{"id":28659251,"url":"https://github.com/Polaristow/awesome-ton-security","last_synced_at":"2025-06-13T10:06:20.354Z","repository":{"id":249035063,"uuid":"830452092","full_name":"Polaristow/awesome-ton-security","owner":"Polaristow","description":"A curated list of awesome ton security resources","archived":false,"fork":false,"pushed_at":"2025-05-16T17:18:01.000Z","size":46,"stargazers_count":34,"open_issues_count":0,"forks_count":6,"subscribers_count":2,"default_branch":"main","last_synced_at":"2025-05-16T18:27:19.042Z","etag":null,"topics":["func","security","security-audit","security-tools","tact","ton","ton-blockchain"],"latest_commit_sha":null,"homepage":"","language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Polaristow.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2024-07-18T09:51:25.000Z","updated_at":"2025-05-16T17:18:05.000Z","dependencies_parsed_at":"2024-12-03T14:34:54.109Z","dependency_job_id":"5a170bb2-7d5f-42f4-b0f8-bee89a7d8d46","html_url":"https://github.com/Polaristow/awesome-ton-security","commit_stats":null,"previous_names":["polaristow/awesome-ton-security"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/Polaristow/awesome-ton-security","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Polaristow%2Fawesome-ton-security","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Polaristow%2Fawesome-ton-security/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Polaristow%2Fawesome-ton-security/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Polaristow%2Fawesome-ton-security/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Polaristow","download_url":"https://codeload.github.com/Polaristow/awesome-ton-security/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Polaristow%2Fawesome-ton-security/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":259624723,"owners_count":22886328,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["func","security","security-audit","security-tools","tact","ton","ton-blockchain"],"created_at":"2025-06-13T10:01:59.201Z","updated_at":"2025-06-13T10:06:20.338Z","avatar_url":"https://github.com/Polaristow.png","language":null,"funding_links":[],"categories":["Related","Other Lists"],"sub_categories":["Debugging","TeX Lists"],"readme":"# awesome-ton-security[![Awesome](https://awesome.re/badge.svg)](https://awesome.re)\n![](/image/ton_logo_light_background.png)\n---\n**A curated list of awesome Ton security resources, continuously updated.**\n---\n## Articles and Blogs\n- [Secure Smart Contract Programming in Tact: Popular Mistakes in the TON Ecosystem](https://www.certik.com/zh-CN/resources/blog/50K1u523Q85iEGDsx9z70z-secure-smart-contract-programming-in-tact-popular-mistakes-in-the-ton)\n- [Discovers Critical Vulnerability in TON VM Root Cause and Mitigation Explained](https://www.tonbit.xyz/blog/post/TonBit-a-Subsidiary-of-BitsLab-Discovers-Critical-Vulnerability-in-TON-VM_%20Root-Cause-and-Mitigation-Explained.html)\n- [TACT FOR TON, UNCOVERING THIS LANGUAGE FEATURES AND SECURITY BEST PRACTICES](https://scalebit.xyz/blog/post/Tact-for-TON-Uncovering-Security-Best-Practices.html)\n- [Secure Smart Contract Programming in FunC: Top 10 Tips for TON Developers](https://blog.ton.org/secure-smart-contract-programming-in-func)\n- [Secure Smart Contract Programming](https://docs.ton.org/develop/smart-contracts/security/secure-programming)\n- [Things to Focus on while Working with TON Blockchain](https://docs.ton.org/develop/smart-contracts/security/things-to-focus)\n- [Random number generation](https://docs.ton.org/develop/smart-contracts/guidelines/random-number-generation)\n- [Generation of block random seed](https://docs.ton.org/develop/smart-contracts/security/random)\n- [TON Connect for Security TON Connect](https://docs.ton.org/develop/dapps/ton-connect/security)\n- [TON Blockchain Security Analysis and Potential Risk Assessment](https://medium.com/@pandaly520/ton-blockchain-security-analysis-and-potential-risk-assessment-00ab4dd9d3a8)\n- [How does the False Top-up attack break through the defense of the exchange?](https://slowmist.medium.com/how-does-the-false-top-up-attack-break-through-the-defense-of-the-exchange-d6e8ebb434f5)\n- [Security risk analysis of FunC language in TON blockchain smart contracts](https://exvul.com/security-risk-analysis-of-func-language-in-ton-blockchain-smart-contracts/)\n- [Patch Thursday — Identifying Vulnerabilities in TON: Killing All Nodes](https://medium.com/chainlight/identifying-vulnerabilities-in-ton-killing-all-nodes-3b0db3f370eb)\n- [TON