My TON Payment App

\#	Instruction	Field	Type	Description
0	\-	0x076ef1ea	integer	tag of the `SmartContractInfo` TL-B structure
1	\-	actions count	integer	increments when new action is pushed to `c5` .
2	\-	messages sent	integer	increments when new `action_send_msg` is pushed to `c5`
3	NOW	unix time	integer	current time (timestamp of block collation)
4	BLOCKLT	current block LT (logical time)	integer
5	LTIME	current transaction LT	integer
6	RANDSEED	random seed	integer	`sha256(block_rand_seed . account_address)`
7	BALANCE	smart contract balance	tuple	tuple of integer (TON balance) and cell or `null` (extra currencies dictionary)
8	MYADDR	smart contract address	slice
9	CONFIGROOT	global blockchain configuration	cell or `null` (dictionary)
10	MYCODE	smart contract code	cell
11	INCOMINGVALUE	value of incoming message	tuple	tuple of integer (TON value) and cell or `null` (extra currencies dictionary)
12	STORAGEFEES	fees collected during storage phase	integer
13	PREVBLOCKSINFOTUPLE, PREVMCBLOCKS_100	last 16 masterchain blocks, last keyblock, and last 16 masterchain blocks with seqno divisible by 100	tuple	tuple has following `PrevBlocksInfo` structure: ```tlb [ wc:Integer shard:Integer seqno:Integer root_hash:Integer file_hash:Integer ] = BlockId; [ last_mc_blocks:BlockId[] prev_key_block:BlockId last_mc_blocks_divisible_by_100:BlockId[] ] = PrevBlocksInfo; ```
14	UNPACKEDCONFIGTUPLE	unpacked config values	tuple	* 0: `StoragePrices` from the `ConfigParam 18` — not the whole dictionary, but only the one `StoragePrices` entry which corresponds to the current time * 1: `ConfigParam 19`, global ID * 2: `ConfigParam 20`, masterchain gas prices * 3: `ConfigParam 21`, non-masterchain gas prices * 4: `ConfigParam 24`, masterchain forward fees * 5: `ConfigParam 25`, non-masterchain forward fees * 6: `ConfigParam 43`, size limits
15	DUEPAYMENT	current debt for storage fee in nanotons	integer
16	GETPRECOMPILEDGAS	gas usage for the current contract if it is precompiled, `null` otherwise	integer or `null`	see `ConfigParam 45`
17	INMSGPARAMS	inbound message parameters	tuple	* 0: `bounce: boolean` — can bounce * 1: `bounced: boolean` — did bounce * 2: `src_addr: slice` — sender * 3: `fwd_fee: int` * 4: `created_lt: int` * 5: `created_at: int` * 6: `orig_value: int` — this is sometimes different from the value in `INCOMINGVALUE` and TVM stack because of storage fees * 7: `value: int` — same as in `INCOMINGVALUE` and on the initial TVM stack * 8: `value_extra: cell or null` — same as in `INCOMINGVALUE` * 9: `state_init: cell or null` For external messages, tick-tock transactions and get methods: `bounce`, `bounced`, `fwd_fee`, `created_lt`, `created_at`, `orig_value`, `value` are 0, `value_extra` is null. For tick-tock transactions and get methods, `src_addr` is `addr_none`.

| Project | Year | G. | Cons. | Sm. | Ch. | R. | Sh. | Int. | | --------- | ------------ | -- | ------- | --- | --- | --- | ---- | ---- | | Bitcoin | 2009 | 1 | PoW | no | 1 | | | | | Ethereum | 2013, 2015 | 2 | PoW | yes | 1 | | | | | NXT | 2014 | 2+ | PoS | no | 1 | | | | | Tezos | 2017, ? | 2+ | PoS | yes | 1 | | | | | Casper | 2015, (2017) | 3 | PoW/PoS | yes | 1 | | | | | BitShares | 2013, 2014 | 3' | DPoS | no | m | ht. | no | L | | EOS | 2016, (2018) | 4 | DPoS | yes | m | ht. | no | L | | PolkaDot | 2016, (2019) | 4 | PoS BFT | yes | m | ht. | no | L | | Cosmos | 2017, ? | 4 | PoS BFT | yes | m | ht. | no | L | | TON | 2017, (2018) | 5 | PoS BFT | yes | m | mix | dyn. | T | **Table 1:** A summary of some notable blockchain projects. The columns are: *Project* — project name; *Year* — year announced and year deployed; *G.* — generation (cf. [2.8.15](#2-8-15-simplified-classification-generations-of-blockchain-projects)); *Cons.* — consensus algorithm (cf. [2.8.3](#2-8-3-creating-and-validating-blocks-proof-of-work-vs-proof-of-stake) and [2.8.4](#2-8-4-variants-of-proof-of-stake-dpos-vs-bft)); *Sm.* — support for arbitrary code (smart contracts; cf. [2.8.6](#2-8-6-support-for-turing-complete-code-in-transactions%2C-i-e-%2C-essentially-arbitrary-smart-contracts)); *Ch.* — single/multiple blockchain system (cf. [2.8.2](#2-8-2-single-blockchain-vs-multi-blockchain-projects)); *R.* — heterogeneous/homogeneous multichain systems (cf. [2.8.8](#2-8-8-blockchain-types-homogeneous-and-heterogeneous-systems)); *Sh.* — sharding support (cf. [2.8.12](#2-8-12-sharding-support)); *Int.* — interaction between blockchains, (L)oose or (T)ight (cf. [2.8.14](#2-8-14-interaction-between-blockchains-loosely-coupled-and-tightly-coupled-systems)). #### 2.9.1. Bitcoin [\[12\]](#ref-12); [https://bitcoin.org/](https://bitcoin.org/) [#291-bitcoin-12-httpsbitcoinorg] *Bitcoin* (2009) is the first and the most famous blockchain project. It is a typical *first-generation* blockchain project: it is single-chain, it uses Proof-of-Work with a "longest-fork-wins" fork selection algorithm, and it does not have a Turing-complete scripting language (however, simple scripts without loops are supported). The Bitcoin blockchain has no notion of an account; it uses the UTXO (Unspent Transaction Output) model instead. #### 2.9.2. Ethereum [\[2\]](#ref-2); [https://ethereum.org/](https://ethereum.org/) [#292-ethereum-2-httpsethereumorg] *Ethereum* (2015) is the first blockchain with support for Turing-complete smart contracts. As such, it is a typical *second-generation* project, and the most popular among them. It uses Proof-of-Work on a single blockchain, but has smart contracts and accounts. #### 2.9.3. NXT; [https://nxtplatform.org/](https://nxtplatform.org/) [#293-nxt-httpsnxtplatformorg] *NXT* (2014) is the first PoS-based blockchain and currency. It is still single-chain, and has no smart contract support. #### 2.9.4. Tezos; [https://www.tezos.com/](https://www.tezos.com/) [#294-tezos-httpswwwtezoscom] *Tezos* (2018 or later) is a proposed PoS-based single-blockchain project. We mention it here because of its unique feature: its block interpretation function $\mathit{ev\_block}$ (cf. [2.2.6](#2-2-6-blocks-and-transactions-as-state-transformation-operators)) is not fixed, but is determined by an OCaml module, which can be upgraded by committing a new version into the blockchain (and collecting some votes for the proposed change). In this way, one will be able to create custom single-chain projects by first deploying a "vanilla" Tezos blockchain, and then gradually changing the block interpretation function in the desired direction, without any need for hard forks. This idea, while intriguing, has the obvious drawback that it forbids any optimized implementations in other languages like C++, so a Tezos-based blockchain is destined to have lower performance. We think that a similar result might have been obtained by publishing a formal *specification* of the proposed block interpretation function $\mathit{ev\_trans}$, without fixing a particular *implementation*. #### 2.9.5. Casper^[30](#fn30) [#295-casper30] *Casper* is an upcoming PoS algorithm for Ethereum; its gradual deployment in 2017 (or 2018), if successful, will change Ethereum into a single-chain PoS or mixed PoW+PoS system with smart contract support, transforming Ethereum into a *third-generation* project. #### 2.9.6. BitShares [\[8\]](#ref-8); [https://bitshares.org](https://bitshares.org) [#296-bitshares-8-httpsbitsharesorg] *BitShares* (2014) is a platform for distributed blockchain-based exchanges. It is a heterogeneous multi-blockchain DPoS system without smart contracts; it achieves its high performance by allowing only a small set of predefined specialized transaction types, which can be efficiently implemented in C++, assuming the blockchain state fits into memory. It is also the first blockchain project to use Delegated Proof-of-Stake (DPoS), demonstrating its viability at least for some specialized purposes. #### 2.9.7. EOS [\[5\]](#ref-5); [https://eos.io](https://eos.io) [#297-eos-5-httpseosio] *EOS* (2018 or later) is a proposed heterogeneous multi-blockchain DPoS system *with* smart contract support and with some minimal support for messaging (still loosely-coupled in the sense described in [2.8.14](#2-8-14-interaction-between-blockchains-loosely-coupled-and-tightly-coupled-systems)). It is an attempt by the same team that has previously successfully created the BitShares and SteemIt projects, demonstrating the strong points of the DPoS consensus algorithm. Scalability will be achieved by creating specialized workchains for projects that need it (e.g., a distributed exchange might use a workchain supporting a special set of optimized transactions, similarly to what BitShares did) and by creating multiple workchains with the same rules (*confederations* in the sense described in [2.8.10](#2-8-11-heterogeneous-systems-with-several-workchains-having-the-same-rules-or-confederations)). The drawbacks and limitations of this approach to scalability have been discussed in *loc. cit.* Cf. also [2.8.5](#2-8-5-comparison-of-dpos-and-bft-pos), [2.8.12](#2-8-13-sharding-support), and [2.8.14](#2-8-15-interaction-between-blockchains-loosely-coupled-and-tightly-coupled-systems) for a more detailed discussion of DPoS, sharding, interaction between workchains and their implications for the scalability of a blockchain system. At the same time, even if one will not be able to "create a Facebook inside a blockchain" (cf. [2.9.13](#2-9-13-is-it-possible-to-upload-facebook-into-a-blockchain)), EOS or otherwise, we think that EOS might become a convenient platform for some highly-specialized weakly interacting distributed applications, similar to BitShares (decentralized exchange) and SteemIt (decentralized blog platform). #### 2.9.8. PolkaDot [\[17\]](#ref-17); [https://polkadot.io/](https://polkadot.io/) [#298-polkadot-17-httpspolkadotio] *PolkaDot* (2019 or later) is one of the best thought-out and most detailed proposed multichain Proof-of-Stake projects; its development is led by one of the Ethereum co-founders. This project is one of the closest projects to the TON Blockchain on our map. (In fact, we are indebted for our terminology for "fishermen" and "nominators" to the PolkaDot project.) PolkaDot is a heterogeneous loosely-coupled multichain Proof-of-Stake project, with Byzantine Fault Tolerant (BFT) consensus for generation of new blocks and a masterchain (which might be external—e.g., the Ethereum blockchain). It also uses hypercube routing, somewhat like (the slow version of) TON's as described in [2.4.19](#2-4-19-hypercube-routing-slow-path-for-messages-with-assured-delivery). Its unique feature is its ability to create not only *public*, but also *private* blockchains. These private blockchains would also be able to interact with other public blockchains, PolkaDot or otherwise. As such, PolkaDot might become a platform for large-scale *private* blockchains, which might be used, for example, by bank consortiums to quickly transfer funds to each other, or for any other uses a large corporation might have for private blockchain technology. However, PolkaDot has no sharding support and is not tightly-coupled. This somewhat hampers its scalability, which is similar to that of EOS. (Perhaps a bit better, because PolkaDot uses BFT PoS instead of DPoS.) #### 2.9.9. Universa; [https://universa.io](https://universa.io) [#299-universa-httpsuniversaio] The only reason we mention this unusual blockchain project here is because it is the only project so far to make in passing an explicit reference to something similar to our Infinite Sharding Paradigm (cf. [2.1.2](#2-1-2-infinite-sharding-paradigm)). Its other peculiarity is that it bypasses all complications related to Byzantine Fault Tolerance by promising that only trusted and licensed partners of the project will be admitted as validators, hence they will never commit invalid blocks. This is an interesting decision; however, it essentially makes a blockchain project deliberately *centralized*, something blockchain projects usually want to avoid (why does one need a blockchain at all to work in a trusted centralized environment?). #### 2.9.10. Plasma; [https://plasma.io](https://plasma.io) [#2910-plasma-httpsplasmaio] *Plasma* (2019?) is an unconventional blockchain project from another co-founder of Ethereum. It is supposed to mitigate some limitations of Ethereum without introducing sharding. In essence, it is a separate project from Ethereum, introducing a hierarchy of (heterogeneous) workchains, bound to the Ethereum blockchain (to be used as an external masterchain) at the top level. Funds can be transferred from any blockchain up in the hierarchy (starting from the Ethereum blockchain as the root), along with a description of a job to be done. Then the necessary computations are done in the child workchain (possibly requiring forwarding of parts of the original job further down the tree), their results are passed up, and a reward is collected. The problem of achieving consistency and validating these workchains is circumvented by a (payment channel-inspired) mechanism allowing users to unilaterally withdraw their funds from a misbehaving workchain to its parent workchain (albeit slowly), and re-allocate their funds and their jobs to another workchain. In this way, Plasma might become a platform for distributed computations bound to the Ethereum blockchain, something like a "mathematical co-processor". However, this does not seem like a way to achieve true general-purpose scalability. #### 2.9.11. Specialized blockchain projects [#2911-specialized-blockchain-projects] There are also some specialized blockchain projects, such as FileCoin (a system that incentivizes users to offer their disk space for storing the files of other users who are willing to pay for it), Golem (a blockchain-based platform for renting and lending computing power for specialized applications such as 3D-rendering) or SONM (another similar computing power-lending project). Such projects do not introduce anything conceptually new on the level of blockchain organization; rather, they are particular blockchain applications, which could be implemented by smart contracts running in a general-purpose blockchain, provided it can deliver the required performance. As such, projects of this kind are likely to use one of the existing or planned blockchain projects as their base, such as EOS, PolkaDot or TON. If a project needs "true" scalability (based on sharding), it would better use TON; if it is content to work in a "confederated" context by defining a family of workchains of its own, explicitly optimized for its purpose, it might opt for EOS or PolkaDot. #### 2.9.12. The TON Blockchain [#2912-the-ton-blockchain] The TON (Telegram Open Network) Blockchain (planned 2018) is the project we are describing in this document. It is designed to be the first fifth-generation blockchain project—that is, a BFT PoS-multichain project, mixed homogeneous/heterogeneous, with support for (shardable) custom workchains, with native sharding support, and tightly-coupled (in particular, capable of forwarding messages between shards almost instantly while preserving a consistent state of all shardchains). As such, it will be a truly scalable general-purpose blockchain project, capable of accommodating essentially any applications that can be implemented in a blockchain at all. When augmented by the other components of the TON Project (cf. [1](#1-brief-description-of-ton-components)), its possibilities expand even further. #### 2.9.13. Is it possible to "upload Facebook into a blockchain"? [#2913-is-it-possible-to-upload-facebook-into-a-blockchain] Sometimes people claim that it will be possible to implement a social network on the scale of Facebook as a distributed application residing in a blockchain. Usually a favorite blockchain project is cited as a possible "host" for such an application. We cannot say that this is a technical impossibility. Of course, one needs a tightly-coupled blockchain project with true sharding (i.e., TON) in order for such a large application not to work too slowly (e.g., deliver messages and updates from users residing in one shardchain