CVE-2025-70955 Overview
A Stack Overflow vulnerability was discovered in the TON Virtual Machine (TVM) before v2024.10. The vulnerability stems from the improper handling of vmstate and continuation jump instructions, which allow for continuous dynamic tail calls. An attacker can exploit this by crafting a smart contract with deeply nested jump logic. Even within permissible gas limits, this nested execution exhausts the host process's stack space, causing the validator node to crash. This results in a Denial of Service (DoS) for the TON blockchain network.
Critical Impact
This vulnerability allows remote attackers to crash TON blockchain validator nodes through malicious smart contracts, potentially disrupting network consensus and availability without exceeding gas limits.
Affected Products
- TON Virtual Machine (TVM) versions before v2024.10
- TON Blockchain validator nodes running vulnerable TVM versions
- TON smart contract execution environments
Discovery Timeline
- 2026-02-13 - CVE-2025-70955 published to NVD
- 2026-02-18 - Last updated in NVD database
Technical Details for CVE-2025-70955
Vulnerability Analysis
This Stack Overflow vulnerability exists in the TON Virtual Machine's handling of continuation jump instructions. The core issue is the improper management of dynamic tail calls within the vmstate processing logic. When the TVM processes a smart contract, it should maintain a bounded stack depth regardless of the contract's complexity. However, the vulnerable code path allows continuation jumps to recursively consume host stack space without adequate depth checking.
The weakness is classified under CWE-674 (Uncontrolled Recursion), indicating that the TVM fails to properly limit recursive function calls or equivalent continuation-based execution patterns. This architectural flaw means that a carefully crafted smart contract can trigger an unbounded series of nested continuations, each consuming additional stack frames on the host process.
What makes this vulnerability particularly concerning for blockchain infrastructure is that it operates within the normal gas limit boundaries. Traditional resource exhaustion protections in blockchain virtual machines rely on gas metering to prevent runaway computation. However, this vulnerability bypasses that protection by exhausting a different resource—the host process's native stack space—rather than the metered execution budget.
Root Cause
The root cause lies in the TVM's implementation of continuation handling and jump instructions. When processing continuation jumps, the virtual machine fails to implement proper depth limits for dynamic tail calls. Each continuation jump recursively invokes the execution handler without unwinding the previous stack frame, leading to unbounded stack growth on the host system.
The vulnerability exists because the vmstate management does not account for the native stack consumption of the host process during continuation-based execution. While gas limits constrain computational work, they do not directly limit the depth of the native call stack used by the TVM implementation.
Attack Vector
The attack leverages network-accessible smart contract deployment and execution capabilities inherent to the TON blockchain:
- Contract Crafting: An attacker creates a malicious smart contract containing deeply nested jump logic with continuation instructions designed to trigger recursive execution patterns
- Deployment: The contract is deployed to the TON blockchain through standard transaction mechanisms
- Execution Trigger: When validator nodes process transactions involving this contract, they execute the malicious code
- Stack Exhaustion: The nested continuation jumps exhaust the validator process's native stack space
- Node Crash: The validator node crashes due to stack overflow, causing service disruption
The attack requires no authentication and can be executed remotely by any party capable of deploying smart contracts to the TON network. The malicious contract operates within normal gas limits, making it difficult to distinguish from legitimate contracts based on gas consumption alone.
For technical details on the vulnerability mechanism and fix, see the GitHub commit reference and the example code gist.
Detection Methods for CVE-2025-70955
Indicators of Compromise
- Validator node processes terminating unexpectedly with stack overflow or segmentation fault signals
- Smart contracts containing unusually deep or circular continuation jump patterns
- Repeated crashes of TVM execution processes when handling specific contracts
- Memory and stack usage spikes in validator processes prior to crashes
Detection Strategies
- Monitor validator node process health for unexpected terminations, particularly those with stack-related exit codes
- Implement static analysis of deployed smart contracts to identify deeply nested or recursive continuation patterns
- Deploy anomaly detection for contract execution patterns that exhibit unusual jump instruction frequencies
- Track TVM process stack usage metrics to identify contracts approaching dangerous stack depths
Monitoring Recommendations
- Configure process monitoring to alert on validator node crashes with SIGSEGV or SIGABRT signals
- Implement logging around TVM continuation handling to capture execution depth metrics
- Set up blockchain transaction monitoring to flag contracts with suspicious jump instruction patterns
- Establish baseline metrics for normal validator stack usage to detect anomalous behavior
How to Mitigate CVE-2025-70955
Immediate Actions Required
- Upgrade TON Virtual Machine to version v2024.10 or later immediately
- Review deployed smart contracts for potentially malicious continuation patterns
- Implement process restart policies to maintain validator availability during potential exploitation attempts
- Monitor validator node health closely during the upgrade transition period
Patch Information
The vulnerability has been addressed in TON version v2024.10. The fix implements proper depth limiting for continuation jumps to prevent unbounded stack growth. The patch details can be reviewed in the official GitHub commit. Release notes are available in the TON v2024.10 release.
Workarounds
- If immediate upgrade is not possible, implement external process monitoring to automatically restart crashed validator nodes
- Consider deploying validator nodes with increased stack size limits as a temporary mitigation (e.g., using ulimit -s)
- Implement network-level filtering to quarantine transactions involving known malicious contracts
- Deploy redundant validator infrastructure to maintain network participation during potential exploitation
# Temporary stack size increase for validator processes
# This is a workaround only - upgrade to v2024.10 is the recommended fix
ulimit -s unlimited
# Or set a specific larger limit
ulimit -s 65536
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
