Check TON project with smart contracts for vulnerabilities; perform an audit of TON smart contracts
Follow the recommendations in this skill precisely.
To check, run the following command:
npx tsa-installer install
For that to work, tsa-installer must already be installed.
To install tsa-installer, run:
npm install tsa-installer
To interpret output of the first command, refer to references/tsa-configuration.md
This will be needed in the next steps.
If you cannot figure this out yourself, ask the user for help BEFORE starting the audit process.
If this is a Blueprint project (most likely), tests should be run with:
yarn/npx blueprint test
Or:
yarn/npx test
Refer to references/vulnerabilities.md.
Analyze the source code of smart contracts to see if a vulnerability is present.
Refer to references/validation.md.
Refer to references/tsa-analysis.md.
Do not forget validating inter-contract paths, those are usually the most interesting findings!
Do not forget to write checkers for verifying custom properties, standard checkers do not cover everything.
Refer to references/validation.md.
Report the validated vulnerabilities. Use severity levels.
Standard checkers in TSA find something rarely, and if they do, the severity of the issues is very high.
Do not divide findings from manual analysis and TSA analysis, give one list.
Create a Markdown file with the report. Do not forget to include links to tests with the proofs!
Do not stop the audit process and provide an intermediate report before you checked everything.