to their friends residing in another shardchain with reasonable delays). However, we think that this is not needed and will never be done, because the price would be prohibitive. Let us consider "uploading Facebook into a blockchain" as a thought experiment; any other project of similar scale might serve as an example as well. Once Facebook is uploaded into a blockchain, all operations currently done by Facebook's servers will be serialized as transactions in certain blockchains (e.g., TON's shardchains), and will be performed by all validators of these blockchains. Each operation will have to be performed, say, at least twenty times, if we expect every block to collect at least twenty validator signatures (immediately or eventually, as in DPOS systems). Similarly, all data kept by Facebook's servers on their disks will be kept on the disks of all validators for the corresponding shardchain (i.e., in at least twenty copies). Because the validators are essentially the same servers (or perhaps clusters of servers, but this does not affect the validity of this argument) as those currently used by Facebook, we see that the total hardware expenses associated with running Facebook in a blockchain are at least twenty times higher than if it were implemented in the conventional way. In fact, the expenses would be much higher still, because the blockchain's virtual machine is slower than the "bare CPU" running optimized compiled code, and its storage is not optimized for Facebook-specific problems. One might partially mitigate this problem by crafting a specific workchain with some special transactions adapted for Facebook; this is the approach of BitShares and EOS to achieving high performance, available in the TON Blockchain as well. However, the general blockchain design would still impose some additional restrictions by itself, such as the necessity to register all operations as transactions in a block, to organize these transactions in a Merkle tree, to compute and check their Merkle hashes, to propagate this block further, and so on. Therefore, a conservative estimate is that one would need 100 times more servers of the same performance as those used by Facebook now in order to validate a blockchain project hosting a social network of that scale. Somebody will have to pay for these servers, either the company owning the distributed application (imagine seeing 700 ads on each Facebook page instead of 7) or its users. Either way, this does not seem economically viable. We believe that *it is not true that everything should be uploaded into the blockchain*. For example, it is not necessary to keep user photographs in the blockchain; registering the hashes of these photographs in the blockchain and keeping the photographs in a distributed off-chain storage (such as FileCoin or TON Storage) would be a better idea. This is the reason why TON is not just a blockchain project, but a collection of several components (TON P2P Network, TON Storage, TON Services) centered around the TON Blockchain as outlined in Chapters [1](#1-brief-description-of-ton-components) and [4](#4-ton-services-and-applications). *** ## 3. TON Networking [#3-ton-networking] Any blockchain project requires not only a specification of block format and blockchain validation rules, but also a network protocol used to propagate new blocks, send and collect transaction candidates and so on. In other words, a specialized peer-to-peer network must be set up by every blockchain project. This network must be peer-to-peer, because blockchain projects are normally expected to be decentralized, so one cannot rely on a centralized group of servers and use conventional client-server architecture, as, for instance, classical online banking applications do. Even light clients (e.g., light cryptocurrency wallet smartphone applications), which must connect to full nodes in a client-server–like fashion, are actually free to connect to another full node if their previous peer goes down, provided the protocol used to connect to full nodes is standardized enough. While the networking demands of single-blockchain projects, such as Bitcoin or Ethereum, can be met quite easily (one essentially needs to construct a "random" peer-to-peer overlay network, and propagate all new blocks and transaction candidates by a gossip protocol), multi-blockchain projects, such as the TON Blockchain, are much more demanding (e.g., one must be able to subscribe to updates of only some shardchains, not necessarily all of them). Therefore, the networking part of the TON Blockchain and the TON Project as a whole merits at least a brief discussion. On the other hand, once the more sophisticated network protocols needed to support the TON Blockchain are in place, it turns out that they can easily be used for purposes not necessarily related to the immediate demands of the TON Blockchain, thus providing more possibilities and flexibility for creating new services in the TON ecosystem. ### 3.1 Abstract Datagram Network Layer [#31--abstract-datagram-network-layer] The cornerstone in building the TON networking protocols is the *(TON) Abstract (Datagram) Network Layer*. It enables all nodes to assume certain "network identities", represented by 256-bit "abstract network addresses", and communicate (send datagrams to each other, as a first step) using only these 256-bit network addresses to identify the sender and the receiver. In particular, one does not need to worry about IPv4 or IPv6 addresses, UDP port numbers, and the like; they are hidden by the Abstract Network Layer. #### 3.1.1. Abstract network addresses [#311-abstract-network-addresses] An *abstract network address*, or an *abstract address*, or just *address* for short, is a 256-bit integer, essentially equal to a 256-bit ECC public key. This public key can be generated arbitrarily, thus creating as many different network identities as the node likes. However, one must know the corresponding *private* key in order to receive (and decrypt) messages intended for such an address. In fact, the address is *not* the public key itself; instead, it is a 256-bit hash ($\text{Hash}=\text{Sha256}$) of a serialized TL-object (cf. [2.2.5](#2-2-5-tl-or-the-type-language)) that can describe several types of public keys and addresses depending on its constructor (first four bytes). In the simplest case, this serialized TL-object consists just of a 4-byte magic number and a 256-bit elliptic curve cryptography (ECC) public key; in this case, the address will equal the hash of this 36-byte structure. One might use, however, 2048-bit RSA keys, or any other scheme of public-key cryptography instead. When a node learns another node's abstract address, it must also receive its "preimage" (i.e., the serialized TL-object, the hash of which equals that abstract address) or else it will not be able to encrypt and send datagrams to that address. #### 3.1.2. Lower-level networks. UDP implementation [#312-lower-level-networks-udp-implementation] From the perspective of almost all TON Networking components, the only thing that exists is a network (the Abstract Datagram Networking Layer) able to (unreliably) send datagrams from one abstract address to another. In principle, the Abstract Datagram Networking Layer (ADNL) can be implemented over different existing network technologies. However, we are going to implement it over UDP in IPv4/IPv6 networks (such as the Internet or intranets), with an optional TCP fallback if UDP is not available. #### 3.1.3. Simplest case of ADNL over UDP [#313-simplest-case-of-adnl-over-udp] The simplest case of sending a datagram from a sender's abstract address to any other abstract address (with known preimage) can be implemented as follows. Suppose that the sender somehow knows the IP-address and the UDP port of the receiver who owns the destination abstract address, and that both the receiver and the sender use abstract addresses derived from 256-bit ECC public keys. In this case, the sender simply augments the datagram to be sent by its ECC signature (done with its private key) and its source address (or the preimage of the source address, if the receiver is not known to know that preimage yet). The result is encrypted with the recipient's public key, embedded into a UDP datagram and sent to the known IP and port of the recipient. Because the first 256 bits of the UDP datagram contain the recipient's abstract address, the recipient can identify which private key should be used to decrypt the remainder of the datagram. Only after that is the sender's identity revealed. #### 3.1.4. Less secure way, with the sender's address in plaintext [#314-less-secure-way-with-the-senders-address-in-plaintext] Sometimes a less secure scheme is sufficient, when the recipient's and the sender's addresses are kept in plaintext in the UDP datagram; the sender's private key and the recipient's public key are combined together using ECDH (Elliptic Curve Diffie–Hellman) to generate a 256-bit shared secret, which is used afterwards, along with a random 256-bit nonce also included in the unencrypted part, to derive AES keys used for encryption. The integrity may be provided, for instance, by concatenating the hash of the original plaintext data to the plaintext before encryption. This approach has the advantage that, if more than one datagram is expected to be exchanged between the two addresses, the shared secret can be computed only once and then cached; then slower elliptic curve operations will no longer be required for encrypting or decrypting the next datagrams. #### 3.1.5. Channels and channel identifiers [#315-channels-and-channel-identifiers] In the simplest case, the first 256 bits of a UDP datagram carrying an embedded TON ADNL datagram will be equal to the recipient's address. However, in general they constitute a *channel identifier*. There are different types of channels. Some of them are point-to-point; they are created by two parties who wish to exchange a lot of data in the future and generate a shared secret by exchanging several packets encrypted as described in [3.1.3](#3-1-3-simplest-case-of-adnl-over-udp) or [3.1.4](#3-1-4-less-secure-way-with-the-senders-address-in-plaintext), by running classical or elliptic curve Diffie–Hellman (if extra security is required), or simply by one party generating a random shared secret and sending it to the other party. After that, a channel identifier is derived from the shared secret combined with some additional data (such as the sender's and recipient's addresses), for instance by hashing, and that identifier is used as the first 256 bits of UDP datagrams carrying data encrypted with the aid of that shared secret. #### 3.1.6. Channel as a tunnel identifier [#316-channel-as-a-tunnel-identifier] In general, a "channel", or "channel identifier" simply selects a way of processing an inbound UDP datagram, known to the receiver. If the channel is the receiver's abstract address, the processing is done as outlined in [3.1.3](#3-1-3-simplest-case-of-adnl-over-udp) or [3.1.4](#3-1-4-less-secure-way-with-the-senders-address-in-plaintext); if the channel is an established point-to-point channel discussed in [3.1.5](#3-1-5-channels-and-channel-identifiers), the processing consists in decrypting the datagram with the aid of the shared secret as explained in *loc. cit.*, and so on. In particular, a channel identifier can actually select a "tunnel", when the immediate recipient simply forwards the received message to somebody else—the actual recipient or another proxy. Some encryption or decryption steps (reminiscent of "onion routing" [\[6\]](#ref-6) or even "garlic routing"^[31](#fn31)) might be done along the way, and another channel identifier might be used for re-encrypted forwarded packets (for example, a peer-to-peer channel could be employed to forward the packet to the next recipient on the path). In this way, some support for "tunneling" and "proxying"—somewhat similar to that provided by the TOR or $I^2P$ projects—can be added on the level of the TON Abstract Datagram Network Layer, without affecting the functionality of all higher-level TON network protocols, which would be agnostic of such an addition. This opportunity is exploited by the *TON Proxy* service (cf. [4.1.11](#4-1-11-example%3A-ton-proxy-is-a-fog-service)). #### 3.1.7. Zero channel and the bootstrap problem [#317-zero-channel-and-the-bootstrap-problem] Normally, a TON ADNL node will have some "neighbor table", containing information about other known nodes, such as their abstract addresses and their preimages (i.e., public keys) and their IP addresses and UDP ports. Then it will gradually extend this table by using information learned from these known nodes as answers to special queries, and sometimes prune obsolete records. However, when a TON ADNL node just starts up, it may happen that it does not know any other node, and can learn only the IP address and UDP port of a node, but not its abstract address. This happens, for example, if a light client is not able to access any of the previously cached nodes and any nodes hardcoded into the software, and must ask the user to enter an IP address or a DNS domain of a node, to be resolved through DNS. In this case, the node will send packets to a special "zero channel" of the node in question. This does not require knowledge of the recipient's public key (but the message should still contain the sender's identity and signature), so the message is transferred without encryption. It should be normally used only to obtain an identity (maybe a one-time identity created especially for this purpose) of the receiver, and then to start communicating in a safer way. Once at least one node is known, it is easy to populate the "neighbor table" and "routing table" by more entries, learning them from answers to special queries sent to the already known nodes. Not all nodes are required to process datagrams sent to the zero channel, but those used to bootstrap light clients should support this feature. #### 3.1.8. TCP-like stream protocol over ADNL [#318-tcp-like-stream-protocol-over-adnl] The ADNL, being an unreliable (small-size) datagram protocol based on 256-bit abstract addresses, can be used as a base for more sophisticated network protocols. One can build, for example, a TCP-like stream protocol, using ADNL as an abstract replacement for IP. However, most components of the TON Project do not need such a stream protocol. #### 3.1.9. RLDP, or Reliable Large Datagram Protocol over ADNL [#319-rldp-or-reliable-large-datagram-protocol-over-adnl] A reliable arbitrary-size datagram protocol built upon the ADNL, called RLDP, is used instead of a TCP-like protocol. This reliable datagram protocol can be employed, for instance, to send RPC queries to remote hosts and receive answers from them (cf. [4.1.5](#4-1-5-pure-network-services-ton-sites-and-ton-services)). ### 3.2 TON DHT: Kademlia-like Distributed Hash Table [#32---ton-dht-kademlia-like-distributed-hash-table] The *TON Distributed Hash Table (DHT)* plays a crucial role in the networking part of the TON Project, being used to locate other nodes in the network. For example, a client wanting to commit a transaction into a shardchain might want to find a validator or a collator of that shardchain, or at least some node that might relay the client's transaction to a collator. This can be done by looking up a special key in the TON DHT. Another important application of the TON DHT is that it can be used to quickly populate a new node's neighbor table (cf. [3.1.7](#3-1-7-zero-channel-and-the-bootstrap-problem)), simply by looking up a random key, or the new node's address. If a node uses proxying and tunneling for its inbound datagrams, it publishes the tunnel identifier and its entry point (e.g., IP address and UDP port) in the TON DHT; then all nodes wishing to send datagrams to that node will obtain this contact information from the DHT first. The TON DHT is a member of the family of *Kademlia-like distributed hash tables* [\[10\]](#ref-10). #### 3.2.1. Keys of the TON DHT [#321-keys-of-the-ton-dht] The *keys* of the TON DHT are simply 256-bit integers. In most cases, they are computed as SHA-256 of a TL-serialized object (cf. [2.2.5](#2-2-5-tl-or-the-type-language)), called *preimage* of the key, or *key description*. In some cases, the abstract addresses of the TON Network nodes (cf. [3.1.1](#3-1-1-abstract-network-addresses)) can also be used as keys of the TON DHT, because they are also 256-bit, and they are also hashes of TL-serialized objects. For example, if a node is not afraid of publishing its IP address, it can be found by anybody who knows its abstract address by simply looking up that address as a key in the DHT. #### 3.2.2. Values of the DHT [#322-values-of-the-dht] The *values* assigned to these 256-bit keys are essentially arbitrary byte strings of limited length. The interpretation of such byte strings is determined by the preimage of the corresponding key; it is usually known both by the node that looks up the key, and by the node that stores the key. #### 3.2.3. Nodes of the DHT. Semi-permanent network identities [#323-nodes-of-the-dht-semi-permanent-network-identities] The key-value mapping of the TON DHT is kept on the *nodes* of the DHT—essentially, all members of the TON Network. To this end, any node of the TON Network (perhaps with the exception of some very light nodes), apart from any number of ephemeral and permanent abstract addresses described in [3.1.1](#3-1-1-abstract-network-addresses), has at least one "semi-permanent address", which identifies it as a member of the TON DHT. This *semi-permanent* or *DHT address* should not to be changed too often, otherwise other nodes would be unable to locate the keys they are looking for. If a node does not want to reveal its "true" identity, it generates a separate abstract address to be used only for the purpose of participating in the DHT. However, this abstract address must be public, because it will be associated with the node's IP address and port. #### 3.2.4. Kademlia distance [#324-kademlia-distance] Now we have both 256-bit keys and 256-bit (semi-permanent) node addresses. We introduce the so-called *XOR distance* or *Kademlia distance $d_K$* on the set of 256-bit sequences, given by $$ \mathit{d_K}(x,y) := (x \oplus y) \quad \text{interpreted as an unsigned 256-bit integer} \quad (25) $$ Here $x \oplus y$ denotes the bitwise eXclusive OR (XOR) of two bit sequences of the same length. The Kademlia distance introduces a metric on the set $\mathbf{2}^{256}$ of all 256-bit sequences. In particular, we have $d_K(x,y) = 0$ if and only if $x = y$, $d_K(x,y) = d_K(y,x)$, and $d_K(x,z) \leq d_K(x,y) + d_K(y,z)$. Another important property is that *there is only one point at any given distance from $x$*: $d_K(x,y) = d_K(x,y')$ implies $y = y'$. #### 3.2.5. Kademlia-like DHTs and the TON DHT [#325-kademlia-like-dhts-and-the-ton-dht] We say that a distributed hash table (DHT) with 256-bit keys and 256-bit node addresses is a *Kademlia-like DHT* if it is expected to keep the value of key $K$ on $s$ Kademlia-nearest nodes to $K$ (i.e., the $s$ nodes with smallest Kademlia distance from their addresses to $K$.) Here $s$ is a small parameter, say, $s=7$, needed to improve reliability of the DHT (if we would keep the key only on one node, the nearest one to $K$, the value of that key would be lost if that only node goes offline). The TON DHT is a Kademlia-like DHT, according to this definition. It is implemented over the ADNL protocol described in [3.1](#3-1-abstract-datagram-network-layer). #### 3.2.6. Kademlia routing table [#326-kademlia-routing-table] Any node participating in a Kademlia-like DHT usually maintains a *Kademlia routing table*. In the case of TON DHT, it consists of $n=256$ buckets, numbered from $0$ to $n-1$. The $i$-th bucket will contain information about some known nodes (a fixed number $t$ of "best" nodes, and maybe some extra candidates) that lie at a Kademlia distance from $2^i$ to $2^{i+1}-1$ from the node's address $a$.^[32](#fn32) This information includes their (semi-permanent) addresses, IP addresses and UDP ports, and some availability information such as the time and the delay of the last ping. When a Kademlia node learns about any other Kademlia node as a result of some query, it includes it into a suitable bucket of its routing table, first as a candidate. Then, if some of the "best" nodes in that bucket fail (e.g., do not respond to ping queries for a long time), they can be replaced by some of the candidates. In this way the Kademlia routing table stays populated. New nodes from the Kademlia routing table are also included in the ADNL neighbor table described in [3.1.7](#3-1-7-zero-channel-and-the-bootstrap-problem). If a "best" node from a bucket of the Kademlia routing table is used often, a channel in the sense described in [3.1.5](#3-1-5-channels-and-channel-identifiers) can be established to facilitate the encryption of datagrams. A special feature of the TON DHT is that it tries to select nodes with the smallest round-trip delays as the "best" nodes for the buckets of the Kademlia routing table. #### 3.2.7. Kademlia network queries [#327-kademlia-network-queries] A Kademlia node usually supports the following network queries: * $\text{Ping}$ — Checks node availability. * $\text{Store}(\text{key},\text{value})$ — Asks the node to keep *value* as a value for key *key*. For TON DHT, the $\text{Store}$ queries are slightly more complicated (cf. [3.2.9](#3-2-9-storing-values-in-ton-dht)). * $\text{Find\_Node}(\text{key},l)$ — Asks the node to return $l$ Kademlia-nearest known nodes (from its Kademlia routing table) to *key*. * $\text{Find\_Value}(\text{key},l)$ — The same as above, but if the node knows the value corresponding to key *key*, it just returns that value. When any node wants to look up the value of a key $K$, it first creates a set $S$ of $s'$ nodes (for some small value of $s'$, say, $s'=5$), nearest to $K$ with respect to the Kademlia distance among all known nodes (i.e., they are taken from the Kademlia routing table). Then a $\text{Find\_Value}$ query is sent to each of them, and nodes mentioned in their answers are included in $S$. Then the $s'$ nodes from $S$, nearest to $K$, are also sent a $\text{Find\_Value}$ query if this hasn't been done before, and the process continues until the value is found or the set $S$ stops growing. This is a sort of "beam search" of the node nearest to $K$ with respect to Kademlia distance. If the value of some key $K$ is to be set, the same procedure is run for $s'\geq s$, with $\text{Find\_Node}$ queries instead of $\text{Find\_Value}$, to find $s$ nearest nodes to $K$. Afterwards, $\text{Store}$ queries are sent to all of them. There are some less important details in the implementation of a Kademlia-like DHT (for example, any node should look up $s$ nearest nodes to itself, say, once every hour, and re-publish all stored keys to them by means of $\text{Store}$ queries). We will ignore them for the time being. #### 3.2.8. Booting a Kademlia node [#328-booting-a-kademlia-node] When a Kademlia node goes online, it first populates its Kademlia routing table by looking up its own address. During this process, it identifies the $s$ nearest nodes to itself. It can download from them all $(key,value)$ pairs known to them to populate its part of the DHT. #### 3.2.9. Storing values in TON DHT [#329-storing-values-in-ton-dht] Storing values in TON DHT is slightly different from a general Kademlia-like DHT. When someone wishes to store a value, she must provide not only the key $K$ itself to the $\text{Store}$ query, but also its *preimage*—i.e., a TL-serialized string (with one of several predefined TL-constructors at the beginning) containing a "description" of the key. This key description is later kept by the node, along with the key and the value. The key description describes the "type" of the object being stored, its "owner", and its "update rules" in case of future updates. The owner is usually identified by a public key included in the key description. If it is included, normally only updates signed by the corresponding private key will be accepted. The "type" of the stored object is normally just a byte string. However, in some cases it can be more sophisticated—for example, an input tunnel description (cf. [3.1.6](#3-1-6-channel-as-a-tunnel-identifier)), or a collection of node addresses. The "update rules" can also be different. In some cases, they simply permit replacing the old value with the new value, provided the new value is signed by the owner (the signature must be kept as part of the value, to be checked later by any other nodes after they obtain the value of this key). In other cases, the old value somehow affects the new value. For example, it can contain a sequence number, and the old value is overwritten only if the new sequence number is larger (to prevent replay attacks). #### 3.2.10. Distributed "torrent trackers" and "network interest groups" in TON DHT [#3210-distributed-torrent-trackers-and-network-interest-groups-in-ton-dht] Yet another interesting case is when the value contains a list of nodes—perhaps with their IP addresses and ports, or just with their abstract addresses—and the "update rule" consists in including the requester in this list, provided she can confirm her identity. This mechanism might be used to create a distributed "torrent tracker", where all nodes interested in a certain "torrent" (i.e., a certain file) can find other nodes that are interested in the same torrent, or already have a copy. *TON Storage* (cf. [4.1.8](#4-1-8-example%3A-keeping-files-off-chain%3B-ton-storage)) uses this technology to find the nodes that have a copy of a required file (e.g., a snapshot of the state of a shardchain, or an old block). However, its more important use is to create "overlay multicast subnetworks" and "network interest groups" (cf. [3.3](#3-3-overlay-networks-and-multicasting-messages)). The idea is that only some nodes are interested in the updates of a specific shardchain. If the number of shardchains becomes very large, finding even one node interested in the same shard may become complicated. This "distributed torrent tracker" provides a convenient way to find some of these nodes. Another option would be to request them from a validator, but this would not be a scalable approach, and validators might choose not to respond to such queries coming from arbitrary unknown nodes. #### 3.2.11. Fall-back keys [#3211-fall-back-keys] Most of the "key types" described so far have an extra 32-bit integer field in their TL description, normally equal to zero. However, if the key obtained by hashing that description cannot be retrieved from or updated in the TON DHT, the value in this field is increased, and a new attempt is made. In this way, one cannot "capture" and "censor" a key (i.e., perform a key retention attack) by creating a lot of abstract addresses lying near the key under attack and controlling the corresponding DHT nodes. #### 3.2.12. Locating services [#3212-locating-services] Some services, located in the TON Network and available through the (higher-level protocols built upon the) TON ADNL described in [3.1](#3-1-abstract-datagram-network-layer), may want to publish their abstract addresses somewhere, so that their clients would know where to find them. However, publishing the service's abstract address in the TON Blockchain may not be the best approach, because the abstract address might need to be changed quite often, and because it could make sense to provide several addresses, for reliability or load balancing purposes. An alternative is to publish a public key into the TON Blockchain, and use a special DHT key indicating that public key as its "owner" in the TL description string (cf. [2.2.5](#2-2-5-tl-or-the-type-language)) to publish an up-to-date list of the service's abstract addresses. This is one of the approaches exploited by TON Services. #### 3.2.13. Locating owners of TON blockchain accounts [#3213-locating-owners-of-ton-blockchain-accounts] In most cases, owners of TON blockchain accounts would not like to be associated with abstract network addresses, and especially IP addresses, because this can violate their privacy. In some cases, however, the owner of a TON blockchain account may want to publish one or several abstract addresses where she could be contacted. A typical case is that of a node in the TON Payments "lightning network" (cf. [5.2](#5-2-payment-channel-network-or-lightning-network)), the platform for instant cryptocurrency transfers. A public TON Payments node may want not only to establish payment channels with other peers, but also to publish an abstract network address that could be used to contact it at a later time for transferring payments along the already-established channels. One option would be to include an abstract network address in the smart contract creating the payment channel. A more flexible option is to include a public key in the smart contract, and then use DHT as explained in [3.2.12](#3-2-12-locating-services). The most natural way would be to use the same private key that controls the account in the TON Blockchain to sign and publish updates in the TON DHT about the abstract addresses associated with that account. This is done almost in the same way as described in [3.2.12](#3-2-12-locating-services); however, the DHT key employed would require a special key description, containing only the $\mathit{account\_id}$ itself, equal to SHA-256 of the "account description", which contains the public key of the account. The signature, included in the value of this DHT key, would contain the account description as well. In this way, a mechanism for locating abstract network addresses of some owners of the TON Blockchain accounts becomes available. #### 3.2.14. Locating abstract addresses [#3214-locating-abstract-addresses] Notice that the TON DHT, while being implemented over TON ADNL, is itself used by the TON ADNL for several purposes. The most important of them is to locate a node or its contact data starting from its 256-bit abstract address. This is necessary because the TON ADNL should be able to send datagrams to arbitrary 256-bit abstract addresses, even if no additional information is provided. To this end, the 256-bit abstract address is simply looked up as a key in the DHT. Either a node with this address (i.e., using this address as a public semi-persistent DHT address) is found, in which case its IP address and port can be learned; or, an input tunnel description may be retrieved as the value of the key in question, signed by the correct private key, in which case this tunnel description would be used to send ADNL datagrams to the intended recipient. Notice that in order to make an abstract address "public" (reachable from any nodes in the network), its owner must either use it as a semi-permanent DHT address, or publish (in the DHT key equal to the abstract address under consideration) an input tunnel description with another of its public abstract addresses (e.g., the semi-permanent address) as the tunnel's entry point. Another option would be to simply publish its IP address and UDP port. *** ### 3.3 Overlay Networks and Multicasting Messages [#33--overlay-networks-and-multicasting-messages] In a multi-blockchain system like the TON Blockchain, even full nodes would normally be interested in obtaining updates (i.e., new blocks) only about some shardchains. To this end, a special overlay (sub)network must be built inside the TON Network, on top of the ADNL protocol discussed in [3.1](#3-1-abstract-datagram-network-layer), one for each shardchain. Therefore, the need to build arbitrary overlay subnetworks, open to any nodes willing to participate, arises. Special gossip protocols, built upon ADNL, will be run in these overlay networks. In particular, these gossip protocols may be used to propagate (broadcast) arbitrary data inside such a subnetwork. #### 3.3.1. Overlay networks [#331-overlay-networks] An *overlay (sub)network* is simply a (virtual) network implemented