Validator Nodes Maintenance and Security Guide](https://docs.ton.org/participate/nodes/node-maintenance-and-security)\n- [Risk Analysis of Origin Forgery in the TonConnect SDK](https://slowmist.medium.com/risk-analysis-of-origin-forgery-in-the-tonconnect-sdk-e37c7d902b05)\n- [Introduction to TON: Accounts, Tokens, Transactions, and Security](https://slowmist.medium.com/introduction-to-ton-accounts-tokens-transactions-and-asset-security-899a58619fb2)\n- [TON Ecosystem Phishing Prevention Guide](https://beosin.com/resources/ton-ecosystem-phishing-prevention-guide)\n- [How to conduct a comprehensive security audit for projects built on TON?](https://beosin.com/resources/how-to-conduct-a-comprehensive-security-audit-for-projects-built-on-ton?lang=zh-HK)\n- [TON Ecosystem Panorama and Security Report 2024](https://tonbit.xyz/reports-page)\n- [Checklist for Auditing TON Smart Contracts](https://github.com/PositiveSecurity/ton-audit-guide)\n- [Toncoin Smart Contract Security Best Practices](https://github.com/slowmist/Toncoin-Smart-Contract-Security-Best-Practices)\n- [Beosin硬核研究 | 从风险到防护：TON智能合约的安全隐患与优化建议](https://mp.weixin.qq.com/s/xH_94XzG3kcu0SUEVnui-Q)\n- [TON Ecosystem Security Guide: What are the common forms of fishing?](https://www.bitget.com/news/detail/12560604065091)\n- [TON Security Risks: A Static Analysis Perspective](https://nowarp.io/blog/ton-security-risks)\n- [BitsLab’s TonBit, Once Again Discovers a Vulnerability in the TON Virtual Machine: RUNVM](https://defihacklabs.substack.com/p/bitslabs-tonbit-once-again-discovers)\n- [TON Security Primer: Part 1](https://www.zellic.io/blog/ton-security-primer/)\n  \n## CTF\n- TON Hack Challenge\n  - [Code](https://github.com/ton-blockchain/hack-challenge-1)\n  - [Writeup](https://docs.ton.org/develop/smart-contracts/security/ton-hack-challenge-1)\n- Tonbit ctf\n  - [Tonbit ctf](https://ctf.tonbit.xyz/)\n  - [Writeup1](https://leoq7.com/2024/09/TON-CTF-2024/)\n  - [Writeup2](https://blog.zeroc0077.cn/tonctf2024-writeup/)\n  - [Writeup3](https://beyondblog.github.io/posts/ton_ctf_2024/)\n  - [Writeup4](https://ambergroup.medium.com/ton-ctf-writeup-afdff959433b)\n- Hack the Ton\n  - [Hack the Ton](https://www.hacktheton.com/)\n  \n## Audit Report\n- [TonBit](https://github.com/TonBitSec/Sampled-Audit-Reports)\n- [Certik](https://skynet.certik.com/)\n- [HipoFinance](https://github.com/HipoFinance/audits)\n- [Nowarp](https://github.com/nowarp/public-reports)\n- [Aqua Protocol](https://www.beosin.com/audits/Aqua_Protocol_202407221416.pdf)\n- [Aqua Protocol](https://github.com/BugBlow/audits/blob/main/AquaProtocol/Aqua_Security_Audit_BugBlow.pdf)\n  \n## Hack Event\n- https://x.com/TonUP_io/status/1793006027413258631\n- https://community.tonup.io/t/incident-report-of-tonup-decimal-discrepancy-of-the-deprecated-up-token/504\n- https://x.com/MetaTrustAlert/status/1769956360135844284\n- https://x.com/realScamSniffer/status/1788749945459318868\n- https://x.com/DegenonTON/status/1779729261001326882\n- https://x.com/DegenonTON/status/1783738312966189355\n- https://x.com/tonfish_tg/status/1753829630644273215\n- https://x.com/_yeminiz/status/1788131616943943874\n## Tools\n- [Misti](https://github.com/nowarp/misti) – A static program analyzer for smart contracts on the TON Blockchain.\n## Bug Bounty\n- [TON security bug bounty](https://github.com/ton-blockchain/bug-bounty)\n- [STON.fi](https://github.com/ston-fi/bug-bounty)\n- [Tonstakers](https://skynet.certik.com/zh-CN/projects/tonstakers)\n- [Ton Whales](https://tonwhales.com/bounty)\n- [TON Diamonds Web](https://hackenproof.com/programs/ton-diamonds-web)\n- [Telegram Apps Center](https://hackenproof.com/programs/telegram-apps-center)\n- [STON.fi DEX Smart Contracts v2](https://hackenproof.com/programs/ston-dot-fi-dex-smart-contracts-v2)\n\n## Auditors\n- [TON Talent Directory](https://ton.org/en/talents)\n  - [Agencies](https://ton.org/en/talents?Agency) – small companies and teams in the ecosystem, including auditors\n  - [Auditors](https://ton.org/en/talents?Auditors) – established security firms\n- [ton.app: Smart Contract Audit](https://ton.app/audit) – moderated, community-driven auditors list\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FPolaristow%2Fawesome-ton-security","html_url":"https://awesome.ecosyste.ms/projects/github.com%2FPolaristow%2Fawesome-ton-security","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FPolaristow%2Fawesome-ton-security/lists"}