Disclaimer: Information found on CryptoreNews is those of writers quoted. It does not represent the opinions of CryptoreNews on whether to sell, buy or hold any investments. You are advised to conduct your own research before making any investment decisions. Use provided information at your own risk.
CryptoreNews covers fintech, blockchain and Bitcoin bringing you the latest crypto news and analyses on the future of money.
A recent security analysis has raised alarms regarding the Open Telegram Network (TON), a blockchain platform recognized for its accessible approach to smart contracts.
The analysis, carried out by Web3 security company CertiK, points out possible weaknesses in Tact, the programming language specifically crafted for TON. Although Tact is intended to streamline development and bolster security, the audit indicates that certain coding methodologies might unintentionally render smart contracts vulnerable.
Tact’s Concealed Security Risks
CertiK draws a comparison between Tact and its predecessor, FunC, noting common errors that developers encounter while utilizing the language.
Such mistakes can result in transaction failures, financial losses, and security loopholes that can be exploited.
A significant issue raised in the report is Tact’s rigid address format. The discrepancies with established standards, like TEP-74, may lead to failed transactions or lost tokens, akin to sending a letter to the wrong address.
CertiK also pointed out difficulties in handling concurrent operations. While the TON blockchain circumvents vulnerabilities such as reentrancy, which is prevalent on Ethereum, its unpredictable transaction sequencing could allow attackers to take advantage of timing discrepancies, creating vulnerabilities similar to man-in-the-middle attacks.
TON’s asynchronous and parallel processing of smart contracts complicates the tracking of action sequences. Source: CertiK
Another point of concern is data serialization. CertiK observed that developers must explicitly structure data within smart contracts. Neglecting this could lead to misinterpretations and erratic program behavior, similar to assembling furniture without complete instructions.
Related Posts
The report also pointed out potential issues in Tact’s numerical handling, which could result in errors if developers are not careful.
Furthermore, CertiK underscored the necessity of managing “gas,” the fee needed to perform blockchain transactions. Inaccurate estimation and oversight of gas consumption by developers can lead to transaction failures midway or even deplete funds from a contract.
Crypto Hacks in 2024: $1.5 Billion Lost
In addition to the vulnerabilities in Tact, the wider crypto landscape continues to face significant security issues.
A report from Immunefi indicates that nearly $1.5 billion has been lost in crypto-related incidents in 2024, despite a 15% decrease in stolen funds compared to the previous year.
November alone witnessed over $71 million in digital assets disappear, bringing the total for the year to over $1.48 billion across 209 incidents.
Crypto losses in October vs. November 2024. Source: Immunefi
One significant incident in November involved the meme coin trading terminal DEXX, which experienced a private key breach. The exploit impacted at least 900 users, with most losing less than $10,000, while one user faced a loss exceeding $1 million.
In the same month, Delta Prime, a DeFi protocol operating on Avalanche and Arbitrum, encountered its second major exploit of the year. This incident led to a loss of $4.8 million, following a $6 million hack in September.
The post TON Blockchain’s Tact Language Has Security Risks – CertiK Audit appeared first on Cryptonews.
