TonBit, a subsidiary of BitsLab, has discovered a new vulnerability in the TON virtual machine that may cause abnormal contract execution

TonBit, a security team under BitsLab, has discovered a new vulnerability in TON Virtual Machine (TVM) that involves state transition issues with the RUNVM instruction. This vulnerability may cause the smart contract operating environment to be compromised, leading to contract anomalies. Specifically, attackers can exploit the moment when a virtual machine runs out of gas to damage its critical libraries, causing subsequent operations that depend on these libraries to fail. TonBit has submitted the vulnerability details and repair plan to the TON Foundation and assisted in completing the repair work. Developers are advised to update in a timely manner after the official release of patches, while strengthening checks on library integrity and gas management in contracts to prevent similar issues from being maliciously exploited.