The Path to Compliance and Risk Assessment of the TON Chain: Coexisting Prospects and Challenges

Advanced7/29/2024, 10:54:00 AM
TON (The Open Network) is a rapidly evolving blockchain project that has attracted significant attention due to its advanced technology and rapidly growing user base. However, participating in such a phenomenon requires a thorough analysis, assessment, and interpretation of its risks. This report aims to provide in-depth risk analysis and compliance interpretation for users and potential participants in the TON ecosystem.

TON (The Open Network), as a rapidly growing blockchain project, has garnered widespread attention due to its advanced technology and rapidly expanding user base. However, engaging with such a groundbreaking project requires a thorough analysis, assessment, and interpretation of its risks. This report aims to provide a comprehensive risk analysis and compliance interpretation for users and potential participants in the TON ecosystem.

Writing in front

In order to better understand the basic situation and ecosystem of TON, readers are recommended to refer to the first two parts of our TON series of reports:

First part “In-Depth Analysis of the TON Chain: Revealing the Core Strengths of the Future Blockchain Giant”

the second part “TON Ecosystem Panorama: Exploring On-Chain Star Projects and Future Opportunities” [Part 1]

the second part “TON Ecosystem Panorama: Exploring On-Chain Star Projects and Future Opportunities” [Part 2]

These three articles provide a comprehensive analysis of TON’s fundamentals and ecosystem respectively, giving you a more complete understanding of TON.

Background introduction

With the proliferation and development of blockchain technology, TON has quickly attracted global users and developers due to its unique technical architecture and broad application prospects. TON aims to establish a decentralized internet platform that offers efficient, transparent, and secure blockchain services. However, due to the complexity of blockchain technology and the differences in national laws and regulations, TON faces numerous compliance and technical challenges in its development. By analyzing the current status and challenges of TON in terms of legal compliance, technical implementation, user experience, and cross-chain interoperability, this report helps users make more informed decisions when engaging with the TON ecosystem.

Technology risk analysis

1. Smart contract vulnerabilities

Smart contract vulnerabilities are one of the main risks faced by TON blockchain technology. Common vulnerabilities include reentrancy attacks, integer overflows, and access control issues. We will break down and analyze the technical risks associated with each potential vulnerability to assess whether TON’s increasingly prosperous ecosystem also faces significant threats.

1.1 Language complexity

FunC Issues:

  1. Design of FunC: FunC is a low-level language similar to Lisp and serves as the primary programming language for TON smart contracts. It focuses on efficiency and flexibility, allowing developers to directly manipulate memory and manage resources precisely.
  2. Increased Complexity: The low-level nature of FunC requires developers to manually manage memory and handle low-level operations, demanding high programming skills and security awareness. Any oversight can lead to memory leaks, buffer overflows, and potential security vulnerabilities in smart contracts.
  3. Risks:
  4. Memory Management Errors: Manual memory management increases the risk of errors such as memory leaks and buffer overflows, which could be exploited by malicious attackers, causing unintended behaviors in smart contract execution.
  5. Code Complexity: The low-level features of FunC add to code complexity, making debugging and maintenance more challenging, which in turn increases the likelihood of vulnerabilities.

Tact Language:

  1. Higher-Level Language: To address the issues with FunC, the community has introduced and supports Tact, a higher-level programming language similar to TypeScript and Rust. It provides advanced abstractions and simpler syntax, making it easier to learn and use compared to FunC.
  2. Advantages: Tact offers a more developer-friendly environment, lowering the barrier to smart contract development and helping to attract more developers to the TON ecosystem.

Fift Language:

  1. Characteristics: Fift is a low-level assembly and debugging language used for direct interaction with the TON Virtual Machine (TVM), suitable for low-level debugging and testing of smart contracts.
  2. Challenges: As Fift is still in its early stages, its tools and documentation may be less developed, potentially presenting more challenges and issues for developers during use.

1.2 The risk of smart contract vulnerabilities faced by TON

  1. Reentrancy Attacks: This is a common vulnerability in smart contracts where a malicious contract can recursively call the same function before a previous call is completed, potentially leading to resource exhaustion or data manipulation.

  2. Example: The classic DAO attack exploited a reentrancy vulnerability, resulting in a significant theft of funds.

Preventive Measures

The Check-Effects-Interactions Pattern is emphasized in TON’s official documentation to ensure that all state updates are completed before making external calls, thereby avoiding reentrancy attacks. The core of this pattern is to first check conditions (Check), then perform state updates (Effects), and finally interact with external entities (Interactions), ensuring that the contract’s internal state is updated before any external calls are made.

1.3 Integer overflow and underflow problems

  1. Reentrancy Attacks: This is a common vulnerability in smart contracts where a malicious contract can recursively call the same function before a previous call is completed, potentially leading to resource exhaustion or data manipulation.
  2. Example: The classic DAO attack exploited a reentrancy vulnerability, resulting in a significant theft of funds.

Preventive Measures

The Check-Effects-Interactions Pattern is emphasized in TON’s official documentation to ensure that all state updates are completed before making external calls, thereby avoiding reentrancy attacks. The core of this pattern is to first check conditions, then perform state updates, and finally interact with external entities, ensuring that the contract’s internal state is updated before any external calls are made.

1.4 Access control issues

  1. Access Control Issues: Poorly designed access control in smart contracts can lead to unauthorized users gaining access to sensitive functions or data.
  2. Example: Some contracts have been exploited due to access control vulnerabilities, allowing malicious users to perform unauthorized operations.

Preventive Measures

TON provides detailed permission management and access control strategies to ensure that only authorized users can execute critical operations. Developers should implement strict access control policies and conduct regular audits to ensure contract security and prevent unauthorized access.

Additionally, TON developer documentation mentions other technical safeguards:

  1. Strict Testing: TON encourages developers to perform comprehensive unit tests, integration tests, and stress tests, and provides relevant testing frameworks and tools.
  2. Formal Verification: Although not mandatory, TON encourages developers to use formal verification tools to prove the correctness and security of smart contracts.
  3. Security Audits: TON advises developers to undergo third-party security audits before releasing contracts to ensure their security. The official documentation provides guidance on selecting audit services and conducting audits.

2. Node attack

TON node distribution map Source: TON official website

The TON network uses a Proof-of-Stake (PoS) consensus mechanism. As of June 3, there are 347 nodes distributed across more than 30 countries, with a notable concentration in Europe and the United States. The total staked amount exceeds 526 million TON, accounting for nearly 20% of the circulating supply. At least 300,000 TON are required for staking, and at least 400,000 TON are needed for elections. Additionally, there is a penalty mechanism where any network participant can file complaints about a validator’s behavior, and other validators vote to determine whether to hold the validator accountable.

In this context, the TON network’s node technology ensures on-chain security in the following ways:

  1. The high staking requirements and validator election mechanism reduce the risk of Sybil attacks.
  2. The global distribution of nodes and network monitoring mechanisms help mitigate DDoS attacks.
  3. TON’s diverse node connection strategies ensure each node remains connected to a sufficient number of other nodes, reducing the risk of isolation from Eclipse attacks.

3. Technical complexity and implementation risks

3.1 Complexity of multi-chain architecture

  1. Implementation and Coordination Complexity: The TON blockchain enhances flexibility and scalability through its multi-chain architecture but requires efficient and reliable mechanisms to ensure seamless interoperability and data synchronization. Developers need to create cross-chain communication protocols to ensure real-time, accurate data transmission and consistent consensus mechanisms.
  2. Security Risks: Frequent interactions in a multi-chain architecture increase security risks, as malicious actors may exploit these interactions to find system vulnerabilities. Therefore, the security of each blockchain and interaction interface is crucial.
  3. Solutions: TON addresses these challenges by introducing reliable consensus algorithms (such as BFT) and strict validation mechanisms. It employs efficient data synchronization protocols and optimized cross-chain communication mechanisms (such as instant hypercube routing), along with dynamic sharding mechanisms to enhance scalability and performance.

