Trail of Bits
Audit Open Original ↗

Tact Compiler

Type

Security review

Client

The TON Studio

Date

2025-01

Domain

Blockchain

Effort

8 wks

Section

TON

Trail of Bits's security review of The TON Studio (Jan 2025) identified 7 issues: 1 medium, 2 low, and 4 informational.

Findings · 7

  1. 1 The Tact compiler does not support FunC files with .func extension Informational
  2. 2 Circular dependencies in traits would crash the Tact compiler Medium
  3. 3 Symbolic links can be used to bypass path restrictions Low
  4. 4 Tact grammar does not handle Unicode correctly Low
  5. 5 No validation of shift operator arguments Informational
  6. 6 Incorrect use of the JavaScript map function for executing side effects Informational
  7. 7 Ohm library limitation for nested expressions Informational

Findings extracted from the published report PDF. See the full report below for details and remediation.

Related