Skip to main content
CVE Vulnerability Database
Vulnerability Database/CVE-2025-70955

CVE-2025-70955: TON Virtual Machine Stack Overflow DoS

CVE-2025-70955 is a stack overflow denial of service vulnerability in TON Virtual Machine (TVM) that allows attackers to crash validator nodes through crafted smart contracts with nested jump logic. This article covers technical details, affected versions, impact, and mitigation strategies.

Published:

CVE-2025-70955 Overview

A Stack Overflow vulnerability was discovered in the TON Virtual Machine (TVM) before v2024.10. The vulnerability stems from the improper handling of vmstate and continuation jump instructions, which allow for continuous dynamic tail calls. An attacker can exploit this by crafting a smart contract with deeply nested jump logic. Even within permissible gas limits, this nested execution exhausts the host process's stack space, causing the validator node to crash. This results in a Denial of Service (DoS) for the TON blockchain network.

Critical Impact

This vulnerability allows remote attackers to crash TON blockchain validator nodes through malicious smart contracts, potentially disrupting network consensus and availability without exceeding gas limits.

Affected Products

  • TON Virtual Machine (TVM) versions before v2024.10
  • TON Blockchain validator nodes running vulnerable TVM versions
  • TON smart contract execution environments

Discovery Timeline

  • 2026-02-13 - CVE-2025-70955 published to NVD
  • 2026-02-18 - Last updated in NVD database

Technical Details for CVE-2025-70955

Vulnerability Analysis

This Stack Overflow vulnerability exists in the TON Virtual Machine's handling of continuation jump instructions. The core issue is the improper management of dynamic tail calls within the vmstate processing logic. When the TVM processes a smart contract, it should maintain a bounded stack depth regardless of the contract's complexity. However, the vulnerable code path allows continuation jumps to recursively consume host stack space without adequate depth checking.

The weakness is classified under CWE-674 (Uncontrolled Recursion), indicating that the TVM fails to properly limit recursive function calls or equivalent continuation-based execution patterns. This architectural flaw means that a carefully crafted smart contract can trigger an unbounded series of nested continuations, each consuming additional stack frames on the host process.

What makes this vulnerability particularly concerning for blockchain infrastructure is that it operates within the normal gas limit boundaries. Traditional resource exhaustion protections in blockchain virtual machines rely on gas metering to prevent runaway computation. However, this vulnerability bypasses that protection by exhausting a different resource—the host process's native stack space—rather than the metered execution budget.

Root Cause

The root cause lies in the TVM's implementation of continuation handling and jump instructions. When processing continuation jumps, the virtual machine fails to implement proper depth limits for dynamic tail calls. Each continuation jump recursively invokes the execution handler without unwinding the previous stack frame, leading to unbounded stack growth on the host system.

The vulnerability exists because the vmstate management does not account for the native stack consumption of the host process during continuation-based execution. While gas limits constrain computational work, they do not directly limit the depth of the native call stack used by the TVM implementation.

Attack Vector

The attack leverages network-accessible smart contract deployment and execution capabilities inherent to the TON blockchain:

  1. Contract Crafting: An attacker creates a malicious smart contract containing deeply nested jump logic with continuation instructions designed to trigger recursive execution patterns
  2. Deployment: The contract is deployed to the TON blockchain through standard transaction mechanisms
  3. Execution Trigger: When validator nodes process transactions involving this contract, they execute the malicious code
  4. Stack Exhaustion: The nested continuation jumps exhaust the validator process's native stack space
  5. Node Crash: The validator node crashes due to stack overflow, causing service disruption

The attack requires no authentication and can be executed remotely by any party capable of deploying smart contracts to the TON network. The malicious contract operates within normal gas limits, making it difficult to distinguish from legitimate contracts based on gas consumption alone.

For technical details on the vulnerability mechanism and fix, see the GitHub commit reference and the example code gist.

Detection Methods for CVE-2025-70955

Indicators of Compromise

  • Validator node processes terminating unexpectedly with stack overflow or segmentation fault signals
  • Smart contracts containing unusually deep or circular continuation jump patterns
  • Repeated crashes of TVM execution processes when handling specific contracts
  • Memory and stack usage spikes in validator processes prior to crashes

Detection Strategies

  • Monitor validator node process health for unexpected terminations, particularly those with stack-related exit codes
  • Implement static analysis of deployed smart contracts to identify deeply nested or recursive continuation patterns
  • Deploy anomaly detection for contract execution patterns that exhibit unusual jump instruction frequencies
  • Track TVM process stack usage metrics to identify contracts approaching dangerous stack depths

Monitoring Recommendations

  • Configure process monitoring to alert on validator node crashes with SIGSEGV or SIGABRT signals
  • Implement logging around TVM continuation handling to capture execution depth metrics
  • Set up blockchain transaction monitoring to flag contracts with suspicious jump instruction patterns
  • Establish baseline metrics for normal validator stack usage to detect anomalous behavior

How to Mitigate CVE-2025-70955

Immediate Actions Required

  • Upgrade TON Virtual Machine to version v2024.10 or later immediately
  • Review deployed smart contracts for potentially malicious continuation patterns
  • Implement process restart policies to maintain validator availability during potential exploitation attempts
  • Monitor validator node health closely during the upgrade transition period

Patch Information

The vulnerability has been addressed in TON version v2024.10. The fix implements proper depth limiting for continuation jumps to prevent unbounded stack growth. The patch details can be reviewed in the official GitHub commit. Release notes are available in the TON v2024.10 release.

Workarounds

  • If immediate upgrade is not possible, implement external process monitoring to automatically restart crashed validator nodes
  • Consider deploying validator nodes with increased stack size limits as a temporary mitigation (e.g., using ulimit -s)
  • Implement network-level filtering to quarantine transactions involving known malicious contracts
  • Deploy redundant validator infrastructure to maintain network participation during potential exploitation
bash
# Temporary stack size increase for validator processes
# This is a workaround only - upgrade to v2024.10 is the recommended fix
ulimit -s unlimited
# Or set a specific larger limit
ulimit -s 65536

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

Default Legacy - Prefooter | Experience the World’s Most Advanced Cybersecurity Platform

Experience the Most Advanced Cybersecurity Platform

See how the world’s most intelligent, autonomous cybersecurity platform can protect your organization today and into the future.