(Not So) Smart Contracts
This repository contains examples of common TON smart contract vulnerabilities, featuring code from real smart contracts. Utilize the Not So Smart Contracts to learn about TON vulnerabilities, refer to them during security reviews, and use them as a benchmark for security analysis tools.
Features
Each Not So Smart Contract consists of a standard set of information:
- Vulnerability type description
- Attack scenarios to exploit the vulnerability
- Recommendations to eliminate or mitigate the vulnerability
- Real-world contracts exhibiting the flaw
- References to third-party resources providing more information
Vulnerabilities
| Not So Smart Contract | Description |
|---|---|
| Int as boolean | Unexpected result of logical operations on the int type |
| Fake Jetton contract | Any contract can send a transfer_notification message |
| Forward TON without gas check | Users can drain TON balance of a contract lacking gas check |
| Missing Bounce Handler | Bounceable messages without bounce processing cause fund loss |
| Irreversible State Changes | Multi-contract flows leave state inconsistent on failure |
| Raw Reserve Before Validation | Calling raw_reserve before checks locks funds permanently |
| Unvalidated Storage Upgrade | Saving unvalidated cells via set_data bricks the contract |
Missing impure Specifier | Functions without impure can be removed by the FunC compiler |
| Silent Message Failure | SendIgnoreErrors silently drops messages when balance is insufficient |
| Race Conditions | Concurrent message flows corrupt shared state |
Credits
These examples are developed and maintained by Trail of Bits.
If you have any questions, issues, or wish to learn more, join the #ethereum channel on the Empire Hacking Slack or contact us directly.