October 11, 2023
The Rise of TON Chain | Fueled by the Potency of Telegram
About EagleEye: https://eagleeye.space/
EagleEye is a Web3 B2C platform that allows users to analyze projects, addresses, risks, and relationships between projects. The platform can also help users monitor the projects and SmartMoney addresses they are interested in. EagleEye’s goal is to help Web3 users
Find α (alpha), Avoid Scam.
About the author: EagleEye community researcher — Alpha Hunter
Eaton (Twitter Handle: @EatonAshton2);
wenshuang (Twitter Handle: @shuang_log2pi);
In 2018, the Telegram team launched a revolutionary public chain project — TON, which garnered significant attention upon its release, largely due to its potential to tap into a vast Web2 user base. The journey of TON’s development has seen its fair share of hurdles. In 2023, TON introduced a DeFi liquidity incentive scheme; in addition to this, it hosted a Hack-a-TON hackathon, aiming to attract top developers from around the globe to infuse fresh talents into the TON ecosystem and to collaboratively explore cutting-edge technological realms such as DeFi and NFTs. Now, it is on the trajectory of becoming a rapidly evolving, vibrant ecosystem.
Historical Development of TON
In 2018, Telegram founded the Telegram Open Network project, raising approximately 1.7 billion USD through an ICO. However, subsequent allegations by the SEC of illegal fundraising led to a settlement in 2020, where Telegram agreed to pay a fine of 18.5 million USD, abandon the Telegram Open Network project, and return the funds.
Following this, the Telegram team locked all tokens within the Telegram Open Network into smart contracts, enabling anyone to mine TON tokens (by June 2022, TON mining concluded, and the TON network had fully transitioned to PoS). By doing this, Telegram handed the Telegram Open Network over to the community, with developers from the NewTON community continuing its development. The NewTON community was later renamed the TON Foundation, and the Telegram Open Network was rebranded as The Open Network, which is the current TON public chain. During the period in 2020 when Telegram awaited the SEC’s decision, TON Labs forked the Telegram Open Network and released a “Free TON” version. Now, Free TON has been renamed Everscale, and its developmental path and codebase diverge significantly from the original TON.
On-chain Data of TON
Currently, there are 357 validators on the chain, with more than 500 million $TON staked under the PoS mechanism, spanning across 24 countries.
The TON network currently holds nearly 4 million USD in staked value, with an Annual Percentage Rate (APR) of around 5%. On June 17, the TON community passed a proposal for a burn mechanism, whereby 50% of all transaction fees on the TON network will be burned, aiming to reduce the supply of $TON.
It can be observed that over the past year, the number of active addresses within the TON ecosystem has been steadily growing. As of October 6, the number of active addresses on the chain stands at 817,640; the number of on-chain transactions has seen a resurgence this year, and the number of TON accounts has grown to over 3.5 million, with developers and users progressively exploring this ecosystem.
TON Token Data
Here are $TON’s token contracts on both Ethereum (0x582d872a1b094fc48f5de31d3b73f2d9be47def1) and Binance Smart Chain (BSC) (0x76a797a59ba2c17726896976b7b3747bfd1d220f).
According to data from the EagleEye platform, on September 17, on-chain trading of $TON experienced a short-term peak, with a Buy/Sell Ratio nearing 1.17. The price of $TON reached a recent high of 2.6 USD on September 20.
Moreover, the centralized exchange MEXC has recently seen lively trading of $TON. On October 5, TON announced receiving a multimillion-dollar investment from MEXC Ventures, concurrently establishing a strategic partnership. MEXC will offer marketing services and promotion for the TON ecosystem, along with $TON collateral loan services.
Features of TON Blockchain:
Asynchronous Smart Contract Invocation:
Unlike public chains like Ethereum, the smart contract invocations in TON are asynchronous. This design improves scalability, as when one smart contract calls a function of another smart contract, the call isn’t executed immediately, alleviating the need to process all transactions within a single block. However, this asynchronicity also raises the bar for developers in terms of developing and maintaining applications on the TON chain.
TON blockchain is designed with three types of chains: Masterchain, Workingchains, and Shardchains.
- The Masterchain encompasses the Workingchains, shard information, and the recent block hashes of both Workingchains and Shardchains.
