AI-powered TON security skills for contracts where asynchronous message flow, bounce handling, and gas semantics are part of the bug surface.
Built on the v2 packaging and workflow model from pashov/skills, then adapted for TON-specific execution and audit work.
Supported AI Platforms:
Install https://github.com/sanbir/ton-auditor-skills/ and run ton-auditor with all different agents possible on the codebase
run the ton-auditor skill with all the different agents possible on *specified files*
update skill to latest version
This repo is for TON smart contract security across FunC and Tact.
It prioritizes the bug classes that are easy to miss if you reason about TON like a synchronous VM:
- async message ordering and partial execution hazards
- bounced-message handling mistakes
accept_message()placement and gas-drain exposure- send-mode misuse and value-flow breakage
- Jetton sender / wallet validation mistakes
- replay protection and
seqnogaps - storage packing / parsing mistakes in FunC and upgrade-state corruption
- Tact trait, optional-value, native, and asm footguns
The focus is vulnerability detection in TON’s execution model, not generic smart-contract style checking.
| Skill | Description |
|---|---|
| ton-auditor | Fast security feedback for FunC and Tact contracts with coverage for async message flow, bounce logic, Jetton handling, gas modes, and storage/update hazards. |
We welcome improvements and fixes. See CONTRIBUTING.md for the PR process.
Report vulnerabilities via Security Policy. This project follows the Code of Conduct. MIT © contributors.
If you are securing TON systems and want to discuss improvements, open an issue or reach out via the maintainer profile on GitHub.