From Paradigm Shift to Audit Rift: Exploring Vulnerabilities and Audit Tips for TON Smart Contracts

• URL: http://arxiv.org/abs/2509.10823v1
• Date: Sat, 13 Sep 2025 14:41:03 GMT
• Title: From Paradigm Shift to Audit Rift: Exploring Vulnerabilities and Audit Tips for TON Smart Contracts
• Authors: Yury Yanovich, Sergey Sobolev, Yash Madhwal, Kirill Ziborov, Vladimir Gorgadze, Victoria Kovalevskay, Elizaveta Smirnova, Matvey Mishuris, Subodh Sharma,
• Abstract summary: The Open Network (TON) is a high-performance blockchain platform designed for scalability and efficiency.<n>This paper introduces a comprehensive audit checklist for TON smart contracts based on an analysis of 34 professional audit reports containing 233 real-world vulnerabilities.
• Score: 0.12640882896302838
• License: http://creativecommons.org/licenses/by/4.0/
• Abstract: The Open Network (TON) is a high-performance blockchain platform designed for scalability and efficiency, leveraging an asynchronous execution model and a multi-layered architecture. While TON's design offers significant advantages, it also introduces unique challenges for smart contract development and security. This paper introduces a comprehensive audit checklist for TON smart contracts, based on an analysis of 34 professional audit reports containing 233 real-world vulnerabilities. The checklist addresses TON-specific challenges, such as asynchronous message handling, and provides actionable insights for developers and auditors. We also present detailed case studies of vulnerabilities in TON smart contracts, highlighting their implications and offering lessons learned. By adopting this checklist, developers and auditors can systematically identify and mitigate vulnerabilities, enhancing the security and reliability of TON-based projects. Our work bridges the gap between Ethereum's mature audit methodologies and the emerging needs of the TON ecosystem, fostering a more secure and robust blockchain environment.

