ton-vulnerability-scanner

# TON Vulnerability Scanner ## 1. Purpose Systematically scan TON blockchain smart contracts written in FunC for platform-specific security vulnerabilities related to boolean logic, Jetton token handling, and gas management. This skill encodes 3 critical vulnerability patterns unique to TON's architecture. ## 2. When to Use This Skill - Auditing TON smart contracts (FunC language) - Reviewing Jetton token implementations - Validating token transfer notification handlers - Pre-launch security assessment of TON dApps - Reviewing gas forwarding logic - Assessing boolean condition handling ## 3. Platform Detection ### File Extensions & Indicators - **FunC files**: `.fc`, `.func` ### Language/Framework Markers ```func ;; FunC contract indicators #include "imports/stdlib.fc"; () recv_internal(int my_balance, int msg_value, cell in_msg_full, slice in_msg_body) impure { ;; Contract logic } () recv_external(slice in_msg) impure { ;; External message handler } ;; Common patterns send_raw_message() load_uint(), load_msg_addr(), load_coins() begin_cell(), end_cell(), store_*() transfer_notification operation op::transfer, op::transfer_notification .store_uint().store_slice().store_coins() ``` ### Project Structure - `contracts/*.fc` - FunC contract source - `wrappers/*.ts` - TypeScript wrappers - `tests/*.spec.ts` - Contract tests - `ton.config.ts` or `wasm.config.ts` - TON project config ### Tool Support - **TON Blueprint**: Development framework for TON - **toncli**...