inside some larger network. Usually only some nodes of the larger network participate in the overlay subnetwork, and only some "links" between these nodes, physical or virtual, are part of the overlay subnetwork. In this way, if the encompassing network is represented as a graph (perhaps a full graph in the case of a datagram network such as ADNL, where any node can easily communicate to any other), the overlay subnetwork is a *subgraph* of this graph. In most cases, the overlay network is implemented using some protocol built upon the network protocol of the larger network. It may use the same addresses as the larger network, or use custom addresses. #### 3.3.2. Overlay networks in TON [#332-overlay-networks-in-ton] Overlay networks in TON are built upon the ADNL protocol discussed in [3.1](#3-1-abstract-datagram-network-layer); they use 256-bit ADNL abstract addresses as addresses in the overlay networks as well. Each node usually selects one of its abstract addresses to double as its address in the overlay network. In contrast to ADNL, the TON overlay networks usually do not support sending datagrams to arbitrary other nodes. Instead, some "semipermanent links" are established between some nodes (called "neighbors" with respect to the overlay network under consideration), and messages are usually forwarded along these links (i.e., from a node to one of its neighbors). In this way, a TON overlay network is a (usually not full) subgraph inside the (full) graph of the ADNL network. Links to neighbors in TON overlay networks can be implemented using dedicated peer-to-peer ADNL channels (cf. [3.1.5](#3-1-5-channels-and-channel-identifiers)). Each node of an overlay network maintains a list of neighbors (with respect to the overlay network), containing their abstract addresses (which they use to identify them in the overlay network) and some link data (e.g., the ADNL channel used to communicate with them). #### 3.3.3. Private and public overlay networks [#333-private-and-public-overlay-networks] Some overlay networks are *public*, meaning that any node can join them at will. Other are *private*, meaning that only certain nodes can be admitted (e.g., those that can prove their identities as validators.) Some private overlay networks can even be unknown to the "general public". The information about such overlay networks is made available only to certain trusted nodes; for example, it can be encrypted with a public key, and only nodes having a copy of the corresponding private key will be able to decrypt this information. #### 3.3.4. Centrally controlled overlay networks [#334-centrally-controlled-overlay-networks] Some overlay networks are *centrally controlled*, by one or several nodes, or by the owner of some widely-known public key. Others are *decentralized*, meaning that there are no specific nodes responsible for them. #### 3.3.5. Joining an overlay network [#335-joining-an-overlay-network] When a node wants to join an overlay network, it first must learn its 256-bit *network identifier*, usually equal to SHA-256 of the *description* of the overlay network—a TL-serialized object (cf. [2.2.5](#2-2-5-tl-or-the-type-language)) which may contain, for instance, the central authority of the overlay network (i.e., its public key and perhaps its abstract address,^[33](#fn33)) a string with the name of the overlay network, a TON Blockchain shard identifier if this is an overlay network related to that shard, and so on. Sometimes it is possible to recover the overlay network description starting from the network identifier, simply by looking it up in the TON DHT. In other cases (e.g., for private overlay networks), one must obtain the network description along with the network identifier. #### 3.3.6. Locating one member of the overlay network [#336-locating-one-member-of-the-overlay-network] After a node learns the network identifier and the network description of the overlay network it wants to join, it must locate at least one node belonging to that network. This is also needed for nodes that do not want to join the overlay network, but want just to communicate with it; for example, there might be an overlay network dedicated to collecting and propagating transaction candidates for a specific shardchain, and a client might want to connect to any node of this network to suggest a transaction. The method used for locating members of an overlay network is defined in the description of that network. Sometimes (especially for private networks) one must already know a member node to be able to join. In other cases, the abstract addresses of some nodes are contained in the network description. A more flexible approach is to indicate in the network description only the central authority responsible for the network, and then the abstract addresses will be available through values of certain DHT keys, signed by that central authority. Finally, truly decentralized public overlay networks can use the "distributed torrent-tracker" mechanism described in [3.2.10](#3-2-10-distributed-torrent-trackers-and-network-interest-groups-in-ton-dht), also implemented with the aid of the TON DHT. #### 3.3.7. Locating more members of the overlay network. Creating links [#337-locating-more-members-of-the-overlay-network-creating-links] Once one node of the overlay network is found, a special query may be sent to that node requesting a list of other members, for instance, neighbors of the node being queried, or a random selection thereof. This enables the joining member to populate her "adjacency" or "neighbor list" with respect to the overlay network, by selecting some newly-learned network nodes and establishing links to them (i.e., dedicated ADNL point-to-point channels, as outlined in [3.3.2](#3-3-2-overlay-networks-in-ton)). After that, special messages are sent to all neighbors indicating that the new member is ready to work in the overlay network. The neighbors include their links to the new member in their neighbor lists. #### 3.3.8. Maintaining the neighbor list [#338-maintaining-the-neighbor-list] An overlay network node must update its neighbor list from time to time. Some neighbors, or at least links (channels) to them, may stop responding; in this case, these links must be marked as "suspended", some attempts to reconnect to such neighbors must be made, and, if these attempts fail, the links must be destroyed. On the other hand, every node sometimes requests from a randomly chosen neighbor its list of neighbors (or some random selection thereof), and uses it to partially update its own neighbor list, by adding some newly-discovered nodes to it, and removing some of the old ones, either randomly or depending on their response times and datagram loss statistics. #### 3.3.9. The overlay network is a random subgraph [#339-the-overlay-network-is-a-random-subgraph] In this way, the overlay network becomes a random subgraph inside the ADNL network. If the degree of each vertex is at least three (i.e., if each node is connected to at least three neighbors), this random graph is known to be *connected* with a probability almost equal to one. More precisely, the probability of a random graph with $n$ vertices being *disconnected* is exponentially small, and this probability can be completely neglected if, say, $n\geq20$. (Of course, this does not apply in the case of a global network partition, when nodes on different sides of the partition have no chance to learn about each other.) On the other hand, if $n$ is smaller than 20, it would suffice to require each vertex to have, say, at least ten neighbors. #### 3.3.10. TON overlay networks are optimized for lower latency [#3310-ton-overlay-networks-are-optimized-for-lower-latency] TON overlay networks optimize the "random" network graph generated by the previous method as follows. Every node tries to retain at least three neighbors with the minimal round-trip time, changing this list of "fast neighbors" very rarely. At the same time, it also has at least three other "slow neighbors" that are chosen completely randomly, so that the overlay network graph would always contain a random subgraph. This is required to maintain connectivity and prevent splitting of the overlay network into several unconnected regional subnetworks. At least three "intermediate neighbors", which have intermediate round-trip times, bounded by a certain constant (actually, a function of the round-trip times of the fast and the slow neighbors), are also chosen and retained. In this way, the graph of an overlay network still maintains enough randomness to be connected, but is optimized for lower latency and higher throughput. #### 3.3.11. Gossip protocols in an overlay network [#3311-gossip-protocols-in-an-overlay-network] An overlay network is often used to run one of the so-called *gossip protocols*, which achieve some global goal while letting every node interact only with its neighbors. For example, there are gossip protocols to construct an approximate list of all members of a (not too large) overlay network, or to compute an estimate of the number of members of an (arbitrarily large) overlay network, using only a bounded amount of memory at each node (cf. \[[15](#ref-15), 4.4.3] or [\[1\]](#ref-1) for details). #### 3.3.12. Overlay network as a broadcast domain [#3312-overlay-network-as-a-broadcast-domain] The most important gossip protocol running in an overlay network is the *broadcast protocol*, intended to propagate broadcast messages generated by any node of the network, or perhaps by one of the designated sender nodes, to all other nodes. There are in fact several broadcast protocols, optimized for different use cases. The simplest of them receives new broadcast messages and relays them to all neighbors that have not yet sent a copy of that message themselves. #### 3.3.13. More sophisticated broadcast protocols [#3313-more-sophisticated-broadcast-protocols] Some applications may warrant more sophisticated broadcast protocols. For instance, for broadcasting messages of substantial size, it makes sense to send to the neighbors not the newly-received message itself, but its hash (or a collection of hashes of new messages). The neighbor may request the message itself after learning a previously unseen message hash, to be transferred, say, using the reliable large datagram protocol (RLDP) discussed in [3.1.9](#3-1-9-rldp-or-reliable-large-datagram-protocol-over-adnl). In this way, the new message will be downloaded from one neighbor only. #### 3.3.14. Checking the connectivity of an overlay network [#3314-checking-the-connectivity-of-an-overlay-network] The connectivity of an overlay network can be checked if there is a known node (e.g., the "owner" or the "creator" of the overlay network) that must be in this overlay network. Then the node in question simply broadcasts from time to time short messages containing the current time, a sequence number and its signature. Any other node can be sure that it is still connected to the overlay network if it has received such a broadcast not too long ago. This protocol can be extended to the case of several well-known nodes; for example, they all will send such broadcasts, and all other nodes will expect to receive broadcasts from more than half of the well-known nodes. In the case of an overlay network used for propagating new blocks (or just new block headers) of a specific shardchain, a good way for a node to check connectivity is to keep track of the most recent block received so far. Because a block is normally generated every five seconds, if no new block is received for more than, say, thirty seconds, the node probably has been disconnected from the overlay network. #### 3.3.15. Streaming broadcast protocol [#3315-streaming-broadcast-protocol] Finally, there is a *streaming broadcast protocol* for TON overlay networks, used, for example, to propagate block candidates among validators of some shardchain ("shardchain task group"), who, of course, create a private overlay network for that purpose. The same protocol can be used to propagate new shardchain blocks to all full nodes for that shardchain. This protocol has already been outlined in [2.6.10](#2-6-10-propagation-of-shardchain-block-candidates): the new (large) broadcast message is split into, say, $N$ one-kilobyte chunks; the sequence of these chunks is augmented to $M\geq N$ chunks by means of an erasure code such as the Reed–Solomon or a fountain code (e.g., the RaptorQ code [\[9\]](#ref-9) [\[14\]](#ref-14)), and these $M$ chunks are streamed to all neighbors in ascending chunk number order. The participating nodes collect these chunks until they can recover the original large message (one would have to successfully receive at least $N$ of the chunks for this), and then instruct their neighbors to stop sending new chunks of the stream, because now these nodes can generate the subsequent chunks on their own, having a copy of the original message. Such nodes continue to generate the subsequent chunks of the stream and send them to their neighbors, unless the neighbors in turn indicate that this is no longer necessary. In this way, a node does not need to download a large message in its entirety before propagating it further. This minimizes broadcast latency, especially when combined with the optimizations described in [3.3.10](#3-3-10-ton-overlay-networks-are-optimized-for-lower-latency). #### 3.3.16. Constructing new overlay networks based on existing ones [#3316-constructing-new-overlay-networks-based-on-existing-ones] Sometimes one does not want to construct an overlay network from scratch. Instead, one or several previously existing overlay networks are known, and the membership of the new overlay network is expected to overlap significantly with the combined membership of these overlay networks. An important example arises when a TON shardchain is split in two, or two sibling shardchains are merged into one (cf. [2.7](#2-7-splitting-and-merging-shardchains)). In the first case, the overlay networks used for propagating new blocks to full nodes must be constructed for each of the new shardchains; however, each of these new overlay networks can be expected to be contained in the block propagation network of the original shardchain (and comprise approximately half its members). In the second case, the overlay network for propagating new blocks of the merged shardchain will consist approximately of the union of members of the two overlay networks related to the two sibling shardchains being merged. In such cases, the description of the new overlay network may contain an explicit or implicit reference to a list of related existing overlay networks. A node wishing to join the new overlay network may check whether it is already a member of one of these existing networks, and query its neighbors in these networks whether they are interested in the new network as well. In case of a positive answer, new point-to-point channels can be established to such neighbors, and they can be included in the neighbor list for the new overlay network. This mechanism does not totally supplant the general mechanism described in [3.3.6](#3-3-6-locating-one-member-of-the-overlay-network) and [3.3.7](#3-3-7-locating-more-members-of-the-overlay-network-creating-links); rather, both are run in parallel and are used to populate the neighbor list. This is needed to prevent inadvertent splitting of the new overlay network into several unconnected subnetworks. #### 3.3.17. Overlay networks within overlay networks [#3317-overlay-networks-within-overlay-networks] Another interesting case arises in the implementation of *TON Payments* (a "lightning network" for instant off-chain value transfers; cf. [5.2](#5-2-payment-channel-network-or-lightning-network)). In this case, first an overlay network containing all transit nodes of the "lightning network" is constructed. However, some of these nodes have established payment channels in the blockchain; they must always be neighbors in this overlay network, in addition to any "random" neighbors selected by the general overlay network