From a technical point of view, how the public chain TON, which is backed by Telegram, has risen

In 2018, the Telegram team launched a revolutionary public blockchain project, TON, which attracted a lot of attention as soon as it was released, because of the huge potential Web2 user base behind it.

In 2023, TON launched the DeFi liquidity incentive program and held the Hack-a-TON hackathon, aiming to attract the world's top developers to inject fresh blood into the TON ecosystem and jointly explore cutting-edge technology fields such as DeFi and NFT. Today, it is becoming a fast-growing, vibrant ecosystem.

History of TRON

In 2018, Telegram founded the Telegram Open Network project, which raised about $1.7 billion through an ICO, but Telegram was subsequently accused by the SEC of illegal fundraising. In 2020, the Telegram team agreed to pay a $18.5 million fine, settle with the SEC, abandon the Telegram Open Network project, and return the funds.

The Telegram team then locked all tokens in the Telegram Open Network network into smart contracts, and anyone could participate in mining to obtain TON tokens (in June 2022, TON mining ended and the TON network has been completely converted to PoS). Telegram's move puts the Telegram Open Network in the hands of the community, which continues to be developed by developers called the NewTON community. Later, the NewTON community was renamed the TON Foundation, and the Telegram Open Network was also renamed The Open Network, which is now the TON public chain.

In 2020, while Telegram was awaiting an SEC ruling, TON Labs forked the Telegram Open Network and released a "Free TON" version. At present, Free TON has been renamed Everscale, and its development route and code are also very different from the original TRON.

TON on-chain data

At present, the number of validators on the chain is 357, and the total number of staked $TON under the PoS mechanism is more than 500 million, distributed in 24 countries.

source:

TON Token Data

$TON There are token contracts on both ETH and BSC chains. According to the EagleEye platform, on September 17, $TON's on-chain transactions saw a short-term spike, with the Buy/Sell ratio approaching 1.17. $TON Price reached a recent high of $2.6 on September 20.

source:

In addition, the EagleEye platform monitors the recent trading $TON on the centralized exchange MEXC very active. On October 5, TON announced that it has received a $10 million investment from MEXC Ventures and established a strategic partnership between the two parties. MEXC will provide marketing services and promotion for the TON ecosystem, providing $TON mortgage borrowing services.

source:

TON Design Features

1 Smart contract calls are asynchronous

Unlike public blockchains such as Ethereum, calls between TRON's smart contracts are asynchronous. This design improves scalability because when one smart contract calls a function of another smart contract, the call is not executed immediately, and all transactions do not need to be processed in a block. But at the same time, asynchrony also increases the threshold for developers to develop and maintain applications on the TON chain.

source: Beosin

3 Distributed hash table

How blockchain networks store data and access affects the data consistency, accessibility, and security of their networks. TON uses hash tables for data storage.

First, a hash table is a data structure that enables fast data access by using hash functions to map keys into buckets. In TRON, hash tables are distributed, meaning that data is stored on multiple nodes in the network.

When a data item needs to be stored, TON uses a hash function to determine on which node the data item should be stored.

When data needs to be retrieved, the same hash function is used to quickly find the node that stores the data, allowing efficient data insertion, deletion, and lookup operations.

Data is encrypted and stored redundantly on multiple nodes, and even if some nodes fail or are attacked, the data can still be recovered from other nodes, ensuring the security and durability of the data. Distributed hash tables provide higher performance and reliability in distributed and large-scale environments than traditional hash tables.

Here's how TON compares to the Ethereum and Bitcoin networks:

The "Secret Chats" feature introduced in Telegram uses end-to-end encryption technology and is designed to improve the security of message transmission between users. Entering the end of 2022, Telegram was further updated to introduce a blockchain-based anonymous number login function, allowing users to log in without mobile phone number registration and only by saving the mnemonic phrase of the TON wallet, thus providing an additional privacy option.

In January 2023, TON further expanded its capabilities with the release of TON Storage. It's a peer-to-peer file-sharing system that shares certain similarities with Dropbox and torrents. This system is characterized by simplifying the file exchange process and providing cryptographic protection for files stored on the blockchain. At the same time, to ensure the persistent storage of files, the node operators that host these files can also be incentivized accordingly.