Related papers

• CREDIT: Certified Ownership Verification of Deep Neural Networks Against Model Extraction Attacks [54.04030169323115]
  We introduce CREDIT, a certified ownership verification against Model Extraction Attacks (MEAs)<n>We quantify the similarity between DNN models, propose a practical verification threshold, and provide rigorous theoretical guarantees for ownership verification based on this threshold.<n>We extensively evaluate our approach on several mainstream datasets across different domains and tasks, achieving state-of-the-art performance.
  arXiv  Detail & Related papers  (2026-02-23T23:36:25Z)
• One Signature, Multiple Payments: Demystifying and Detecting Signature Replay Vulnerabilities in Smart Contracts [56.94148977064169]
  lacking checks on signature usage conditions can lead to repeated verifications, increasing the risk of permission abuse and threatening contract assets.<n>We define this issue as the Signature Replay Vulnerability (SRV)<n>From 1,419 audit reports across 37 blockchain security companies, we identified 108 with detailed SRV descriptions and classified five types of SRVs.
  arXiv  Detail & Related papers  (2025-11-12T09:17:13Z)
• TRUST: A Decentralized Framework for Auditing Large Language Model Reasoning [45.228233498964755]
  Large Language Models generate reasoning chains that reveal their decision-making.<n>Existing auditing methods are centralized, opaque, and hard to scale.<n>We propose TRUST, a transparent, decentralized auditing framework.
  arXiv  Detail & Related papers  (2025-10-23T04:16:44Z)
• ParaVul: A Parallel Large Language Model and Retrieval-Augmented Framework for Smart Contract Vulnerability Detection [43.41293570032631]
  ParaVul is a retrieval-augmented framework to improve the reliability and accuracy of smart contract vulnerability detection.<n>We develop Sparse Low-Rank Adaptation (SLoRA) for LLM fine-tuning.<n>We construct a vulnerability contract dataset and develop a hybrid Retrieval-Augmented Generation (RAG) system.
  arXiv  Detail & Related papers  (2025-10-20T03:23:41Z)
• BugMagnifier: TON Transaction Simulator for Revealing Smart Contract Vulnerabilities [0.12640882896302838]
  We present BugMagnifier, a transaction simulation framework that systematically reveals vulnerabilities in TON smart contracts.<n>Our tool combines precise message queue manipulation with differential state analysis and probabilistic permutation testing to detect asynchronous execution flaws.
  arXiv  Detail & Related papers  (2025-09-29T08:26:52Z)
• SilentLedger: Privacy-Preserving Auditing for Blockchains with Complete Non-Interactivity [38.520950743840785]
  SilentLedger is a privacy-preserving transaction system with auditing and complete non-interactivity.<n>We formally prove security properties including authenticity, anonymity, confidentiality, and soundness.<n>Our implementation and benchmarks demonstrate that SilentLedger achieves superior performance compared with state-of-the-art solutions.
  arXiv  Detail & Related papers  (2025-09-10T16:14:34Z)
• ContractTrace: Retracing Smart Contract Versions for Security Analyses [4.126275271359132]
  We introduce ContractTrace, an automated infrastructure that accurately identifies and links versions of smart contracts into coherent lineages.<n>This capability is essential for understanding vulnerability propagation patterns and evaluating the effectiveness of security patches in blockchain environments.
  arXiv  Detail & Related papers  (2024-12-30T11:10:22Z)
• FTSmartAudit: A Knowledge Distillation-Enhanced Framework for Automated Smart Contract Auditing Using Fine-Tuned LLMs [17.76505488643214]
  This paper investigates the feasibility of using smaller, fine-tuned models to achieve comparable or even superior results in smart contract auditing.<n>We introduce the FTSmartAudit framework, which is designed to develop cost-effective, specialized models for smart contract auditing.<n>Our contributions include: (1) a single-task learning framework that streamlines data preparation, training, evaluation, and continuous learning; (2) a robust dataset generation method utilizing domain-special knowledge distillation to produce high-quality datasets from advanced models like GPT-4o; and (3) an adaptive learning strategy to maintain model accuracy and robustness.
  arXiv  Detail & Related papers  (2024-10-17T09:09:09Z)
• Vulnerability Detection in Ethereum Smart Contracts via Machine Learning: A Qualitative Analysis [0.0]
  We analyze the state of the art in machine-learning vulnerability detection for smart contracts. We discuss best practices to enhance the accuracy, scope, and efficiency of vulnerability detection in smart contracts.
  arXiv  Detail & Related papers  (2024-07-26T10:09:44Z)
• Fixing Smart Contract Vulnerabilities: A Comparative Analysis of Literature and Developer's Practices [6.09162202256218]
  We refer to vulnerability fixing in the ways found in the literature as guidelines. It is not clear to what extent developers adhere to these guidelines, nor whether there are other viable common solutions and what they are. The goal of our research is to fill knowledge gaps related to developers' observance of existing guidelines and to propose new and viable solutions to security vulnerabilities.
  arXiv  Detail & Related papers  (2024-03-12T09:55:54Z)
• A Survey and Comparative Analysis of Security Properties of CAN Authentication Protocols [92.81385447582882]
  The Controller Area Network (CAN) bus leaves in-vehicle communications inherently non-secure. This paper reviews and compares the 15 most prominent authentication protocols for the CAN bus. We evaluate protocols based on essential operational criteria that contribute to ease of implementation.
  arXiv  Detail & Related papers  (2024-01-19T14:52:04Z)
• Vulnerability Scanners for Ethereum Smart Contracts: A Large-Scale Study [44.25093111430751]
  In 2023 alone, such vulnerabilities led to substantial financial losses exceeding a billion of US dollars. Various tools have been developed to detect and mitigate vulnerabilities in smart contracts. This study investigates the gap between the effectiveness of existing security scanners and the vulnerabilities that still persist in practice.
  arXiv  Detail & Related papers  (2023-12-27T11:26:26Z)
• A Comprehensive Study of Governance Issues in Decentralized Finance Applications [45.033994319846244]
  We present a comprehensive study of governance issues in DeFi applications. We collect and build a dataset of 4,446 audit reports from 17 Web3 security companies. Our findings highlight a significant observation: the disparity between smart contract code and DeFi whitepapers plays a central role in these governance issues.
  arXiv  Detail & Related papers  (2023-11-02T17:46:59Z)
• Blockchain-Envisioned UAV-Aided Disaster Relief Networks: Challenges and Solutions [21.759507457111468]
  Unmanned aerial vehicles (UAVs)-aided disaster relief networks (UDRNs) leverage UAVs to assist ground relief networks by swiftly assessing affected areas and timely delivering lifesaving supplies. To meet the growing demands for collaborative, trust-free, and transparent UDRN services, blockchain-based UDRNs emerge as a promising approach through immutable ledgers and distributed smart contracts. This paper presents potential solutions: (i) a series of collaborative smart contracts for coordinated relief management; (ii) a dynamic contract audit mechanism to prevent known/unknown contract vulnerabilities; and (iii) a robust transaction forensics strategy with on
  arXiv  Detail & Related papers  (2023-10-08T14:32:25Z)
• Empirical Review of Smart Contract and DeFi Security: Vulnerability Detection and Automated Repair [36.46679501556185]
  Decentralized Finance (DeFi) is emerging as a peer-to-peer financial ecosystem. smart contracts hold a massive amount of value, making them an attractive target for attacks. This paper reviews the progress made in the field of smart contract and DeFi security from the perspective of both vulnerability detection and automated repair.
  arXiv  Detail & Related papers  (2023-09-05T17:00:42Z)
• ESCORT: Ethereum Smart COntRacTs Vulnerability Detection using Deep Neural Network and Transfer Learning [80.85273827468063]
  Existing machine learning-based vulnerability detection methods are limited and only inspect whether the smart contract is vulnerable. We propose ESCORT, the first Deep Neural Network (DNN)-based vulnerability detection framework for smart contracts. We show that ESCORT achieves an average F1-score of 95% on six vulnerability types and the detection time is 0.02 seconds per contract.
  arXiv  Detail & Related papers  (2021-03-23T15:04:44Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.