Built-in Checkers in TSA Blueprint Plugin

The TSA Blueprint plugin includes several built-in security checkers designed to identify common vulnerabilities in smart contracts. Below is a summary of each checker and the type of vulnerability it targets.

To use these checkers, first install the plugin.

Run all available checks:

yarn blueprint tsa audit -c [ContractName]

Drain Check

This checker verifies whether a random, unauthorized user can withdraw funds from the contract. It simulates withdrawal attempts from arbitrary addresses to ensure that only intended parties (such as the owner or specific roles) have access to contract funds.

Run the checker:

yarn blueprint tsa drain-check -c [ContractName]

To skip both confirmation prompts in scripts or CI, add --no-interactive.

Vulnerability targeted: Unauthorized fund withdrawal, missing access control on payable functions.

See: Tutorial on using drain-check.

Ownership Hijack Check

This checker tests if a random user can become the owner of the contract. It attempts to call ownership transfer functions or exploit initialization logic to take control of the contract.

Run the checker:

yarn blueprint tsa owner-hijack-check -c [ContractName] -m [get-method-that-returns-owner-address]

To skip both confirmation prompts in scripts or CI, add --no-interactive.

Vulnerability targeted: Flawed ownership transfer logic, missing or incorrect access modifiers on ownership functions.

See: Tutorial on using owner-hijack-check.

Replay Attack Checker

This checker analyzes whether the contract is susceptible to replay attacks, where a valid transaction or message is maliciously repeated. It verifies that the contract properly implements replay protection mechanisms, such as using a seqno (sequence number) parameter in the contract data that increments with each transaction to ensure uniqueness.

Read more in TON documentation.

Run the checker:

yarn blueprint tsa replay-attack-check -c [ContractName]

To skip both confirmation prompts in scripts or CI, add --no-interactive.

Vulnerability targeted: Replay attacks due to missing or improper transaction uniqueness validation (e.g., absent or mishandled seqno).

See: Tutorial on using replay-attack-check.

Bounced Messages Processing Checker

This checker evaluates how the contract handles bounced messages. When an outgoing message from the contract fails and bounces back, the checker verifies that the contract processes such bounced messages correctly — specifically, that it does not fail upon receiving a bounce and does not perform unexpected actions like sending new messages in response.

Run the checker:

yarn blueprint tsa bounce-check -c [ContractName]

To skip both confirmation prompts in scripts or CI, add --no-interactive.

Vulnerability targeted: Improper bounced message handling leading to contract failures, unexpected behavior, or unintended message propagation.

See: Tutorial on using bounce-check.

Opcode Authorization Check

This checker inspects each opcode in the contract and reports which ones have authorization checks in place and which do not. It does not provide a binary verdict (vulnerable or not vulnerable); instead, it outputs a summary that allows developers to review and verify that only intended opcodes permit unauthorized users to invoke them.

The checker marks an opcode as lacking authentication if a random user can send a message beginning with that opcode and complete the compute phase successfully.

Run the checker:

yarn blueprint tsa opcode-info -c [ContractName]

To skip both confirmation prompts in scripts or CI, add --no-interactive.

Purpose: To give visibility into the authorization state of each opcode, enabling developers to confirm that sensitive operations are properly restricted.

See: Tutorial on using opcode-info.