application Penetration Testing
  Exposing weaknesses, fortifying digital defenses
  Web Application Penetration Testing
  Exposing weaknesses, fortifying digital defenses
  Cloud Infrastructure Penetration Testing
  Securing configurations, protecting critical environments
  Cloud Infrastructure Penetration Testing
  Securing configurations, protecting critical environments
  Red Team Exercise
  Simulating real-world attacks, strengthening defenses
  Red Team Exercise
  Simulating real-world attacks, strengthening defenses
  AI Red Teaming
  Testing AI systems against real threats
  AI Red Teaming
  Testing AI systems against real threats
  AI Security Assessment
  Securing AI models, data, and pipelines
  AI Security Assessment
  Securing AI models, data, and pipelines
- Advisory
  AI Advisory
  Guiding secure, strategic AI adoption forward
  AI Advisory
  Guiding secure, strategic AI adoption forward
  Risk Assessment
  From unknown threats to actionable insights
  Risk Assessment
  From unknown threats to actionable insights
  Blockchain Architecture Assessment
  Optimizing architecture for tomorrow’s networks
  Blockchain Architecture Assessment
  Optimizing architecture for tomorrow’s networks
  Compliance Readiness
  Stay ready as regulations evolve
  Compliance Readiness
  Stay ready as regulations evolve
  Custody and Key Management Assessment
  Securing the heart of digital custody
  Custody and Key Management Assessment
  Securing the heart of digital custody
  Technical Due Diligence
  See the risks before you invest
  Technical Due Diligence
  See the risks before you invest
  Technical Training
  Empower your teams to secure what matters
  Technical Training
  Empower your teams to secure what matters

Daml - Diff Review - Temple

Prepared by:

HALBORN

Last Updated 03/26/2026

Date of Engagement: March 23rd, 2026 - March 23rd, 2026

Summary

100% of all REPORTED Findings have been addressed

All findings

Critical

High

Medium

Low

Informational

1. Summary
2. Introduction
3. Assessment summary
4. Scope
5. Findings overview

1. Summary

2. Introduction

Temple engaged our security analysis team to conduct a targeted security audit of their DAML smart contract ecosystem deployed on the Canton distributed ledger. The primary aim was to assess the security architecture of the incremental changes introduced between release tags 4.0.1 and 4.1.1, with a focus on identifying authorization flaws, asset accountability gaps, and logic correctness issues within the settlement and delegation framework. Our assessment was strictly confined to the modified non-test DAML modules within those two releases, ensuring a focused and evidence-driven analysis.

3. Assessment Summary

Our engagement with Temple spanned a 1 day period, during which we dedicated one full-time security engineer with extensive experience in blockchain security, distributed ledger protocols, and DAML/Canton smart contract semantics. The objectives of this assessment were to:

Verify the correct handling of asset lifecycle operations across the delegation and settlement workflows.
Identify authorization, access control, and logic vulnerabilities introduced in the 4.0.1 → 4.1.1 delta.
Evaluate the integrity of critical flows including allocation splitting, allocation merging, settlement request signing, and fee processing.
Provide actionable recommendations to harden the security and correctness of Temple's settlement infrastructure.

4. SCOPE

REPOSITORY

(a) Repository: temple-daml-contracts

(b) Assessed Commit ID: 145c443

/package/temple-settlement-impl/daml/Temple/Settlement/Delegation.daml
/package/temple-settlement-impl/daml/Temple/Settlement/Orchestrator.daml
/package/temple-settlement-impl/daml/Temple/Settlement/Request.daml

↓ Expand ↓

Remediation Commit ID:

https://github.com/Temple-Digital-Group/temple-daml-contracts/releases/tag/4.1.2

Out-of-Scope: New features/implementations after the remediation commit IDs.

5. Findings Overview

Security analysis	Risk level	Remediation
Remainder Holding Not Returned on Partial Split	Informational	Acknowledged - 03/25/2026
Receiver Party Silently Replaced After Allocation Consolidation	Informational	Solved - 03/25/2026
Cross-Role Delegation Usage Not Prevented at Settlement Signing	Informational	Solved - 03/25/2026
Optional Deadline Produces Misleading Assertion Messages	Informational	Solved - 03/25/2026

Halborn strongly recommends conducting a follow-up assessment of the project either within six months or immediately following any material changes to the codebase, whichever comes first. This approach is crucial for maintaining the project’s integrity and addressing potential vulnerabilities introduced by code modifications.

1. Summary
2. Introduction
3. Assessment summary
4. Scope
5. Findings overview

// Download the full report

Daml - Diff Review

* Use Google Chrome for best results

** Check "Background Graphics" in the print settings if needed

← Back to Audits

Daml - Diff Review - Temple

Prepared by:

HALBORN

Last Updated 03/26/2026

Date of Engagement: March 23rd, 2026 - March 23rd, 2026

Summary

100% of all REPORTED Findings have been addressed

All findings

Critical

High

Medium

Low

Informational

1. Summary
2. Introduction
3. Assessment summary
4. Scope
5. Findings overview

1. Summary

2. Introduction

3. Assessment Summary

Verify the correct handling of asset lifecycle operations across the delegation and settlement workflows.
Identify authorization, access control, and logic vulnerabilities introduced in the 4.0.1 → 4.1.1 delta.
Evaluate the integrity of critical flows including allocation splitting, allocation merging, settlement request signing, and fee processing.
Provide actionable recommendations to harden the security and correctness of Temple's settlement infrastructure.

4. SCOPE

REPOSITORY

(a) Repository: temple-daml-contracts

(b) Assessed Commit ID: 145c443

/package/temple-settlement-impl/daml/Temple/Settlement/Delegation.daml
/package/temple-settlement-impl/daml/Temple/Settlement/Orchestrator.daml
/package/temple-settlement-impl/daml/Temple/Settlement/Request.daml

↓ Expand ↓

Remediation Commit ID:

https://github.com/Temple-Digital-Group/temple-daml-contracts/releases/tag/4.1.2

Out-of-Scope: New features/implementations after the remediation commit IDs.

5. Findings Overview

Security analysis	Risk level	Remediation
Remainder Holding Not Returned on Partial Split	Informational	Acknowledged - 03/25/2026
Receiver Party Silently Replaced After Allocation Consolidation	Informational	Solved - 03/25/2026
Cross-Role Delegation Usage Not Prevented at Settlement Signing	Informational	Solved - 03/25/2026
Optional Deadline Produces Misleading Assertion Messages	Informational	Solved - 03/25/2026

1. Summary
2. Introduction
3. Assessment summary
4. Scope
5. Findings overview

// Download the full report

Daml - Diff Review

* Use Google Chrome for best results

** Check "Background Graphics" in the print settings if needed

Daml - Diff Review

Temple

Daml - Diff Review - Temple

Summary

Table of Contents

1. Summary

2. Introduction

3. Assessment Summary

4. SCOPE

5. Findings Overview

Table of Contents

Daml - Diff Review

Temple

Daml - Diff Review - Temple

Summary

Table of Contents

1. Summary

2. Introduction

3. Assessment Summary

4. SCOPE

5. Findings Overview

Table of Contents