TON narrowly avoids blockchain crash: ‘Security remains highest priority’

TON blockchain security firm TonBit announced that it averted a major vulnerability on the TON Virtual Machine.

TON blockchain (TON) averted a total crash after discovering a major bug. On Monday, July 21, TonBit announced that it identified a critical vulnerability in the TON Virtual Machine. According to TonBit, the bug could have led to denial-of-service attacks across the network, bringing its infrastructure down.

The bug in the INMSGPARAM instruction for the TVM included a null-pointer dereference that could have been used to inject false message parameters. Attackers could exploit this behavior to crash the virtual machine at runtime.

In the case of such an exploit, the network would halt its execution of smart contracts and disrupt dApps operating on TON. This would significantly affect the large miniapp ecosystem on Telegram, many of which rely on TON for their infrastructure.

TonBit discovered the vulnerability ahead of the rollout of Global Version 11. This enabled maintainers to quietly integrate the fix before the mainnet deployment of the update.

TonBit fixes third critical bug on blockchain

For its efforts, TonBit earned a bug bounty from the TON Core development team. This was the third time that the security firm obtained a similar reward, with formal recognition from the TON team. In both cases, the team delivered patches before bad actors were aware of the vulnerabilities.

Owned by BitsLab, TonBit is a security firm focusing on the TON ecosystem. The firm is a primary security assurance provider for the network, and specializes in comprehensive audits for TON-based projects.