Tonbit，Tonbit，Ton Blockchain的主要安全保证提供商，表明了保护吨生态系统的承诺

美国硅谷，2025年5月21日，Bitslab和Ton Blockchain的主要安全保证提供商Tonbit，再次证明了其致力于维护TON生态系统的承诺，通过在TON Virtual Machine（TVM）内识别并负责任地识别并负责任地识别并负责任地披露漏洞。

Silicon Valley, USA, May 21st, 2025,

美国硅谷，2025年5月21日，

TonBit, a subsidiary of BitsLab and TON Blockchain’s primary security assurance provider, has announced the discovery and responsible disclosure of a vulnerability in the TON Virtual Machine (TVM). This finding, which has been officially acknowledged by the TON Foundation, showcases BitsLab and TonBit's commitment to safeguarding decentralized networks.

Bitslab和Ton Blockchain的主要安全保证提供商的子公司Tonbit宣布发现并负责披露Ton Virtual Machine（TVM）中的漏洞。这一发现已被Ton Foundation正式承认，展示了Bitslab和Tonbit致力于保护分散网络的承诺。

The vulnerability discovered by TonBit is the non-atomic state transition vulnerability in the RUNVM instruction. An attacker can exploit the moment when a sub-VM exhausts its gas to corrupt the parent VM's libraries and induce subsequent call failures, ultimately causing contracts that depend on library integrity to behave abnormally.

Tonbit发现的漏洞是RunVM指令中的非原子状态过渡漏洞。攻击者可以利用子VM耗尽其气体来破坏父VM的库并引起随后的呼叫失败的那一刻，最终导致依赖图书馆完整性的合同异常行为。

In the link below, TonBit retains the original technical details to present the full discovery and verification process for developers, aiding the community in gaining an in-depth understanding of the issue and boosting awareness of similar risks.

在下面的链接中，Tonbit保留了原始技术细节，以介绍开发人员的完整发现和验证过程，从而帮助社区获得对问题的深入了解，并提高人们对类似风险的认识。

Technical details of this vulnerability: https://www.linkedin.com/pulse/tonbit-once-again-discovers-vulnerability-ton-virtual-machine-jt0oc/

此漏洞的技术细节：https：//www.linkedin.com/pulse/tonbit-onbit-once-once-again-discovers-vulnerabilits-vulnerability-vulnerability-ton-virtual-machine-machine-jt0oc/

This discovery highlights the deep expertise of TonBit, a subsidiary of BitsLab, in security research within the TON ecosystem. TonBit immediately submitted the technical details and mitigation plan to the TON Foundation and assisted in completing the remediation. Now, the vulnerability is fully patched.

这一发现突出了Bitslab的子公司Tonbit在TON生态系统内的安全研究中的深厚专业知识。 Tonbit立即将技术细节和缓解计划提交给Ton Foundation，并协助完成补救。现在，漏洞已完全修补。

TonBit and BitsLab recommend that all developers promptly update their dependency libraries once the official patch is released. At the same time, they incorporate more rigorous library-integrity checks and gas-management logic into custom contracts to prevent similar issues from being maliciously exploited. BitsLab and TonBit will continue to uphold the principle of “responsible disclosure” and, together with the community, fortify the Web3 security perimeter.

Tonbit和Bitslab建议一旦官方补丁发布后，所有开发人员都会立即更新其依赖库。同时，他们将更严格的图书馆综合检查和天然气管理逻辑纳入自定义合同，以防止类似的问题被恶意剥削。 Bitslab和Tonbit将继续维护“负责任的披露”原则，并与社区一起加强Web3安全外围。

This finding further cements TonBit and BitsLab's "security-first" ethos within Web3. By adhering to rigorous disclosure protocols and engaging transparently with ecosystem stakeholders, TonBit and BitsLab continue to set industry standards for ethical blockchain research and Web3 ecosystem security.

这一发现进一步巩固了tonbit和Bitslab在Web3中的“安全优先”精神。通过遵守严格的披露协议并与生态系统利益相关者透明地互动，Tonbit和Bitslab继续为道德区块链研究和Web3生态系统安全设定行业标准。

About TonBit

关于tonbit

TonBit, a core sub-brand of BitsLab, is a trusted security expert and early builder within the TON ecosystem. Serving as the Primary Security Assurance Provider (SAP) for the TON blockchain, TonBit specializes in comprehensive security audits, including Tact and FunC language audits, ensuring the integrity and resilience of projects built on TON. Officially endorsed by TON, TonBit has successfully audited several high-profile projects such as Catizen, Algebra, UTonic, Ton Batch Sender, TonUp, PixelSwap, Tradoor, Miniton, Thunder Finance, and nearly 20 other projects on TON, showcasing its expertise in securing TON-based solutions.

托比特（Tonbit）是比特拉布（Bitslab）的核心子品牌，是一位值得信赖的安全专家，也是吨生态系统中的早期建造者。 Tonbit是TON区块链的主要安全保证提供商（SAP），专门从事全面的安全审核，包括TACT和FUNC语言审核，以确保在TON上建立的项目的完整性和弹性。在吨的正式认可下，Tonbit已成功审核了几个备受瞩目的项目，例如Catizen，Algebra，Utonic，Ton Batch Sender，Tonup，Pixelswap，Pixelswap，Tradoor，Miniton，Miniton，Thunder Finance，以及其他近20个项目，展示了其在基于TON的解决方案方面的专业知识。

About BitsLab

关于比特拉布

BitsLab is an organization dedicated to Web3 ecosystem security, aiming to become a respected security authority within the industry. The organization operates three sub-brands: MoveBit, ScaleBit, and TonBit, focusing on infrastructure development and security auditing across multiple blockchain ecosystems, including Sui, Aptos, TON, BNB Chain, Starknet, and Solana. BitsLab specializes in auditing a wide range of programming languages, such as Circom, Halo2, Move, and Cairo.

BITSLAB是一个致力于Web3生态系统安全的组织，旨在成为行业内受人尊敬的安全机构。该组织经营三个子品牌：MoveBit，ScaleBit和Tonbit，重点介绍了包括SUI，Aptos，Ton，BNB链，Starknet和Solana在内的多个区块链生态系统的基础设施开发和安全审核。 BITSLAB专门审核各种编程语言，例如Circom，Halo2，Move和Cairo。

As a leader in blockchain security, BitsLab has provided security auditing services to several projects, including Aptos, Tether, UniSat, and Nervos CKB. Having delivered over 400 security solutions, the company has audited over 400,000 lines of code and safeguarded $8 billion in assets for over 2 million users. BitsLab has identified critical vulnerabilities in several well-known projects and remains committed to advancing Web3 security while fostering the healthy growth of emerging ecosystems.

作为区块链安全的领导者，Bitslab已为包括Aptos，Tether，Unisat和Nervos CKB在内的多个项目提供了安全审计服务。该公司已交付了400多个安全解决方案，已审核了40万行的代码，并为200万用户提供了80亿美元的资产。 Bitslab在几个知名项目中确定了关键的脆弱性，并仍致力于促进Web3安全性，同时促进新兴生态系统的健康增长。

Contact

接触

Media Teamhan@bitslab.xyz

媒体teamhan@bitslab.xyz