pith. sign in

arxiv: 2509.10823 · v2 · submitted 2025-09-13 · 💻 cs.CR · cs.DC

From Paradigm Shift to Audit Rift: Empirical Analysis and Validation of Security Audit Methodologies for Asynchronous Smart Contract Systems

Yury Yanovich , Sergey Sobolev , Yash Madhwal , Kirill Ziborov , Vladimir Gorgadze , Victoria Kovalevskay , Elizaveta Smirnova , Matvey Mishuris
show 1 more author
Subodh Sharma
This is my paper

Pith reviewed 2026-05-18 17:03 UTC · model grok-4.3

classification 💻 cs.CR cs.DC
keywords TONsmart contractssecurity auditsasynchronous systemsvulnerability analysisblockchain securityaudit checklistThe Open Network
0
0 comments X

The pith

Analysis of 233 vulnerabilities from 34 TON audit reports produces a checklist for asynchronous smart contract risks.

A machine-rendered reading of the paper's core claim, the machinery that carries it, and where it could break.

The paper establishes an audit checklist for TON smart contracts by examining 34 real professional audit reports that identified 233 vulnerabilities. The focus is on challenges unique to TON's asynchronous message handling and multi-layered architecture. A reader would care if this approach successfully translates empirical findings into practical guidance that reduces security risks in a growing blockchain ecosystem. The authors support their checklist with case studies and a practitioner survey showing its utility alongside automated tools.

Core claim

By conducting an empirical analysis of 34 professional audit reports containing 233 real-world vulnerabilities in TON smart contracts, the paper derives a comprehensive audit checklist that specifically addresses asynchronous execution challenges, offering developers and auditors a structured method to enhance security in the TON ecosystem.

What carries the argument

The audit checklist derived from empirical analysis of professional audit reports, which captures TON-specific vulnerability patterns such as those in asynchronous message handling.

If this is right

  • Adoption of the checklist allows systematic identification and mitigation of vulnerabilities in TON smart contracts.
  • Practitioners can integrate the checklist with automated tools to improve audit effectiveness, as confirmed by survey responses.
  • Detailed case studies provide lessons on the implications of specific vulnerabilities for TON projects.
  • The approach bridges mature Ethereum audit methodologies with the needs of the emerging TON ecosystem.

Where Pith is reading between the lines

These are editorial extensions of the paper, not claims the author makes directly.

  • Similar checklists could be developed for other blockchain platforms that use asynchronous or message-based execution models by applying the same empirical review method.
  • The checklist might be expanded or validated through larger-scale studies involving more audit reports or live contract deployments.
  • Developers outside the TON community could adapt elements of this methodology to address non-standard execution environments in their own systems.

Load-bearing premise

The 34 selected professional audit reports accurately represent the full range of vulnerabilities in TON smart contracts without bias in selection or reporting.

What would settle it

A new audit of TON smart contracts that reveals significant vulnerabilities not addressed by the proposed checklist would indicate its incompleteness.

Figures

Figures reproduced from arXiv: 2509.10823 by Elizaveta Smirnova, Kirill Ziborov, Matvey Mishuris, Sergey Sobolev, Subodh Sharma, Victoria Kovalevskay, Vladimir Gorgadze, Yash Madhwal, Yury Yanovich.

Figure 1
Figure 1. Figure 1: The number of vulnerabilities in TON smart contracts [PITH_FULL_IMAGE:figures/full_fig_p007_1.png] view at source ↗
read the original abstract

The Open Network (TON) is a high-performance blockchain platform designed for scalability and efficiency, leveraging an asynchronous execution model and a multi-layered architecture. While TON's design offers significant advantages, it also introduces unique challenges for smart contract development and security. This paper introduces a comprehensive audit checklist for TON smart contracts, based on an empirical analysis of 34 professional audit reports containing 233 real-world vulnerabilities. The checklist addresses TON-specific challenges, such as asynchronous message handling, and provides actionable insights for developers and auditors. We also present detailed case studies of vulnerabilities in TON smart contracts, highlighting their implications and offering lessons learned. To validate practical utility, we conducted a practitioner survey (n=11 complete responses), confirming the checklist's value alongside automated tools. By adopting this checklist, developers and auditors can systematically identify and mitigate vulnerabilities, enhancing the security and reliability of TON-based projects. Our work bridges the gap between Ethereum's mature audit methodologies and the emerging needs of the TON ecosystem, fostering a more secure and robust blockchain environment.

