Catenaa, Thursday, June 12, 2025-TonBit, a security arm of BitsLab and the primary security assurance provider for the TON blockchain, has identified a serious vulnerability in the TON Virtual Machine (TVM), the companies announced recently.
The flaw involves the RUNVM instruction, which may allow attackers to corrupt smart contract libraries by exploiting a non-atomic state transition during gas exhaustion in sub-VMs.
The vulnerability could cause contracts dependent on library integrity to fail unexpectedly, risking disruption across the TON ecosystem. TonBit promptly disclosed the issue to the TON Foundation and collaborated on an immediate patch, now fully deployed to secure the platform.
TonBit released detailed technical documentation to assist developers in understanding and mitigating the risk, emphasizing the importance of updating dependency libraries once patches are available. The firm also advises implementing stricter library integrity and gas management checks in custom contracts to prevent similar exploits.
TonBit has a strong track record auditing TON projects, including Catizen, Algebra, and PixelSwap, and BitsLab’s broader Web3 security operations span multiple blockchain ecosystems such as Aptos, Sui, and Solana. The company has audited over 400,000 lines of code and safeguarded $8 billion in assets.
Developers and users within the TON community are urged to stay vigilant and apply recommended updates to maintain ecosystem security.
For full technical details, visit TonBit’s LinkedIn post. For details contact han@bitslab.xyz](mailto:han@bitslab.xyz
