https://github.com/Polaristow/awesome-ton-security

A curated list of awesome ton security resources
https://github.com/Polaristow/awesome-ton-security

List: awesome-ton-security

func security security-audit security-tools tact ton ton-blockchain

Last synced: 8 days ago
JSON representation

A curated list of awesome ton security resources

• Host: GitHub
• URL: https://github.com/Polaristow/awesome-ton-security
• Owner: Polaristow
• Created: 2024-07-18T09:51:25.000Z (11 months ago)
• Default Branch: main
• Last Pushed: 2025-05-16T17:18:01.000Z (about 1 month ago)
• Last Synced: 2025-05-16T18:27:19.042Z (about 1 month ago)
• Topics: func, security, security-audit, security-tools, tact, ton, ton-blockchain
• Homepage:
• Size: 44.9 KB
• Stars: 34
• Watchers: 2
• Forks: 6
• Open Issues: 0
• Metadata Files:
  • Readme: README.md

Awesome Lists containing this project

• awesome-tact - awesome-ton-security - A curated list of awesome TON security resources. (Related / Debugging)
• ultimate-awesome - awesome-ton-security - A curated list of awesome ton security resources. (Other Lists / Julia Lists)

README

        
# awesome-ton-security[![Awesome](https://awesome.re/badge.svg)](https://awesome.re)

![](/image/ton_logo_light_background.png)

---

**A curated list of awesome Ton security resources, continuously updated.**

---

## Articles and Blogs

- [Secure Smart Contract Programming in Tact: Popular Mistakes in the TON Ecosystem](https://www.certik.com/zh-CN/resources/blog/50K1u523Q85iEGDsx9z70z-secure-smart-contract-programming-in-tact-popular-mistakes-in-the-ton)

- [Discovers Critical Vulnerability in TON VM Root Cause and Mitigation Explained](https://www.tonbit.xyz/blog/post/TonBit-a-Subsidiary-of-BitsLab-Discovers-Critical-Vulnerability-in-TON-VM_%20Root-Cause-and-Mitigation-Explained.html)

- [TACT FOR TON, UNCOVERING THIS LANGUAGE FEATURES AND SECURITY BEST PRACTICES](https://scalebit.xyz/blog/post/Tact-for-TON-Uncovering-Security-Best-Practices.html)

- [Secure Smart Contract Programming in FunC: Top 10 Tips for TON Developers](https://blog.ton.org/secure-smart-contract-programming-in-func)

- [Secure Smart Contract Programming](https://docs.ton.org/develop/smart-contracts/security/secure-programming)

- [Things to Focus on while Working with TON Blockchain](https://docs.ton.org/develop/smart-contracts/security/things-to-focus)

- [Random number generation](https://docs.ton.org/develop/smart-contracts/guidelines/random-number-generation)

- [Generation of block random seed](https://docs.ton.org/develop/smart-contracts/security/random)

- [TON Connect for Security TON Connect](https://docs.ton.org/develop/dapps/ton-connect/security)

- [TON Blockchain Security Analysis and Potential Risk Assessment](https://medium.com/@pandaly520/ton-blockchain-security-analysis-and-potential-risk-assessment-00ab4dd9d3a8)

- [How does the False Top-up attack break through the defense of the exchange?](https://slowmist.medium.com/how-does-the-false-top-up-attack-break-through-the-defense-of-the-exchange-d6e8ebb434f5)

- [Security risk analysis of FunC language in TON blockchain smart contracts](https://exvul.com/security-risk-analysis-of-func-language-in-ton-blockchain-smart-contracts/)

- [Patch Thursday — Identifying Vulnerabilities in TON: Killing All Nodes](https://medium.com/chainlight/identifying-vulnerabilities-in-ton-killing-all-nodes-3b0db3f370eb)

- [TON Validator Nodes Maintenance and Security Guide](https://docs.ton.org/participate/nodes/node-maintenance-and-security)

- [Risk Analysis of Origin Forgery in the TonConnect SDK](https://slowmist.medium.com/risk-analysis-of-origin-forgery-in-the-tonconnect-sdk-e37c7d902b05)

- [Introduction to TON: Accounts, Tokens, Transactions, and Security](https://slowmist.medium.com/introduction-to-ton-accounts-tokens-transactions-and-asset-security-899a58619fb2)

- [TON Ecosystem Phishing Prevention Guide](https://beosin.com/resources/ton-ecosystem-phishing-prevention-guide)

