TONboard

Audit in TON

2 min readupdated 2026-05-29✏️ Suggest an edit🕑 History
On this page (8)

TL;DR: Audits in The Open Network (TON) evaluate code, smart contracts, and network components to uncover vulnerabilities and verify compliance. They encompass smart‑contract, node, and protocol reviews, with recent assessments by CertiK and SlowMist highlighting performance and phishing‑related risks.

Overview of TON Audits#

Audits are systematic examinations of TON’s blockchain code, smart contracts, and overall security architecture. Their primary goals are to detect vulnerabilities, ensure adherence to industry standards, and maintain stakeholder confidence. Regular auditing supports network stability, scalability, and transparency for developers, users, and investors.

Types of Audits#

  • Smart Contract Audits – In‑depth review of contract source code, behavioral testing under varied conditions, and formal verification using mathematical proofs to confirm logical correctness.
  • Node Audits – Assessment of node software for security flaws, performance benchmarking, and verification that nodes follow TON’s consensus protocols.
  • Network and Protocol Audits – Evaluation of the broader architecture, including consensus mechanisms, scalability provisions, and interoperability with other blockchains and external systems.

Audit Process#

  1. Scope Definition – Identify specific components (smart contracts, nodes, network layers) to be examined.
  2. Examination – Combine automated scanning tools with manual code review to uncover common and complex issues.
  3. Reporting – Compile findings into a detailed report outlining vulnerabilities, inefficiencies, and remediation recommendations.
  4. Resolution – Development teams address reported issues through code updates, protocol tweaks, or security enhancements.
  5. Final Review – Conduct a follow‑up audit to confirm that all identified problems have been resolved and that the system operates securely.

Recent Audits#

CertiK

In 2023, CertiK performed an audit that validated TON’s capacity to handle a peak of 104,715 transactions per second (TPS). The assessment included rigorous stress‑testing and ongoing monitoring via CertiK’s Skynet platform, which provides real‑time security insights.

SlowMist

In 2024, SlowMist reported a rise in phishing attacks targeting the TON ecosystem, exploiting the tight integration between Telegram and TON. Despite these threats, the audit found no critical vulnerabilities in TON’s core infrastructure, indicating that the foundational security remains robust.

Challenges in Auditing TON#

Auditing TON is complicated by the network’s sophisticated smart‑contract language, node software complexity, and rapid evolution. Auditors must possess deep blockchain and cryptography expertise to detect subtle bugs. Continuous updates and re‑audits are essential as new features are introduced, and ensuring secure scalability and cross‑chain interoperability remains a significant hurdle.

See also#

ℹ️ Information verified: 2024

Needs update (2)
  • VERIFY 2023– CertiK’s 2023 performance validation.
  • VERIFY 2024– SlowMist’s 2024 phishing‑attack observation.

Prepared by

TONboard

Support the project with a TON tip.

Comments

Posting a comment costs a small on-chain fee that keeps spam out.
  • No comments yet — be the first.