Yash Madhwal

Yury Yanovich, Victoria Kovalevskaya, Maksim Egorov et al.

The Open Network (TON) blockchain employs an asynchronous execution model that introduces unique security challenges for smart contracts. A primary concern is race conditions arising from unpredictable message processing order. While previous work established vulnerability patterns through static analysis of audit reports, dynamic detection of temporal dependencies through systematic testing remains an open problem. This study proposes a dynamic evaluation methodology based on controlled message orchestration to systematically expose vulnerabilities in asynchronous smart contracts. By synthesizing precise message queue manipulation with differential state analysis and probabilistic permutation testing, we establish a framework (namely, BugMagnifier) for identifying execution flaws that static methods miss. Experimental evaluation demonstrates BugMagnifier's effectiveness through extensive parametric studies on purpose-built vulnerable contracts and five real-world vulnerability cases reproduced from recent security audits. Results reveal message ratio-dependent detection complexity that aligns with theoretical predictions. This quantitative model enables predictive vulnerability assessment while shifting discovery from manual expert analysis to automated evidence generation. By providing reproducible test scenarios for temporal vulnerabilities, BugMagnifier addresses a critical gap in the TON security tooling, offering practical support for safer smart contract development in asynchronous blockchain environments.

Yury Yanovich, Sergey Sobolev, Yash Madhwal et al.

The Open Network (TON) is a high-performance blockchain platform designed for scalability and efficiency, leveraging an asynchronous execution model and a multi-layered architecture. While TON's design offers significant advantages, it also introduces unique challenges for smart contract development and security. This paper introduces a comprehensive audit checklist for TON smart contracts, based on an empirical analysis of 34 professional audit reports containing 233 real-world vulnerabilities. The checklist addresses TON-specific challenges, such as asynchronous message handling, and provides actionable insights for developers and auditors. We also present detailed case studies of vulnerabilities in TON smart contracts, highlighting their implications and offering lessons learned. To validate practical utility, we conducted a practitioner survey (n=11 complete responses), confirming the checklist's value alongside automated tools. By adopting this checklist, developers and auditors can systematically identify and mitigate vulnerabilities, enhancing the security and reliability of TON-based projects. Our work bridges the gap between Ethereum's mature audit methodologies and the emerging needs of the TON ecosystem, fostering a more secure and robust blockchain environment.

Yash Madhwal, Arseny Bolotnikov, Mark Prikhno et al.

Hyperledger Fabric performance depends on many interacting configuration parameters, making manual tuning difficult. We study automated throughput tuning by treating benchmarking as a noisy black-box optimization problem and applying Bayesian optimization (BO) with dimensionality reduction (DR). We implement an end-to-end Caliper-in-the-loop pipeline that deploys candidate configurations, benchmarks them, and updates the optimizer from observed throughput. The search space, derived from Fabric configuration files, has 317 dimensions. In a cloud testbed, we evaluate 16 BO+DR variants and a random-search baseline. The best method, DYCORS-PCA, achieves a 12% TPS improvement relative to the first evaluated configuration, while MPI-REMBO achieves 9%. These results suggest that BO with DR is a practical approach for high-dimensional Hyperledger Fabric tuning, while also highlighting the role of measurement noise in interpreting gains.

Yash Madhwal, Andrey Seoev, Raffaele Della Pietra et al.

ECDSA signatures form the bedrock of blockchain transaction authentication, yet their security critically depends on proper nonce generation. We uncover a critical vulnerability in the Polygon MEV ecosystem: systematic nonce reuse that enables complete private key recovery. Analyzing on-chain data reveals that searchers, driven by the need for sub-second response times in sealed-bid auctions, employ predictable nonce patterns. These patterns create linear relationships between signatures, allowing passive attackers to recover private keys using elementary algebra. We provide a compact linear-system formulation for such attacks, including the dangerous case of cross-wallet nonce collisions, and present concrete evidence of exploitable patterns on Polygon. Our findings demonstrate how protocol-induced latency pressures can lead to catastrophic cryptographic failures in production blockchain systems, where a single implementation error compromises multiple accounts simultaneously.

Andrei Seoev, Leonid Gremyachikh, Anastasiia Smirnova et al.

In blockchain networks, the strategic ordering of transactions within blocks has emerged as a significant source of profit extraction, known as Maximal Extractable Value (MEV). The transition from spam-based Priority Gas Auctions to structured auction mechanisms like Polygon Atlas has transformed MEV extraction from public bidding wars into sealed-bid competitions under extreme time constraints. While this shift reduces network congestion, it introduces complex strategic challenges where searchers must make optimal bidding decisions within a sub-second window without knowledge of competitor behavior or presence. Traditional game-theoretic approaches struggle in this high-frequency, partially observable environment due to their reliance on complete information and static equilibrium assumptions. We present a reinforcement learning framework for MEV extraction on Polygon Atlas and make three contributions: (1) A novel simulation environment that accurately models the stochastic arrival of arbitrage opportunities and probabilistic competition in Atlas auctions; (2) A PPO-based bidding agent optimized for real-time constraints, capable of adaptive strategy formulation in continuous action spaces while maintaining production-ready inference speeds; (3) Empirical validation demonstrating our history-conditioned agent captures 49\% of available profits when deployed alongside existing searchers and 81\% when replacing the market leader, significantly outperforming static bidding strategies. Our work establishes that reinforcement learning provides a critical advantage in high-frequency MEV environments where traditional optimization methods fail, offering immediate value for industrial participants and protocol designers alike.