Editorial analysis

A structured set of objections, weighed in public.

Desk editor's note, referee report, simulated authors' rebuttal, and a circularity audit. Tearing a paper down is the easy half of reading it; the pith above is the substance, this is the friction.

Referee Report

2 major / 1 minor

Summary. The paper claims to derive a comprehensive, TON-specific audit checklist from an empirical analysis of 34 professional audit reports containing 233 real-world vulnerabilities, supplemented by case studies of asynchronous message-handling issues and a practitioner survey (n=11 complete responses) that validates the checklist's utility alongside automated tools.

Significance. If the checklist is shown to be generalizable, the work would provide practical value by extending established Ethereum audit practices to TON's asynchronous execution model and multi-layered architecture. The grounding in 233 real vulnerabilities from professional reports and the inclusion of case studies constitute a clear empirical strength.

major comments (2)
  1. [§3] §3 (Data Collection and Analysis): The manuscript provides no explicit criteria for selecting the 34 audit reports, no description of the vulnerability classification scheme, and no measure of inter-rater reliability. These omissions directly affect the claim that the extracted patterns yield a representative and comprehensive checklist.
  2. [§5] §5 (Survey Validation): The survey reports only 11 complete responses. This sample size is too small to furnish statistically meaningful confirmation of the checklist's practical utility or to support the assertion that it addresses TON-specific challenges across the practitioner community.
minor comments (1)
  1. [Abstract] The abstract states the sample sizes (34 reports, 233 vulnerabilities, n=11) but could foreground the 233-vulnerability count earlier to better emphasize the empirical basis.

Simulated Author's Rebuttal

2 responses · 0 unresolved

We thank the referee for their constructive feedback on our manuscript. We address each major comment below, indicating the revisions we will make to enhance transparency and acknowledge limitations.

read point-by-point responses

  1. Referee: [§3] §3 (Data Collection and Analysis): The manuscript provides no explicit criteria for selecting the 34 audit reports, no description of the vulnerability classification scheme, and no measure of inter-rater reliability. These omissions directly affect the claim that the extracted patterns yield a representative and comprehensive checklist.

    Authors: We agree that greater methodological transparency is warranted. In the revised manuscript, we will expand §3 to explicitly state the selection criteria for the 34 audit reports (professional audits of TON projects published between 2022 and 2024 and accessible via public repositories or firm disclosures), describe the vulnerability classification scheme (a hierarchical taxonomy adapted from OWASP and Ethereum guidelines but specialized for asynchronous messaging, actor-model state transitions, and multi-layer TON architecture), and report inter-rater reliability (two authors independently coded a 20% random sample of vulnerabilities, resolving disagreements through discussion). These additions will directly support the representativeness claim. revision: yes

  2. Referee: [§5] §5 (Survey Validation): The survey reports only 11 complete responses. This sample size is too small to furnish statistically meaningful confirmation of the checklist's practical utility or to support the assertion that it addresses TON-specific challenges across the practitioner community.

    Authors: We accept that n=11 limits statistical generalizability. The revised version will reframe the survey results as exploratory qualitative validation rather than confirmatory evidence, explicitly note the small sample as a limitation arising from the specialized TON practitioner pool, and qualify all claims about community-wide utility. We will also add a forward-looking statement on the need for larger-scale validation in future work. revision: partial

Circularity Check

0 steps flagged

No circularity: checklist derived from external reports and validated by independent survey

full rationale

The paper performs an empirical analysis of 34 external professional audit reports (containing 233 vulnerabilities) to extract patterns and produce a TON-specific checklist, then validates utility via a separate practitioner survey (n=11). No equations, fitted parameters, self-definitional loops, or load-bearing self-citations are present. The derivation chain relies on independent external data sources rather than reducing the output to the paper's own inputs or prior results by construction. This is a standard empirical study with no mathematical or definitional circularity.

Axiom & Free-Parameter Ledger

0 free parameters · 1 axioms · 0 invented entities

The work rests on the domain assumption that the chosen audit reports capture representative TON vulnerabilities; no free parameters, new physical entities, or ad-hoc mathematical axioms are introduced.

axioms (1)
  • domain assumption The 34 professional audit reports are representative of common vulnerabilities in TON smart contracts.
    This premise enables the empirical derivation of the checklist from the collected vulnerability data.

pith-pipeline@v0.9.0 · 5749 in / 1024 out tokens · 53445 ms · 2026-05-18T17:03:45.561985+00:00 · methodology

discussion (0)

Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.

