A recent CertiK audit has flagged several security vulnerabilities in Tact, the programming language designed for creating smart contracts on the TON blockchain. The findings, released on Thursday, raise concerns about coding practices and potential risks tied to the language’s implementation.
Key Risks in Tact Language
Tact, introduced in 2023, aims to simplify smart contract development, improve performance, and enhance security on the TON blockchain. However, the audit revealed multiple vulnerabilities, including:
- Strict Address Format Issues
- Tact’s strict address format is inconsistent with standards like TEP-74, leading to risks such as failed transactions or token loss. CertiK likened this to sending a letter to an incorrect address.
- Challenges with Concurrent Operations
- Although TON avoids common Ethereum vulnerabilities like reentrancy, its asynchronous and parallel processing can result in unpredictable transaction orders.
- This creates opportunities for timing-based exploits, such as man-in-the-middle attacks.
- Data Serialization Risks
- Developers must explicitly organize data within smart contracts. Failure to do so can lead to misinterpretations or unpredictable behaviors, akin to assembling furniture with incomplete instructions.
- Number Handling Errors
- Mistakes in Tact’s numerical handling could cause significant glitches if developers aren’t vigilant.
- Gas Management Challenges
- Proper gas estimation is critical. Mismanagement can cause transactions to fail or drain contract funds, disrupting operations.
Broader Implications for TON Blockchain
The vulnerabilities in Tact could lead to transaction failures, loss of funds, and exploitable security gaps if not addressed. CertiK’s audit compared Tact to its predecessor, FunC, noting that developers frequently encounter issues when using the newer language.
TON’s asynchronous transaction processing—a strength in scalability—also presents unique challenges, making it difficult to predict or control the sequence of actions within smart contracts.
Crypto Hacks in 2024: $1.5 Billion Lost Despite Decline
The vulnerabilities in Tact highlight a broader trend of security challenges in the cryptocurrency sector.
According to a report by Immunefi, $1.5 billion has been lost in crypto-related hacks and exploits in 2024. Although this represents a 15% decline compared to 2023, the numbers remain significant.
Notable Incidents in 2024
- Meme Coin Trading Terminal DEXX:
- A private key leak affected at least 900 users, with losses ranging from $10,000 to over $1 million for some individuals.
- Delta Prime (DeFi Protocol):
- The protocol suffered two major exploits in 2024, losing $4.8 million in November and $6 million in September.
Securing the Future of Smart Contracts
The CertiK audit emphasizes the importance of robust development practices, especially as the TON blockchain continues to gain traction. Addressing these vulnerabilities in Tact is critical to ensuring the security, reliability, and scalability of the platform.
For developers, careful attention to address formats, data serialization, gas management, and transaction order is essential to mitigating risks and protecting user assets.
For Expert Insights, Visit CentBit.Online
Stay updated with the latest developments in blockchain technology, crypto security, and smart contract innovations at CentBit.Online—Bangladesh’s premier source for crypto and blockchain expertise.
(SEO Optimized by CentBit.Online – Crypto & Blockchain Expert Bangladesh)
