TON Blockchain’s Tact Language Has Security Risks – CertiK Audit
A new audit by CertiK reveals potential security risks in Tact, the programming language used for smart contracts on the TON blockchain.
A new security report has raised concerns about the Open Telegram Network ( TON ), a blockchain platform known for its user-friendly approach to smart contracts .
The report , conducted by Web3 security firm CertiK, highlights potential vulnerabilities in Tact, the programming language specifically designed for TON. While Tact aims to simplify development and enhance security, the audit reveals that certain coding practices could inadvertently expose smart contracts to risks .
Tact’s Hidden Security Traps
CertiK compares Tact to its predecessor, FunC, identifying frequent mistakes that developers make when using the language.
These errors can lead to transaction failures, loss of funds, and exploitable security gaps.
One of the key concerns highlighted in the report is Tact’s strict address format. The format’s inconsistencies with existing standards, such as TEP-74, could result in failed transactions or lost tokens, similar to sending a letter to an incorrect address.
CertiK also flagged challenges in managing concurrent operations. While the TON blockchain avoids vulnerabilities like reentrancy, which is common on Ethereum , its unpredictable transaction order could enable attackers to exploit timing differences, creating vulnerabilities akin to man-in-the-middle attacks .
TON’s asynchronous and parallel processing of smart contracts makes it hard to track action order. Source: CertiKAnother area of concern is data serialization. CertiK noted that developers need to explicitly organize data within smart contracts . Failure to do so could result in misinterpretations and unpredictable program behavior, comparable to assembling furniture with incomplete instructions.
The report also highlighted potential errors in Tact’s handling of numbers, which could lead to glitches if developers are not vigilant.
In addition, CertiK further emphasized the importance of managing “gas,” the fee required to execute blockchain transactions. Improper estimation and control of gas usage by developers can cause transactions to fail midway or potentially drain funds from a contract.
Crypto Hacks in 2024: $1.5 Billion Lost
Beyond the vulnerabilities in Tact, the broader crypto ecosystem continues to grapple with major security challenges.
According to a report by Immunefi, nearly $1.5 billion has been stolen in crypto-related incidents in 2024, despite a 15% drop in stolen funds compared to the previous year.
November alone saw over $71 million in digital assets vanish, bringing the year-to-date total to over $1.48 billion across 209 incidents.
One notable incident in November involved meme coin trading terminal DEXX, which suffered a private key leak . The exploit affected at least 900 users, with the majority losing less than $10,000, while one user suffered a loss exceeding $1 million.
In the same month, Delta Prime, a DeFi protocol operating on Avalanche and Arbitrum, experienced its second major exploit of the year . This incident resulted in a $4.8 million loss, following a $6 million hack in September .
Disclaimer: The content of this article solely reflects the author's opinion and does not represent the platform in any capacity. This article is not intended to serve as a reference for making investment decisions.
You may also like
Pudgy Penguins (PENGU) Price Targets New Highs After 30% Surge
US Spot Bitcoin ETFs Continue to Flow
MicroStrategy shares fall 9% after joining Nasdaq-100
Bitcoin Sees Potential Rebound Above $98,000 Amid Santa Rally Hopes and Increased Buying Pressure