![]() |
|
![]() |
|
![]() |
|
![]() |
|
![]() |
|
![]() |
|
![]() |
|
![]() |
|
![]() |
|
![]() |
|
![]() |
|
![]() |
|
![]() |
|
![]() |
|
![]() |
|
美國矽谷,2025年5月21日,Bitslab和Ton Blockchain的主要安全保證提供商Tonbit,再次證明了其致力於維護TON生態系統的承諾,通過在TON Virtual Machine(TVM)內識別並負責任地識別並負責任地識別並負責任地披露漏洞。
Silicon Valley, USA, May 21st, 2025,
美國矽谷,2025年5月21日,
TonBit, a subsidiary of BitsLab and TON Blockchain’s primary security assurance provider, has announced the discovery and responsible disclosure of a vulnerability in the TON Virtual Machine (TVM). This finding, which has been officially acknowledged by the TON Foundation, showcases BitsLab and TonBit's commitment to safeguarding decentralized networks.
Bitslab和Ton Blockchain的主要安全保證提供商的子公司Tonbit宣布發現並負責披露Ton Virtual Machine(TVM)中的漏洞。這一發現已被Ton Foundation正式承認,展示了Bitslab和Tonbit致力於保護分散網絡的承諾。
The vulnerability discovered by TonBit is the non-atomic state transition vulnerability in the RUNVM instruction. An attacker can exploit the moment when a sub-VM exhausts its gas to corrupt the parent VM's libraries and induce subsequent call failures, ultimately causing contracts that depend on library integrity to behave abnormally.
Tonbit發現的漏洞是RunVM指令中的非原子狀態過渡漏洞。攻擊者可以利用子VM耗盡其氣體來破壞父VM的庫並引起隨後的呼叫失敗的那一刻,最終導致依賴圖書館完整性的合同異常行為。
In the link below, TonBit retains the original technical details to present the full discovery and verification process for developers, aiding the community in gaining an in-depth understanding of the issue and boosting awareness of similar risks.
在下面的鏈接中,Tonbit保留了原始技術細節,以介紹開發人員的完整髮現和驗證過程,從而幫助社區獲得對問題的深入了解,並提高人們對類似風險的認識。
Technical details of this vulnerability: https://www.linkedin.com/pulse/tonbit-once-again-discovers-vulnerability-ton-virtual-machine-jt0oc/
此漏洞的技術細節:https://www.linkedin.com/pulse/tonbit-onbit-once-once-again-discovers-vulnerabilits-vulnerability-vulnerability-ton-virtual-machine-machine-jt0oc/
This discovery highlights the deep expertise of TonBit, a subsidiary of BitsLab, in security research within the TON ecosystem. TonBit immediately submitted the technical details and mitigation plan to the TON Foundation and assisted in completing the remediation. Now, the vulnerability is fully patched.
這一發現突出了Bitslab的子公司Tonbit在TON生態系統內的安全研究中的深厚專業知識。 Tonbit立即將技術細節和緩解計劃提交給Ton Foundation,並協助完成補救。現在,漏洞已完全修補。
TonBit and BitsLab recommend that all developers promptly update their dependency libraries once the official patch is released. At the same time, they incorporate more rigorous library-integrity checks and gas-management logic into custom contracts to prevent similar issues from being maliciously exploited. BitsLab and TonBit will continue to uphold the principle of “responsible disclosure” and, together with the community, fortify the Web3 security perimeter.
Tonbit和Bitslab建議一旦官方補丁發布後,所有開發人員都會立即更新其依賴庫。同時,他們將更嚴格的圖書館綜合檢查和天然氣管理邏輯納入自定義合同,以防止類似的問題被惡意剝削。 Bitslab和Tonbit將繼續維護“負責任的披露”原則,並與社區一起加強Web3安全外圍。
This finding further cements TonBit and BitsLab's "security-first" ethos within Web3. By adhering to rigorous disclosure protocols and engaging transparently with ecosystem stakeholders, TonBit and BitsLab continue to set industry standards for ethical blockchain research and Web3 ecosystem security.
