Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
A State Pollution vulnerability was discovered in the TON Virtual Machine (TVM) before v2025.04. The issue exists in the RUNVM instruction logic (VmState::run_child_vm), which is responsible for initializing child virtual machines. The operation moves critical resources (specifically libraries and log) from the parent state to a new child state in a non-atomic manner. If an Out-of-Gas (OOG) exception occurs after resources are moved but before the state transition is finalized, the parent VM retains a corrupted state where these resources are emptied/invalid. Because RUNVM supports gas isolation, the parent VM continues execution with this corrupted state, leading to unexpected behavior or denial of service within the contract's context.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
TON 安全漏洞
Vulnerability Description
TON是TON开源的一个区块链软件。 TON v2025.04之前版本存在安全漏洞,该漏洞源于RUNVM指令逻辑存在状态污染,可能导致父虚拟机状态损坏。
CVSS Information
N/A
Vulnerability Type
N/A