3.2 Sharding technical challenges

Security and Integrity: Sharding technology enhances scalability but can also become a target for attacks, necessitating robust security measures to protect each shard. TON employs a bottom-up infinite sharding paradigm, treating each account or smart contract as an independent shard and enabling inter-shard communication through a messaging system.

Load Balancing and Transaction Routing: Each shard must handle its own transactions and coordinate with other shards. TON introduces strict sharding conditions and merging rules to ensure automatic sharding during high load and automatic merging during low load. The global state is determined by the main chain’s block hash, ensuring data consistency and security.

Data Consistency and Availability: Issues related to cross-shard data synchronization and coordination need to be addressed to avoid data inconsistencies or delays. TON uses instant hypercube routing technology to achieve efficient message passing and cross-shard communication, ensuring rapid data synchronization to target shards.

TON’s multi-chain architecture and sharding technology present significant technical challenges and risks. To address these, TON employs efficient consensus algorithms, dynamic sharding mechanisms, and optimized cross-chain communication strategies to enhance the network’s flexibility, scalability, and security. These measures help ensure the stability and reliability of the TON network.

4. Network performance and scalability

4.1 Transaction throughput limit

Daily transaction volume on TON chain Source: tonstat
  1. Transaction Volume: The TON network handles over 5 million transactions daily. This highlights TON’s capability in managing high-frequency transactions but also underscores the need for efficient processing and scalability.
  2. Transaction Throughput Limits: Despite the current high transaction volume, the pressure on transaction throughput will increase with more users and applications. Continuous optimization and innovative solutions are needed to ensure the network can handle higher transaction volumes while maintaining performance and stability.
  3. Network Congestion: A sharp increase in transaction volume can lead to network congestion, impacting overall performance. Although TON has dynamic sharding and instant hypercube routing technology, there remains a risk of resource constraints. High transaction volumes and complex sharding may deplete resources on certain nodes, affecting their ability to process all requests efficiently.
  4. Protocol Limitations: The design of the TON protocol may have bottlenecks, such as the efficiency of the consensus mechanism and the overhead of inter-node communication. These bottlenecks could become more pronounced with increased transaction volumes, affecting overall network performance.
  5. Scalability Challenges: To address the growing transaction volume, TON needs to expand its network architecture. This includes increasing the number of nodes and improving consensus algorithms, but such improvements must be made without compromising the stability and security of the existing system.

4.2 Network latency and stability

The TON blockchain aims for low latency and instant transactions to support real-time applications, but achieving this goal involves several challenges and potential bottlenecks:

Network Latency: In a decentralized network with geographically dispersed nodes, network transmission times are inevitably affected. Synchronization delays between nodes and the reliability of data transmission can contribute to transaction delays.

Node Synchronization: Nodes need to maintain a consistent ledger state, requiring frequent communication and data synchronization. Any delay or failure of a node can impact the overall network’s response time.

High Transaction Load: As transaction volume increases, processing transactions in real time becomes more challenging. The system may require more time to validate and confirm transactions, increasing the risk of delays.

Potential Attacks: Maintaining low latency and high stability becomes more difficult in the face of potential network attacks, such as DDoS attacks. Attackers may deliberately cause network congestion by sending大量事务,影响服务质量。

Reliability Assurance: Ensuring that the network remains stable and reliable under high load and potential attacks is a significant challenge, requiring complex monitoring and rapid response mechanisms.

In summary, although the TON blockchain has numerous innovations in its design, practical deployment still faces challenges related to transaction throughput, network latency, and stability. Addressing these issues is crucial to achieving its intended high performance and scalability goals.

5. Technology upgrade and maintenance

5.1 Upgrade compatibility

Technical upgrades are crucial for maintaining the security, performance stability, and functionality of the TON blockchain system. However, compatibility issues can introduce a range of technical risks:

  1. Version Compatibility Issues: Technical upgrades must ensure that new versions integrate seamlessly with old ones. Changes in interfaces, data structures, or protocol updates can cause compatibility problems. If backward compatibility is not ensured, nodes may experience network splits (i.e., forks) due to version inconsistencies.
  2. Data Migration Risks: Data migration is a key task during technical upgrades. Issues such as data loss or inconsistency may arise during migration, affecting user experience and potentially leading to trust crises. Strict data backup and verification mechanisms need to be implemented to ensure the reliability of data migration.
  3. Node Restart and Network Stability: Technical upgrades often require node restarts. Frequent restarts can lead to temporary network instability, impacting the real-time and continuity of transactions. A detailed restart plan should be developed, with upgrades performed during periods of low system load, and a robust rollback mechanism in place to quickly restore stability if unexpected issues occur.
  4. Planning and Coordination: Large-scale blockchain system upgrades require meticulous planning and coordination. Synchronizing operations across numerous nodes means that mistakes in any part of the process can lead to severe consequences. Therefore, it is essential to clarify every step in detail and ensure thorough communication and training for all participants.

5.2 Code quality and review

Github interface of TON chain Source: Github

As an open-source project, the quality and review mechanisms of the TON blockchain code directly impact the system’s security and stability. Based on the current data from TON’s GitHub, the following points outline how the code quality and review processes contribute to maintaining system security and stability:

Code Quality and Review

Code Readability and Maintainability: The TON GitHub repository is active with regular updates and maintenance. The code is clear, well-structured, and includes detailed comments, making it easier for developers to work with and maintain. The use of static code analysis tools (such as stdlib.fc) and automated testing tools further enhances code quality.

Internal Review: The TON development team implements a multi-layered code review process. Each code submission undergoes peer review and scrutiny by senior developers, which helps to identify and address potential issues promptly, reducing the occurrence of vulnerabilities.

Third-Party Security Audits: TON regularly invites professional third-party security firms to conduct comprehensive audits of the code. These audits help identify issues that may have been missed by the internal team, ensuring system security. Audit reports are made public, increasing transparency and community trust.

Open Source Community Feedback: TON collects and addresses suggestions and bug reports from the community through a bug bounty program and open governance mechanisms, continually improving code quality.

TON employs multi-layered and multi-faceted measures for code quality and review, including stringent coding standards, internal multi-tiered reviews, third-party security audits, and active community feedback. These measures collectively ensure the security and stability of the TON blockchain system, allowing it to address complex technical environments and evolving security threats. Additionally, the use of static code analysis and automated testing tools further strengthens code quality assurance and reduces potential security risks.

6. Decentralization risks

6.1 Node centralization

The TON network uses a Proof-of-Stake (PoS) consensus model to ensure its security and stability. Here is an in-depth exploration of its degree of decentralization:

Global Distribution

The number of nodes is a key indicator of a blockchain network’s decentralization. A higher number of nodes generally means a broader distribution of power and control, indicating greater decentralization. However, the quality and geographic distribution of nodes are also crucial. If nodes are highly concentrated in a specific geographic region or controlled by a few entities, it may undermine the effectiveness of decentralization. Data shows that TON’s validator nodes are distributed across more than 30 countries, with a notable concentration in Europe and the United States. This geographic distribution helps mitigate geopolitical risks and physical attacks, enhancing the network’s reliability and resilience.

Node Quantity and Staking Volume

Verify node data Source: Tonstat

As of July 5, there are over 365 nodes with a total staking volume exceeding 566 million TON, accounting for nearly 20% of the circulating supply. The extensive distribution of node quantity and staking volume is an important indicator of network decentralization, as it suggests that no single entity can easily control or attack the entire network.

