TON smart contracts face unique security challenges—including asynchronous message passing and a multi-layered architecture—yet lack audit methodologies tailored to their execution model. This paper systematically analyzes 233 real-world vulnerabilities extracted from 34 professional audit reports, thereby establishing the first comprehensive, structured auditing framework and standardized checklist specifically designed for the TON ecosystem. The framework is explicitly aligned with TON’s asynchronous execution semantics, bridging the practical gap between mature Ethereum auditing methodologies and the emerging TON platform. Through mixed-method (qualitative and quantitative) case studies, we identify high-risk anti-patterns—such as message reentrancy and cross-contract state inconsistency—and distill actionable, rule-based security checks. Our contributions significantly enhance developers’ and auditors’ ability to detect and remediate prevalent TON-specific vulnerabilities, thereby improving the security and reliability of TON-based applications.

The Open Network (TON) is a high-performance blockchain platform designed for scalability and efficiency, leveraging an asynchronous execution model and a multi-layered architecture. While TON's design offers significant advantages, it also introduces unique challenges for smart contract development and security. This paper introduces a comprehensive audit checklist for TON smart contracts, based on an analysis of 34 professional audit reports containing 233 real-world vulnerabilities. The checklist addresses TON-specific challenges, such as asynchronous message handling, and provides actionable insights for developers and auditors. We also present detailed case studies of vulnerabilities in TON smart contracts, highlighting their implications and offering lessons learned. By adopting this checklist, developers and auditors can systematically identify and mitigate vulnerabilities, enhancing the security and reliability of TON-based projects. Our work bridges the gap between Ethereum's mature audit methodologies and the emerging needs of the TON ecosystem, fostering a more secure and robust blockchain environment.