TON Development Language

To develop smart contracts on TRON, developers have three programming language options: Fift, FunC, and Tact. FIFT is low-level, including TVM and FIFT assembly instructions, and it is difficult to develop using FIFT, and very few developers choose to use the FIFT language to develop smart contracts. Tact is TON's new high-level language with Type-like syntax designed to make development easier. The most used development language today is FunC, which is a C-like programming language.

source: Beosin

When developing TON smart contracts, the Beosin security team advises developers to be aware of the following 7 points**:

1. Both FunC and Tact are statically typed languages, and developers need to be very clear about the type of data stored by variables in their code. Reading unexpected types and values can cause errors.

2. The TON blockchain does not contain revet messages. Therefore, developers need to consider the end path of the code run.

The TON blockchain has multiple transaction phases: computational phase, actions phase and bounce phase. The calculation phase executes the contract code, and the execution phase sends a message. Therefore, developers need to pay attention to what stage of trade execution is currently located when testing the code.

4. Functions with method_id identifiers in FunC can be used to receive messages inside and outside the blockchain.

5. The TON blockchain is asynchronous, and developers need to pay attention to handling failed call information.

6. Pay attention to the code in the smart contract that handles bounced messages. If the smart contract sends bounce information with TON assets to other accounts, it is recommended to deduct gas fees from the smart contract.

7. For external messages, developers need to be aware of the risk of replay attacks. Replay attacks can be avoided by setting counters or identifiers.

Beosin security team officially launched the security audit service for TON smart contracts, aiming to discover and assist the project party to repair the security risks in the project in advance and ensure the security of users and the project party. Its main security audit items include:

1. Replay Attack

The easiest way to protect a smart contract from external messages replay attacks is to store a 32-bit counter cur-seqno in the smart contract's persistent data and expect a req-seqno value in any inbound external information (signature part). External information is accepted only if the signature is valid and req-seqno equals c007r-seqno. After successful processing, the cur-seqno value in the persistent data is incremented by one, so the same external information will no longer be accepted.

Without seqno (or other mechanism to prevent replay attacks), anyone (usually the recipient of funds) can read the transaction data (e.g. from a blockchain explorer) and create another fake transaction and resend it to the original wallet smart contract and force it to execute to resend TON again, eventually draining all of its funds.

2 Access Control

Only specific users should have permissions for specific actions in a contract. For example, operating NFT transfers should only be made by the owner of the NFT (or an account authorized by the owner). The contract should strictly check the permissions and, if approved, proceed with the transfer operation. If not, the trade should roll back.

3 Variable Overrides

In the FunC contract, variables are written through the set_data function, and if the variable order or variable name is written incorrectly, it is easy to accidentally write the wrong variable and overwrite the original variable.

4 Business Design

Some project contracts are at risk of being attacked by design, and it is necessary to strictly consider whether there is a possibility of attack in the design from the perspective of the attacker.

5 Business Fulfillment

In some projects, there is no risk of attack in the design, but in the specific implementation, there are no problems according to the original design or implementation, resulting in vulnerabilities.

6 Error Handling

Due to the design of TRON, the end path of the code needs to be considered by the developer. The contract may receive bounced messages, which the contract needs to handle correctly. In addition, gas exhaustion needs to be considered when processing fallback messages, which can also generate unexpected errors.

7 Missing checks

Each stage of a message flow requires a check, and an attacker could start another message flow at the same time that the first stage of the message flow executes, causing the previous check to fail.

8 Message flow error

You should ensure that the message flow is as designed, otherwise it will introduce unexpected errors and losses.

9 Data Structure Check

There will be functions in FunC for messaging and stages, there may be problems, (for example: end_parse() function, check whether the slice is empty, otherwise an exception will be thrown. It ensures that the slices have the desired effect. The logic of throwing exceptions may be written problematic when the code is written, such as throwing exceptions but not returning a value. Other functions may have the same problem).