Reference graph

Works this paper leans on

58 extracted references · 58 canonical work pages

  1. [1]

    Durov, Telegram Open Network (2019) 1–132

    N. Durov, Telegram Open Network (2019) 1–132. URLhttps://test.ton.org/tblkch.pdf

    work page 2019

  2. [2]

    M. P. Berger, J. G. Tenreiro, K. McGrath, SEC against Telegram Group inc. and TON issuer inc., Tech. rep., SECURITIES AND EXCHANGE COM- MISSION (2019). URLhttps://www.sec.gov/files/litigation/ complaints/2019/comp-pr2019-212.pdf

    work page 2019

  3. [3]

    URLhttps://ton.org/toncoin

    TON, Toncoin: The future of currency. URLhttps://ton.org/toncoin

    work page

  4. [4]

    URLhttps://docs.ton.org/

    TON, Welcome to the TON Blockchain documenta- tion. URLhttps://docs.ton.org/

    work page

  5. [5]

    Durov, Telegram Open Network Virtual Machine, Tech

    N. Durov, Telegram Open Network Virtual Machine, Tech. rep. (2020). URLhttps://ton-blockchain.github.io/docs/ tvm.pdf

    work page 2020

  6. [6]

    Buterin, Ethereum White Paper: A Next Gener- ation Smart Contract & Decentralized Application Platform, Ethereum (January) (2014) 1–36

    V. Buterin, Ethereum White Paper: A Next Gener- ation Smart Contract & Decentralized Application Platform, Ethereum (January) (2014) 1–36. URLhttps://github.com/ethereum/wiki/wiki/ White-Paper

    work page 2014

  7. [7]

    In: Dim- itrova, R., Lahav, O., Wolff, S

    N. Atzei, M. Bartoletti, T. Cimoli, A Survey of At- tacks on Ethereum Smart Contracts (SoK), in: Lec- ture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), Vol. 10204 LNCS, Springer Verlag, 2017, pp. 164–186.doi:10.1007/978-3- 662-54455-6_8. URLhttp://link.springer.com/10.1007/97...

    work page doi:10.1007/978-3- 2017

  8. [8]

    J. Chen, X. Xia, D. Lo, J. Grundy, X. Luo, T. Chen, Defining Smart Contract Defects on Ethereum, IEEE Transactions on Software Engineering 48 (1) (2022) 327–345.doi:10.1109/TSE.2020.2989002. URLhttps://ieeexplore.ieee.org/document/ 9072659/

    work page doi:10.1109/tse.2020.2989002 2022

  9. [9]

    An empirical study of usages, updates and risks of third-party libraries in java projects,

    P. Zhang, F. Xiao, X. Luo, A Framework and DataSet for Bugs in Ethereum Smart Contracts, in: 2020 9 IEEE International Conference on Software Mainte- nance and Evolution (ICSME), IEEE, 2020, pp. 139– 150.doi:10.1109/ICSME46990.2020.00023

    work page doi:10.1109/icsme46990.2020.00023 2020

  10. [10]

    M. Soud, G. Liebel, M. Hamdaqa, A fly in the oint- ment: an empirical study on the characteristics of Ethereum smart contract code weaknesses, Empir- ical Software Engineering 29 (1) (2024) 13.doi: 10.1007/s10664-023-10398-5

    work page doi:10.1007/s10664-023-10398-5 2024

  11. [11]

    D. He, Z. Deng, Y. Zhang, S. Chan, Y. Cheng, N. Guizani, Smart Contract Vulnerability Analysis and Security Audit, IEEE Network 34 (5) (2020) 276– 282.doi:10.1109/MNET.001.1900656

    work page doi:10.1109/mnet.001.1900656 2020

  12. [12]

    Z. A. Khan, A. Siami Namin, Ethereum Smart Con- tracts: Vulnerabilities and their Classifications, in: 2020 IEEE International Conference on Big Data (Big Data), IEEE, 2020, pp. 1–10.doi:10.1109/ BigData50022.2020.9439088

    work page arXiv 2020

  13. [13]