Compared to mature networks like Bitcoin or Ethereum, which have thousands of nodes, TON’s node count might seem lower. However, for a relatively young or continuously developing network, the current number of nodes is a reasonable starting point.

Validator Threshold and Elections

Anyone with enough Toncoin (at least 300,000 TON) and who wins an election (requiring at least 400,000 TON) can become a validator. While the high staking requirements ensure participants’ commitment and contribution, they also reduce the likelihood of ordinary users participating. This high threshold enhances security but may limit the growth of node numbers, necessitating a balance between attracting more participants and maintaining network security. Despite this high threshold, it remains relatively open compared to some other blockchain systems. Additionally, the validator election process helps prevent monopolization by a few nodes.

Rewards and Inflation

Validators earn rewards by validating transactions and generating new tokens, with an average daily income of approximately 120 TON and an overall annual inflation rate of about 0.5%. A reasonable reward mechanism and low inflation rate help maintain validator motivation and network economic stability.

Penalty Mechanism

The penalty mechanism for validators includes penalties for not participating in block creation and malicious behavior, ensuring honesty and active participation. Additionally, any network participant can file a complaint against a validator’s behavior, providing cryptographic evidence, with other validators voting on whether to pursue the complaint. This self-regulation mechanism further enhances the network’s fairness and transparency.

TON’s network demonstrates strong decentralization through its globally distributed nodes, high validator threshold, reasonable reward mechanism, and strict penalty measures. These factors collectively ensure the network’s security, stability, and fairness while preventing power concentration among a few. However, further verification and confirmation of the accuracy of the data regarding TON’s validator nodes are needed.

6.2 Governance mechanism risks

To maintain network stability and sustainable development, a project must address risks related to decision-making transparency, stakeholder conflicts, and governance deadlock. From the analysis of TON’s governance mechanism, we can see that TON has implemented various measures to address these challenges and ensure the system’s security and stability:

Public voting and record-keeping functions, along with the automatic execution of smart contracts, ensure that the governance process is transparent and open.

A multi-layered governance structure and a reasonable proposal and voting mechanism balance the interests of different stakeholders and reduce conflicts.

Proposal and voting time limits, along with automatic arbitration through smart contracts, help avoid governance deadlocks and ensure a smooth decision-making process.

These measures collectively contribute to maintaining the effectiveness and fairness of TON’s governance mechanism, ensuring the healthy development of the project and the relatively fair operation of the governance system.

1. Current status of TON and regional risk analysis

TON (The Open Network) blockchain, after the legal disputes between Telegram and the SEC, has been continued by community members. Despite its enormous potential, TON still faces significant compliance challenges across different global jurisdictions. Here is an analysis of the regulatory environment and related risks in several key regions:

> USA

  1. Regulatory Bodies: SEC, CFTC, FTC, IRS, FinCEN
  2. Key Regulations: Securities Act, Commodity Exchange Act, Anti-Money Laundering Act, etc.
  3. Risk Analysis: Due to stringent U.S. regulations, TON’s tokens (such as Gram) may be classified as securities, requiring registration and compliance with relevant laws. The previous SEC lawsuit highlighted compliance risks, and TON needs to ensure that future token issuance and trading adhere to U.S. securities laws, anti-money laundering regulations, and other requirements.

> Singapore

  1. Regulatory Body: Monetary Authority of Singapore (MAS)
  2. Key Regulations: Securities and Futures Act, Payment Services Act
  3. Risk Analysis: Singapore is relatively friendly towards Web3 projects, but TON needs to clarify whether its tokens fall under MAS’s definition of digital asset products and comply with relevant regulations. Due diligence and anti-money laundering measures must be strictly enforced to ensure compliant operation.

> Hong Kong, China

  1. Regulatory Body: Securities and Futures Commission (SFC)
  2. Key Regulations: Securities and Futures Ordinance
  3. Risk Analysis: Hong Kong has introduced several policies supporting Web3 projects in recent years, but TON needs to obtain the necessary licenses and ensure that its exchanges and related operations comply with Hong Kong’s regulatory requirements. Additionally, compliance with user data protection and privacy regulations must be observed.

2.1 Securities Law Compliance

  1. Risk Description: The issuance and trading of TON’s tokens may be considered securities transactions, requiring compliance with registration and disclosure requirements under securities laws in various countries.
  2. Detailed Analysis: In the U.S., Gram tokens, as identified by the SEC as securities, need to be registered or exempted. TON must clarify the legal status of its tokens in different countries to ensure compliance with securities laws. By following legal issuance pathways such as registration or obtaining exemptions, it can mitigate legal risks arising from unregistered securities issuance.
  3. Current Measures: TON has explicitly stated that its token issuance and trading adhere to legal requirements in various countries. Although Gram tokens have not been issued, the compliance of Toncoin, which is currently used, is still strictly monitored in different jurisdictions. TON ensures that its token issuance and trading comply with securities laws through its legal advisory team.

2.2 Anti-Money Laundering (AML) and Know Your Customer (KYC)

  1. Risk Description: Countries around the world have strict anti-money laundering (AML) and Know Your Customer (KYC) requirements. TON needs to ensure that its platform is not used for money laundering or terrorist financing activities.
  2. Detailed Analysis: As a decentralized platform with users from around the world, TON must implement AML and KYC measures in various jurisdictions. Specific measures include establishing user identity verification mechanisms, transaction monitoring systems, and conducting regular risk assessments and reporting to ensure the platform is not exploited for illegal activities.
  3. TON has implemented strict AML and KYC measures, using advanced machine learning and AI technologies for transaction monitoring and risk assessment to identify and prevent suspicious activities in real time. TON has established a global unified KYC standard to meet the legal requirements of different countries.

2.3 Data protection and privacy

  1. Risk Description: Global data privacy regulations are becoming increasingly stringent. TON needs to ensure that its handling of user data complies with data protection laws in various countries.
  2. Detailed Analysis: In the European Union, TON must adhere to the General Data Protection Regulation (GDPR), and in the United States, it must comply with the California Consumer Privacy Act (CCPA). TON should take measures to ensure the security of user data, including encryption and anonymization, establishing data protection policies, and conducting regular security audits to prevent data breaches and misuse.
  3. TON employs the latest data encryption and anonymization techniques to ensure the security of user data during transmission and storage. Regular data protection audits are conducted, and independent security assessments and vulnerability fixes are carried out in collaboration with third-party security firms to prevent data breaches and misuse.

2.4 Investor protection

  1. Risk Description: TON needs to ensure that investors receive sufficient information disclosure to avoid legal disputes arising from insufficient information.
  2. Detailed Analysis: TON should ensure transparent disclosure of user information, including the project’s financial status and risk factors. Establishing effective user protection mechanisms, such as transparent investment information disclosure, investor education, and advisory services, can help mitigate legal risks.
  3. TON has established a dedicated investor relations team that regularly publishes project updates and financial reports. Transparent and timely information disclosure is ensured through the official website and social media channels. Additionally, TON provides a multilingual investor education platform to help investors understand the project’s risks and returns.

3. Compliance advice

3.1 Framework construction

Though the TON chain was later taken over by the foundation and developed independently from Telegram, its token distribution mechanism remains unclear.

Additionally, global data privacy regulations are becoming increasingly stringent, such as the General Data Protection Regulation (GDPR) in Europe and the California Consumer Privacy Act (CCPA). These regulations may impact advertisers’ data collection and advertising strategies, requiring them to pay more attention to compliance and user privacy. However, data on TON can be protected through encryption and anonymization, ensuring that user privacy in advertising interactions is safeguarded. This allows advertisers to conduct ad placements without exposing personal identities. TON provides secure digital identity verification features, enabling advertisers to better understand user interests and behaviors without directly collecting personal data. Smart contracts can automate the distribution and payment of advertising revenue, offering a transparent and traceable mechanism that reduces the risk of data breaches and protects the interests of both users and advertisers. TON’s decentralized advertising platform facilitates direct interaction between advertisers and content creators or users, reducing intermediaries. This model can enhance ad targeting accuracy and reduce excessive collection of user data.

