TonBit, TON Blockchain's Primary Security Assurance Provider, Demonstrates Commitment to Safeguarding the TON Ecosystem

Silicon Valley, USA, May 21st, 2025, TonBit, a subsidiary of BitsLab and TON Blockchain's primary security assurance provider, has once again demonstrated its commitment to safeguarding the TON ecosystem by identifying and responsibly disclosing a vulnerability within the TON Virtual Machine (TVM).

Silicon Valley, USA, May 21st, 2025,

TonBit, a subsidiary of BitsLab and TON Blockchain’s primary security assurance provider, has announced the discovery and responsible disclosure of a vulnerability in the TON Virtual Machine (TVM). This finding, which has been officially acknowledged by the TON Foundation, showcases BitsLab and TonBit's commitment to safeguarding decentralized networks.

The vulnerability discovered by TonBit is the non-atomic state transition vulnerability in the RUNVM instruction. An attacker can exploit the moment when a sub-VM exhausts its gas to corrupt the parent VM's libraries and induce subsequent call failures, ultimately causing contracts that depend on library integrity to behave abnormally.

In the link below, TonBit retains the original technical details to present the full discovery and verification process for developers, aiding the community in gaining an in-depth understanding of the issue and boosting awareness of similar risks.

Technical details of this vulnerability: https://www.linkedin.com/pulse/tonbit-once-again-discovers-vulnerability-ton-virtual-machine-jt0oc/

This discovery highlights the deep expertise of TonBit, a subsidiary of BitsLab, in security research within the TON ecosystem. TonBit immediately submitted the technical details and mitigation plan to the TON Foundation and assisted in completing the remediation. Now, the vulnerability is fully patched.

TonBit and BitsLab recommend that all developers promptly update their dependency libraries once the official patch is released. At the same time, they incorporate more rigorous library-integrity checks and gas-management logic into custom contracts to prevent similar issues from being maliciously exploited. BitsLab and TonBit will continue to uphold the principle of “responsible disclosure” and, together with the community, fortify the Web3 security perimeter.

This finding further cements TonBit and BitsLab's "security-first" ethos within Web3. By adhering to rigorous disclosure protocols and engaging transparently with ecosystem stakeholders, TonBit and BitsLab continue to set industry standards for ethical blockchain research and Web3 ecosystem security.

About TonBit

TonBit, a core sub-brand of BitsLab, is a trusted security expert and early builder within the TON ecosystem. Serving as the Primary Security Assurance Provider (SAP) for the TON blockchain, TonBit specializes in comprehensive security audits, including Tact and FunC language audits, ensuring the integrity and resilience of projects built on TON. Officially endorsed by TON, TonBit has successfully audited several high-profile projects such as Catizen, Algebra, UTonic, Ton Batch Sender, TonUp, PixelSwap, Tradoor, Miniton, Thunder Finance, and nearly 20 other projects on TON, showcasing its expertise in securing TON-based solutions.

About BitsLab

BitsLab is an organization dedicated to Web3 ecosystem security, aiming to become a respected security authority within the industry. The organization operates three sub-brands: MoveBit, ScaleBit, and TonBit, focusing on infrastructure development and security auditing across multiple blockchain ecosystems, including Sui, Aptos, TON, BNB Chain, Starknet, and Solana. BitsLab specializes in auditing a wide range of programming languages, such as Circom, Halo2, Move, and Cairo.

As a leader in blockchain security, BitsLab has provided security auditing services to several projects, including Aptos, Tether, UniSat, and Nervos CKB. Having delivered over 400 security solutions, the company has audited over 400,000 lines of code and safeguarded $8 billion in assets for over 2 million users. BitsLab has identified critical vulnerabilities in several well-known projects and remains committed to advancing Web3 security while fostering the healthy growth of emerging ecosystems.

Contact

Media Teamhan@bitslab.xyz