- Workingchains, capped at 2³², house transactions and smart contracts, identified by an unsigned 32-bit integer, the workchain_id. Different Workingchains can have varied address formats, transaction formats, and virtual machines, yet they need to adhere to TON blockchain’s basic interoperability standards. TON’s design for Workingchains is akin to that of Polkadot.
- For each Workingchain, up to 2⁶⁰ Shardchains can be created based on demand. A Shardchain only needs to manage the state and transitions of a minimum of one account, while sharing information with other Shardchains. In TON’s design, Shardchains are essentially “account chains,” representing one or more accounts. Through this design, TON actualizes an “infinite sharding paradigm” to meet the objective of million-level TPS (Transactions Per Second) in the future.
Distributed Hash Table (DHT):
The manner of data storage and access in blockchain networks impacts the network’s data consistency, accessibility, and security. TON employs a hash table for data storage.
Initially, a hash table is a data structure that maps keys to buckets using a hash function, enabling swift data access. In TON, the hash table is distributed, meaning data is stored across multiple nodes in the network.
- When storing a data item, TON uses a hash function to determine which node should store the data item.
- When retrieving data, the same hash function is used to quickly locate the node storing the data, allowing efficient data insertion, deletion, and lookup operations.
- Data is encrypted and redundantly stored across multiple nodes, ensuring data safety and persistence even if some nodes fail or are attacked. Compared to traditional hash tables, Distributed Hash Tables offer higher performance and reliability in distributed and large-scale environments.
Below is a comparison of TON with Ethereum and Bitcoin networks:
Echoing the mission imbued upon its inception, Telegram endeavors to be a privacy-centric social network.
TON utilizes TON Proxy, a network proxy anonymity service designed to mask the IP addresses of TON nodes, akin to the Invisible Internet Project (I2P), in crafting a decentralized VPN service. In conjunction with TON DNS and TON P2P networks, it aims to fortify user privacy.
Within Telegram, the “Secret Chats” feature employs end-to-end encryption technology to enhance the security of message transmission between users. As 2022 drew to a close, Telegram further updated its offerings by launching a blockchain-based anonymous phone number login feature. This allows users to register without a phone number, requiring only the mnemonic phrase associated with their TON wallet for login, thereby providing an additional layer of privacy.
In January 2023, TON broadened its functionality by unveiling TON Storage — a peer-to-peer file-sharing system bearing similarities to Dropbox and torrents. This system simplifies the file exchange process and furnishes encryption protection for files stored on the blockchain. Additionally, to ensure the persistent storage of files, node operators hosting these files are incentivized accordingly.
TON Development Languages:
For smart contract development on TON, developers have three programming language options: Fift, FunC, and Tact.
Fift is more fundemental, encompassing TVM and Fift assembly instructions. Due to its complexity, very few developers opt to use Fift for smart contract development. Tact is a newly introduced high-level language by TON, with syntax resembling TypeScript, aimed at alleviating the development challenge. Currently, the most widely used language is FunC, which is akin to the C programming language in its design.
When developing TON smart contracts, the Beosin Security Team recommends developers to heed the following 7 points:
1. Static Typing in Func and Tact:
Both Func and Tact are statically typed languages, thus developers need to be explicitly clear about the data types stored in the variables within their code. Errors may arise from reading unexpected types and values.
2. Absence of Revert Messages in TON Blockchain:
TON blockchain lacks revert messages, hence developers need to carefully consider the end paths of code execution.
3. Multiple Transaction Phases in TON Blockchain:
TON blockchain has various transaction phases: computational phase, actions phase, and bounce phase. The computational phase executes contract code, while the actions phase sends messages. Developers should be aware of the transaction execution phase when testing code.
4. Method_id Identifier in FunC:
Functions with a method_id identifier in FunC can receive internal and external messages within the blockchain.
5. Asynchronous Nature of TON Blockchain:
Developers should be attentive to handling failed call information due to the asynchronous nature of the TON blockchain.
6. Handling Bounced Messages in Smart Contracts:
Code handling bounced messages in smart contracts should be noted. If a smart contract sends a bounced message containing TON assets to other accounts, it’s advisable to deduct gas fees within the smart contract.
7. Replay Attack Risk for External Messages:
Developers should be aware of replay attack risks for external messages. Counters or identifiers can be set to mitigate replay attacks.