- [How to conduct a comprehensive security audit for projects built on TON?](https://beosin.com/resources/how-to-conduct-a-comprehensive-security-audit-for-projects-built-on-ton?lang=zh-HK)

- [TON Ecosystem Panorama and Security Report 2024](https://tonbit.xyz/reports-page)

- [Checklist for Auditing TON Smart Contracts](https://github.com/PositiveSecurity/ton-audit-guide)

- [Toncoin Smart Contract Security Best Practices](https://github.com/slowmist/Toncoin-Smart-Contract-Security-Best-Practices)

- [Beosin硬核研究 | 从风险到防护：TON智能合约的安全隐患与优化建议](https://mp.weixin.qq.com/s/xH_94XzG3kcu0SUEVnui-Q)

- [TON Ecosystem Security Guide: What are the common forms of fishing?](https://www.bitget.com/news/detail/12560604065091)

- [TON Security Risks: A Static Analysis Perspective](https://nowarp.io/blog/ton-security-risks)

- [BitsLab’s TonBit, Once Again Discovers a Vulnerability in the TON Virtual Machine: RUNVM](https://defihacklabs.substack.com/p/bitslabs-tonbit-once-again-discovers)

- [TON Security Primer: Part 1](https://www.zellic.io/blog/ton-security-primer/)

  

## CTF

- TON Hack Challenge

  - [Code](https://github.com/ton-blockchain/hack-challenge-1)

  - [Writeup](https://docs.ton.org/develop/smart-contracts/security/ton-hack-challenge-1)

- Tonbit ctf

  - [Tonbit ctf](https://ctf.tonbit.xyz/)

  - [Writeup1](https://leoq7.com/2024/09/TON-CTF-2024/)

  - [Writeup2](https://blog.zeroc0077.cn/tonctf2024-writeup/)

  - [Writeup3](https://beyondblog.github.io/posts/ton_ctf_2024/)

  - [Writeup4](https://ambergroup.medium.com/ton-ctf-writeup-afdff959433b)

- Hack the Ton

  - [Hack the Ton](https://www.hacktheton.com/)

  

## Audit Report

- [TonBit](https://github.com/TonBitSec/Sampled-Audit-Reports)

- [Certik](https://skynet.certik.com/)

- [HipoFinance](https://github.com/HipoFinance/audits)

- [Nowarp](https://github.com/nowarp/public-reports)

- [Aqua Protocol](https://www.beosin.com/audits/Aqua_Protocol_202407221416.pdf)

- [Aqua Protocol](https://github.com/BugBlow/audits/blob/main/AquaProtocol/Aqua_Security_Audit_BugBlow.pdf)

  

## Hack Event

- https://x.com/TonUP_io/status/1793006027413258631

- https://community.tonup.io/t/incident-report-of-tonup-decimal-discrepancy-of-the-deprecated-up-token/504

- https://x.com/MetaTrustAlert/status/1769956360135844284

- https://x.com/realScamSniffer/status/1788749945459318868

- https://x.com/DegenonTON/status/1779729261001326882

- https://x.com/DegenonTON/status/1783738312966189355

- https://x.com/tonfish_tg/status/1753829630644273215

- https://x.com/_yeminiz/status/1788131616943943874

## Tools

- [Misti](https://github.com/nowarp/misti) – A static program analyzer for smart contracts on the TON Blockchain.

## Bug Bounty

- [TON security bug bounty](https://github.com/ton-blockchain/bug-bounty)

- [STON.fi](https://github.com/ston-fi/bug-bounty)

- [Tonstakers](https://skynet.certik.com/zh-CN/projects/tonstakers)

- [Ton Whales](https://tonwhales.com/bounty)

- [TON Diamonds Web](https://hackenproof.com/programs/ton-diamonds-web)

- [Telegram Apps Center](https://hackenproof.com/programs/telegram-apps-center)

- [STON.fi DEX Smart Contracts v2](https://hackenproof.com/programs/ston-dot-fi-dex-smart-contracts-v2)

## Auditors

- [TON Talent Directory](https://ton.org/en/talents)

  - [Agencies](https://ton.org/en/talents?Agency) – small companies and teams in the ecosystem, including auditors

  - [Auditors](https://ton.org/en/talents?Auditors) – established security firms

- [ton.app: Smart Contract Audit](https://ton.app/audit) – moderated, community-driven auditors list