PANews, July 9 news, according to BitsLab disclosure, its security team TonBit recently discovered a null pointer dereference vulnerability in the INMSGPARAM instruction in TON Virtual Machine (TVM) version 2025.04. Attackers can trigger a virtual machine crash by constructing special message parameters. This vulnerability was proactively reported by TonBit before the launch of TVM11 and has been officially fixed and acknowledged. The root cause of the vulnerability is the lack of null pointer checks in the as_tuple() function. TonBit emphasizes that it will continue to strengthen TVM security measures to ensure the stability of on-chain contract execution.
