TON Smart Contract Best Practices (Tolk)

Overview

TON uses an asynchronous actor model: one transaction changes state of one account processing one message. A single Ethereum tx can span thousands of TON txs across hundreds of blocks. This creates unique vulnerability classes absent from Solidity.

Language: Tolk v1.2 -- compiles to TVM 12 bytecode. Modern syntax, explicit mutation, union types, lazy fields, built-in message construction APIs.

Based on: 233 vulnerabilities from 34 audits (29 projects, 11 firms). Top findings: logical errors (70), auth (25), centralization (19).

Key reference files:

• vulnerabilities.md — Full vulnerability catalog with code examples
• audit-checklist.md — Complete audit checklist
• tolk-security.md — Tolk-specific language pitfalls
• tvm-async.md — TVM internals, async model, bounce messages (Tolk 1.2 / TVM 12)
• tolk-best-practices.md — Tolk language best practices