We’re partnering to strengthen TON’s DeFi ecosystem

Trail of Bits
blockchain

TVM Ventures has selected Trail of Bits as its preferred security partner to strengthen the TON developer ecosystem. Through this partnership, we’ll lead the development of DeFi protocol standards and provide comprehensive security services to contest-winning projects deploying on TON. TVM Ventures will host ongoing developer contests where teams can showcase innovative applications that advance TVM Ventures’ mission of making blockchain technology accessible to everyone.

“By working with Trail of Bits who has already helped identify many high-severity vulnerabilities in TON, we are transforming TON’s DeFi to an institutional grade ecosystem”—Steve Yun, founder of TVM Ventures

Trail of Bits has partnered with TVM Ventures to deliver ecosystem-wide security services and DeFi standards in TON

This strategic investment in security helps ensure that groundbreaking projects launching on TON have the technical foundation they need to succeed. Rather than building an internal security team to audit select projects, TVM Ventures has chosen to partner with us to provide expert security guidance across its ecosystem. This gives developers direct access to Trail of Bits’ decade of blockchain security experience, which has protected billions in assets across major protocols, L1 blockchains, and crypto infrastructure projects.

Services overview

Security requires more than just finding bugs in code. Our services assess the complete attack surface of TON projects; in addition to identifying code issues, we’ll focus on finding opportunities to enhance code maturity and testing practices. The services are tailored to projects at various stages of development, helping contest winners choose the option that best suits their project.

Design reviews for early-stage projects: We analyze system architecture and component specifications before implementation begins. This lets us provide immediate feedback on potential security issues, saving development time and costs by catching design flaws early. We help teams make architectural decisions that enhance security from the start.

Threat modeling for mature projects: Our data-centric threat models comprehensively identify system risks and potential threat actors. We map components into trust zones, evaluate security control maturity, and diagram attack paths. This helps teams understand their complete attack surface and implement appropriate protections.

Comprehensive code assessments: We perform a thorough examination of your codebase to identify vulnerabilities, from smart contract issues like reentrancy and improper access controls to business logic flaws like price manipulation or incorrect validation. Our analysis covers multiple aspects:

  • Smart contract vulnerabilities in the blockchain environment and language
  • Business logic flaws including economic and token integration issues
  • Node, bridge, and off-chain component review
  • Code maturity evaluation with actionable recommendations
  • Integration of automated analysis tools and fuzzing (where applicable)

Fix review

After teams address our findings, we perform a fix review to assess whether changes fully resolve the identified issues without introducing new vulnerabilities. This review ensures that security improvements are implemented correctly and provides an updated status for each finding.

Every assessment includes the following:

  • Detailed public report documenting methodology, findings, and recommendations
  • Technical guidance and recommendations drawn from our blockchain security expertise
  • Clear documentation of findings and actionable remediation steps
  • Training on security best practices and tool usage

Teams receive everything they need to build secure applications on TON, not just a list of bugs to fix. Our holistic approach helps projects develop robust security practices that last beyond any single assessment.

Supporting developer success

We have audited TON’s critical infrastructure since 2022. Our expertise in FunC and low-level blockchain architecture, including TON’s work chain architecture, TVM (TON Virtual Machine), and other unique features of the system, enables us to provide thorough security assessments and long-term security recommendations. While automated tooling for FunC is still emerging, our manual analysis excels at mapping complex data flows and identifying potential vulnerabilities in ways automation cannot match.

Developing DeFi standards

Over the next year, a key part of our partnership with TVM Ventures involves establishing ecosystem-wide standards for DeFi protocols. These standards will provide a foundation for secure, interoperable DeFi applications across the TON ecosystem.

Our standards development work includes:

  • Regular working sessions with TON’s DeFi protocol developers to gather requirements and feedback
  • Creating standardized message formats for DEX interactions
  • Developing consistent interfaces for lending protocol interactions
  • Additional protocol standards based on ecosystem needs

By combining security services with standards development, we’re helping ensure that TON’s DeFi ecosystem grows with security and interoperability built in from the start.

Looking forward

We’re excited to support TVM Ventures’ vision of making blockchain technology accessible to everyone. Our collaboration provides developers with the strong technical foundation they need to innovate with confidence. Beyond audits, we have exciting activities coming up for the TON developer and user community!