    Z. A. Khan, A. S. Namin, A Survey of Vulnerabil- ity Detection Techniques by Smart Contract Tools, IEEE Access 12 (2024) 70870–70910.doi:10.1109/ ACCESS.2024.3401623

    work page arXiv 2024

  14. [14]

    Feist, G

    J. Feist, G. Grieco, A. Groce, Slither: A static analysis framework for smart contracts, in: Pro- ceedings - 2019 IEEE/ACM 2nd International Work- shop on Emerging Trends in Software Engineering for Blockchain, WETSEB 2019, Institute of Electri- cal and Electronics Engineers Inc., 2019, pp. 8–15. doi:10.1109/WETSEB.2019.00008

    work page doi:10.1109/wetseb.2019.00008 2019

  15. [15]

    URLhttps://mythx.io/

    Consensys, MythX: Smart contract security service for Ethereum (2025). URLhttps://mythx.io/

    work page 2025

  16. [16]

    It detects security vulnerabilities in smart contracts built for Ethereum and other EVM-compatible blockchains (2025)

    Consensys, Mythril: symbolic-execution-based se- curty analysis tool for EVM bytecode. It detects security vulnerabilities in smart contracts built for Ethereum and other EVM-compatible blockchains (2025). URLhttps://github.com/ConsenSys/mythril

    work page 2025

  17. [17]

    Wüstholz, M

    V. Wüstholz, M. Christakis, Harvey: a greybox fuzzer for smart contracts, in: Proceedings of the 28th ACM Joint Meeting on European Software Engi- neering Conference and Symposium on the Founda- tions of Software Engineering, ACM, New York, NY, USA, 2020, pp. 1398–1409.doi:10.1145/3368089. 3417064

    work page doi:10.1145/3368089 2020

  18. [18]

    de Moura, N

    L. de Moura, N. Bjørner, Z3: An Efficient SMT Solver, 2008, pp. 337–340.doi:10.1007/978-3-540- 78800-3_24

    work page doi:10.1007/978-3-540- 2008

  19. [19]

    Grieco, W

    G. Grieco, W. Song, A. Cygan, J. Feist, A. Groce, Echidna: effective, usable, and fast fuzzing for smart contracts, in: Proceedings of the 29th ACM SIG- SOFT International Symposium on Software Testing and Analysis, ACM, New York, NY, USA, 2020, pp. 557–560.doi:10.1145/3395363.3404366

    work page doi:10.1145/3395363.3404366 2020

  20. [20]

    T. D. Nguyen, L. H. Pham, J. Sun, Y. Lin, Q. T. Minh, sFuzz: an efficient adaptive fuzzer for solidity smart contracts, in: Proceedings of the ACM/IEEE 42nd International Conference on Software Engineer- ing, ACM, New York, NY, USA, 2020, pp. 778–788. doi:10.1145/3377811.3380334

    work page doi:10.1145/3377811.3380334 2020

  21. [21]

    Kalra, S

    S. Kalra, S. Goel, M. Dhawan, S. Sharma, ZEUS: Analyzing Safety of Smart Contracts, in: Proceed- ings 2018 Network and Distributed System Security Symposium, Internet Society, Reston, VA, 2018. doi:10.14722/ndss.2018.23082. URLhttps://www.ndss-symposium.org/wp- content/uploads/2018/02/ndss2018_09- 1_Kalra_paper.pdf

    work page doi:10.14722/ndss.2018.23082 2018

  22. [22]

    Hildenbrandt, M

    E. Hildenbrandt, M. Saxena, N. Rodrigues, X. Zhu, P. Daian, D. Guth, B. Moore, D. Park, Y. Zhang, A. Stefanescu, G. Rosu, KEVM: A complete for- mal semantics of the ethereum virtual machine, in: Proceedings - IEEE Computer Security Foundations Symposium, Vol. 2018-July, 2018, pp. 204–217.doi: 10.1109/CSF.2018.00022. URLhttp://kframework.org/

    work page doi:10.1109/csf.2018.00022 2018

  23. [23]

    URLhttps://www.certora.com/prover

    Certora, Certora Prover. URLhttps://www.certora.com/prover

    work page

  24. [24]

    Annenkov, J

    D. Annenkov, J. B. Nielsen, B. Spitters, ConCert: a smart contract certification framework in Coq, in: Proceedings of the 9th ACM SIGPLAN International Conference on Certified Programs and Proofs, ACM, New York, NY, USA, 2020, pp. 215–228.doi:10. 1145/3372885.3373829

    work page arXiv 2020

  25. [25]