TON has a sufficient user base and traffic, but continued development still requires compliance. The relocation of its headquarters to Zug, Switzerland, is widely viewed as related to the generally positive attitude of Swiss authorities toward the cryptocurrency industry.

Regulatory risks remain a factor. However, given their previous experience with the SEC, the foundation and investors are likely well-versed in managing and anticipating risks. Although not much has been publicly disclosed, Telegram is evidently working to integrate the token system into the platform. It is reasonable to expect that Telegram has engaged in legal and regulatory consultations and compliance measures to ensure that its current and future TON operations adhere to necessary legal requirements.

TON development roadmap Source: TON official website

According to the roadmap and content in TON’s blog, there are still some shortcomings in the current development of the TON ecosystem:

1. Insufficient ecological diversity

Many user interfaces in the TON system, such as wallets and smart contract interfaces, still need improvement in terms of usability and user experience. Ordinary users might find asset management, smart contract operations, and participation in decentralized applications not intuitive or user-friendly enough. The TON team needs to invest more effort in designing and optimizing user interfaces and user experiences (UX/UI) to reduce the learning curve and usage barriers for users.

  1. Technical implementation difficulties: Optimizing wallet and smart contract interfaces requires a deep understanding of user needs, employing advanced interaction design and visualization techniques. Additionally, implementing innovative features such as “gas-free” transactions requires significant modifications to the consensus mechanism and transaction model.
  2. Legal compliance: While improving user experience, it is essential to ensure compliance with user data protection and privacy regulations, such as GDPR.

2. User experience needs to be improved urgently

Many user interaction interfaces in the TON system (such as wallet and smart contract interfaces) still need to be improved in terms of usability and user experience. When ordinary users manage assets, operate smart contracts, and participate in decentralized applications, the operating experience may still not be intuitive and friendly enough. This requires the TON team to invest more energy in designing and optimizing the user interface and user experience (UX/UI) to reduce the user’s learning curve and usage threshold.

  1. Difficulty of technical implementation: The optimization of wallet and smart contract interfaces requires an in-depth understanding of user needs and the use of advanced interaction design and visualization technology. At the same time, realizing innovative functions such as “gas fee-free” transactions requires substantial transformation of the consensus mechanism and transaction model.
  2. Legal compliance: While optimizing user experience, it is necessary to ensure compliance with user data protection and privacy and comply with data protection regulations such as GDPR.

3. Insufficient cross-chain interoperability

Although TON has planned to introduce cross-chain bridges for assets transfer between different blockchain networks such as ETH, BNB, and BTC, the current cross-chain interoperability still needs to be further improved. The complexity of cross-chain asset management and operational security remain significant challenges.

  1. Technical implementation difficulties: Developing cross-chain bridges requires addressing multiple technical challenges related to security, reliability, and performance, and necessitates deep integration and coordination with multiple heterogeneous blockchain networks to ensure secure asset transfer and interoperability.
  2. Legal compliance: Cross-chain operations involve cross-border financial activities and must adhere to financial regulations in various countries, particularly concerning payment and securities laws, to ensure the legality of cross-chain asset transfers.

4. Privacy protection

Implementing privacy protection technologies like zero-knowledge proofs and homomorphic encryption poses high technical difficulty. These technologies need to ensure user data privacy while not affecting system performance and usability.

  1. Technical implementation difficulty: Implementing these technologies requires advanced research and development, involving complex mathematical algorithms and encryption techniques.
  2. Legal compliance: The use of privacy technologies must comply with the laws and regulations of different countries and regions, ensuring adherence to data protection and privacy policies.

5. Performance expansion

As user numbers and transaction volumes increase, the TON blockchain needs to continuously improve its performance and scalability to support high concurrency and large-scale applications.

  1. Technical implementation difficulty: Performance scaling involves optimizing the underlying architecture and technological innovations to ensure the system remains stable under high loads.
  2. Network security: While scaling network performance, potential network attacks and security vulnerabilities must be mitigated to ensure system stability and security.

6. Developer support

Although TON offers a rich set of development tools and resources, they still need continuous optimization and updates to meet the evolving needs of developers.

  1. Tools and resources: More comprehensive and user-friendly development tools and documentation are needed, supporting additional programming languages and development environments.
  2. Education and training: Enhancing developers’ understanding and application of TON technology by providing effective educational and training resources to help more developers master and utilize TON blockchain technology.

7. Insufficient disintermediation and security

The TON system still has some shortcomings in decentralization and security. For example, the separation mechanism between validators and collectors has not yet been fully implemented, which could affect the system’s decentralization features and censorship resistance.

Technical implementation difficulty: Designing and implementing mechanisms like validator-collector separation and Slashing Optimization requires in-depth modifications to the consensus protocol, involving complex network security and economic incentive system designs.

Legal compliance: During the modification and optimization of the consensus mechanism, it is crucial to ensure compliance with regulations related to financial security and anti-money laundering, operating in a legal and secure manner.

Although TON has taken proactive measures in areas such as ecosystem diversity, user experience, cross-chain interoperability, privacy protection, performance scaling, developer support, and decentralization and security, further improvements and refinements are needed to address future challenges.

Summary and suggestions

TON, as an innovative and rapidly developing blockchain project, shows immense potential. However, there are still shortcomings in its ecosystem diversity, user experience, cross-chain interoperability, and compliance. Nevertheless, TON has demonstrated strong adaptability and a spirit of continuous innovation throughout its development.

As a project that once operated with great momentum but was shut down due to regulatory issues, its restart has shown a significant emphasis on compliance. Through a series of measures, TON has undertaken a comprehensive legal compliance strategy to ensure its platform operates legally worldwide, mitigate legal risks, and enhance user trust.

Despite these proactive compliance measures, the high level of encryption and anonymity on the Telegram platform attracts many illegal actors. Combined with the privacy and de-banking nature of blockchain, this makes it a potential breeding ground for illicit activities. Although TON requires KYC for wallet withdrawals, simply providing ID does not completely eliminate illegal activities.

Future regulatory challenges remain severe. TON must continuously monitor and adapt to the evolving global regulatory environment to avoid the risk of being shut down again. As the ecosystem becomes more prosperous, the regulatory risks increase. All projects face challenges related to technical security, user privacy protection, and compatibility with traditional financial systems.

TON’s path to risk mitigation is long and arduous.

Though this is the third report on TON, it is not the end. We will continue to follow the TON ecosystem and bring more updates and insights in the future. Thank you for your readership and support. We hope you follow Wolfdao, provide more suggestions, and engage in discussions to grow together with us.

Securities Act of 1933:https://www.law.cornell.edu/wex/securities_act_of_1933

Europe’s General Data Protection Regulation (GDPR):https://gdpr.eu

California Consumer Privacy Act (CCPA):https://oag.ca.gov/privacy/ccpa

TON open network documentation:FunC Language Guide

TON blockchain development documents:Smart Contract Vulnerability Analysis

Disclaimer:

  1. This article is reproduced from [WolfDAO], the copyright belongs to the original author [Mat, Riffi, Sylvia, Shawn], if you have any objections to the reprint, please contact the Gate Learn team, and the team will handle it as soon as possible according to relevant procedures.

  2. Disclaimer: The views and opinions expressed in this article represent only the author’s personal views and do not constitute any investment advice.

  3. Other language versions of the article are translated by the Gate Learn team and are not mentioned in Gate.io, the translated article may not be reproduced, distributed or plagiarized.