algorithms described in [3.3.6](#3-3-6-locating-one-member-of-the-overlay-network), [3.3.7](#3-3-7-locating-more-members-of-the-overlay-network-creating-links) and [3.3.8](#3-3-8-maintaining-the-neighbor-list). These "permanent links" to the neighbors with established payment channels are used to run specific lightning network protocols, thus effectively creating an overlay subnetwork (not necessarily connected, if things go awry) inside the encompassing (almost always connected) overlay network. *** ## 4 TON Services and Applications [#4--ton-services-and-applications] We have discussed the TON Blockchain and TON Networking technologies at some length. Now we explain some ways in which they can be combined to create a wide range of services and applications, and discuss some of the services that will be provided by the TON Project itself, either from the very beginning or at a later time. ### 4.1 TON Service Implementation Strategies [#41--ton-service-implementation-strategies] We start with a discussion of how different blockchain and network-related applications and services may be implemented inside the TON ecosystem. First of all, a simple classification is in order: #### 4.1.1. Applications and services [#411-applications-and-services] We will use the words "application" and "service" interchangeably. However, there is a subtle and somewhat vague distinction: an *application* usually provides some services directly to human users, while a *service* is usually exploited by other applications and services. For example, TON Storage is a service, because it is designed to keep files on behalf of other applications and services, even though a human user might use it directly as well. A hypothetical "Facebook in a blockchain" (cf. [2.9.13](#2-9-13-is-it-possible-to-upload-facebook-into-a-blockchain)) or Telegram messenger, if made available through the TON Network (i.e., implemented as a "ton-service" c.f [4.1.6](#4-1-6-telegram-messenger-as-a-ton-service%3B-mtproto-over-rldp)), would rather be an *application*, even though some "bots" might access it automatically without human intervention. #### 4.1.2. Location of the application: on-chain, off-chain or mixed [#412-location-of-the-application-on-chain-off-chain-or-mixed] A service or an application designed for the TON ecosystem needs to keep its data and process that data somewhere. This leads to the following classification of applications (and services): * *On-chain* applications (cf. [4.1.4](#4-1-4-pure-on-chain-applications%3A-distributed-applications%2C-or-dapps%2C-residing-in-the-blockchain)): All data and processing are in the TON Blockchain. * *Off-chain* applications (cf. [4.1.5](#4-1-5-pure-network-services%3A-ton-sites-and-ton-services)): All data and processing are outside the TON Blockchain, on servers available through the TON Network. * *Mixed* applications (cf. [4.1.7](#4-1-7-mixed-services%3A-partly-off-chain%2C-partly-on-chain)): Some, but not all, data and processing are in the TON Blockchain; the rest are on off-chain servers available through the TON Network. #### 4.1.3. Centralization: centralized and decentralized, or distributed, applications [#413-centralization-centralized-and-decentralized-or-distributed-applications] Another classification criterion is whether the application (or service) relies on a centralized server cluster, or is really "distributed" (cf. [4.1.9](#4-1-9-decentralized-mixed-services%2C-or-“fog-services”)). All on-chain applications are automatically decentralized and distributed. Off-chain and mixed applications may exhibit different degrees of centralization. Now let us consider the above possibilities in more detail. #### 4.1.4. Pure "on-chain" applications: distributed applications, or "dapps", residing in the blockchain [#414-pure-on-chain-applications-distributed-applications-or-dapps-residing-in-the-blockchain] One of the possible approaches, mentioned in [4.1.2](#4-1-2-location-of-the-application-on-chain-off-chain-or-mixed), is to deploy a "distributed application" (commonly abbreviated as "dapp") completely in the TON Blockchain, as one smart contract or a collection of smart contracts. All data will be kept as part of the permanent state of these smart contracts, and all interaction with the project will be done by means of (TON Blockchain) messages sent to or received from these smart contracts. We have already discussed in [2.9.13](#2-9-13-is-it-possible-to-upload-facebook-into-a-blockchain) that this approach has its drawbacks and limitations. It has its advantages, too: such a distributed application needs no servers to run on or to store its data (it runs "in the blockchain"—i.e., on the validators' hardware), and enjoys the blockchain's extremely high (Byzantine) reliability and accessibility. The developer of such a distributed application does not need to buy or rent any hardware; all she needs to do is develop some software (i.e., the code for the smart contracts). After that, she will effectively rent the computing power from the validators, and will pay for it in Grams, either herself or by putting this burden on the shoulders of her users. #### 4.1.5. Pure network services: "ton-sites" and "ton-services" [#415-pure-network-services-ton-sites-and-ton-services] Another extreme option is to deploy the service on some servers and make it available to the users through the ADNL protocol described in [3.1](#3-1-abstract-datagram-network-layer), and maybe some higher level protocol such as the RLDP discussed in [3.1.9](#3-1-9-rldp-or-reliable-large-datagram-protocol-over-adnl), which can be used to send RPC queries to the service in any custom format and obtain answers to these queries. In this way, the service will be totally off-chain, and will reside in the TON Network, almost without using the TON Blockchain. The TON Blockchain might be used only to locate the abstract address or addresses of the service, as outlined in [3.2.12](#3-2-12-locating-services), perhaps with the aid of a service such as the TON DNS (cf. [4.3.1](#4-3-1-ton-dns-a-mostly-on-chain-hierarchical-domain-name-service)) to facilitate translation of domain-like human-readable strings into abstract addresses. To the extent the ADNL network (i.e., the TON Network) is similar to the Invisible Internet Project ($I^2P$), such (almost) purely network services are analogous to the so-called "eep-services" (i.e., services that have an $I^2P$-address as their entry point, and are available to clients through the $I^2P$ network). We will say that such purely network services residing in the TON Network are "ton-services". An "eep-service" may implement HTTP as its client-server protocol; in the TON Network context, a "ton-service" might simply use RLDP (cf. [3.1.9](#3-1-9-rldp-or-reliable-large-datagram-protocol-over-adnl)) datagrams to transfer HTTP queries and responses to them. If it uses the TON DNS to allow its abstract address to be looked up by a human-readable domain name, the analogy to a web site becomes almost perfect. One might even write a specialized browser, or a special proxy ("ton-proxy") that is run locally on a user's machine, accepts arbitrary HTTP queries from an ordinary web browser the user employs (once the local IP address and the TCP port of the proxy are entered into the browser's configuration), and forwards these queries through the TON Network to the abstract address of the service. Then the user would have a browsing experience similar to that of the World Wide Web (WWW). In the $I^2P$ ecosystem, such "eep-services" are called "eep-sites". One can easily create "ton-sites" in the TON ecosystem as well. This is facilitated somewhat by the existence of services such as the TON DNS, which exploit the TON Blockchain and the TON DHT to translate (TON) domain names into abstract addresses. #### 4.1.6. Telegram Messenger as a ton-service; MTProto over RLDP [#416-telegram-messenger-as-a-ton-service-mtproto-over-rldp] We would like to mention in passing that the MTProto protocol,^[34](#fn34) used by Telegram Messenger^[35](#fn35) for client-server interaction, can be easily embedded into the RLDP protocol discussed in [3.1.9](#3-1-9-rldp-or-reliable-large-datagram-protocol-over-adnl), thus effectively transforming Telegram into a ton-service. Because the TON Proxy technology can be switched on transparently for the end user of a ton-site or a ton-service, being implemented on a lower level than the RLDP and ADNL protocols (cf. [3.1.6](#3-1-6-channel-as-a-tunnel-identifier)), this would make Telegram effectively unblockable. Of course, other messaging and social networking services might benefit from this technology as well. #### 4.1.7. Mixed services: partly off-chain, partly on-chain [#417-mixed-services-partly-off-chain-partly-on-chain] Some services might use a mixed approach: do most of the processing off-chain, but also have some on-chain part (for example, to register their obligations towards their users, and vice versa). In this way, part of the state would still be kept in the TON Blockchain (i.e., an immutable public ledger), and any misbehavior of the service or of its users could be punished by smart contracts. #### 4.1.8. Example: keeping files off-chain; TON Storage [#418-example-keeping-files-off-chain-ton-storage] An example of such a service is given by *TON Storage*. In its simplest form, it allows users to store files off-chain, by keeping on-chain only a hash of the file to be stored, and possibly a smart contract where some other parties agree to keep the file in question for a given period of time for a pre-negotiated fee. In fact, the file may be subdivided into chunks of some small size (e.g., 1 kilobyte), augmented by an erasure code such as a Reed–Solomon or a fountain code, a Merkle tree hash may be constructed for the augmented sequence of chunks, and this Merkle tree hash might be published in the smart contract instead of or along with the usual hash of the file. This is somewhat reminiscent of the way files are stored in a torrent. An even simpler form of storing files is completely off-chain: one might essentially create a "torrent" for a new file, and use TON DHT as a "distributed torrent tracker" for this torrent (cf. [3.2.10](#3-2-10-distributed-torrent-trackers-and-network-interest-groups-in-ton-dht)). This might actually work pretty well for popular files. However, one does not get any availability guarantees. For example, a hypothetical "blockchain Facebook" (cf. [2.9.13](#2-9-13-is-it-possible-to-upload-facebook-into-a-blockchain)), which would opt to keep the profile photographs of its users completely off-chain in such "torrents", might risk losing photographs of ordinary (not especially popular) users, or at least risk being unable to present these photographs for prolonged periods. The TON Storage technology, which is mostly off-chain, but uses an on-chain smart contract to enforce availability of the stored files, might be a better match for this task. #### 4.1.9. Decentralized mixed services, or "fog services" [#419-decentralized-mixed-services-or-fog-services] So far, we have discussed *centralized* mixed services and applications. While their on-chain component is processed in a decentralized and distributed fashion, being located in the blockchain, their off-chain component relies on some servers controlled by the service provider in the usual centralized fashion. Instead of using some dedicated servers, computing power might be rented from a cloud computing service offered by one of the large companies. However, this would not lead to decentralization of the off-chain component of the service. A decentralized approach to implementing the off-chain component of a service consists in creating a *market*, where anybody possessing the required hardware and willing to rent their computing power or disk space would offer their services to those needing them. For example, there might exist a registry (which might also be called a "market" or an "exchange") where all nodes interested in keeping files of other users publish their contact information, along with their available storage capacity, availability policy, and prices. Those needing these services might look them up there, and, if the other party agrees, create smart contracts in the blockchain and upload files for off-chain storage. In this way a service like *TON Storage* becomes truly decentralized, because it does not need to rely on any centralized cluster of servers for storing files. #### 4.1.10. Example: "fog computing" platforms as decentralized mixed services [#4110-example-fog-computing-platforms-as-decentralized-mixed-services] Another example of such a decentralized mixed application arises when one wants to perform some specific computations (e.g., 3D rendering or training neural networks), often requiring specific and expensive hardware. Then those having such equipment might offer their services through a similar "exchange", and those needing such services would rent them, with the obligations of the sides registered by means of smart contracts. This is similar to what "fog computing" platforms, such as Golem ([https://golem.network/](https://golem.network/)) or SONM ([https://sonm.io/](https://sonm.io/)), promise to deliver. #### 4.1.11. Example: TON Proxy is a fog service [#4111-example-ton-proxy-is-a-fog-service] *TON Proxy* provides yet another example of a fog service, where nodes wishing to offer their services (with or without compensation) as tunnels for ADNL network traffic might register, and those needing them might choose one of these nodes depending on the price, latency and bandwidth offered. Afterwards, one might use payment channels provided by *TON Payments* for processing micropayments for the services of those proxies, with payments collected, for instance, for every 128 KiB transferred. #### 4.1.12. Example: TON Payments is a fog service [#4112-example-ton-payments-is-a-fog-service] The TON Payments platform (cf. [5](#5-ton-payments)) is also an example of such a decentralized mixed application. ### 4.2 Connecting Users and Service Providers [#42--connecting-users-and-service-providers] We have seen in [4.1.9](#4-1-9-decentralized-mixed-services%2C-or-“fog-services”) that "fog services" (i.e., mixed decentralized services) will usually need some *markets*, *exchanges* or *registries*, where those needing specific services might meet those providing them. Such markets are likely to be implemented as on-chain, off-chain or mixed services themselves, centralized or distributed. #### 4.2.1. Example: connecting to TON Payments [#421-example-connecting-to-ton-payments] For example, if one wants to use TON Payments (cf. [5](#5-ton-payments)), the first step would be to find at least some existing transit nodes of the "lightning network" (cf. [5.2](#5-2-payment-channel-network-or-lightning-network)), and establish payment channels with them, if they are willing. Some nodes can be found with the aid of the "encompassing" overlay network, which is supposed to contain all transit lightning network nodes (cf. [3.3.17](#3-3-17-overlay-networks-within-overlay-networks)). However, it is not clear whether these nodes will be willing to create new payment channels. Therefore, a registry is needed where nodes ready to create new links can publish their contact information (e.g., their abstract addresses). #### 4.2.2. Example: uploading a file into TON Storage [#422-example-uploading-a-file-into-ton-storage] Similarly, if one wants to upload a file into the TON Storage, she must locate some nodes willing to sign a smart contract binding them to keep a copy of that file (or of any file below a certain size limit, for that matter). Therefore, a registry of nodes offering their services for storing files is needed. #### 4.2.3. On-chain, mixed and off-chain registries [#423-on-chain-mixed-and-off-chain-registries] Such a registry of service providers might be implemented completely on-chain, with the aid of a smart contract which would keep the registry in its permanent storage. However, this would be quite slow and expensive. A