This technical research report was authored by Jaychois from the ScaleBit Research Group

1 Introduction

Tact is a groundbreaking programming language tailored for the TON blockchain, emphasizing efficiency and user-friendliness.

Its design aims to facilitate learning and usage, particularly for smart contracts. Tact boasts a statically typed structure with a straightforward syntax and a robust type system.

This article’s objective is to provide an extensive introduction to Tact while conducting a risk analysis of this smart contract language.

Before we delve into Tact, let’s get familiar with TON first.

1.1 What is TON?

The Open Network (TON) is a decentralized and open Internet platform made up of several components. These include TON blockchain, TON DNS, TON Storage, and TON Sites. TON blockchain is the core protocol that connects TON’s underlying infrastructure together to form the greater TON Ecosystem.

TON is focused on achieving widespread cross-chain interoperability, while operating in a highly scalable secure framework. TON is designed to process millions of transactions per second (TPS), with the goal of eventually reaching hundreds of millions of users moving forward.

TON blockchain is designed as a distributed supercomputer, or “superserver” intended to provide a variety of products and services to contribute to the development of the decentralized vision for the new Internet.

1.2 Introduction to Tact

Tact is a new programming language for TON blockchain that is focused on efficiency and simplicity. It is designed to be easy to learn and use, and to be a good fit for smart contracts.

One of the key points in Tact’s development is the aim to make it accessible to a broad audience of developers. Therefore, it is designed to be similar to popular programming languages such as JavaScript, Python, and Solidity. This significantly simplifies learning and understanding the language, especially for newcomers.

Here are some features of the Tact language:

• Expandability and Modularity

One of the key advantages of Tact is its ability to support the principles of Message-Oriented Programming (MOP), making it ideal for creating modular and expandable smart contracts. Developers can create contracts that easily interact with each other through message passing, thereby simplifying the integration and interaction of different contracts.

• Asynchrony

Tact supports asynchronous messages, which can significantly improve the performance of smart contracts. Contracts can run in parallel and do not need to wait for other contracts to be completed. This speeds up operations and enhances system responsiveness.

• Improved Interaction

The application of MOP also simplifies the interaction between smart contracts and external systems, such as applications or other blockchains. With standardized messages, developers can easily integrate their contracts with various services and platforms.

• Higher Level of Abstraction

The use of MOP in Tact allows developers to focus on the business logic of contracts rather than the low-level details of their implementation. This simplifies the development process and enables the creation of functional and efficient contracts more quickly.

• Enhanced Security

With MOP principles, developers can create more reliable and secure smart contracts. Interaction between contracts becomes more controlled and isolated, reducing security risks and making the system more resistant to attacks.

1.3 Tact and Func

TON smart contracts can be written in both FunC and Tact, but FunC is a lower-level language aimed at developers who are deeply familiar with TON architecture. FunC liberates developers from writing raw Fift code while providing the same level of control. Unfortunately, the precision of FunC makes it harder to write complex multi-contract systems.

Tact enables developers to go even further: you can write entire suites of smart contracts with strongly typed interfaces and statically verified execution costs. With Tact you can focus on your development and worry less about blockchain idiosyncrasies.

2 Best Practices for Tact Security

Creating secure smart contracts is a top priority when working with Tact. Here are some best practices for Tact Security:

2.1 Access Control

To receive a message of the required type, you need to declare a receiver function, for example, receive (increment). This notation means the declaration of a receiver function that will be called when a text with the value increment is sent to the contract.

The function body can modify the state of the contract and send messages to other contracts. The receiver function is public and can be called by sending a specified type of message to the contract; therefore, when there are some important logic or sensitive operations in the contract that use the receiver function to call, we should do a good job of access control in the function to avoid the function being called maliciously, which can lead to serious damages.

Example: The following code is a token minting function, which lacks access control over the caller’s identity, meaning that the minting function can be abused by anyone, resulting in any number of new tokens being minted.

Suggestion: Referring to the earlier example, one could introduce an owner variable. This owner’s identity would be established during the contract’s initialization. Subsequently, a verification step could be added to the mint function, ensuring that only the designated owner has the privilege to mint new tokens.

2.2 Unvalidated Message Input

The lack of proper validation or filtering of external inputs in smart contracts allows malicious users or attackers to input malicious data, potentially leading to unsafe behavior or vulnerabilities.

Example: The following code is a withdraw function that lacks validation of the input parameters, which means that the number of withdrawals can be faked, leading to the contract running out of money.

Suggestion: Referring to the previous example, we can add a verification step to the withdraw function to ensure that the withdrawer’s account balance meets the withdrawal quantity requirement and update the account balance after the withdrawal.

2.3 Checking Gas Consumption

External messages are those that don’t have a sender and can be sent by anyone in the world. External messages are good tools for integrating with off-chain systems or for the general maintenance of contracts. When processing internal messages, the sender usually pays for gas usage. When processing external messages, the contract pays for gas usage.

This means that you need to be careful with gas usage in external messages. You should always test the gas usage of your contracts to verify that everything is working as intended, and avoid possible vulnerabilities that could drain the contract balance.

2.4 Partial Execution of Transactions

In the event of an exception or exhaustion of gas, subsequent unfinished transactions will not be executed, and executed transactions will not be rolled back, they will be partially executed.

For example, if you subtracted 1 ton from a customer’s balance and then sent an invalid message, that could lead to a situation when the customer’s balance is subtracted, but he wouldn’t receive it.

Therefore, proper state management is required. To assist in understanding and managing transactions, it is important to draw message flow diagrams to minimize the risk of subsequent problems.

This will help you understand and manage transactions and avoid problems that may arise in the future.

2.5 Other Security Considerations

To ensure the security of the smart contracts, here are some other security considerations you should keep in mind:

• Thorough Testing: Rigorously test your smart contracts to identify and rectify issues, considering a wide array of test cases and scenarios. Make the most of testnets and emulators to validate contract behavior.

• Code Reviews: Engage in comprehensive code reviews to identify and address potential security issues. Collaborating with peers and security experts can significantly enhance code quality.

• Smart Contract Audits: Consider third-party security audits to uncover vulnerabilities and assess the overall security of your contracts. Security audits are a crucial step for applications that require the highest levels of reliability.

3 Conclusion

In this article, we have introduced the novelty of TON, some language features of Tact such as expandability and modularity, and provided a Tact best practice to develop safely.

In summary, Tact provides an efficient and user-friendly environment for smart contract development within the TON ecosystem making it ideal for creating efficient and secure smart contracts on the TON blockchain. It is also particularly important to follow best practices, auditing, and testing during contract development to minimize potential vulnerabilities and risks.

Reference

[1] https://tact-lang.org/

[2] https://github.com/tact-lang/awesome-tact#-smart-contracts-examples

[3] https://blog.ton.org/why-tact-is-ton-s-next-big-breakthrough

About ScaleBit

ScaleBit is a blockchain security team that provides security solutions for Mass Adoption of Web3. With expertise in scaling technologies like blockchain interoperability and zero-knowledge proofs, we provide meticulous and cutting-edge security audits for blockchain applications. The team comprises security professionals with extensive experience in both academia and enterprise. Our mission is to provide security solutions for Web3 Mass Adoption and make security accessible for all.

• Website: https://www.scalebit.xyz/
• Twitter: https://twitter.com/scalebit_