Secure Smart Contract Programming in Tact: Popular Mistakes in the TON Ecosystem

This audit-style report summarizes common security pitfalls in the Tact language for TON smart contracts — including optional/zero addresses, incorrect data serialization (e.g., int257 vs uint256), signed integer misuse allowing negative values, concurrency and race conditions in asynchronous message flows, improper handling of bounced messages, and poor gas management — and provides examples and recommended development patterns to avoid fund loss and inconsistent contract state.