The Path to Compliance and Risk Assessment of the TON Chain: Coexisting Prospects and Challenges

Advanced7/29/2024, 10:54:00 AM
TON (The Open Network) is a rapidly evolving blockchain project that has attracted significant attention due to its advanced technology and rapidly growing user base. However, participating in such a phenomenon requires a thorough analysis, assessment, and interpretation of its risks. This report aims to provide in-depth risk analysis and compliance interpretation for users and potential participants in the TON ecosystem.

TON (The Open Network), as a rapidly growing blockchain project, has garnered widespread attention due to its advanced technology and rapidly expanding user base. However, engaging with such a groundbreaking project requires a thorough analysis, assessment, and interpretation of its risks. This report aims to provide a comprehensive risk analysis and compliance interpretation for users and potential participants in the TON ecosystem.

Writing in front

In order to better understand the basic situation and ecosystem of TON, readers are recommended to refer to the first two parts of our TON series of reports:

First part “In-Depth Analysis of the TON Chain: Revealing the Core Strengths of the Future Blockchain Giant”

the second part “TON Ecosystem Panorama: Exploring On-Chain Star Projects and Future Opportunities” [Part 1]

the second part “TON Ecosystem Panorama: Exploring On-Chain Star Projects and Future Opportunities” [Part 2]

These three articles provide a comprehensive analysis of TON’s fundamentals and ecosystem respectively, giving you a more complete understanding of TON.

Background introduction

With the proliferation and development of blockchain technology, TON has quickly attracted global users and developers due to its unique technical architecture and broad application prospects. TON aims to establish a decentralized internet platform that offers efficient, transparent, and secure blockchain services. However, due to the complexity of blockchain technology and the differences in national laws and regulations, TON faces numerous compliance and technical challenges in its development. By analyzing the current status and challenges of TON in terms of legal compliance, technical implementation, user experience, and cross-chain interoperability, this report helps users make more informed decisions when engaging with the TON ecosystem.

Technology risk analysis

1. Smart contract vulnerabilities

Smart contract vulnerabilities are one of the main risks faced by TON blockchain technology. Common vulnerabilities include reentrancy attacks, integer overflows, and access control issues. We will break down and analyze the technical risks associated with each potential vulnerability to assess whether TON’s increasingly prosperous ecosystem also faces significant threats.

1.1 Language complexity

FunC Issues:

  1. Design of FunC: FunC is a low-level language similar to Lisp and serves as the primary programming language for TON smart contracts. It focuses on efficiency and flexibility, allowing developers to directly manipulate memory and manage resources precisely.
  2. Increased Complexity: The low-level nature of FunC requires developers to manually manage memory and handle low-level operations, demanding high programming skills and security awareness. Any oversight can lead to memory leaks, buffer overflows, and potential security vulnerabilities in smart contracts.
  3. Risks:
  4. Memory Management Errors: Manual memory management increases the risk of errors such as memory leaks and buffer overflows, which could be exploited by malicious attackers, causing unintended behaviors in smart contract execution.
  5. Code Complexity: The low-level features of FunC add to code complexity, making debugging and maintenance more challenging, which in turn increases the likelihood of vulnerabilities.

Tact Language:

  1. Higher-Level Language: To address the issues with FunC, the community has introduced and supports Tact, a higher-level programming language similar to TypeScript and Rust. It provides advanced abstractions and simpler syntax, making it easier to learn and use compared to FunC.
  2. Advantages: Tact offers a more developer-friendly environment, lowering the barrier to smart contract development and helping to attract more developers to the TON ecosystem.

Fift Language:

  1. Characteristics: Fift is a low-level assembly and debugging language used for direct interaction with the TON Virtual Machine (TVM), suitable for low-level debugging and testing of smart contracts.
  2. Challenges: As Fift is still in its early stages, its tools and documentation may be less developed, potentially presenting more challenges and issues for developers during use.

1.2 The risk of smart contract vulnerabilities faced by TON

  1. Reentrancy Attacks: This is a common vulnerability in smart contracts where a malicious contract can recursively call the same function before a previous call is completed, potentially leading to resource exhaustion or data manipulation.

  2. Example: The classic DAO attack exploited a reentrancy vulnerability, resulting in a significant theft of funds.

Preventive Measures

The Check-Effects-Interactions Pattern is emphasized in TON’s official documentation to ensure that all state updates are completed before making external calls, thereby avoiding reentrancy attacks. The core of this pattern is to first check conditions (Check), then perform state updates (Effects), and finally interact with external entities (Interactions), ensuring that the contract’s internal state is updated before any external calls are made.

1.3 Integer overflow and underflow problems

  1. Reentrancy Attacks: This is a common vulnerability in smart contracts where a malicious contract can recursively call the same function before a previous call is completed, potentially leading to resource exhaustion or data manipulation.
  2. Example: The classic DAO attack exploited a reentrancy vulnerability, resulting in a significant theft of funds.

Preventive Measures

The Check-Effects-Interactions Pattern is emphasized in TON’s official documentation to ensure that all state updates are completed before making external calls, thereby avoiding reentrancy attacks. The core of this pattern is to first check conditions, then perform state updates, and finally interact with external entities, ensuring that the contract’s internal state is updated before any external calls are made.

1.4 Access control issues

  1. Access Control Issues: Poorly designed access control in smart contracts can lead to unauthorized users gaining access to sensitive functions or data.
  2. Example: Some contracts have been exploited due to access control vulnerabilities, allowing malicious users to perform unauthorized operations.

Preventive Measures

TON provides detailed permission management and access control strategies to ensure that only authorized users can execute critical operations. Developers should implement strict access control policies and conduct regular audits to ensure contract security and prevent unauthorized access.

Additionally, TON developer documentation mentions other technical safeguards:

  1. Strict Testing: TON encourages developers to perform comprehensive unit tests, integration tests, and stress tests, and provides relevant testing frameworks and tools.
  2. Formal Verification: Although not mandatory, TON encourages developers to use formal verification tools to prove the correctness and security of smart contracts.
  3. Security Audits: TON advises developers to undergo third-party security audits before releasing contracts to ensure their security. The official documentation provides guidance on selecting audit services and conducting audits.

2. Node attack

TON node distribution map Source: TON official website

The TON network uses a Proof-of-Stake (PoS) consensus mechanism. As of June 3, there are 347 nodes distributed across more than 30 countries, with a notable concentration in Europe and the United States. The total staked amount exceeds 526 million TON, accounting for nearly 20% of the circulating supply. At least 300,000 TON are required for staking, and at least 400,000 TON are needed for elections. Additionally, there is a penalty mechanism where any network participant can file complaints about a validator’s behavior, and other validators vote to determine whether to hold the validator accountable.

In this context, the TON network’s node technology ensures on-chain security in the following ways:

  1. The high staking requirements and validator election mechanism reduce the risk of Sybil attacks.
  2. The global distribution of nodes and network monitoring mechanisms help mitigate DDoS attacks.
  3. TON’s diverse node connection strategies ensure each node remains connected to a sufficient number of other nodes, reducing the risk of isolation from Eclipse attacks.

3. Technical complexity and implementation risks

3.1 Complexity of multi-chain architecture

  1. Implementation and Coordination Complexity: The TON blockchain enhances flexibility and scalability through its multi-chain architecture but requires efficient and reliable mechanisms to ensure seamless interoperability and data synchronization. Developers need to create cross-chain communication protocols to ensure real-time, accurate data transmission and consistent consensus mechanisms.
  2. Security Risks: Frequent interactions in a multi-chain architecture increase security risks, as malicious actors may exploit these interactions to find system vulnerabilities. Therefore, the security of each blockchain and interaction interface is crucial.
  3. Solutions: TON addresses these challenges by introducing reliable consensus algorithms (such as BFT) and strict validation mechanisms. It employs efficient data synchronization protocols and optimized cross-chain communication mechanisms (such as instant hypercube routing), along with dynamic sharding mechanisms to enhance scalability and performance.