    Kevin, P

    J. Kevin, P. Yugopuspito, SmartLLM: Smart Con- tract Auditing using Custom Generative AI, Arxiv (2 2025)

    work page 2025

  26. [26]

    W. Ma, D. Wu, Y. Sun, T. Wang, S. Liu, J. Zhang, Y. Xue, Y. Liu, Combining Fine-Tuning and LLM- based Agents for Intuitive Smart Contract Auditing with Justifications, in: 2025 IEEE/ACM 47th Inter- national Conference on Software Engineering (ICSE), 2025, pp. 330–342.doi:10.1109/ICSE55347.2025. 00027

    work page doi:10.1109/icse55347.2025 2025

  27. [27]

    H. Song, T. Li, J. Chen, T. Chen, B. Li, Z. Lin, Y. Lu, P. Li, X. Zhou, Enhancing The Open Network: Def- inition and Automated Detection of Smart Contract Defects, Arxiv (1 2025)

    work page 2025

  28. [28]

    URLhttps://github.com/espritoxyz/tsa

    Espirito, TSA: TON Symbolic Analyzer (2025). URLhttps://github.com/espritoxyz/tsa

    work page 2025

  29. [29]

    TonBit, TonUP Audit Report, Tech. rep. (2023). URLhttps://tonbit.xyz/reports/TonUP-Smart- Contract-Final-Audit-Report.pdf 10

    work page 2023

  30. [30]

    Quantstamp, TON Locker Contract Audit Report, Tech. rep. (2023). URLhttps://certificate.quantstamp.com/ full/ton-locker-contract/6872997f-1110- 45cc-b70f-2a4cd639da1f/index.html

    work page arXiv 2023

  31. [31]

    Sedov, Hipo Finance Audit Report, Tech

    D. Sedov, Hipo Finance Audit Report, Tech. rep. (2023). URLhttps://github.com/HipoFinance/audits/ blob/main/Daniil%20Sedov%20Hipo%20Audit% 20Report%202023-10.pdf

    work page 2023

  32. [32]

    ScaleBit, Hipo Finance Audit Report, Tech. rep. (2023). URLhttps://scalebit.xyz/reports/Hipo- Finance-Audit-Report.pdf

    work page 2023

  33. [33]

    Beosin, Aqua Protocol Smart Contract Security Audit No.202407221416, Tech. rep. (2024). URLhttps://www.beosin.com/audits/Aqua% 20Protocol_202407221416.pdf

    work page 2024

  34. [34]

    Beosin, InterBridge-Ton Audit Report, Tech. rep. (2024). URLhttps://beosin.com/audits/InterBridge- Ton_202410161700.pdf

    work page 2024

  35. [35]

    Beosin, Onton Finance Audit Report, Tech. rep. (2024). URLhttps://beosin.com/audits/Onton_ Finance_202409121334.pdf

    work page 2024

  36. [36]

    Beosin, TONCO Audit Report, Tech. rep. (2024). URLhttps://beosin.com/audits/TONCO_ 202411221000.pdf

    work page 2024

  37. [37]

    Beosin, Tonny Audit Report, Tech. rep. (2024). URLhttps://beosin.com/audits/Tonny_ 202409231139.pdf

    work page 2024

  38. [38]

    BugBlow, Aqua Protocol Security Audit, Tech. rep. (2024). URLhttps://github.com/BugBlow/audits/ blob/main/AquaProtocol/Aqua_Security_Audit_ BugBlow.pdf

    work page 2024

  39. [39]

    BugBlow, CryptoBillions Audit Report, Tech. rep. (2024). URLhttps://github.com/BugBlow/audits/blob/ main/CryptoBillions/CryptoBillions_Audit_ BugBlow.pdf

    work page 2024

  40. [44]

    TonBit, SecondLive-Ton Audit Report, Tech. rep. (2024). URLhttps://tonbit.xyz/reports/20240925- SecondLive-Ton-Final-Audit-Report.pdf

    work page arXiv 2024

  41. [46]

    TonBit, Catizen Jetton Audit Report, Tech. rep. (2024). URLhttp://tonbit.xyz/reports/20240828- Catizen-Jetton-Smart-Contract-Final-Audit- Report.pdf

    work page arXiv 2024

  42. [47]