mixed approach is more efficient, where the relatively small and rarely changed on-chain registry is used only to point out some nodes (by their abstract addresses, or by their public keys, which can be used to locate actual abstract addresses as described in [3.2.12](#3-2-12-locating-services)), which provide off-chain (centralized) registry services. Finally, a decentralized, purely off-chain approach might consist of a public overlay network (cf. [3.3](#3-3-overlay-networks-and-multicasting-messages)), where those willing to offer their services, or those looking to buy somebody's services, simply broadcast their offers, signed by their private keys. If the service to be provided is very simple, even broadcasting the offers might be not necessary: the approximate membership of the overlay network itself might be used as a "registry" of those willing to provide a particular service. Then a client requiring this service might locate (cf. [3.3.7](#3-3-7-locating-more-members-of-the-overlay-network-creating-links)) and query some nodes of this overlay network, and then query their neighbors, if the nodes already known are not ready to satisfy its needs. #### 4.2.4. Registry or exchange in a side-chain [#424-registry-or-exchange-in-a-side-chain] Another approach to implementing decentralized mixed registries consists in creating an independent specialized blockchain ("side-chain"), maintained by its own set of self-proclaimed validators, who publish their identities in an on-chain smart contract and provide network access to all interested parties to this specialized blockchain, collecting transaction candidates and broadcasting block updates through dedicated overlay networks (cf. [3.3](#3-3-overlay-networks-and-multicasting-messages)). Then any full node for this sidechain can maintain its own copy of the shared registry (essentially equal to the global state of this side-chain), and process arbitrary queries related to this registry. #### 4.2.5. Registry or exchange in a workchain [#425-registry-or-exchange-in-a-workchain] Another option is to create a dedicated workchain inside the TON Blockchain, specialized for creating registries, markets and exchanges. This might be more efficient and less expensive than using smart contracts residing in the basic workchain (cf. [2.1.11](#2-1-11-basic-workchain-or-workchain-zero)). However, this would still be more expensive than maintaining registries in side-chains (cf. [4.2.4](#4-2-4-registry-or-exchange-in-a-side-chain)). ### 4.3 Accessing TON Services [#43---accessing-ton-services] We have discussed in [4.1](#4-1-ton-service-implementation-strategies) the different approaches one might employ for creating new services and applications residing in the TON ecosystem. Now we discuss how these services might be accessed, and some of the "helper services" that will be provided by TON, including *TON DNS* and *TON Storage*. #### 4.3.1. TON DNS: a mostly on-chain hierarchical domain name service [#431-ton-dns-a-mostly-on-chain-hierarchical-domain-name-service] The *TON DNS* is a predefined service, which uses a collection of smart contracts to keep a map from human-readable domain names to (256-bit) addresses of ADNL network nodes and TON Blockchain accounts and smart contracts. While anybody might in principle implement such a service using the TON Blockchain, it is useful to have such a predefined service with a well-known interface, to be used by default whenever an application or a service wants to translate human-readable identifiers into addresses. #### 4.3.2. TON DNS use cases [#432-ton-dns-use-cases] For example, a user looking to transfer some cryptocurrency to another user or to a merchant may prefer to remember a TON DNS domain name of the account of that user or merchant, instead of keeping their 256-bit account identifiers at hand and copy-pasting them into the recipient field in their light wallet client. Similarly, TON DNS may be used to locate account identifiers of smart contracts or entry points of ton-services and ton-sites (cf. [4.1.5](#4-1-5-pure-network-services-ton-sites-and-ton-services)), enabling a specialized client ("ton-browser"), or a usual internet browser combined with a specialized ton-proxy extension or stand-alone application, to deliver a WWW-like browsing experience to the user. #### 4.3.3. TON DNS smart contracts [#433-ton-dns-smart-contracts] The TON DNS is implemented by means of a tree of special (DNS) smart contracts. Each DNS smart contract is responsible for registering subdomains of some fixed domain. The "root" DNS smart contract, where level one domains of the TON DNS system will be kept, is located in the masterchain. Its account identifier must be hardcoded into all software that wishes to access the TON DNS database directly. Any DNS smart contract contains a hashmap, mapping variable-length null-terminated UTF-8 strings into their "values". This hashmap is implemented as a binary Patricia tree, similar to that described in [2.3.7](#2-3-7-definition-of-hashmap-type-as-a-patricia-tree) but supporting variable-length bitstrings as keys. #### 4.3.4. Values of the DNS hashmap, or TON DNS records [#434-values-of-the-dns-hashmap-or-ton-dns-records] As to the values, they are "TON DNS records" described by a TL-scheme (cf. [2.2.5](#2-2-5-tl-or-the-type-language)). They consist of a "magic number", selecting one of the options supported, and then either an account identifier, or a smart-contract identifier, or an abstract network address (cf. [3.1](#3-1-abstract-datagram-network-layer)), or a public key used to locate abstract addresses of a service (cf. [3.2.12](#3-2-12-locating-services)), or a description of an overlay network, and so on. An important case is that of another DNS smart contract: in such a case, that smart contract is used to resolve subdomains of its domain. In this way, one can create separate registries for different domains, controlled by the owners of those domains. These records may also contain an expiration time, a caching time (usually very large, because updating values in a blockchain too often is expensive), and in most cases a reference to the owner of the subdomain in question. The owner has the right to change this record (in particular, the owner field, thus transferring the domain to somebody else's control), and to prolong it. #### 4.3.5. Registering new subdomains of existing domains [#435-registering-new-subdomains-of-existing-domains] In order to register a new subdomain of an existing domain, one simply sends a message to the smart contract, which is the registrar of that domain, containing the subdomain (i.e., the key) to be registered, the value in one of several predefined formats, an identity of the owner, an expiration date, and some amount of cryptocurrency as determined by the domain's owner. Subdomains are registered on a "first-come, first-served" basis. #### 4.3.6. Retrieving data from a DNS smart contract [#436-retrieving-data-from-a-dns-smart-contract] In principle, any full node for the masterchain or shardchain containing a DNS smart contract might be able to look up any subdomain in the database of that smart contract, if the structure and the location of the hashmap inside the persistent storage of the smart contract are known. However, this approach would work only for certain DNS smart contracts. It would fail miserably if a non-standard DNS smart contract were used. Instead, an approach based on *general smart contract interfaces and get methods* ([cf. 4.3.11](#4-3-11-get-methods-of-smart-contracts)) is used. Any DNS smart contract must define a get method with a known signature, which is invoked to look up a key. Since this approach makes sense for other smart contracts as well, especially those providing on-chain and mixed services, we explain it in some detail in [4.3.11](#4-3-11-get-methods-of-smart-contracts). #### 4.3.7. Translating a TON DNS domain [#437-translating-a-ton-dns-domain] Once any full node, acting by itself or on behalf of some light client, can look up entries in the database of any DNS smart contract, arbitrary TON DNS domain names can be recursively translated, starting from the well-known and fixed root DNS smart contract (account) identifier. For example, if one wants to translate `A.B.C`, one looks up keys `.C`, `.B.C`, and `A.B.C` in the root domain database. If the first of them is not found, but the second is, and its value is a reference to another DNS smart contract, then `A` is looked up in the database of that smart contract and the final value is retrieved. #### 4.3.8. Translating TON DNS domains for light nodes [#438-translating-ton-dns-domains-for-light-nodes] In this way, a full node for the masterchain—and also for all shardchains involved in the domain look-up process—might translate any domain name into its current value without external help. A light node might request a full node to do this on its behalf and return the value, along with a Merkle proof (cf. [2.5.11](#2-5-11-merkle-proofs-as-query-responses-from-full-nodes)). This Merkle proof would enable the light node to verify that the answer is correct, so such TON DNS responses cannot be "spoofed" by a malicious interceptor, in contrast to the usual DNS protocol. Because no node can be expected to be a full node with respect to all shardchains, actual TON DNS domain translation would involve a combination of these two strategies. #### 4.3.9. Dedicated "TON DNS servers" [#439-dedicated-ton-dns-servers] One might provide a simple "TON DNS server", which would receive RPC "DNS" queries (e.g., via the ADNL or RLDP protocols described in [3.1](#3-1-abstract-datagram-network-layer)), requesting that the server translate a given domain, process these queries by forwarding some subqueries to other (full) nodes if necessary, and return answers to the original queries, augmented by Merkle proofs if required. Such "DNS servers" might offer their services (for free or not) to any other nodes and especially light clients, using one of the methods described in [4.2](#4-2-connecting-users-and-service-providers). Notice that these servers, if considered part of the TON DNS service, would effectively transform it from a distributed on-chain service into a distributed mixed service (i.e., a "fog service"). This concludes our brief overview of the TON DNS service, a scalable on-chain registry for human-readable domain names of TON Blockchain and TON Network entities. #### 4.3.10. Accessing data kept in smart contracts [#4310-accessing-data-kept-in-smart-contracts] We have already seen that it is sometimes necessary to access data stored in a smart contract without changing its state. If one knows the details of the smart-contract implementation, one can extract all the needed information from the smart contract's persistent storage, available to all full nodes of the shardchain the smart contract resides in. However, this is quite an inelegant way of doing things, depending very much on the smart-contract implementation. #### 4.3.11. "Get methods" of smart contracts [#4311-get-methods-of-smart-contracts] A better way would be to define some *get methods* in the smart contract, that is, some types of inbound messages that do not affect the state of the smart contract when delivered, but generate one or more output messages containing the "result" of the get method. In this way, one can obtain data from a smart contract, knowing only that it implements a get method with a known signature (i.e., a known format of the inbound message to be sent and outbound messages to be received as a result). This way is much more elegant and in line with object oriented programming (OOP). However, it has an obvious defect so far: one must actually commit a transaction into the blockchain (sending the get message to the smart contract), wait until it is committed and processed by the validators, extract the answer from a new block, and pay for gas (i.e., for executing the get method on the validators' hardware). This is a waste of resources: get methods do not change the state of the smart contract anyways, so they need not be executed in the blockchain. #### 4.3.12. Tentative execution of get methods of smart contracts [#4312-tentative-execution-of-get-methods-of-smart-contracts] We have already remarked (cf. [2.4.6](#2-4-6-external-messages-or-messages-from-nowhere)) that any full node can tentatively execute any method of any smart contract (i.e., deliver any message to a smart contract), starting from a given state of the smart contract, without actually committing the corresponding transaction. The full node can simply load the code of the smart contract under consideration into the TON VM, initialize its persistent storage from the global state of the shardchain (known to all full nodes of the shardchain), and execute the smart-contract code with the inbound message as its input parameter. The output messages created will yield the result of this computation. In this way, any full node can evaluate arbitrary get methods of arbitrary smart contracts, provided their signature (i.e., the format of inbound and outbound messages) is known. The node may keep track of the cells of the shardchain state accessed during this evaluation, and create a Merkle proof of the validity of the computation performed, for the benefit of a light node that might have asked the full node to do so (cf. [2.5.11](#2-5-11-merkle-proofs-as-query-responses-from-full-nodes)). #### 4.3.13. Smart-contract interfaces in TL-schemes [#4313-smart-contract-interfaces-in-tl-schemes] Recall that the methods implemented by a smart contract (i.e., the input messages accepted by it) are essentially some TL-serialized objects, which can be described by a TL-scheme (cf. [2.2.5](#2-2-5-tl-or-the-type-language)). The resulting output messages can be described by the same TL-scheme as well. In this way, the interface provided by a smart contract to other accounts and smart contracts may be formalized by means of a TL-scheme. In particular, (a subset of) get methods supported by a smart contract can be described by such a formalized smart-contract interface. #### 4.3.14. Public interfaces of a smart contract [#4314-public-interfaces-of-a-smart-contract] Notice that a formalized smart-contract interface, either in form of a TL-scheme (represented as a TL source file; cf. [2.2.5](#2-2-5-tl-or-the-type-language)) or in serialized form,^[36](#fn36) can be published—for example, in a special field in the smart-contract account description, stored in the blockchain, or separately, if this interface will be referred to many times. In the latter case a hash of the supported public interface may be incorporated into the smart-contract description instead of the interface description itself. An example of such a public interface is that of a DNS smart contract, which is supposed to implement at least one standard get method for looking up subdomains (cf. [4.3.6](#4-3-6-retrieving-data-from-a-dns-smart-contract)). A standard method for registering new subdomains can be also included in the standard public interface of DNS smart contracts. #### 4.3.15. User interface of a smart contract [#4315-user-interface-of-a-smart-contract] The existence of a public interface for a smart contract has other benefits, too. For example, a wallet client application may download such an interface while examining a smart contract on the request of a user, and display a list of public methods (i.e., of available actions) supported by the smart contract, perhaps with some human-readable comments if any are provided in the formal interface. After the user selects one of these methods, a form may be automatically generated according to the TL-scheme, where the user will be prompted for all fields required by the chosen method and for the desired amount of cryptocurrency (e.g., Grams) to be attached to this request. Submitting this form will create a new blockchain transaction containing the message just composed, sent from the user's blockchain account. In this way, the user will be able to interact with arbitrary smart