10 Serialized messaging issues

There may be receive or get errors in serializing messages in functions, such as the send_raw_message function.

a. Function naming, configuration naming, private variable naming, whether the get function is reasonable return value, revet judgment, 0 address check.

b. Some privilege risks, func will also have such functions, can be centralized or too privileged.

msg calls in FunC are not the same as regular ones, the signature and call length are sent per location, which can be problematic.

TON Ecology

There are currently 551 apps in the TON ecosystem, distributed in more than 19 subdivisions.

Wallet

Ton Space is a non-custodial wallet in @wallet, a native wallet embedded in Telegram that can be used to import an existing TON blockchain wallet or create a new TON blockchain wallet. Users can also choose to use the TG account and email to save the corresponding private key, and view, send and trade NFTs. Ton Space will soon support more features, including DeFi applications such as DEX, staking and lending protocols, and users can use TON Connect to access third-party dApps on TON.

At present, the TON blockchain wallet with the largest number of supported platforms is Tonkeeper, which supports web and mobile terminals, and can also view the NFT on the TON chain held by users on the mobile side. It is worth noting that TRON's wallet is a smart contract wallet, which in addition to implementing more shards of the TON network, also provides the wallet with the possibility to implement more complex applications.

DEX

There are currently 6 major decentralized exchanges on the TON ecosystem, including Megaton Finance, ION Finance, DeDust, STON.fi, Flex and Tegro Finance. These DEXs all have different emphases in terms of user audiences, Ston.fi and DeDust have the largest user base (users doing swaps), while DeDust and Megaton have more active users.

In addition, Storm Trade, a decentralized order-book exchange, is being tested, supporting both the web and Telegram bot mode, where users can interact directly with bots developed by Storm Trade in the future.

Borrowing

The first lending project of the TON chain, Evaa Protocol, is expected to go live in beta on October 10. On July 19, Evaa Protocol announced that TONcoin.fund became its strategic investor, and on October 2, it closed a private placement of $130,000 on the Tonstarter platform. The addition of the Evaa Protocol will benefit the liquidity of assets in the TON ecosystem.

Cross-chain bridge

At present, TON official cross-chain bridges support assets between TON and ETH, and BSC, and the official cross-chain bridges of other chains are still under development.

In addition, third-party cross-chain bridges are Orbit Bridge, Wallet Bridge, and Tontake Bridge. Orbit Bridge and Megaton Finance are both developed by the KlaySwap team, a DEX platform on the Korean public chain Klaytn, and support the cross-crossing of 11 public chains. Wallet Bridge and Tontake Bridge are in the form of Telegram bots, but the number of users is small, and users need to be aware of the interaction risk.

Data Platform

Its development team, Devnull, won second prize in the Beosin-backed Hack-a-Ton hackathon in July this year, and will support more TRON-related data analysis in the future.

The Present and Future of TON

At present, TON is vigorously developing the DeFi ecosystem. This year, TON has hosted two major hackathons, both with DeFi-related themes. Beosin, as the exclusive security partner for Hack-a-ton x DWF Labs x AWS, provides workshop guidance and weekly Q&A to solve the challenges of developers building TON ecosystem projects.

Beosin becomes a TON hackathon partner

In addition, TON vigorously holds community gatherings and developer training camps in various regions, aiming to attract more developers to participate in the construction of the TON ecosystem. **Beosin hosted TON offline meetups as local partners in Singapore and Bali in July and August this year, and conducted contract development training and security audit discounts for winning projects for the participating teams of Tact BootCamp in Seoul. **

Beosin works with the TON community

At the same time as the second hackathon, TON opened the application for the ecological project liquidity incentive program on June 6 to support the DeFi project parties of the TON ecosystem and attract more users.

Telegram trading bots such as Unibot and Banana Gun are not difficult to support the trading of TON ecological tokens.

Beosin's EagleEye on-chain monitoring platform also plans to launch Telegram bot in the future to provide users with fast project information and data query. At present, EagleEye has supported the analysis of the giant whale address on the chain, detected contract risks, monitored the project social media platform, and provided users with comprehensive project information.

In summary, with the gradual construction of the ecosystem and the advantages of TON on the mobile terminal, TON still has great potential and has a great opportunity to attract massive users to participate in its ecology in the future.