BitsLab reveals key vulnerabilities in TON virtual machine and receives official thanks

According to BitsLab, its security team TonBit recently discovered a null pointer dereference vulnerability in the INMSGAPAM instruction of TON Virtual Machine (TVM) v2025.04, which allows attackers to trigger virtual machine crashes by constructing special message parameters. This vulnerability was proactively reported by TonBit before the launch of TVM11 and was officially fixed and acknowledged. The root cause of the vulnerability is that the as_tuple() function did not short the pointer check. TonBit emphasizes that it will continue to strengthen TVM security protection to ensure the stability of on chain contract execution.