3.2 Sharding technical challenges

Security and Integrity: Sharding technology enhances scalability but can also become a target for attacks, necessitating robust security measures to protect each shard. TON employs a bottom-up infinite sharding paradigm, treating each account or smart contract as an independent shard and enabling inter-shard communication through a messaging system.

Load Balancing and Transaction Routing: Each shard must handle its own transactions and coordinate with other shards. TON introduces strict sharding conditions and merging rules to ensure automatic sharding during high load and automatic merging during low load. The global state is determined by the main chain’s block hash, ensuring data consistency and security.

Data Consistency and Availability: Issues related to cross-shard data synchronization and coordination need to be addressed to avoid data inconsistencies or delays. TON uses instant hypercube routing technology to achieve efficient message passing and cross-shard communication, ensuring rapid data synchronization to target shards.

TON’s multi-chain architecture and sharding technology present significant technical challenges and risks. To address these, TON employs efficient consensus algorithms, dynamic sharding mechanisms, and optimized cross-chain communication strategies to enhance the network’s flexibility, scalability, and security. These measures help ensure the stability and reliability of the TON network.

4. Network performance and scalability

4.1 Transaction throughput limit

Daily transaction volume on TON chain Source: tonstat
  1. Transaction Volume: The TON network handles over 5 million transactions daily. This highlights TON’s capability in managing high-frequency transactions but also underscores the need for efficient processing and scalability.
  2. Transaction Throughput Limits: Despite the current high transaction volume, the pressure on transaction throughput will increase with more users and applications. Continuous optimization and innovative solutions are needed to ensure the network can handle higher transaction volumes while maintaining performance and stability.
  3. Network Congestion: A sharp increase in transaction volume can lead to network congestion, impacting overall performance. Although TON has dynamic sharding and instant hypercube routing technology, there remains a risk of resource constraints. High transaction volumes and complex sharding may deplete resources on certain nodes, affecting their ability to process all requests efficiently.
  4. Protocol Limitations: The design of the TON protocol may have bottlenecks, such as the efficiency of the consensus mechanism and the overhead of inter-node communication. These bottlenecks could become more pronounced with increased transaction volumes, affecting overall network performance.
  5. Scalability Challenges: To address the growing transaction volume, TON needs to expand its network architecture. This includes increasing the number of nodes and improving consensus algorithms, but such improvements must be made without compromising the stability and security of the existing system.

4.2 Network latency and stability

The TON blockchain aims for low latency and instant transactions to support real-time applications, but achieving this goal involves several challenges and potential bottlenecks:

Network Latency: In a decentralized network with geographically dispersed nodes, network transmission times are inevitably affected. Synchronization delays between nodes and the reliability of data transmission can contribute to transaction delays.

Node Synchronization: Nodes need to maintain a consistent ledger state, requiring frequent communication and data synchronization. Any delay or failure of a node can impact the overall network’s response time.

High Transaction Load: As transaction volume increases, processing transactions in real time becomes more challenging. The system may require more time to validate and confirm transactions, increasing the risk of delays.

Potential Attacks: Maintaining low latency and high stability becomes more difficult in the face of potential network attacks, such as DDoS attacks. Attackers may deliberately cause network congestion by sending大量事务,影响服务质量。

Reliability Assurance: Ensuring that the network remains stable and reliable under high load and potential attacks is a significant challenge, requiring complex monitoring and rapid response mechanisms.

In summary, although the TON blockchain has numerous innovations in its design, practical deployment still faces challenges related to transaction throughput, network latency, and stability. Addressing these issues is crucial to achieving its intended high performance and scalability goals.

5. Technology upgrade and maintenance

5.1 Upgrade compatibility

Technical upgrades are crucial for maintaining the security, performance stability, and functionality of the TON blockchain system. However, compatibility issues can introduce a range of technical risks:

  1. Version Compatibility Issues: Technical upgrades must ensure that new versions integrate seamlessly with old ones. Changes in interfaces, data structures, or protocol updates can cause compatibility problems. If backward compatibility is not ensured, nodes may experience network splits (i.e., forks) due to version inconsistencies.
  2. Data Migration Risks: Data migration is a key task during technical upgrades. Issues such as data loss or inconsistency may arise during migration, affecting user experience and potentially leading to trust crises. Strict data backup and verification mechanisms need to be implemented to ensure the reliability of data migration.
  3. Node Restart and Network Stability: Technical upgrades often require node restarts. Frequent restarts can lead to temporary network instability, impacting the real-time and continuity of transactions. A detailed restart plan should be developed, with upgrades performed during periods of low system load, and a robust rollback mechanism in place to quickly restore stability if unexpected issues occur.
  4. Planning and Coordination: Large-scale blockchain system upgrades require meticulous planning and coordination. Synchronizing operations across numerous nodes means that mistakes in any part of the process can lead to severe consequences. Therefore, it is essential to clarify every step in detail and ensure thorough communication and training for all participants.

5.2 Code quality and review

Github interface of TON chain Source: Github

As an open-source project, the quality and review mechanisms of the TON blockchain code directly impact the system’s security and stability. Based on the current data from TON’s GitHub, the following points outline how the code quality and review processes contribute to maintaining system security and stability:

Code Quality and Review

Code Readability and Maintainability: The TON GitHub repository is active with regular updates and maintenance. The code is clear, well-structured, and includes detailed comments, making it easier for developers to work with and maintain. The use of static code analysis tools (such as stdlib.fc) and automated testing tools further enhances code quality.

Internal Review: The TON development team implements a multi-layered code review process. Each code submission undergoes peer review and scrutiny by senior developers, which helps to identify and address potential issues promptly, reducing the occurrence of vulnerabilities.

Third-Party Security Audits: TON regularly invites professional third-party security firms to conduct comprehensive audits of the code. These audits help identify issues that may have been missed by the internal team, ensuring system security. Audit reports are made public, increasing transparency and community trust.

Open Source Community Feedback: TON collects and addresses suggestions and bug reports from the community through a bug bounty program and open governance mechanisms, continually improving code quality.

TON employs multi-layered and multi-faceted measures for code quality and review, including stringent coding standards, internal multi-tiered reviews, third-party security audits, and active community feedback. These measures collectively ensure the security and stability of the TON blockchain system, allowing it to address complex technical environments and evolving security threats. Additionally, the use of static code analysis and automated testing tools further strengthens code quality assurance and reduces potential security risks.

6. Decentralization risks

6.1 Node centralization

The TON network uses a Proof-of-Stake (PoS) consensus model to ensure its security and stability. Here is an in-depth exploration of its degree of decentralization:

Global Distribution

The number of nodes is a key indicator of a blockchain network’s decentralization. A higher number of nodes generally means a broader distribution of power and control, indicating greater decentralization. However, the quality and geographic distribution of nodes are also crucial. If nodes are highly concentrated in a specific geographic region or controlled by a few entities, it may undermine the effectiveness of decentralization. Data shows that TON’s validator nodes are distributed across more than 30 countries, with a notable concentration in Europe and the United States. This geographic distribution helps mitigate geopolitical risks and physical attacks, enhancing the network’s reliability and resilience.

Node Quantity and Staking Volume

Verify node data Source: Tonstat

As of July 5, there are over 365 nodes with a total staking volume exceeding 566 million TON, accounting for nearly 20% of the circulating supply. The extensive distribution of node quantity and staking volume is an important indicator of network decentralization, as it suggests that no single entity can easily control or attack the entire network.

Compared to mature networks like Bitcoin or Ethereum, which have thousands of nodes, TON’s node count might seem lower. However, for a relatively young or continuously developing network, the current number of nodes is a reasonable starting point.

