home / skills / plurigrid / asi / ton-vulnerability-scanner

ton-vulnerability-scanner skill

safe

/skills/ton-vulnerability-scanner

This skill scans TON smart contracts for critical vulnerabilities and guides secure FunC auditing practices.

npx playbooks add skill plurigrid/asi --skill ton-vulnerability-scanner

Review the files below or copy the command above to add this skill to your agents.

Files (1)

SKILL.md

1.6 KB

---
name: ton-vulnerability-scanner
description: Scans TON (The Open Network) smart contracts for 3 critical vulnerabilities including integer-as-boolean misuse, fake Jetton contracts, and forward TON without gas checks. Use when auditing FunC contracts. (project, gitignored)
category: building-secure-contracts
author: Trail of Bits
source: trailofbits/skills
license: AGPL-3.0
trit: -1
trit_label: MINUS
verified: true
featured: false
---

# Ton Vulnerability Scanner Skill

**Trit**: -1 (MINUS)
**Category**: building-secure-contracts
**Author**: Trail of Bits
**Source**: trailofbits/skills
**License**: AGPL-3.0

## Description

Scans TON (The Open Network) smart contracts for 3 critical vulnerabilities including integer-as-boolean misuse, fake Jetton contracts, and forward TON without gas checks. Use when auditing FunC contracts. (project, gitignored)

## When to Use

This is a Trail of Bits security skill. Refer to the original repository for detailed usage guidelines and examples.

See: https://github.com/trailofbits/skills

## Related Skills

- audit-context-building
- codeql
- semgrep
- variant-analysis


## SDF Interleaving

This skill connects to **Software Design for Flexibility** (Hanson & Sussman, 2021):

### Primary Chapter: 9. Generic Procedures

**Concepts**: dispatch, multimethod, predicate dispatch, generic

### GF(3) Balanced Triad

```
ton-vulnerability-scanner (○) + SDF.Ch9 (○) + [balancer] (○) = 0
```

**Skill Trit**: 0 (ERGODIC - coordination)


### Connection Pattern

Generic procedures dispatch on predicates. This skill selects implementations dynamically.

Overview

This skill scans TON (The Open Network) smart contracts for three high-impact vulnerabilities: integer-as-boolean misuse, fake Jetton contracts, and forwarding TON without proper gas checks. It is written in Python and targeted at developers and auditors working with FunC contracts. Use it as part of a security audit or continuous security checks on contract source trees.

How this skill works

The scanner parses FunC contract source and performs static analysis to detect patterns that correspond to the three targeted issues. It flags integer fields used like booleans, identifies contract code and interfaces that mimic Jetton behavior to trick callers, and finds code paths that forward TON without validating gas or balance. Results include file locations and concise diagnostic notes to guide remediation.

When to use it

During manual or automated security audits of FunC smart contracts
Before deploying TON contracts to mainnet or testnet
As a pre-commit or CI check for repositories that contain FunC code
When reviewing third-party or vendor-provided TON contracts
When training developers on secure TON contract patterns

Best practices

Run the scanner on the full source tree, not only on compiled artifacts, to catch misuse patterns early
Combine this tool with manual review for complex control- and state-dependent issues
Integrate into CI to block merges that introduce flagged vulnerabilities
Review flagged results promptly and prioritize fixes for issues that enable token theft or unexpected fund forwarding
Keep the scanner and test fixtures in sync with FunC language updates and ABI changes

Example use cases

Audit a FunC-based token contract repository before mainnet deployment to catch integer-as-boolean mistakes
Scan a collection of imported or vendor contracts to detect fake Jetton implementations that could enable phishing or token theft
Add the scanner to CI so pull requests that introduce forwarding without gas checks fail automatically
Use the scanner output to create precise remediation tickets for developers and security teams
Run the tool while triaging vulnerability reports to quickly eliminate false positives and focus on exploitable paths

FAQ

Which vulnerabilities are covered?

It focuses on three critical issues: integer-as-boolean misuse, fake Jetton contracts, and forwarding TON without gas checks.

Can this replace a full security audit?

No. This tool targets specific, high-impact patterns and should be used alongside manual review and broader automated analysis tools.