contracts from the wallet client application in a user-friendly way by filling and submitting certain forms, provided these smart contracts have published their interfaces. #### 4.3.16. User interface of a "ton-service" [#4316-user-interface-of-a-ton-service] It turns out that ton-services (i.e., services residing in the TON Network and accepting queries through the ADNL and RLDP protocols of [3](#3-ton-networking); [cf. 4.1.5](#4-1-5-pure-network-services%3A-ton-sites-and-ton-services)) may also profit from having public interfaces, described by TL-schemes ([cf. 2.2.5](#2-2-5-tl%2C-or-the-type-language)). A client application, such as a light wallet or a ton-browser, might prompt the user to select one of the methods and to fill in a form with parameters defined by the interface, similarly to what has just been discussed in [4.3.15](#4-3-15-user-interface-of-a-smart-contract). The only difference is that the resulting TL-serialized message is not submitted as a transaction in the blockchain; instead, it is sent as an RPC query to the abstract address of the ton-service in question, and the response to this query is parsed and displayed according to the formal interface (i.e., a TL-scheme). #### 4.3.17. Locating user interfaces via TON DNS [#4317-locating-user-interfaces-via-ton-dns] The TON DNS record containing an abstract address of a ton-service or a smart-contract account identifier might also contain an optional field describing the public (user) interface of that entity, or several supported interfaces. Then the client application (be it a wallet, a ton-browser or a ton-proxy) will be able to download the interface and interact with the entity in question (be it a smart contract or a ton-service) in a uniform way. #### 4.3.18. Blurring the distinction between on-chain and off-chain services [#4318-blurring-the-distinction-between-on-chain-and-off-chain-services] In this way, the distinction between on-chain, off-chain and mixed services (cf. [4.1.2](#4-1-2-location-of-the-application-on-chain-off-chain-or-mixed)) is blurred for the end user: she simply enters the domain name of the desired service into the address line of her ton-browser or wallet, and the rest is handled seamlessly by the client application. #### 4.3.19. A light wallet and TON entity explorer can be built into Telegram Messenger clients [#4319-a-light-wallet-and-ton-entity-explorer-can-be-built-into-telegram-messenger-clients] An interesting opportunity arises at this point. A light wallet and TON entity explorer, implementing the above functionality, can be embedded into the Telegram Messenger smartphone client application, thus bringing the technology to more than 200 million people. Users would be able to send hyperlinks to TON entities and resources by including TON URIs (cf. [4.3.22](#4-3-22-hyperlink-urls-may-specify-some-parameters)) in messages; such hyperlinks, if selected, will be opened internally by the Telegram client application of the receiving party, and interaction with the chosen entity will begin. #### 4.3.20. "ton-sites" as ton-services supporting an HTTP interface [#4320-ton-sites-as-ton-services-supporting-an-http-interface] A *ton-site* is simply a ton-service that supports an HTTP interface, perhaps along with some other interfaces. This support may be announced in the corresponding TON DNS record. #### 4.3.21. Hyperlinks [#4321-hyperlinks] Notice that the HTML pages returned by ton-sites may contain *ton-hyperlinks*—that is, references to other ton-sites, smart contracts and accounts by means of specially crafted URI schemes (cf. [4.3.22](#4-3-22-hyperlink-urls-may-specify-some-parameters))—containing either abstract network addresses, account identifiers, or human-readable TON DNS domains. Then a "ton-browser" might follow such a hyperlink when the user selects it, detect the interface to be used, and display a user interface form as outlined in [4.3.15](#4-3-15-user-interface-of-a-smart-contract) and [4.3.16](#4-3-16-user-interface-of-a-ton-service). #### 4.3.22. Hyperlink URLs may specify some parameters [#4322-hyperlink-urls-may-specify-some-parameters] The hyperlink URLs may contain not only a (TON) DNS domain or an abstract address of the service in question, but also the name of the method to be invoked and some or all of its parameters. A possible URI scheme for this might look as follows: ``` ton:///?=&=... ``` When the user selects such a link in a ton-browser, either the action is performed immediately (especially if it is a get method of a smart contract, invoked anonymously), or a partially filled form is displayed, to be explicitly confirmed and submitted by the user (this may be required for payment forms). #### 4.3.23. POST actions [#4323-post-actions] A ton-site may embed into the HTML pages it returns some usual-looking POST forms, with POST actions referring either to ton-sites, ton-services or smart contracts by means of suitable (TON) URLs. In that case, once the user fills and submits that custom form, the corresponding action is taken, either immediately or after an explicit confirmation. #### 4.3.24. TON WWW [#4324-ton-www] All of the above will lead to the creation of a whole web of cross-referencing entities, residing in the TON Network, which would be accessible to the end user through a ton-browser, providing the user with a WWW-like browsing experience. For end users, this will finally make blockchain applications fundamentally similar to the web sites they are already accustomed to. #### 4.3.25. Advantages of TON WWW [#4325-advantages-of-ton-www] This "TON WWW" of on-chain and off-chain services has some advantages over its conventional counterpart. For example, payments are inherently integrated in the system. User identity can be always presented to the services (by means of automatically generated signatures on the transactions and RPC requests generated), or hidden at will. Services would not need to check and re-check user credentials; these credentials can be published in the blockchain once and for all. User network anonymity can be easily preserved by means of TON Proxy, and all services will be effectively unblockable. Micropayments are also possible and easy, because ton-browsers can be integrated with the TON Payments system. *** ## 5 TON Payments [#5--ton-payments] The last component of the TON Project we will briefly discuss in this text is *TON Payments*, the platform for (micro)payment channels and "lightning network" value transfers. It would enable "instant" payments, without the need to commit all transactions into the blockchain, pay the associated transaction fees (e.g., for the gas consumed), and wait five seconds until the block containing the transactions in question is confirmed. The overall overhead of such instant payments is so small that one can use them for micropayments. For example, a TON file-storing service might charge the user for every 128 KiB of downloaded data, or a paid TON Proxy might require some tiny micropayment for every 128 KiB of traffic relayed. While *TON Payments* is likely to be released later than the core components of the TON Project, some considerations need to be made at the very beginning. For example, the TON Virtual Machine (TON VM; cf. [2.1.20](#2-1-20-ton-virtual-machine)), used to execute the code of TON Blockchain smart contracts, must support some special operations with Merkle proofs. If such support is not present in the original design, adding it at a later stage might become problematic (cf. [2.8.16](#2-8-16-complications-of-changing-the-genome-of-a-blockchain-project)). We will see, however, that the TON VM comes with natural support for "smart" payment channels (cf. [5.1.9](#5-1-9-ton-vm-support-for-smart-payment-channels)) out of the box. ### 5.1 Payment Channels [#51--payment-channels] We start with a discussion of point-to-point payment channels, and how they can be implemented in the TON Blockchain. #### 5.1.1. The idea of a payment channel [#511-the-idea-of-a-payment-channel] Suppose two parties, $A$ and $B$, know that they will need to make a lot of payments to each other in the future. Instead of committing each payment as a transaction in the blockchain, they create a shared "money pool" (or perhaps a small private bank with exactly two accounts), and contribute some funds to it: $A$ contributes $a$ coins, and $B$ contributes $b$ coins. This is achieved by creating a special smart contract in the blockchain, and sending the money to it. Before creating the "money pool", the two sides agree to a certain protocol. They will keep track of the *state* of the pool—that is, of their balances in the shared pool. Originally, the state is $(a,b)$, meaning that $a$ coins actually belong to $A$, and $b$ coins belong to $B$. Then, if $A$ wants to pay $d$ coins to $B$, they can simply agree that the new state is $(a',b')=(a-d,b+d)$. Afterwards, if, say, $B$ wants to pay $d'$ coins to $A$, the state will become $(a'',b'')=(a'+d',b'-d')$, and so on. All this updating of balances inside the pool is done completely off-chain. When the two parties decide to withdraw their due funds from the pool, they do so according to the final state of the pool. This is achieved by sending a special message to the smart contract, containing the agreed-upon final state $(a^*,b^*)$ along with the signatures of both $A$ and $B$. Then the smart contract sends $a^*$ coins to $A$, $b^*$ coins to $B$ and self-destructs. This smart contract, along with the network protocol used by $A$ and $B$ to update the state of the pool, is a simple *payment channel between $A$ and $B$.* According to the classification described in [4.1.2](#4-1-2-location-of-the-application-on-chain-off-chain-or-mixed), it is a *mixed* service: part of its state resides in the blockchain (the smart contract), but most of its state updates are performed off-chain (by the network protocol). If everything goes well, the two parties will be able to perform as many payments to each other as they want (with the only restriction being that the "capacity" of the channel is not overrun—i.e., their balances in the payment channel both remain non-negative), committing only two transactions into the blockchain: one to open (create) the payment channel (smart contract), and another to close (destroy) it. #### 5.1.2. Trustless payment channels [#512-trustless-payment-channels] The previous example was somewhat unrealistic, because it assumes that both parties are willing to cooperate and will never cheat to gain some advantage. Imagine, for example, that $A$ will choose not to sign the final balance $(a',b')$ with $a'b$)—then the other party may submit proof of this misbehavior to a third method of the smart contract. The guilty party is punished immediately by losing its share in the payment channel completely. This simple payment channel protocol is *fair* in the sense that any party can always get its due, with or without the cooperation of the other party, and is likely to lose all of its funds committed to the payment channel if it tries to cheat. #### 5.1.4. Synchronous payment channel as a simple virtual blockchain with two validators [#514-synchronous-payment-channel-as-a-simple-virtual-blockchain-with-two-validators] The above example of a simple synchronous payment channel can be recast as follows. Imagine that the sequence of states $S_0$, $S_1$, ..., $S_n$ is actually the sequence of blocks of a very simple blockchain. Each block of this blockchain contains essentially only the current state of the blockchain, and maybe a reference to the previous block (i.e., its hash). Both parties $A$ and $B$ act as validators for this blockchain, so every block must collect both of their signatures. The state $S_i$ of the blockchain defines the designated producer $o_i$ for the next block, so there is no race between $A$ and $B$ for producing the next block. Producer $A$ is allowed to create blocks that transfer funds from $A$ to $B$ (i.e., decrease the imbalance: $\delta_{i+1}\leq\delta_i$), and $B$ can only transfer funds from $B$ to $A$ (i.e., increase $\delta$). If the two validators agree on the final block (and the final state) of the blockchain, it is finalized by collecting special "final" signatures of the two parties, and submitting them along with the final block to the channel smart contract for processing and re-distributing the money accordingly. If a validator signs an invalid block, or creates a fork, or signs two different final blocks, it can be punished by presenting a proof of its misbehavior to the smart contract, which acts as an "on-chain arbiter" for the two validators; then the offending party will lose all its money kept in the payment channel, which is analogous to a validator losing its stake. #### 5.1.5. Asynchronous payment channel as a virtual blockchain with two workchains [#515-asynchronous-payment-channel-as-a-virtual-blockchain-with-two-workchains] The synchronous payment channel discussed in [5.1.3](#5-1-3-simple-bidirectional-synchronous-trustless-payment-channel) has a certain disadvantage: one cannot begin the next transaction (money transfer inside the payment channel) before the previous one is confirmed by the other party. This can be fixed by replacing the single virtual blockchain discussed in [5.1.4](#5-1-4-synchronous-payment-channel-as-a-simple-virtual-blockchain-with-two-validators) by a system of two interacting virtual workchains (or rather shardchains). The first of these workchains contains only transactions by $A$, and its blocks can be generated only by $A$; its states are $S_i=(i,\phi_i,j,\psi_j)$, where $i$ is the block sequence number (i.e., the count of transactions, or money transfers, performed by $A$ so far), $\phi_i$ is the total amount transferred from $A$ to $B$ so far, $j$ is the sequence number of the most recent valid block in $B$'s blockchain that $A$ is aware of, and $\psi_j$ is the amount of money transferred from $B$ to $A$ in its $j$ transactions. A signature of $B$ put onto its $j$-th block should also be a part of this state. Hashes of the previous block of this workchain and of the $j$-th block of the other workchain may be also included. Validity conditions for $S_i$ include $\phi_i\geq 0$, $\phi_i\geq\phi_{i-1}$ if $i>0$, $\psi_j\geq0$, and $-a\leq\psi_j-\phi_i\leq b$. Similarly, the second workchain contains only transactions by $B$, and its blocks are generated only by $B$; its states are $T_j=(j,\psi_j,i,\phi_i)$, with similar validity conditions. Now, if $A$ wants to transfer some money to $B$, it simply creates a new block in its workchain, signs it, and sends to $B$, without waiting for confirmation. The payment channel is finalized by $A$ signing (its version of) the final state of its blockchain (with its special "final signature"), $B$ signing the final state of its blockchain, and presenting these two final states to the clean finalization method of the payment channel smart contract. Unilateral finalization is also possible, but in that case the smart contract will have to wait for the other party to present its version of the final state, at least for some grace period. #### 5.1.6. Unidirectional payment channels [#516-unidirectional-payment-channels] If only $A$ needs to make payments to $B$ (e.g., $B$ is a service provider, and $A$ its client), then a unilateral payment channel can be created. Essentially, it is just the first workchain described in [5.1.5](#5-1-5-asynchronous-payment-channel-as-a-virtual-blockchain-with-two-workchains) without the second one. Conversely, one can say that the asynchronous payment channel described in [5.1.5](#5-1-5-asynchronous-payment-channel-as-a-virtual-blockchain-with-two-workchains) consists of two unidirectional payment channels, or "half-channels", managed by the same smart contract. #### 5.1.7. More sophisticated payment channels. Promises [#517-more-sophisticated-payment-channels-promises] We will see later in [5.2.4](#5-2-4-chain-money-transfers) that the "lightning network" (cf. [5.2](#5-2-payment-channel-network-or-lightning-network)), which enables instant money transfers through