Developer Checklist: How to Build Safe Apps on TON

Article image

Building on TON means building for scale. Code can reach real users quickly, creating incredible opportunities but also significant responsibility.

Most exploits don't use advanced attacks; they stem from avoidable mistakes: unchecked admin permissions, hardcoded logic, weak input validation. These gaps create opportunities for bad actors.

TON provides battle-tested contract examples, clear security practices, ecosystem support, and a developer community to help teams build safer products from day one.

Secure-by-design: the TON developer checklist

✅ Start with trusted, production-used contracts

Learn from what's already working:

These aren't plug-and-play templates, but they're reliable blueprints that reduce risk and speed up development.

✅ Apply least-privilege design

The problem: Centralized admin control is the most common exploit vector.

The solution: Give each contract only the permissions it needs:

  • Use multisig contracts for major upgrades and treasury functions
  • Add time locks for high-impact changes
  • Revoke developer privileges after deployment
  • Avoid shared or exposed deployer keys

✅ Build modular, testable contracts

Break logic into small, well-defined components with single responsibilities. Use clear naming conventions and inline documentation.

Test thoroughly: FunC, Tact, and Tolk all support unit testing environments that catch edge cases before deployment. Clean, testable code makes future updates safer and collaboration smoother.

✅ Avoid hardcoded logic and fallbacks

Never hardcode:

  • Wallet addresses
  • Fee amounts
  • Upgrade keys

Instead: Use secure, upgradable config mechanisms for flexibility without redeployment.

Control fallbacks: Disable or tightly control fallback functions. Unrestricted fallback logic creates unexpected execution paths prone to exploits.

✅ Secure the UI and transaction flow

Critical for Telegram Mini Apps:

  • Display clearly: Show wallet addresses, transaction details, and actions before user confirmation
  • Validate everywhere: Check inputs on both client and server side
  • Prevent spoofing: Design UI that earns trust through clarity and consistency

Phishing and spoofed interfaces remain common attack vectors.

✅ Test against abuse and edge cases

Don't just test expected flows. Simulate:

  • High-volume activity
  • Spam inputs
  • Unusual sequencing
  • Bot-driven interactions

Use TON testnet for real-world testing. Invite internal red teams or trusted developers to review before mainnet deployment.

Key principle: Attack your code first, before anyone else can.

Essential resources for safer development

Learning & Best Practices

Code Examples & Tools

Community Support

Note: Register on TON Builders before applying to TON Nest

What is Tolk? TON's next-generation smart contract language designed to replace FunC. Inspired by TypeScript and Rust, it offers clearer syntax, robust static typing, and built-in serialization - making it easier for EVM developers to get started while maintaining low-level control.

The bottom line

Users won't stick around if they can't trust your app. Security isn't just about preventing exploits. It's about building confidence that scales. Following these practices from the start creates a stronger foundation for attracting users, partners, and long-term success.