Skills

ton-vulnerability-scanner

Installation
Summary

Scans TON smart contracts for 3 critical vulnerabilities: integer-as-boolean misuse, fake Jetton contracts, and unsafe gas forwarding.

  • Detects FunC contracts via file extensions (.fc, .func) and TON project structure (Blueprint, toncli configs)
  • Identifies three vulnerability patterns: missing sender validation in Jetton handlers, incorrect boolean logic using positive integers instead of -1/0, and forward TON amounts without gas checks
  • Provides detailed findings with vulnerable code snippets, attack scenarios, proof-of-concept examples, and recommended fixes
  • Includes testing strategies with unit and integration test templates for validating boolean operations, rejecting fake Jetton transfers, and verifying gas constraints
SKILL.md

TON Vulnerability Scanner

1. Purpose

Systematically scan TON blockchain smart contracts written in FunC for platform-specific security vulnerabilities related to boolean logic, Jetton token handling, and gas management. This skill encodes 3 critical vulnerability patterns unique to TON's architecture.

2. When to Use This Skill

  • Auditing TON smart contracts (FunC language)
  • Reviewing Jetton token implementations
  • Validating token transfer notification handlers
  • Pre-launch security assessment of TON dApps
  • Reviewing gas forwarding logic
  • Assessing boolean condition handling

3. Platform Detection

File Extensions & Indicators

  • FunC files: .fc, .func
Related skills

More from trailofbits/skills

Installs
2.2K
Repository
trailofbits/skills
GitHub Stars
5.1K
First Seen
Jan 19, 2026
Security Audits
Gen Agent Trust HubPass
SocketPass
SnykWarn