No new notifications
More
Rise/fall colour
Start-End Time of the Change
- Topic
150k posts
91k posts
71k posts
61k posts
58k posts
50k posts
49k posts
47k posts
45k posts
- 10#比特币#
45k posts
- Pin
- $TRUMP launches exclusively on Gate Pilot!
Americian President Donald Trump (@realDonaldTrump) released his office memecoin in X today. In less than 2 hours, $TRUMP’s market cap surged past $8 billion with a trading volume of $1 billion!
Don't miss the global rise of $TRUMP, trade now https://www.gate.io/pilot/solana/official-trump-trump2?X1=
- How to Optimize Gate Post Profile to Boost Community Influence? Gate Post 101 a single article helps you to master it!
- 🎉 Gate Post #NewYearNewLook# Event is live: Refresh Gate Post profile & Share a Prize of $400!
🌟 Select 30 best refreshed profile participants, grab $400 Points!
🔍 How to Participate:
1.Post a screenshot of your updated profile with the #NewYearNewLook# tag
2.Introduce yourself or encourage others to follow you in your post
3.Posts must be at least 30 words and cannot include other tags
Profile Update Requirements:
🔹 Change your nickname: Related to crypto or yourself. Avoid formats like GateUser-98c7bc6a
🔹 Update your avatar: Choose an image or NFT that reflects your personality or crypt
- 📢 #GateOpinionQuest# for #76# is online! DYOR on GateToken (GT), share your opinion on Gate Post, grab $100 GT!
💰️ Select 5 high-quality posters, win $20 GT each easily!
👉 How to Participate:
1.Research $GT and share your opinion on Gate Post.
2.Include $GT Spot trading link: https://www.gate.io/trade/GT_USDT
3.Promote $GT token holding community, join to win amazing New Year 2025 gifts: https://www.gate.io/announcements/article/42532
4.Promote APP "GT Hub", one click to claim one-stop exclusive benefits: https://www.gate.io/announcements/article/42565
Suggested Content Themes:
🔹 How is th
- 🖥 Gate Post Ambassadors are Now Actively Recruiting!
✨ Welcome All Quality Content Creators to Apply and Become Gate Post Ambassadors!
Click the Link to Join 👉 https://www.gate.io/questionnaire/4937
🎁 Become an Ambassador to Unlock Exclusive Privileges and Enjoy Generous Benefits!
- Special Benefits Tasks
- Exclusive Merch
- Red Packet Support
- VIP 5 & Golden Mark
- Honorary Ambassador
Details: https://www.gate.io/article/38592
Focus on the 2024 TON ecosystem: ecosystem technology analysis and major security incidents
With the rapid development of blockchain technology, various ecosystem have emerged, among which the TON (The Open Network) ecosystem created by Telegram, with its unique architecture and powerful functionality, has gradually become a focus of the industry. Another important reason is the huge user base of Telegram, with over 700 million active users, providing a broad user base for the promotion and application of TON. In 2024, the TON ecosystem made significant progress in technological innovation, application expansion, and security protection. This article will comprehensively analyze the basic architecture of the TON ecosystem, the flexible Proof of Stake mechanism, the expanded use cases and advantages, as well as the recent major security incidents and their response measures, aiming to present a comprehensive and in-depth view of the TON ecosystem to readers.
TON Basic Introduction and Architecture
TON (The Open Network) is a blockchain and digital communication protocol created by Telegram, aimed at building a fast, secure, and scalable blockchain platform that provides decentralized applications and services for users. By combining blockchain technology with Telegram's communication capabilities, TON achieves high performance, high security, and high scalability. It supports developers in building various decentralized applications and provides a distributed storage solution. Compared to traditional blockchain platforms, TON has faster processing speed and throughput, and adopts the Proof-of-Stake consensus mechanism.
Flexible and shardable PoS architecture
TON adopts the Proof of Stake consensus mechanism and achieves high performance and versatility through its Turing-complete smart contracts and asynchronous blockchain. TON's lightning-fast and low-cost transactions are supported by the chain's flexible and sharded architecture. This architecture allows for easy scalability without sacrificing performance. Dynamic sharding involves the preliminary development of separate shards with their own purposes, which can run simultaneously and prevent large-scale congestion. TON has a block time of 5 seconds and a finality time of less than 6 seconds.
The existing infrastructure is divided into two main parts:
● Main Chain (Masterchain): Responsible for processing all important and critical data of the protocol, including the addresses of validators and the amount of validated coins.
●Workchain: A secondary chain connected to the main chain, containing all transaction information and various smart contracts, each workchain can have different rules.
This hierarchical architecture not only improves the efficiency of the network, but also provides a solid foundation for future expansion.
