Singapore, Singapore, July 21st, 2025,
TonBit, the Primary Security Assurance Provider of TON Blockchain, and a subsidiary of BitsLab, has once again demonstrated its unwavering commitment to deep security and responsible disclosure by identifying a critical vulnerability in the TON Virtual Machine (TVM). This milestone marks the third occasion on which TonBit has unearthed flaws in TVM’s core codebase—and each time, the TON Core team has responded swiftly, acknowledging the finding and issuing a comprehensive patch prior to public release.
Key Highlights
Vulnerability Identified: A null‑pointer dereference in the INMSGPARAM instruction could be exploited by malicious actors crafting specific message parameters, leading to an unexpected crash of the TVM. Such an event threatens the availability and reliability of smart contract execution across the TON network.
Timely Disclosure: TonBit’s security researchers discovered and reported the issue to the TON Core team well before the rollout of Global Version 11. This early warning enabled development teams to integrate a pre‑release patch, effectively safeguarding on‑chain assets from any potential exploitation.
Official Recognition: In acknowledgment of TonBit’s professionalism and technical rigor, the TON Core team awarded a bug bounty and publicly extended formal thanks to TonBit’s security experts.
Executive Commentary
“Ensuring the security and robustness of the TON ecosystem remains our highest priority,” said Paul Li, Co-founder of TonBit. “By continuously probing the deepest layers of TVM and working hand‑in‑hand with the TON Core team, we not only protect users today but also build the foundation of trust necessary for tomorrow’s decentralized applications.”
Broader Impact & Industry Context
The TON Virtual Machine underpins a growing number of decentralized applications—from DeFi protocols and NFT marketplaces to enterprise-grade supply‑chain solutions. A resilient TVM architecture is therefore critical to maintaining network integrity and user confidence.
Strengthening Ecosystem Resilience: Each vulnerability discovery has resulted in strengthened code paths, enhanced testing frameworks, and improved defensive programming practices within the TVM development lifecycle.
Educating the Community: TonBit has shared best‑practice recommendations and contributed updated test suites to the open‑source TVM repository, empowering independent auditors and community developers to verify patch efficacy and guard against regression.
Collaborative Security Culture: This latest cooperative effort exemplifies the industry’s shift toward transparent, community‑driven security models, where researchers and protocol teams collaborate in real time to identify and remediate risks.
In conclusion, TonBit, a subsidiary of BitsLab, has consistently upheld the principles of “deep security and responsible disclosure,” continuously identifying and resolving critical vulnerabilities within the core code of the TON Virtual Machine.
From the non-atomic migration risk in the RUNVM instruction to the null-pointer dereference issue in the INMSGPARAM Instruction, TonBit has demonstrated strong technical expertise and a prompt response, reporting issues to Ton Core at the earliest opportunity and assisting in timely fixes. These efforts have not only effectively safeguarded on-chain assets but also enhanced the stability and reliability of the TVM. Looking ahead, TonBit will continue to work closely with Ton Core and the community to build a more robust security foundation for the Web3 ecosystem.
About TonBit
TonBit, a core sub-brand of BitsLab, is a security expert and early contributor within the TON ecosystem. As the primary Security Assurance Provider (SAP) for the TON blockchain, TonBit specializes in comprehensive security audits, covering both Tact and FunC languages, to ensure the integrity and resilience of TON-based projects.
To date, TonBit has successfully audited several well-known projects, including Catizen, Algebra, and UTonic, uncovering multiple critical vulnerabilities and demonstrating exceptional expertise in blockchain security. In addition, TonBit has hosted the TON CTF competition, which attracted widespread participation and attention, further solidifying its reputation as a leading security authority within the TON ecosystem.
Contact
Jason Lee
[email protected]
The post TonBit Discovers Critical Vulnerability on TON VM for the 3rd Time, Again Receiving Recognition from TON Team appeared first on Chainwire.