Aug 23, 2024
TonBit Unveils 2024 TON Ecosystem Panorama and Security Report
TonBit, a leading TON blockchain security auditing brand under BitsLab, in collaboration with TONX, has released its highly anticipated 2024 TON Ecosystem Panorama and Security Report, providing an in-depth analysis of the TON ecosystem’s growth and the accompanying security challenges it faces in 2024.
Key Findings and Security Challenges
The report highlights the TON ecosystem’s significant strides in technological innovation, application deployment, and community building, all of which have solidified its standing within the blockchain industry. However, security issues have also become more pronounced as the ecosystem rapidly evolves. TonBit’s report identifies several common security vulnerabilities that are prevalent in the TON ecosystem, including:
- Access Control Weaknesses: Inadequate access controls in smart contracts could allow unauthorized users to perform sensitive operations, potentially leading to severe security breaches.
- Insufficient Message Input Validation: A lack of proper validation for external inputs in smart contracts, leaving the ecosystem vulnerable to malicious data entry and exploitation.
- Gas Usage Management: Inefficient gas usage in smart contracts could lead to the depletion of contract balances and expose the ecosystem to denial-of-service (DoS) attacks.
- Timestamp Dependency
- Integer Overflow and Underflow
- Rounding Errors
- Denial of Service (DoS)
- Business Logic
Recent Security Incidents
TonBit’s report also delves into several notable security incidents within the TON ecosystem:
- Staking Contract Exploitation (May 2024): A protocol’s staking contract was compromised due to a misconfiguration, leading to a substantial token loss. TonBit responded swiftly with a comprehensive audit, identifying six low-risk issues and working closely with the project team to implement necessary fixes.
- Misleading Wallet Interface (May 2024): A design flaw in certain wallets allowed hackers to manipulate comment information during transactions, misleading users and resulting in significant financial losses.
- BookPad Rug Pull (April 2024): The BookPad project used a non-open-source smart contract embedded with a backdoor to siphon user funds before disappearing, causing considerable losses within the community.
“TON’s rapid development brings both tremendous opportunities and heightened security risks. Our 2024 report is designed to equip developers and users with the knowledge needed to secure their activities within the TON ecosystem,” said Luis Loh, Co-Founder & CEO of TonBit.
Proposed Security Enhancements
The report offers detailed recommendations to address these vulnerabilities and enhance the overall security of the TON ecosystem. Key suggestions include:
- Regular Security Audits: Continuous and thorough audits of smart contracts to identify and resolve potential security issues before they can be exploited.
- Enhanced Input Validation Protocols: Implement strict validation checks for all external data inputs to prevent unauthorized access and manipulation.
- Gas Efficiency Optimization: Monitoring and optimizing gas usage within smart contracts to prevent potential DoS attacks and maintain the stability of the ecosystem.
For more information and to access the full 2024 TON Ecosystem Panorama and Security Report, visit the TonBit Report page.
About TONX
TONX is the SuperApp platform layer that enables builders to create the new Web3 economy. As the pioneering partner of TON, TONX offers an open platform that connects developers, investors, and users to shape the frontiers of innovation. Their acclaimed TON Hacker House in 2024 fueled a wave of innovative Web3 projects. TONX API, a key product of TONX, is the driving force behind the 950 million-user Web3 SuperApp ecosystem.
About TonBit
TonBit, a subsidiary brand of BitsLab, is a pivotal security division deeply engaged in the infrastructure and security audits of the TON ecosystem since 2021. Also supported by TonX Studio.