Expanded use cases and advantages
With the support of a sound technical architecture, the TON ecosystem has made significant progress in multiple aspects in 2024. As a decentralized autonomous organization (DAO) operated by the TON core community, the TON Foundation has provided comprehensive support for various projects in the ecosystem, including developer support and liquidity incentive programs. Specifically, the TON community has excelled in the following areas:
The launch of TON Connect 2.0: Providing an intuitive way to connect wallets and applications, improving user experience.
●TON Verifier: An intelligent contract checker created by the Orbs team, improving the reliability of contracts.
● Blueprint Development Tool: Helps developers write, test, and deploy smart contracts.
● Sandbox Developer Toolkit: Suitable for various use cases from enterprises to governments.
●Tact, Func and other newly supported languages: promoting a more powerful programming environment.
● Developer support: TON Foundation has partnered with DoraHacks to launch a three-month online hackathon.
●TON Hubs Internationalization: International centers have been launched in multiple cities worldwide.
● DeFi Liquidity Incentive Program: Provide funding for projects to promote the sustainability of the TON DeFi field
These measures have not only promoted the prosperity of the ecosystem, but also created a richer and safer usage environment for developers and users.
Security incidents in the TON ecosystem
Despite the numerous advances in the technical and application aspects of the TON ecosystem, security issues remain an important aspect that cannot be ignored.
Recently, the TON official team expressed their gratitude to the TonBit team under BitsLab for their discovery of critical vulnerabilities in the TON virtual machine in the latest update instructions. If exploited maliciously, these vulnerabilities could lead to resource depletion and system crashes in the virtual machine, thereby affecting the overall stability of the TON network. With their strong technical expertise, the TonBit team quickly identified the problem and proposed effective solutions, building a safer operating environment for the TON virtual machine and further enhancing the overall stability of the TON ecosystem.
The root cause of this vulnerability lies in the risk of nested operation design in the TON virtual machine when handling contract continuations. Malicious contracts can trigger a recursive evaluation process by creating deeply nested continuation structures, depleting the virtual machine's host stack space. This resource exhaustion attack may cause the TON virtual machine to crash abnormally, in simple terms, not using one TON can cause all Validators to crash, directly affecting the system's availability.
After in-depth analysis and collaboration with Ton Core, the TonBit team has proposed an innovative solution that can adjust the internal jump mechanism of the virtual machine to replace recursive calls with iterative ones. This solution has been applied in the latest version of TON, providing TON users with a safer and more stable operating experience.
After dealing with this major security incident, the TON team deeply realizes the importance of continuously strengthening security protection. In order to ensure the long-term stability and security of the ecosystem, the team not only promptly fixed the vulnerabilities, but also actively summarized the experience and formulated more comprehensive security strategies. Based on this, the following will discuss how the TON ecosystem can further enhance security in the future, ensuring effective response to potential security challenges while rapidly developing.
In addition, on May 22, 2024, after the staking event celebrating the prosperity of the TON ecosystem, a staking contract of a certain protocol was attacked by hackers due to protocol parameter misconfiguration, resulting in a large amount of tokens being stolen from the contract. After the incident, the project party immediately suspended the staking reward claiming function and allocated a large amount of $USDT to repurchase the lost 307,264 tokens.
After the attack, the project team quickly contacted TonBit for an audit. TonBit demonstrated its professionalism, responded quickly, and mobilized a team of security experts to conduct a comprehensive and meticulous security audit of the project's core code. TonBit's security experts identified six low-risk issues and immediately communicated them to the project team. With their rich experience and professional technical ability, TonBit not only provided specific solutions to the issues but also assisted the team in quickly completing all the necessary fixes, ensuring the security and stability of the contract.
Furthermore, on May 10, 2024, the TonBit team under BitsLab discovered that when processing transfers messages in TON, although comments could be added, some wallets had potential misleading UI designs when displaying these comments. This design flaw was exploited by hackers, who were able to manipulate the comments of transfers messages to display false information to users during the transaction process, thereby committing fraud and causing users to make mistaken operations, resulting in financial losses.
To address this issue, TonBit suggests that wallet applications should add prominent annotations when displaying this information to remind users that these contents are not trustworthy. In addition, wallet development teams should improve UI design to ensure transparency and reliability in displaying transaction information. At the same time, users also need to enhance their discernment and be vigilant about suspicious transaction information.
TonBit recommends that the wallet development team introduce a multi-layer verification mechanism when displaying transaction note information, such as verifying the source of the note information to ensure its reliability. In addition, regular user education and security tips should be provided to help users identify and prevent potential fraudulent activities. By combining technical means and user education, the occurrence of such security incidents can be effectively reduced.
It is also worth mentioning similar incidents like the use of contracts with backdoors, such as BookPad, to deceive funds and run away with the money. On April 15, 2024, BookPad released a closed-source smart contract with a backdoor and started its presale activities. After receiving sufficient funds, they used the backdoor in the contract to withdraw the funds and swiftly absconded with the money.
To prevent similar incidents from happening again, users should collect as much information as possible about the project party and choose projects that are open source and have undergone rigorous security audits before participating in any investment activities.
