Description
A State Pollution vulnerability was discovered in the TON Virtual Machine (TVM) before v2025.04. The issue exists in the RUNVM instruction logic (VmState::run_child_vm), which is responsible for initializing child virtual machines. The operation moves critical resources (specifically libraries and log) from the parent state to a new child state in a non-atomic manner. If an Out-of-Gas (OOG) exception occurs after resources are moved but before the state transition is finalized, the parent VM retains a corrupted state where these resources are emptied/invalid. Because RUNVM supports gas isolation, the parent VM continues execution with this corrupted state, leading to unexpected behavior or denial of service within the contract's context.
References
github.com/...ommit/1835d84602bbaaa1593270d7ab3bb0b499920416
github.com/ton-blockchain/ton/releases/tag/v2025.04
mp.weixin.qq.com/s/ZD35baKUikefFdtNHZIC9g
gist.github.com/...-code233/beab9d14683ed2bdf5543be430b91c70