Validator Threshold and Elections

Anyone with enough Toncoin (at least 300,000 TON) and who wins an election (requiring at least 400,000 TON) can become a validator. While the high staking requirements ensure participants’ commitment and contribution, they also reduce the likelihood of ordinary users participating. This high threshold enhances security but may limit the growth of node numbers, necessitating a balance between attracting more participants and maintaining network security. Despite this high threshold, it remains relatively open compared to some other blockchain systems. Additionally, the validator election process helps prevent monopolization by a few nodes.

Rewards and Inflation

Validators earn rewards by validating transactions and generating new tokens, with an average daily income of approximately 120 TON and an overall annual inflation rate of about 0.5%. A reasonable reward mechanism and low inflation rate help maintain validator motivation and network economic stability.

Penalty Mechanism

The penalty mechanism for validators includes penalties for not participating in block creation and malicious behavior, ensuring honesty and active participation. Additionally, any network participant can file a complaint against a validator’s behavior, providing cryptographic evidence, with other validators voting on whether to pursue the complaint. This self-regulation mechanism further enhances the network’s fairness and transparency.

TON’s network demonstrates strong decentralization through its globally distributed nodes, high validator threshold, reasonable reward mechanism, and strict penalty measures. These factors collectively ensure the network’s security, stability, and fairness while preventing power concentration among a few. However, further verification and confirmation of the accuracy of the data regarding TON’s validator nodes are needed.

6.2 Governance mechanism risks

To maintain network stability and sustainable development, a project must address risks related to decision-making transparency, stakeholder conflicts, and governance deadlock. From the analysis of TON’s governance mechanism, we can see that TON has implemented various measures to address these challenges and ensure the system’s security and stability:

Public voting and record-keeping functions, along with the automatic execution of smart contracts, ensure that the governance process is transparent and open.

A multi-layered governance structure and a reasonable proposal and voting mechanism balance the interests of different stakeholders and reduce conflicts.

Proposal and voting time limits, along with automatic arbitration through smart contracts, help avoid governance deadlocks and ensure a smooth decision-making process.

These measures collectively contribute to maintaining the effectiveness and fairness of TON’s governance mechanism, ensuring the healthy development of the project and the relatively fair operation of the governance system.

1. Current status of TON and regional risk analysis

TON (The Open Network) blockchain, after the legal disputes between Telegram and the SEC, has been continued by community members. Despite its enormous potential, TON still faces significant compliance challenges across different global jurisdictions. Here is an analysis of the regulatory environment and related risks in several key regions:

> USA

  1. Regulatory Bodies: SEC, CFTC, FTC, IRS, FinCEN
  2. Key Regulations: Securities Act, Commodity Exchange Act, Anti-Money Laundering Act, etc.
  3. Risk Analysis: Due to stringent U.S. regulations, TON’s tokens (such as Gram) may be classified as securities, requiring registration and compliance with relevant laws. The previous SEC lawsuit highlighted compliance risks, and TON needs to ensure that future token issuance and trading adhere to U.S. securities laws, anti-money laundering regulations, and other requirements.

> Singapore

  1. Regulatory Body: Monetary Authority of Singapore (MAS)
  2. Key Regulations: Securities and Futures Act, Payment Services Act
  3. Risk Analysis: Singapore is relatively friendly towards Web3 projects, but TON needs to clarify whether its tokens fall under MAS’s definition of digital asset products and comply with relevant regulations. Due diligence and anti-money laundering measures must be strictly enforced to ensure compliant operation.

> Hong Kong, China

  1. Regulatory Body: Securities and Futures Commission (SFC)
  2. Key Regulations: Securities and Futures Ordinance
  3. Risk Analysis: Hong Kong has introduced several policies supporting Web3 projects in recent years, but TON needs to obtain the necessary licenses and ensure that its exchanges and related operations comply with Hong Kong’s regulatory requirements. Additionally, compliance with user data protection and privacy regulations must be observed.

2.1 Securities Law Compliance

  1. Risk Description: The issuance and trading of TON’s tokens may be considered securities transactions, requiring compliance with registration and disclosure requirements under securities laws in various countries.
  2. Detailed Analysis: In the U.S., Gram tokens, as identified by the SEC as securities, need to be registered or exempted. TON must clarify the legal status of its tokens in different countries to ensure compliance with securities laws. By following legal issuance pathways such as registration or obtaining exemptions, it can mitigate legal risks arising from unregistered securities issuance.
  3. Current Measures: TON has explicitly stated that its token issuance and trading adhere to legal requirements in various countries. Although Gram tokens have not been issued, the compliance of Toncoin, which is currently used, is still strictly monitored in different jurisdictions. TON ensures that its token issuance and trading comply with securities laws through its legal advisory team.

2.2 Anti-Money Laundering (AML) and Know Your Customer (KYC)

  1. Risk Description: Countries around the world have strict anti-money laundering (AML) and Know Your Customer (KYC) requirements. TON needs to ensure that its platform is not used for money laundering or terrorist financing activities.
  2. Detailed Analysis: As a decentralized platform with users from around the world, TON must implement AML and KYC measures in various jurisdictions. Specific measures include establishing user identity verification mechanisms, transaction monitoring systems, and conducting regular risk assessments and reporting to ensure the platform is not exploited for illegal activities.
  3. TON has implemented strict AML and KYC measures, using advanced machine learning and AI technologies for transaction monitoring and risk assessment to identify and prevent suspicious activities in real time. TON has established a global unified KYC standard to meet the legal requirements of different countries.

2.3 Data protection and privacy

  1. Risk Description: Global data privacy regulations are becoming increasingly stringent. TON needs to ensure that its handling of user data complies with data protection laws in various countries.
  2. Detailed Analysis: In the European Union, TON must adhere to the General Data Protection Regulation (GDPR), and in the United States, it must comply with the California Consumer Privacy Act (CCPA). TON should take measures to ensure the security of user data, including encryption and anonymization, establishing data protection policies, and conducting regular security audits to prevent data breaches and misuse.
  3. TON employs the latest data encryption and anonymization techniques to ensure the security of user data during transmission and storage. Regular data protection audits are conducted, and independent security assessments and vulnerability fixes are carried out in collaboration with third-party security firms to prevent data breaches and misuse.

2.4 Investor protection

  1. Risk Description: TON needs to ensure that investors receive sufficient information disclosure to avoid legal disputes arising from insufficient information.
  2. Detailed Analysis: TON should ensure transparent disclosure of user information, including the project’s financial status and risk factors. Establishing effective user protection mechanisms, such as transparent investment information disclosure, investor education, and advisory services, can help mitigate legal risks.
  3. TON has established a dedicated investor relations team that regularly publishes project updates and financial reports. Transparent and timely information disclosure is ensured through the official website and social media channels. Additionally, TON provides a multilingual investor education platform to help investors understand the project’s risks and returns.

3. Compliance advice

3.1 Framework construction

Though the TON chain was later taken over by the foundation and developed independently from Telegram, its token distribution mechanism remains unclear.

Additionally, global data privacy regulations are becoming increasingly stringent, such as the General Data Protection Regulation (GDPR) in Europe and the California Consumer Privacy Act (CCPA). These regulations may impact advertisers’ data collection and advertising strategies, requiring them to pay more attention to compliance and user privacy. However, data on TON can be protected through encryption and anonymization, ensuring that user privacy in advertising interactions is safeguarded. This allows advertisers to conduct ad placements without exposing personal identities. TON provides secure digital identity verification features, enabling advertisers to better understand user interests and behaviors without directly collecting personal data. Smart contracts can automate the distribution and payment of advertising revenue, offering a transparent and traceable mechanism that reduces the risk of data breaches and protects the interests of both users and advertisers. TON’s decentralized advertising platform facilitates direct interaction between advertisers and content creators or users, reducing intermediaries. This model can enhance ad targeting accuracy and reduce excessive collection of user data.