    TonBit, ThunderFinance Audit Report, Tech. rep. (2024). URLhttp://tonbit.xyz/reports/ ThunderFinance-Final-Audit-Report.pdf

    work page 2024

  43. [48]

    TonBit, TOM PUMP Audit Report, Tech. rep. (2024). URLhttps://tonbit.xyz/reports/20241023- TOM-PUMP-Final-Audit-Report.pdf

    work page arXiv 2024

  44. [49]

    TonBit, Ton Staking Protocol Audit Report, Tech. rep. (2024). URLhttps://tonbit.xyz/reports/20240930- Ton-Staking-Final-Audit-Report.pdf

    work page arXiv 2024

  45. [50]

    TonBit, Tradoor Audit Report, Tech. rep. (2024). URLhttps://www.tonbit.xyz/reports/Tradoor- Smart-Contract-Audit-Report-Summary.pdf

    work page 2024

  46. [51]

    TonBit, TRC404 Audit Report, Tech. rep. (2024). URLhttp://tonbit.xyz/reports/TRC404-Smart- Contract-Final-Audit-Report.pdf

    work page 2024

  47. [52]

    TonBit, UTonic Audit Report, Tech. rep. (2024). URLhttps://tonbit.xyz/reports/20241012- UTonic-Final-Audit-Report.pdf

    work page arXiv 2024

  48. [53]

    Quantstamp, FDUSD on TON Audit Report, Tech. rep. (2024). URLhttps://certificate.quantstamp.com/ full/fdusd-on-ton/8ce8359d-7f0e-476b-a4de- 183cca98b8c8/index.html 11

    work page 2024

  49. [54]

    Quantstamp, Storm Trade Audit Report, Tech. rep. (2024). URLhttps://certificate.quantstamp.com/ full/storm-trade/21e4074a-b2cb-409d-b5df- 48f683d0e8f3/index.html

    work page 2024

  50. [55]

    HashEx Blockchain Security, Grishmans Kombat Audit Report, Tech. rep. (2024). URLhttps://github.com/HashEx/public_ audits/blob/master/Grishmans%20Kombat/ Grishmans%20Kombat.pdf

    work page 2024

  51. [56]

    Quantstamp, Security Assessment of Rhino Fi, Tech. rep. (2024). URLhttps://certificate.quantstamp.com/ full/rhino-fi/6529d3d8-4906-43c9-bfe0- 601ec83647cb/index.html

    work page 2024

  52. [57]

    Quantstamp, Security Assessment of Evaa, Tech. rep. (2024). URLhttps://certificate.quantstamp. com/full/evaa/df7aa699-793b-49f7-b348- 1f78e9ca9870/index.html

    work page 2024

  53. [58]

    TonTech, Hipo Finance Audit Report, Tech. rep. (2024). URLhttps://github.com/HipoFinance/audits/ blob/main/TonTech%20Hipo%20Audit%20Report% 202023-10.pdf

    work page 2024

  54. [59]

    ProgramCrafter, hTON (Hipo Staking Protocol) Audit Report, Tech. rep. (2024). URLhttps://github.com/HipoFinance/audits/ blob/main/hTON/hTON_Audit_ProgramCrafter.pdf

    work page 2024

  55. [60]

    Chainsulting, TON Multisignature Wallet Audit Report, Tech. rep. (2024). URLhttps://github.com/softstack/Smart- Contract-Security-Audits/blob/master/TON/ Smart_Contract_Audit_TON_Multisig_18022023. pdf

    work page 2024

  56. [61]

    Softstack.io, XTON Core Audit Report, Tech. rep. (2024). URLhttps://github.com/softstack/Smart- Contract-Security-Audits/blob/master/XTON/ Smart_Contract_Audit_XTON_Core_21032024.pdf

    work page 2024

  57. [62]

    BugBlow, Boxing Star X Wallet Audit Report, Tech. rep. (2025). URLhttps://github.com/BugBlow/audits/blob/ main/Delabs_TON_Security_Audit_Report_By_ BugBlow.pdf

    work page 2025

  58. [63]

    URLhttps://github.com/PositiveSecurity/ ton-audit-guide/tree/paper 12

    PositiveSecurity, Checklist for auditing ton smart contracts (2025). URLhttps://github.com/PositiveSecurity/ ton-audit-guide/tree/paper 12

    work page 2025