Furthermore, the Beosin Security Team has officially launched security audit services for TON smart contracts to identify and assist project teams in rectifying security risks, thereby safeguarding the assets of both users and project teams. The major audit items include:
1. Replay Attacks:
Protecting smart contracts from replay attacks of external messages can be achieved by storing a 32-bit counter, cur-seqno, in the persistent data of the smart contract, and expecting a req-seqno value in any inbound external message (signed part). External messages are accepted only if the signature is valid and req-seqno equals cur-seqno. Upon successful processing, the cur-seqno value in the persistent data is incremented, ensuring the same external message won’t be accepted again. Without a seqno (or other replay attack prevention mechanisms), anyone (typically the funds receiver) could read transaction data (e.g., from a blockchain explorer) and create another bogus transaction to be resent to the original wallet smart contract, forcing it to resend TON and ultimately depleting all its funds.
2. Access Control:
Only specific users should have permission for specific operations in contracts. For instance, operations like NFT transfers should only be carried out by the NFT owner or accounts authorized by the owner. Contracts should strictly check permissions and proceed with transfer operations if passed, or revert the transaction if failed.
3. Variable Overwriting:
In func contracts, variables are written through the set_data function. Incorrect variable order or name could easily lead to accidental overwriting of the wrong variable and masking the original variable.
4. Business Design:
Some project contracts inherently carry risks of attack due to their design. It’s crucial to rigorously assess the design from an attacker’s perspective for potential attack vectors.
5. Business Implementation:
In some projects, while the design may not entail attack risks, issues arise during implementation, deviating from the original design or flawed implementation, which generates vulnerabilities.
6. Error Handling:
Due to TON’s design, code end paths need thorough consideration by developers. Contracts may receive bounced messages, which need to be handled correctly. Moreover, gas exhaustion scenarios should be considered while handling bounced messages, as these could also trigger unexpected errors.
7. Missing Validation:
Each stage of message flow requires checks. Attackers could initiate another message flow while the first message flow is being executed, rendering the previous checks ineffective.
8. Message Flow Errors:
Ensuring message flows align with the design is critical to prevent unexpected errors and losses.
9. Data Structure Checks:
Some func functions pass messages and stages, which could have issues (e.g., the end_parse() function checks if the slice is empty, throwing an exception if not, ensuring the slice performs as expected. However, the exception-throwing logic might be flawed during code writing, for instance, throwing an exception but not returning a value. Other functions might have similar issues).
10. Serialization Issues in Message Passing:
Serialization errors might occur in receiving or get functions, like the send_raw_message function.
a. Function naming, configuration naming, private variable naming, whether get functions return reasonable values, ERC20 authorization values, revert judgments, zero-address checks.
b. Some privilege risks, even in func, could elevate centralization or overly high permissions. The msg call in func differs from the norm, with signature and call length sent based on position, which might pose issues.
The TON ecosystem currently boasts 551 apps spanning across over 19 distinct sectors.
Ton Space operates as a non-custodial wallet within @wallet and serves as a native embedded wallet within Telegram. It can be utilized for importing existing TON blockchain wallets or creating new ones. Users also have the option to save their respective private keys using their TG accounts and email, and engage in viewing, sending, and trading NFTs. Ton Space is on the brink of supporting additional features including DeFi applications like DEX, staking, and lending protocols, where users can use TON Connect to access third-party dApps on TON.
The TON blockchain wallet supported by the most platforms currently is Tonkeeper, compatible with both web and mobile interfaces. On mobile, users can view the NFTs held on the TON chain. Notably, TON wallets function as smart contract wallets, which, besides facilitating more sharding for the TON network, also open the door for realizing more complex applications within the wallet.
DEX (Decentralized Exchanges):
Among these, Megaton Finance stands out with the highest Total Value Locked (TVL) at around 5 million USD, facilitating the exchange of all mainstream tokens within the TON ecosystem. Its largest liquidity pool is the oUSDT-oUSDC stablecoin pool, constituting about 40% of its TVL.
Decentralized Order Book Exchange:
Storm Trade, a decentralized exchange operating on an order book model, is currently under testing. It supports web interface and also offers a Telegram bot mode, allowing users to interact directly with the bot developed by Storm Trade in the future.
The first lending project on the TON blockchain, Evaa Protocol, is anticipated to launch its Beta version on October 10. On July 19, Evaa Protocol announced TONcoin.fund as its strategic investor, and completed a private fundraising round of $130,000 on the Tonstarter platform on October 2. The incorporation of the lending protocol Evaa Protocol is expected to contribute positively to the asset liquidity within the TON ecosystem.
