Security auditing for the TON Foundation: a collaborative approach to secure ecosystem development

SmartState.tech
4 min readOct 27, 2024

--

SmartState — Security auditing for the TON Foundation: A Collaborative Approach to Secure Ecosystem Development

SmartState is delighted to have collaborated with the TON Foundation, working together to optimize functional components of the TON protocol and successfully resolving unique security goals for the TON ecosystem projects. Our joint efforts have led to the development of an effective security audit methodology tailored specifically to address specific challenges facing the TON blockchain.

Unique Methodology for the TON protocol

As a one-of-a-kind protocol, TON requires innovative solutions that cater to its distinct security needs. SmartState’s comprehensive auditing approach for each crypto project on the TON protocol includes (but not limited to):

  1. Best code practices
  2. FA2 compliance (if applicable)
  3. Logical bugs and code logic issues
  4. Error handling issues
  5. Cryptographic errors
  6. Protocol and header parsing errors
  7. Private data leaks
  8. Unchecked call return method
  9. Code with no effects
  10. Unused vars
  11. Use of deprecated functions
  12. Authorization issues
  13. Reentrancy
  14. Arithmetic overflows/underflows
  15. Hidden malicious code
  16. External contract referencing
  17. Short address/parameter attack
  18. Uninitialized storage pointers
  19. Floating points and precision
  20. Message rebounce
  21. The order of data import
  22. Consider the case where a message fails
  23. Cost refund
  24. Cell data and storage params
  25. Security of concurrent message calls and locks
  26. Access control is enforced properly
  27. Asynchronous messages do not create race condition
  28. Address formats handled correctly
  29. Gas accounting is correct
  30. Bounced messages are handled correctly
  31. The funds are reserved correctly
  32. Function specifiers are correct
  33. Logic is implemented properly

Collaborative Approach: Security benefits

We are delighted to join the TON ecosystem, and we are committed to ensuring the security of projects and developers alike. In an ever-evolving blockchain landscape where innovation often comes with new security challenges, SmartState’s goal is to create conditions that empower every project and developer to feel confident in protecting their work and data. Partnering with the TON Foundation not only reinforces SmartState’s commitment to the highest safety standards, but also provides an opportunity to make a meaningful contribution to the TON ecosystem.

We operate following recognized international standards such as ISO/IEC 27001 and NIST, which ensures strict control over all processes. SmartState’s methodology includes continuous audits, risk assessments and the implementation of innovative solutions tailored to the unique features of the TON blockchain platform. Our approach goes beyond meeting the highest security standards — we are constantly and proactively looking for new ways to improve security and to protect the entire ecosystem from current and future threats.

For developers, this means being assured that their projects can grow and develop in a secure environment which enables them to focus on innovation, knowing that their infrastructure and data are robustly protected.

Our shared goal is to create a trusted environment where every participant can safely develop and implement their solutions. We aim to build a future where security and innovation walk side by side, ensuring sustainable growth for all ecosystem participants.

Conclusion

Our collaboration with the TON Foundation marks an important milestone in our mission to safeguard the blockchain ecosystem community and raise the overall security level of the industry. By working together, we are committed to delivering cutting-edge auditing services that cater specifically to the unique needs of TON projects. Join us in this journey as we strive to create a secure and innovative environment for all participants in the TON ecosystem.

SmartState: Top-notch smart contract audits & blockchain security solutions
SmartState: Top-notch smart contract audits & blockchain security solutions

About SmartState

Launched in 2019 and incorporated in Dubai, SmartState is an independent Web3 security company providing top-notch external security audits and enterprise level blockchain security services.

We’ve built a professional team of skilled white-hat hackers, cyber security experts, analysts and developers. The SmartState team have extensive experience in ethical hacking and cyber security, blockchain & Web3 development, financial and economic sectors.

We’ve conducted security audits for >300 projects so far. None of code audited by SmartState had been hacked. Blockchains like TON, large projects like EYWA, 1inch and CrossCurve & exchanges such as Binance and KuCoin rely on our experience.

🚀 Concerned about your project & assets security? Book free security consultation! Let’s get in touch: info@smartstate.tech

Stay tuned and find more about us and what we provide on our:

Disclaimer

An audit does not provide any warranties regarding the code security. We presume that a single audit cannot be considered totally sufficient and always recommend several independent audits and a public bug bounty program to ensure code security.

Always DYOR. This article does not constitute legal, financial or investment advice, and we are not responsible for any decisions based on our analysis or recommendations.

--

--

SmartState.tech
SmartState.tech

Written by SmartState.tech

🇦🇪 Dubai-based enterprise level Web3 security company. Top-notch smart contract audits & blockchain security solutions 🚀🔒

No responses yet