Ton Vulnerability Scanner
Skill ActiveScans TON (The Open Network) smart contracts for 3 critical vulnerabilities including integer-as-boolean misuse, fake Jetton contracts, and forward TON without gas checks. Use when auditing FunC contracts.
To systematically scan TON smart contracts for platform-specific security vulnerabilities, ensuring safer and more robust decentralized applications.
Features
- Scans for integer-as-boolean misuse
- Detects fake Jetton contract vulnerabilities
- Checks for forward TON without gas checks
- Provides detailed vulnerability reports
- Offers suggested fixes for identified issues
Use Cases
- Auditing TON smart contracts written in FunC
- Reviewing Jetton token implementations
- Validating token transfer notification handlers
- Pre-launch security assessment of TON dApps
Non-Goals
- Scanning smart contracts written in languages other than FunC/Tact
- Performing general code linting or style checks
- Providing a full-fledged development environment for TON
Trust
- warning:Issues AttentionThere are 13 open issues and 4 closed issues in the last 90 days, resulting in a closure rate below 10% with a significant number of open issues, indicating slow maintainer response.
Installation
First, add the marketplace
/plugin marketplace add trailofbits/skills/plugin install building-secure-contracts@trailofbitsQuality Score
Trust Signals
Similar Extensions
Soul Guardian
100Drift detection + baseline integrity guard for agent workspace files with automatic alerting support
Audit Dependency Versions
100Audit project dependencies for version staleness, security vulnerabilities, and compatibility issues. Covers lock file analysis, upgrade path planning, and breaking change assessment. Use before a release to ensure dependencies are current and secure, during periodic maintenance reviews, after receiving a security advisory, when upgrading to a new language version, before submitting to CRAN or npm, or when inheriting a project to assess its dependency health.
Codex Diff Develop
100Revisa el diff de la rama actual frente a develop en proyectos Drupal 11 siguiendo la metodología Codex (lógica de negocio, edge cases de hooks/queries, seguridad, performance, completitud). Genera un informe .md en la carpeta del IDE detectado (.antigravity/, .cursor/, .vscode/ o docs/) con hallazgos por severidad y soluciones accionables. Usar cuando el usuario pida "Revisión diff develop", "revisión diff develop", "diff develop", "revisar diff", "codex diff" o expresiones similares con intención de auditar cambios contra develop. Triggers: diff develop, codex diff, revisión diff, lint diff develop, auditar diff.
Web3 Testing
99Test smart contracts comprehensively using Hardhat and Foundry with unit tests, integration tests, and mainnet forking. Use when testing Solidity contracts, setting up blockchain test suites, or validating DeFi protocols.
Aptos Gas & Performance Optimization Expert
99Expert on Aptos gas optimization, performance tuning, storage costs, execution efficiency, inline functions, aggregator usage, parallel execution, table vs vector tradeoffs, and gas profiling tools. Triggers on keywords gas optimization, performance, gas cost, storage fee, inline, aggregator, parallel execution, gas profiling, optimization
Solidity Security
98Master smart contract security best practices to prevent common vulnerabilities and implement secure Solidity patterns. Use when writing smart contracts, auditing existing contracts, or implementing security measures for blockchain applications.