這一發現進一步鞏固了tonbit和Bitslab在Web3中的“安全優先”精神。通過遵守嚴格的披露協議並與生態系統利益相關者透明地互動,Tonbit和Bitslab繼續為道德區塊鏈研究和Web3生態系統安全設定行業標準。
About TonBit
關於tonbit
TonBit, a core sub-brand of BitsLab, is a trusted security expert and early builder within the TON ecosystem. Serving as the Primary Security Assurance Provider (SAP) for the TON blockchain, TonBit specializes in comprehensive security audits, including Tact and FunC language audits, ensuring the integrity and resilience of projects built on TON. Officially endorsed by TON, TonBit has successfully audited several high-profile projects such as Catizen, Algebra, UTonic, Ton Batch Sender, TonUp, PixelSwap, Tradoor, Miniton, Thunder Finance, and nearly 20 other projects on TON, showcasing its expertise in securing TON-based solutions.
托比特(Tonbit)是比特拉布(Bitslab)的核心子品牌,是一位值得信賴的安全專家,也是噸生態系統中的早期建造者。 Tonbit是TON區塊鏈的主要安全保證提供商(SAP),專門從事全面的安全審核,包括TACT和FUNC語言審核,以確保在TON上建立的項目的完整性和彈性。在噸的正式認可下,Tonbit已成功審核了幾個備受矚目的項目,例如Catizen,Algebra,Utonic,Ton Batch Sender,Tonup,Pixelswap,Pixelswap,Tradoor,Miniton,Miniton,Thunder Finance,以及其他近20個項目,展示了其在基於TON的解決方案方面的專業知識。
About BitsLab
關於比特拉布
BitsLab is an organization dedicated to Web3 ecosystem security, aiming to become a respected security authority within the industry. The organization operates three sub-brands: MoveBit, ScaleBit, and TonBit, focusing on infrastructure development and security auditing across multiple blockchain ecosystems, including Sui, Aptos, TON, BNB Chain, Starknet, and Solana. BitsLab specializes in auditing a wide range of programming languages, such as Circom, Halo2, Move, and Cairo.
BITSLAB是一個致力於Web3生態系統安全的組織,旨在成為行業內受人尊敬的安全機構。該組織經營三個子品牌:MoveBit,ScaleBit和Tonbit,重點介紹了包括SUI,Aptos,Ton,BNB鏈,Starknet和Solana在內的多個區塊鏈生態系統的基礎設施開發和安全審核。 BITSLAB專門審核各種編程語言,例如Circom,Halo2,Move和Cairo。
As a leader in blockchain security, BitsLab has provided security auditing services to several projects, including Aptos, Tether, UniSat, and Nervos CKB. Having delivered over 400 security solutions, the company has audited over 400,000 lines of code and safeguarded $8 billion in assets for over 2 million users. BitsLab has identified critical vulnerabilities in several well-known projects and remains committed to advancing Web3 security while fostering the healthy growth of emerging ecosystems.
作為區塊鏈安全的領導者,Bitslab已為包括Aptos,Tether,Unisat和Nervos CKB在內的多個項目提供了安全審計服務。該公司已交付了400多個安全解決方案,已審核了40萬行的代碼,並為200萬用戶提供了80億美元的資產。 Bitslab在幾個知名項目中確定了關鍵的脆弱性,並仍致力於促進Web3安全性,同時促進新興生態系統的健康增長。
Contact
接觸
Media Teamhan@bitslab.xyz
媒體teamhan@bitslab.xyz
免責聲明:info@kdj.com
所提供的資訊並非交易建議。 kDJ.com對任何基於本文提供的資訊進行的投資不承擔任何責任。加密貨幣波動性較大,建議您充分研究後謹慎投資!
如果您認為本網站使用的內容侵犯了您的版權,請立即聯絡我們(info@kdj.com),我們將及時刪除。
-
-
-
- The Indonesian Ministry of Communications and Digital (Komdigi) has temporarily suspended the Electronic System Operator Registration Certificate (TDPSE) for Worldcoin and WorldID services.
- 2025-06-09 21:25:12
- The ministry plans to summon PT Terang Bulan Abadi and PT Sandina Abadi Nusantara to address alleged violations of electronic system regulations.
-
-
-
-
-
-