In conclusion, although the TON ecosystem has made significant progress in technology and applications, security issues should not be ignored. The TonBit team under BitsLab has effectively improved the security and stability of the system by promptly discovering and assisting in fixing critical vulnerabilities, and has demonstrated professional auditing and resolution capabilities in multiple security incidents. In the future, the TON ecosystem will continue to strengthen security measures, improve security strategies, and ensure that it can effectively respond to various potential security challenges while ensuring the long-term security of users and the network amidst rapid development.
Next, we will delve into how the TON ecosystem can enhance security in the process of continuous expansion and development to ensure the robust operation of the system and the trust of users. To this end, the TonBit team analyzes the current security challenges facing the TON ecosystem in detail, as well as advanced protection technologies that can be adopted, and recommends the implementation of rigorous security audits to build a more secure and reliable ecological environment. Through these measures, the stability and user trust of the TON network will be significantly enhanced, thus promoting the sustainable and healthy development of the TON ecosystem.
TON ecosystem security outlook
The TON ecosystem is rapidly developing in expanding decentralized applications (dApps) and infrastructure, but due to its unique architecture and functionality, TON faces some unique security challenges. Here are some security recommendations and best practices for TON ecosystem developers:
Node distribution and protection: TON uses sharding and Distributed Hash Table (DHT) technology to improve network scalability, but if the node distribution is uneven or lacks sufficient protection, it may lead to malicious nodes dominating the network, conducting routing table pollution or network partition attacks. Developers should enhance node verification mechanisms and improve network defense capabilities by increasing node monitoring and blacklisting mechanisms.
Security of smart contracts: The programming of TON's smart contracts is different from other public chains, and the contract logic is more complex. Developers should strictly follow the best practices for secure development, pay attention to resource management and boundary checks in the code, and avoid common contract vulnerabilities. Conduct code audits and regular reviews of contracts, and use contract testing tools to improve code reliability.
Data integrity and anti-tampering: The distributed storage of TON increases the convenience of data sharing and access, but also brings the risk of tampering. Developers can introduce multi-level data encryption and authentication mechanisms, and introduce data consistency verification between nodes to ensure data integrity during transmission.
By taking these measures, the TON ecosystem is able to maintain its high level of security and stability while continuing to expand, providing users and developers with more reliable services.
Summary
In 2024, the TON ecosystem has made significant progress in terms of technological architecture, application expansion, and security protection. Its flexible and shardable PoS architecture, high-performance transaction processing capability, and rich developer tools have laid a solid foundation for the prosperity of the ecosystem. At the same time, in the face of security challenges, the TON official team's close cooperation with security experts has promptly fixed critical vulnerabilities, further enhancing the stability and security of the system. Looking ahead, continuous attention and improvement of security protection capabilities will be the key to achieving long-term sustainable development as the TON ecosystem continues to evolve. The continuous progress of the TON ecosystem not only provides new ideas for the development of blockchain technology but also creates a safer and more efficient digital world for users and developers.
To read our full report, please click:
About TonBit
TonBit, as the core sub-brand of BitsLab, is a security expert and early builder in the TON ecosystem. As the primary security provider for the TON blockchain, TonBit focuses on comprehensive security audits, including audits of Tact and FunC languages, ensuring the integrity and security of TON-based projects. To date, TonBit has successfully audited several well-known projects including Catizen, Algebra, and UTonic, identifying multiple critical vulnerabilities, demonstrating our outstanding capabilities in blockchain security. Additionally, TonBit has successfully hosted the TON CTF competition, attracting numerous participants and garnering widespread attention, further consolidating its position as a security expert in the TON ecosystem. In the future, TonBit will continue to safeguard blockchain security and promote the continuous development of technology and the ecosystem.
About BitsLab
BitsLab is an organization dedicated to the security of the Web3 ecosystem, aiming to become a respected security institution in the industry and among users. It has three sub-brands: MoveBit, ScaleBit, and TonBit. It focuses on the development and security audit of infrastructure in multiple ecosystems such as Sui, Aptos, TON, BNB Chain, Starknet, Solana, and is proficient in auditing various programming languages including Circom, Halo2, Move, Cairo, etc.
As a leader in blockchain security, BitsLab provides security audit services for multiple projects, including Movement, Aptos, Tether, UniSat, Nervos CKB, etc. It has delivered more than 400 security solutions, audited over 400,000 lines of code, protected $8 billion in assets, and served over 2 million users. The team brings together top vulnerability researchers who have discovered critical vulnerabilities in many well-known projects. BitsLab is committed to promoting the development of Web3 security and the healthy growth of emerging ecosystems.
Visit the BitsLab official website:
BitsLab Official Twitter:
Join the official Telegram community:
BitsLab sub-brand official website:
TonBit:
MoveBit:
ScaleBit:
Audit requirements, please contact Telegram: @starchou