At present, the official cross-chain bridges supported by TON facilitate asset interoperability between TON and ETH, and TON and BSC. Official cross-chain bridges for other blockchains are still under development.
Additionally, there are third-party cross-chain bridges like Orbit Bridge, Wallet Bridge, and Tontake Bridge. Both Orbit Bridge and Megaton Finance are developed by the team behind KlaySwap, a DEX platform on the Korean blockchain Klaytn, supporting interoperability across 11 blockchains. Wallet Bridge and Tontake Bridge operate in Telegram bot form but have fewer users, hence individuals should exercise caution when interacting with them.
re:doubt is a data analytics platform on TON, positioned similarly to a combination of CoinMarketCap and Dune Analytics. It furnishes a wealth of TON ecosystem data for both regular users and crypto analysts. Through platforms like re:doubt, individuals can gain insights into various metrics and trends pertaining to the TON ecosystem, thereby fostering a better understanding and engagement with the blockchain and its associated projects.
The development team Devnull won second place in the Hack-a-Ton x DWF Labs x AWS hackathon supported by Beosin in July of this year. Following this achievement, they plan to support more TON-related data analysis initiatives.
Current Efforts and Future of TON:
Currently, TON is making significant strides in developing its DeFi ecosystem. This year, it has already organized two large-scale hackathons, both focused on DeFi themes. Beosin, as the exclusive security partner for Hack-a-ton x DWF Labs x AWS, has been providing workshop guidance and weekly Q&A sessions to help developers overcome challenges in building projects within the TON ecosystem.
Additionally, TON is actively organizing community meetups and developer boot camps across various regions to attract more developers to contribute to the TON ecosystem. Beosin, as the local partner, hosted offline meetups in Singapore and Bali in July and August respectively, and also provided contract development training and security audit discounts for participating teams at the Seoul Tact BootCamp.
During the second hackathon, TON initiated an ecosystem liquidity incentive program application on June 6, aimed at supporting DeFi project owners within the TON ecosystem and attracting more users.
Currently, there are about 25,000 users on TON’s overall DEX, with over 2,300 liquidity providers (LPs), and a total value locked (TVL) of 5 million $TON. With a real-time coin price of $2, the TVL stands at around $10 million, which, compared to the hundreds of millions of dollars in TVL on other well-known public chains, underscores the untapped potential of TON’s ecosystem.
For future growth, apart from liquidity incentives, TON will require native stablecoins and more liquidity support to overcome challenges in developing its DeFi ecosystem.
Presently, the stablecoins on TON include oUSDT, oUSDC, jUSDT, and jUSDC, which lack sufficient liquidity, resulting in significant exchange losses and deterring users from cross-chain transactions to TON. With more cross-chain bridges coming online, a variety of stablecoins will emerge on TON to enhance its TVL.
Mobile Application Integration:
Benefiting from Telegram’s support, various application Telegram bots can be seamlessly integrated into Telegram, considerably simplifying user interaction with these applications. Currently, DeFi projects like ION Finance and Storm Trade are developing their own Telegram bots. For previously popular Telegram trading bots like Unibot and Banana Gun, supporting TON ecosystem token trading in the future should not pose a challenge.
Beosin’s EagleEye on-chain monitoring platform plans to launch a Telegram bot to offer users quick access to project information and data queries. At present, EagleEye supports analyzing on-chain whale addresses, detecting contract risks, and monitoring project social media platforms, providing comprehensive project information to users. This initiative is part of the broader effort to enhance user engagement and facilitate easier access to essential data within the TON ecosystem.
In summary, with the gradual construction of its ecosystem and the advantages TON possesses on mobile platforms, TON still holds immense potential. It stands a great chance to attract a vast number of users to participate in its ecosystem in the future. Beosin is planning to engage in more extensive and deeper collaborations with TON, aiming to provide security assurance for TON ecosystem projects and users.
Related Project Secure Score
Guess you like
Beosin Forms Strategic Partnership with Cryptocurrency Payment Platform RedotPay
October 13, 2023
What Are the Common Characteristics of Recent Web3 Attacks, and How Can Projects Avoid These Issues?
October 16, 2023
Beosin Invited for Smart Contract Security Training by the Monetary Authority of Singapore
October 04, 2023
Beosin and Cobo Forge Strategic Partnership to Tackle Security and Compliance Challenges with Beosin
October 23, 2023