Security auditing for the TON Foundation: A Collaborative Approach to Secure Ecosystem Development

SmartState is delighted to have collaborated with the TON Foundation, working together to optimize functional components of the TON protocol and successfully resolving unique security goals for the TON ecosystem projects. Our joint efforts have led to the development of an effective security audit methodology tailored specifically to address specific challenges facing the TON blockchain.

Unique Methodology for the TON protocol

As a one-of-a-kind protocol, TON requires innovative solutions that cater to its distinct security needs. SmartState’s comprehensive auditing approach for each crypto project on the TON protocol includes (but not limited to):

1. Best code practices
2. FA2 compliance (if applicable)
3. Logical bugs and code logic issues
4. Error handling issues
5. Cryptographic errors
6. Protocol and header parsing errors
7. 8. Private data leaks
8. Unchecked call return method
9. Code with no effects
10. Unused vars
11. Use of deprecated functions
12. Authorization issues
13. Reentrancy
14. Arithmetic overflows/underflows
15. Hidden malicious code
16. External contract referencing
17. Short address/parameter attack
18. Uninitialized storage pointers
19. Floating points and precision
20. Message rebounce
21. The order of data import
22. Consider the case where a message fails
23. Cost refund
24. Cell data and storage params
25. Security of concurrent message calls and locks
26. Access control is enforced properly
27. Asynchronous messages do not create race condition
28. Address formats handled correctly
29. Gas accounting is correct
30. Bounced messages are handled correctly
31. The funds are reserved correctly
32. Function specifiers are correct
33. Logic is implemented properly

Collaborative Approach: Security benefits

We are delighted to join the TON ecosystem, and we are committed to ensuring the security of projects and developers alike. In an ever-evolving blockchain landscape where innovation often comes with new security challenges, SmartState’s goal is to create conditions that empower every project and developer to feel confident in protecting their work and data. Partnering with the TON Foundation not only reinforces SmartState’s commitment to the highest safety standards, but also provides an opportunity to make a meaningful contribution to the TON ecosystem.

We operate following recognized international standards such as ISO/IEC 27001 and NIST ones, which ensures strict control over all processes. SmartState’s methodology includes continuous audits, risk assessments and the implementation of innovative solutions tailored to the unique features of the TON blockchain platform. Our approach goes beyond meeting the highest security standards - we are constantly and proactively looking for new ways to improve security and to protect the entire ecosystem from current and future threats.

For developers, this means being assured that their projects can grow and develop in a secure environment which enables them to focus on innovation, knowing that their infrastructure and data are robustly protected.

Our shared goal is to create a trusted environment where every participant can safely develop and implement their solutions. We aim to build a future where security and innovation walk side by side, ensuring sustainable growth for all ecosystem participants.

Conclusion

Our collaboration with the TON Foundation marks an important milestone in our mission to safeguard the blockchain ecosystem community and raise the overall security level of the industry. By working together, we are committed to delivering cutting-edge auditing services that cater specifically to the unique needs of TON projects. Join us in this journey as we strive to create a secure and innovative environment for all participants in the TON ecosystem.