Open jubnzv opened 2 weeks ago
The Misti static smart-contract analyzer, despite its early stage of development has already found critical issues in soon-to-be released projects written in Tact. I'm all for supporting this project to make it even better! And it also has great potential to also support FunC.
Summary
Enhance Misti with more powerful Tact detectors to promote security best practices in the ecosystem.
Context
Misti is a static analyzer for the TON blockchain supported by the TON Foundation. Version 0.1 introduced the core of the analyzer, comprehensive documentation, and five detectors. The next minor release, version 0.2, introduced five more detectors, along with various improvements and fixes that enhance the tool's integrability, including the development of the Blueprint plugin.
Planned Improvements
In the next 0.3 version, the focus will be on more powerful Tact security checks. The roadmap includes:
Introducing ten new Tact detectors covering more complex issues. These six are considered the most important as they address real-world problems:
SendParameters
Sanity CheckerOther planned detectors are included in the 0.3 roadmap. Detectors may be changed or added based on ecosystem needs and project constraints, but there will be at least ten.
Milestones
Key Contributions
Next Plans
The next priority will be FunC support in the following release. This release will make Tact support strong enough to focus on Func in the subsequent months. The decision was made to prioritize it over other tasks to increase community engagement.
References
Estimate suggested reward
10,000 USD in TON equivalent.
Estimated completion date: November 15, 2024. This is subject to change based on the Tact release cycle and the grant application process. But delays should not exceed a few weeks.
UPD: Adjusted the estimated completion date according to the new Tact 1.6.0 release date.