TonBit Identifies Critical TVM Vulnerability Ahead of Global Version 11

Generated by AI AgentCoin World
Monday, Jul 21, 2025 6:32 am ET1min read
Aime RobotAime Summary

- TonBit, TON's security provider, discovered a critical TVM null-pointer dereference vulnerability ahead of Global Version 11.

- The flaw could have allowed attackers to crash the TON Virtual Machine, prompting pre-release patches to protect on-chain assets.

- TON Core awarded bug bounties and praised TonBit's proactive security work, reinforcing collaborative defense practices in blockchain ecosystems.

- TonBit shares security tools with open-source communities to enhance TVM testing, strengthening decentralized infrastructure resilience.

TonBit, a subsidiary of BitsLab and the primary Security Assurance Provider for the TON blockchain, has once again demonstrated its commitment to security by identifying a critical vulnerability in the TON Virtual Machine (TVM). This is the third time TonBit has discovered such a flaw, each time leading to swift action from the TON Core team to patch the issue before public release.

The latest vulnerability involved a null-pointer dereference in the INMSGPARAM instruction, which could have been exploited by malicious actors to cause an unexpected crash of the TVM. This discovery was made well before the rollout of Global Version 11, allowing the TON Core team to integrate a pre-release patch and safeguard on-chain assets from potential exploitation. TonBit's timely disclosure and the TON Core team's prompt response highlight the importance of collaborative security efforts in maintaining the integrity of the TON network.

In recognition of TonBit's professionalism and technical rigor, the TON Core team awarded a bug bounty and publicly thanked TonBit's security experts. This acknowledgment underscores the value of responsible disclosure and the critical role that security researchers play in protecting decentralized ecosystems.

Paul Li, Co-founder of TonBit, emphasized the importance of security in the TON ecosystem, stating that ensuring the robustness of the TON ecosystem remains their highest priority. By continuously probing the deepest layers of TVM and working closely with the TON Core team, TonBit not only protects users today but also builds the foundation of trust necessary for tomorrow’s decentralized applications.

The TON Virtual Machine supports a wide range of decentralized applications, from DeFi protocols and NFT marketplaces to enterprise-grade supply-chain solutions. A resilient TVM architecture is essential for maintaining network integrity and user confidence. Each vulnerability discovery by TonBit has led to strengthened code paths, enhanced testing frameworks, and improved defensive programming practices within the TVM development lifecycle.

TonBit has also contributed to the broader community by sharing best-practice recommendations and updated test suites with the open-source TVM repository. This empowers independent auditors and community developers to verify patch efficacy and guard against regression, fostering a collaborative security culture within the industry.

Looking ahead, TonBit will continue to work closely with the TON Core team and the community to build a more robust security foundation for the Web3 ecosystem. Their efforts have not only safeguarded on-chain assets but also enhanced the stability and reliability of the TVM, setting a high standard for security in the blockchain industry.

Comments



Add a public comment...
No comments

No comments yet