- Topic
27k Popularity
10k Popularity
20k Popularity
10k Popularity
364 Popularity
4k Popularity
5k Popularity
10k Popularity
11k Popularity
46k Popularity
- Pin
- GT Airdrop Is Live! 1.92M GT Burned in Q2, Worth Over $39M
🎁 Complete simple tasks, get up to 13.2 GT per user
📅 From July 8 to July 20
👉 Join now + trade futures to qualify: https://www.gate.com/campaigns/1431
- 📢 #Gate Square Writing Contest Phase 1# is now officially launched!
Share your unique insights on the CROSS project and stand a chance to win $500 worth of CROSS rewards!
💰 Rewards:
1st Prize (1 winner): $150 worth of CROSS
2nd Prize (3 winners): $50 worth of CROSS each
3rd Prize (10 winners): $20 worth of CROSS each
👉 How to Participate:
1. Publish your unique insights on the CROSS project in Gate Square.
2. Add the tag #Gate Square Writing Contest Phase 1# to your post (minimum of 300 words).
3. Share your article or insights on X with the tags: Gate Square & CROSS.
Essay Content Directio
- 🎉 #Gate xStocks Trading Share# Posting Event Is Ongoing!
📝 Share your trading experience on Gate Square to unlock $1,000 rewards!
🎁 5 top Square creators * $100 Futures Voucher
🎉 Share your post on X – Top 10 posts by views * extra $50
How to Participate:
1️⃣ Follow Gate_Square
2️⃣ Make an original post (at least 20 words) with #Gate xStocks Trading Share#
3️⃣ If you share on Twitter, submit post link here: https://www.gate.com/questionnaire/6854
Note: You may submit the form multiple times. More posts, higher chances to win!
📅 End at: July 9, 16:00 UTC
Show off your trading on Gate Squ
- 🚀 Calling all Gate Square content creators!
Join the Gate 2025 Mid-Year Gala to become a top creator
Win Gate x Red Bull merch, $1,000 Futures Vouchers, VIP+1, and fan-exclusive rewards!
Sign up now 👉 www.gate.com/activities/community-vote
#GateSquare#
BitsLab's TonBit has once again discovered a critical vulnerability in the TON Virtual Machine and received thanks from the TON official.
Author: TonBit
Introduction:
BitsLab's TonBit has once again discovered a critical vulnerability in the TON virtual machine and received official thanks from TON: The INMSGPARAM instruction does not perform null pointer checks when processing message parameters, which may lead to a crash of the TON virtual machine.
TON official vulnerability fix and thanks TonBit details link:
Recently, TonBit, a subsidiary of BitsLab, discovered a serious security vulnerability in the latest TVM source code (master branch / TON v2025.04)—the INMSGPARAM instruction does not perform null pointer checks when processing message parameters, which may lead to a crash of the TON virtual machine. This vulnerability is also hidden deep within the TVM's call process, allowing attackers to construct special message parameters that trigger a null pointer dereference during VM execution, causing execution interruptions and severely impacting the availability and stability of contract execution. The following content retains the technical details for developers to conduct in-depth analysis and prevention.
We discovered this vulnerability before the launch on TVM11 and immediately reported it to Ton Core, thereby avoiding any security risks to on-chain assets. Ton Core carefully analyzed our report and fixed the vulnerability before the official launch, and issued us a bounty and acknowledgment. We sincerely thank Ton Core for their professionalism and commitment.
The affected code (located in crypto/vm/tonops.cpp) is as follows:
Root cause:
This line of code
Ref t = get_param(st, inmsgparams_idx).as_tuple();
There is no check on whether the variable t is nullptr. If slot 0 of the c7 register is configured as a tuple where the 17th element is not of Tuple type, as_tuple() will return a null pointer. When this null pointer t is passed to tuple_index, it will trigger a null pointer dereference, causing the virtual machine to crash. This critical error can be reliably reproduced in Global Version 11.
POC code:
To facilitate local testing (since global_version is usually configured by the chain), we modified the initialization of the virtual machine in the run_vm_code function to force global_version to be set to 11:
Copy the PoC code into the crypto/test/vm.cpp file.
Modify run_vm_code as described above, setting global_version to 11.
Compile and run the test-vm executable.
Crash:
The virtual machine may crash due to a null pointer dereference:
In summary, TonBit, under BitsLab, has always adhered to the principle of "deepening security and responsible disclosure" by continuously exploring and fixing key vulnerabilities in the core code of the TON virtual machine. From the non-atomic migration risks of the RUNVM instruction to the null pointer dereference issue of the INMSGPARAM instruction, TonBit has promptly reported to Ton Core and assisted in repairs with professional technical strength and efficient response speed, effectively ensuring the security of on-chain assets while enhancing the stability and reliability of TVM. In the future, TonBit will continue to work closely with Ton Core and the community to build a more solid Web3 security defense.
About TonBit
TonBit, as the core sub-brand of BitsLab, is a security expert and early builder within the TON ecosystem. As a primary security assurance provider for the TON blockchain, TonBit focuses on comprehensive security audits, including audits of Tact and FunC languages, ensuring that projects based on TON possess integrity and resilience. To date, TonBit has successfully audited several well-known projects, including Catizen, Algebra, and UTonic, uncovering multiple critical vulnerabilities, demonstrating our exceptional capabilities in the field of blockchain security. In addition, TonBit successfully organized the TON CTF competition, attracting numerous participants and garnering extensive attention, further solidifying its position as a security expert in the TON ecosystem. In the future, TonBit will continue to safeguard blockchain security and promote the continuous development of technology and the ecosystem.