False positive "This dApp could be malicious" on corporate payment domains (cryofor.com) — review form submitted twice, no response #505
Unanswered
tettthhhhhh
asked this question in
Help & Support
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
Summary
Our internal B2B payment tool (industrial gases supplier, Russia) is flagged red in Phantom on both app.cryofor.com and pay.cryofor.com. It serves Solana Pay transaction requests for our private SPL token UFLP (mint Amt6z3Ryj6BJ1AoBKBvAp4zUWBH5se1s95TPz1fiyhfn) — no public sale, no liquidity, ~12 employee users. Transactions simulate cleanly, single company fee-payer pays SOL fees.
The dApp Review Google form was submitted ~1 month ago (ticket #11793) and re-submitted today — no response so far. A Blockaid false-positive report was also filed today.
Impact: the red interstitial suppresses Phantom's usual summary/receipt UI, so after "Yes, confirm (unsafe)" the transaction signs and sends with NO confirmation shown — our staff already made accidental duplicate payments (4x100 UFLP on one invoice) because of this. Please advise on the review status or what else is needed from us.
Example
https://pay.cryofor.com — example legit tx: https://solscan.io/tx/5bissuGSxTFbLUqhxTRB6giV8ksmqQBPvUQnkKXxiDjmDnqYnYkjYRdkjraGAmA6wSSDX1ifCY5iV6it71Yz7SCi
Steps to Reproduce
Expected: no malicious flag — this is our own corporate domain (site: https://cryofor.com), the token and flow are internal-only. Happy to provide any verification (DNS record, company docs, signed message from the treasury key).
Phantom Version
iOS 26.20.0 (behavior reproduced on multiple devices)
Is there an existing discussion for this?
Beta Was this translation helpful? Give feedback.
All reactions