BugMagnifier: TON Transaction Simulator for Revealing Smart Contract Vulnerabilities
This work addresses the open problem of dynamic vulnerability detection in asynchronous smart contracts for TON blockchain developers and auditors, offering automated evidence generation for temporal flaws.
BugMagnifier introduces a dynamic testing framework for TON smart contracts that uses controlled message orchestration to expose race conditions and temporal vulnerabilities missed by static analysis. It successfully reproduced five real-world vulnerabilities from audits and provides a quantitative model for predictive vulnerability assessment.
The Open Network (TON) blockchain employs an asynchronous execution model that introduces unique security challenges for smart contracts. A primary concern is race conditions arising from unpredictable message processing order. While previous work established vulnerability patterns through static analysis of audit reports, dynamic detection of temporal dependencies through systematic testing remains an open problem. This study proposes a dynamic evaluation methodology based on controlled message orchestration to systematically expose vulnerabilities in asynchronous smart contracts. By synthesizing precise message queue manipulation with differential state analysis and probabilistic permutation testing, we establish a framework (namely, BugMagnifier) for identifying execution flaws that static methods miss. Experimental evaluation demonstrates BugMagnifier's effectiveness through extensive parametric studies on purpose-built vulnerable contracts and five real-world vulnerability cases reproduced from recent security audits. Results reveal message ratio-dependent detection complexity that aligns with theoretical predictions. This quantitative model enables predictive vulnerability assessment while shifting discovery from manual expert analysis to automated evidence generation. By providing reproducible test scenarios for temporal vulnerabilities, BugMagnifier addresses a critical gap in the TON security tooling, offering practical support for safer smart contract development in asynchronous blockchain environments.