TON has a sufficient user base and traffic, but continued development still requires compliance. The relocation of its headquarters to Zug, Switzerland, is widely viewed as related to the generally positive attitude of Swiss authorities toward the cryptocurrency industry.

Regulatory risks remain a factor. However, given their previous experience with the SEC, the foundation and investors are likely well-versed in managing and anticipating risks. Although not much has been publicly disclosed, Telegram is evidently working to integrate the token system into the platform. It is reasonable to expect that Telegram has engaged in legal and regulatory consultations and compliance measures to ensure that its current and future TON operations adhere to necessary legal requirements.

TON development roadmap Source: TON official website

According to the roadmap and content in TON’s blog, there are still some shortcomings in the current development of the TON ecosystem:

1. Insufficient ecological diversity

Many user interfaces in the TON system, such as wallets and smart contract interfaces, still need improvement in terms of usability and user experience. Ordinary users might find asset management, smart contract operations, and participation in decentralized applications not intuitive or user-friendly enough. The TON team needs to invest more effort in designing and optimizing user interfaces and user experiences (UX/UI) to reduce the learning curve and usage barriers for users.

  1. Technical implementation difficulties: Optimizing wallet and smart contract interfaces requires a deep understanding of user needs, employing advanced interaction design and visualization techniques. Additionally, implementing innovative features such as “gas-free” transactions requires significant modifications to the consensus mechanism and transaction model.
  2. Legal compliance: While improving user experience, it is essential to ensure compliance with user data protection and privacy regulations, such as GDPR.

2. User experience needs to be improved urgently

Many user interaction interfaces in the TON system (such as wallet and smart contract interfaces) still need to be improved in terms of usability and user experience. When ordinary users manage assets, operate smart contracts, and participate in decentralized applications, the operating experience may still not be intuitive and friendly enough. This requires the TON team to invest more energy in designing and optimizing the user interface and user experience (UX/UI) to reduce the user’s learning curve and usage threshold.

  1. Difficulty of technical implementation: The optimization of wallet and smart contract interfaces requires an in-depth understanding of user needs and the use of advanced interaction design and visualization technology. At the same time, realizing innovative functions such as “gas fee-free” transactions requires substantial transformation of the consensus mechanism and transaction model.
  2. Legal compliance: While optimizing user experience, it is necessary to ensure compliance with user data protection and privacy and comply with data protection regulations such as GDPR.

3. Insufficient cross-chain interoperability

Although TON has planned to introduce cross-chain bridges for assets transfer between different blockchain networks such as ETH, BNB, and BTC, the current cross-chain interoperability still needs to be further improved. The complexity of cross-chain asset management and operational security remain significant challenges.

  1. Technical implementation difficulties: Developing cross-chain bridges requires addressing multiple technical challenges related to security, reliability, and performance, and necessitates deep integration and coordination with multiple heterogeneous blockchain networks to ensure secure asset transfer and interoperability.
  2. Legal compliance: Cross-chain operations involve cross-border financial activities and must adhere to financial regulations in various countries, particularly concerning payment and securities laws, to ensure the legality of cross-chain asset transfers.

4. Privacy protection

Implementing privacy protection technologies like zero-knowledge proofs and homomorphic encryption poses high technical difficulty. These technologies need to ensure user data privacy while not affecting system performance and usability.

  1. Technical implementation difficulty: Implementing these technologies requires advanced research and development, involving complex mathematical algorithms and encryption techniques.
  2. Legal compliance: The use of privacy technologies must comply with the laws and regulations of different countries and regions, ensuring adherence to data protection and privacy policies.

5. Performance expansion

As user numbers and transaction volumes increase, the TON blockchain needs to continuously improve its performance and scalability to support high concurrency and large-scale applications.

  1. Technical implementation difficulty: Performance scaling involves optimizing the underlying architecture and technological innovations to ensure the system remains stable under high loads.
  2. Network security: While scaling network performance, potential network attacks and security vulnerabilities must be mitigated to ensure system stability and security.

6. Developer support

Although TON offers a rich set of development tools and resources, they still need continuous optimization and updates to meet the evolving needs of developers.

  1. Tools and resources: More comprehensive and user-friendly development tools and documentation are needed, supporting additional programming languages and development environments.
  2. Education and training: Enhancing developers’ understanding and application of TON technology by providing effective educational and training resources to help more developers master and utilize TON blockchain technology.

7. Insufficient disintermediation and security

The TON system still has some shortcomings in decentralization and security. For example, the separation mechanism between validators and collectors has not yet been fully implemented, which could affect the system’s decentralization features and censorship resistance.

Technical implementation difficulty: Designing and implementing mechanisms like validator-collector separation and Slashing Optimization requires in-depth modifications to the consensus protocol, involving complex network security and economic incentive system designs.

Legal compliance: During the modification and optimization of the consensus mechanism, it is crucial to ensure compliance with regulations related to financial security and anti-money laundering, operating in a legal and secure manner.

Although TON has taken proactive measures in areas such as ecosystem diversity, user experience, cross-chain interoperability, privacy protection, performance scaling, developer support, and decentralization and security, further improvements and refinements are needed to address future challenges.

Summary and suggestions

TON, as an innovative and rapidly developing blockchain project, shows immense potential. However, there are still shortcomings in its ecosystem diversity, user experience, cross-chain interoperability, and compliance. Nevertheless, TON has demonstrated strong adaptability and a spirit of continuous innovation throughout its development.

As a project that once operated with great momentum but was shut down due to regulatory issues, its restart has shown a significant emphasis on compliance. Through a series of measures, TON has undertaken a comprehensive legal compliance strategy to ensure its platform operates legally worldwide, mitigate legal risks, and enhance user trust.

Despite these proactive compliance measures, the high level of encryption and anonymity on the Telegram platform attracts many illegal actors. Combined with the privacy and de-banking nature of blockchain, this makes it a potential breeding ground for illicit activities. Although TON requires KYC for wallet withdrawals, simply providing ID does not completely eliminate illegal activities.

Future regulatory challenges remain severe. TON must continuously monitor and adapt to the evolving global regulatory environment to avoid the risk of being shut down again. As the ecosystem becomes more prosperous, the regulatory risks increase. All projects face challenges related to technical security, user privacy protection, and compatibility with traditional financial systems.

TON’s path to risk mitigation is long and arduous.

Though this is the third report on TON, it is not the end. We will continue to follow the TON ecosystem and bring more updates and insights in the future. Thank you for your readership and support. We hope you follow Wolfdao, provide more suggestions, and engage in discussions to grow together with us.

Securities Act of 1933:https://www.law.cornell.edu/wex/securities_act_of_1933

Europe’s General Data Protection Regulation (GDPR):https://gdpr.eu

California Consumer Privacy Act (CCPA):https://oag.ca.gov/privacy/ccpa

TON open network documentation:FunC Language Guide

TON blockchain development documents:Smart Contract Vulnerability Analysis

Disclaimer:

  1. This article is reproduced from [WolfDAO], the copyright belongs to the original author [Mat, Riffi, Sylvia, Shawn], if you have any objections to the reprint, please contact the Gate Learn team, and the team will handle it as soon as possible according to relevant procedures.

  2. Disclaimer: The views and opinions expressed in this article represent only the author’s personal views and do not constitute any investment advice.

  3. Other language versions of the article are translated by the Gate Learn team and are not mentioned in Gate.io, the translated article may not be reproduced, distributed or plagiarized.

Nu Starten
Meld Je Aan En Ontvang
$100
Voucher!