chains of several payment channels, requires higher degrees of sophistication from the payment channels involved. In particular, we want to be able to commit "promises", or "conditional money transfers": $A$ agrees to send $c$ coins to $B$, but $B$ will get the money only if a certain condition is fulfilled, for instance, if $B$ can present some string $u$ with $\text{Hash}(u)=v$ for a known value of $v$. Otherwise, $A$ can get the money back after a certain period of time. Such a promise could easily be implemented on-chain by a simple smart contract. However, we want promises and other kinds of conditional money transfers to be possible off-chain, in the payment channel, because they considerably simplify money transfers along a chain of payment channels existing in the "lightning network" (cf. [5.2.4](#5-2-4-chain-money-transfers)). The "payment channel as a simple blockchain" picture outlined in [5.1.4](#5-1-4-synchronous-payment-channel-as-a-simple-virtual-blockchain-with-two-validators) and [5.1.5](#5-1-5-asynchronous-payment-channel-as-a-virtual-blockchain-with-two-workchains) becomes convenient here. Now we consider a more complicated virtual blockchain, the state of which contains a set of such unfulfilled "promises", and the amount of funds locked in such promises. This blockchain—or the two workchains in the asynchronous case—will have to refer explicitly to the previous blocks by their hashes. Nevertheless, the general mechanism remains the same. #### 5.1.8. Challenges for the sophisticated payment channel smart contracts [#518-challenges-for-the-sophisticated-payment-channel-smart-contracts] Notice that, while the final state of a sophisticated payment channel is still small, and the "clean" finalization is simple (if the two sides have agreed on their amounts due, and both have signed their agreement, nothing else remains to be done), the unilateral finalization method and the method for punishing fraudulent behavior need to be more complex. Indeed, they must be able to accept Merkle proofs of misbehavior, and to check whether the more sophisticated transactions of the payment channel blockchain have been processed correctly. In other words, the payment channel smart contract must be able to work with Merkle proofs, to check their "hash validity", and must contain an implementation of $\mathit{ev\_trans}$ and $\mathit{ev\_block}$ functions (cf. [2.2.6](#2-2-6-blocks-and-transactions-as-state-transformation-operators)) for the payment channel (virtual) blockchain. #### 5.1.9. TON VM support for "smart" payment channels [#519-ton-vm-support-for-smart-payment-channels] The TON VM, used to run the code of TON Blockchain smart contracts, is up to the challenge of executing the smart contracts required for "smart", or sophisticated, payment channels (cf. [5.1.8](#5-1-8-challenges-for-the-sophisticated-payment-channel-smart-contracts)). At this point the "everything is a bag of cells" paradigm ([cf. 2.5.14](#2-5-14-everything-is-a-bag-of-cells-philosophy)) becomes extremely convenient. Since all blocks (including the blocks of the ephemeral payment channel blockchain) are represented as bags of cells (and described by some algebraic data types), and the same holds for messages and Merkle proofs as well, a Merkle proof can easily be embedded into an inbound message sent to the payment channel smart contract. The "hash condition" of the Merkle proof will be checked automatically, and when the smart contract accesses the "Merkle proof" presented, it will work with it as if it were a value of the corresponding algebraic data type—albeit incomplete, with some subtrees of the tree replaced by special nodes containing the Merkle hash of the omitted subtree. Then the smart contract will work with that value, which might represent, for instance, a block of the payment channel (virtual) blockchain along with its state, and will evaluate the $\mathit{ev\_block}$ function (cf. [2.2.6](#2-2-6-blocks-and-transactions-as-state-transformation-operators)) of that blockchain on this block and the previous state. Then either the computation finishes, and the final state can be compared with that asserted in the block, or an "absent node" exception is thrown while attempting to access an absent subtree, indicating that the Merkle proof is invalid. In this way, the implementation of the verification code for smart payment channel blockchains turns out to be quite straightforward using TON Blockchain smart contracts. One might say that *the TON Virtual Machine comes with built-in support for checking the validity of other simple blockchains.* The only limiting factor is the size of the Merkle proof to be incorporated into the inbound message to the smart contract (i.e., into the transaction). #### 5.1.10. Simple payment channel within a smart payment channel [#5110-simple-payment-channel-within-a-smart-payment-channel] We would like to discuss the possibility of creating a simple (synchronous or asynchronous) payment channel inside an existing payment channel. While this may seem somewhat convoluted, it is not much harder to understand and implement than the "promises" discussed in [5.1.7](#5-1-7-more-sophisticated-payment-channels-promises). Essentially, instead of promising to pay $c$ coins to the other party if a solution to some hash problem is presented, $A$ promises to pay up to $c$ coins to $B$ according to the final settlement of some other (virtual) payment channel blockchain. Generally speaking, this other payment channel blockchain need not even be between $A$ and $B$; it might involve some other parties, say, $C$ and $D$, willing to commit $c$ and $d$ coins into their simple payment channel, respectively. (This possibility is exploited later in [5.2.5](#5-2-5-virtual-payment-channels-inside-a-chain-of-payment-channels).) If the encompassing payment channel is asymmetric, two promises need to be committed into the two workchains: $A$ will promise to pay $-\delta$ coins to $B$ if the final settlement of the "internal" simple payment channel yields a negative final imbalance $\delta$ with $0\leq-\delta\leq c$; and $B$ will have to promise to pay $\delta$ to $A$ if $\delta$ is positive. On the other hand, if the encompassing payment channel is symmetric, this can be done by committing a single "simple payment channel creation" transaction with parameters $(c,d)$ into the single payment channel blockchain by $A$ (which would freeze $c$ coins belonging to $A$), and then committing a special "confirmation transaction" by $B$ (which would freeze $d$ coins of $B$). We expect the internal payment channel to be extremely simple (e.g., the simple synchronous payment channel discussed in [5.1.3](#5-1-3-simple-bidirectional-synchronous-trustless-payment-channel)), to minimize the size of Merkle proofs to be submitted. The external payment channel will have to be "smart" in the sense described in [5.1.7](#5-1-7-more-sophisticated-payment-channels-promises). ### 5.2 Payment Channel Network, or "Lightning Network" [#52--payment-channel-network-or-lightning-network] Now we are ready to discuss the "lightning network" of TON Payments that enables instant money transfers between any two participating nodes. #### 5.2.1. Limitations of payment channels [#521-limitations-of-payment-channels] A payment channel is useful for parties who expect a lot of money transfers between them. However, if one needs to transfer money only once or twice to a particular recipient, creating a payment channel with her would be impractical. Among other things, this would imply freezing a significant amount of money in the payment channel, and would require at least two blockchain transactions anyway. #### 5.2.2. Payment channel networks, or "lightning networks" [#522-payment-channel-networks-or-lightning-networks] Payment channel networks overcome the limitations of payment channels by enabling money transfers along *chains* of payment channels. If $A$ wants to transfer money to $E$, she does not need to establish a payment channel with $E$. It would be sufficient to have a chain of payment channels linking $A$ with $E$ through several intermediate nodes—say, four payment channels: from $A$ to $B$, from $B$ to $C$, from $C$ to $D$ and from $D$ to $E$. #### 5.2.3. Overview of payment channel networks [#523-overview-of-payment-channel-networks] Recall that a *payment channel network*, known also as a "lightning network", consists of a collection of participating nodes, some of which have established long-lived payment channels between them. We will see in a moment that these payment channels will have to be "smart" in the sense of [5.1.7](#5-1-7-more-sophisticated-payment-channels-promises). When a participating node $A$ wants to transfer money to any other participating node $E$, she tries to find a path linking $A$ to $E$ inside the payment channel network. When such a path is found, she performs a "chain money transfer" along this path. #### 5.2.4. Chain money transfers [#524-chain-money-transfers] Suppose that there is a chain of payment channels from $A$ to $B$, from $B$ to $C$, from $C$ to $D$, and from $D$ to $E$. Suppose, further, that $A$ wants to transfer $x$ coins to $E$. A simplistic approach would be to transfer $x$ coins to $B$ along the existing payment channel, and ask him to forward the money further to $C$. However, it is not evident why $B$ would not simply take the money for himself. Therefore, one must employ a more sophisticated approach, not requiring all parties involved to trust each other. This can be achieved as follows. $A$ generates a large random number $u$ and computes its hash $v=\text{Hash}(u)$. Then she creates a promise to pay $x$ coins to $B$ if a number $u$ with hash $v$ is presented (cf. [5.1.7](#5-1-7-more-sophisticated-payment-channels-promises)), inside her payment channel with $B$. This promise contains $v$, but not $u$, which is still kept secret. After that, $B$ creates a similar promise to $C$ in their payment channel. He is not afraid to give such a promise, because he is aware of the existence of a similar promise given to him by $A$. If $C$ ever presents a solution of the hash problem to collect $x$ coins promised by $B$, then $B$ will immediately submit this solution to $A$ to collect $x$ coins from $A$. Then similar promises of $C$ to $D$ and of $D$ to $E$ are created. When the promises are all in place, $A$ triggers the transfer by communicating the solution $u$ to all parties involved—or just to $E$. Some minor details are omitted in this description. For example, these promises must have different expiration times, and the amount promised might slightly differ along the chain ($B$ might promise only $x-\epsilon$ coins to $C$, where $\epsilon$ is a small pre-agreed transit fee). We ignore such details for the time being, because they are not too relevant for understanding how payment channels work and how they can be implemented in TON. #### 5.2.5. Virtual payment channels inside a chain of payment channels [#525-virtual-payment-channels-inside-a-chain-of-payment-channels] Now suppose that $A$ and $E$ expect to make a lot of payments to each other. They might create a new payment channel between them in the blockchain, but this would still be quite expensive, because some funds would be locked in this payment channel. Another option would be to use chain money transfers described in [5.2.4](#5-2-4-chain-money-transfers) for each payment. However, this would involve a lot of network activity and a lot of transactions in the virtual blockchains of all payment channels involved. An alternative is to create a virtual payment channel inside the chain linking $A$ to $E$ in the payment channel network. For this, $A$ and $E$ create a (virtual) blockchain for their payments, as if they were going to create a payment channel in the blockchain. However, instead of creating a payment channel smart contract in the blockchain, they ask all intermediate payment channels—those linking $A$ to $B$, $B$ to $C$, etc.—to create simple payment channels inside them, bound to the virtual blockchain created by $A$ and $E$ (cf. [5.1.10](#5-1-10-simple-payment-channel-within-a-smart-payment-channel)). In other words, now a promise to transfer money according to the final settlement between $A$ and $E$ exists inside every intermediate payment channel. If the virtual payment channel is unidirectional, such promises can be implemented quite easily, because the final imbalance $\delta$ is going to be non-positive, so simple payment channels can be created inside intermediate payment channels in the same order as described in [5.2.4](#5-2-4-chain-money-transfers). Their expiration times can also be set in the same way. If the virtual payment channel is bidirectional, the situation is slightly more complicated. In that case, one should split the promise to transfer $\delta$ coins according to the final settlement into two half-promises, as explained in [5.1.10](#5-1-10-simple-payment-channel-within-a-smart-payment-channel): to transfer $\delta^-=\max(0,-\delta)$ coins in the forward direction, and to transfer $\delta^+=\max(0,\delta)$ in the backward direction. These half-promises can be created in the intermediate payment channels independently, one chain of half-promises in the direction from $A$ to $E$, and the other chain in the opposite direction. #### 5.2.6. Finding paths in the lightning network [#526-finding-paths-in-the-lightning-network] One point remains undiscussed so far: how will $A$ and $E$ find a path connecting them in the payment network? If the payment network is not too large, an OSPF-like protocol can be used: all nodes of the payment network create an overlay network (cf. [3.3.17](#3-3-17-overlay-networks-within-overlay-networks)), and then every node propagates all available link (i.e., participating payment channel) information to its neighbors by a gossip protocol. Ultimately, all nodes will have a complete list of all payment channels participating in the payment network, and will be able to find the shortest paths by themselves—for example, by applying a version of Dijkstra's algorithm modified to take into account the "capacities" of the payment channels involved (i.e., the maximal amounts that can be transferred along them). Once a candidate path is found, it can be probed by a special ADNL datagram containing the full path, and asking each intermediate node to confirm the existence of the payment channel in question, and to forward this datagram further according to the path. After that, a chain can be constructed, and a protocol for chain transfers (cf. [5.2.4](#5-2-4-chain-money-transfers)), or for creating a virtual payment channel inside a chain of payment channels (cf. [5.2.5](#5-2-5-virtual-payment-channels-inside-a-chain-of-payment-channels)), can be run. #### 5.2.7. Optimizations [#527-optimizations] Some optimizations might be done here. For example, only transit nodes of the lightning network need to participate in the OSPF-like protocol discussed in [5.2.6](#5-2-6-finding-paths-in-the-lightning-network). Two "leaf" nodes wishing to connect through the lightning network would communicate to each other the lists of transit nodes they are connected to (i.e., with which they have established payment channels). Then paths connecting transit nodes from one list to transit nodes from the other list can be inspected as outlined above in [5.2.6](#5-2-6-finding-paths-in-the-lightning-network). #### 5.2.8. Conclusion [#528-conclusion] We have outlined how the blockchain and network technologies of the TON project are adequate to the task of creating *TON Payments*, a platform for off-chain instant money transfers and micropayments. This platform can be extremely useful for services residing in the TON ecosystem, allowing them to easily collect micropayments when and where required. ## Conclusion [#conclusion] We have proposed a scalable multi-blockchain architecture capable of supporting a massively popular cryptocurrency and decentralized applications with user-friendly interfaces. To achieve the necessary scalability, we proposed the *TON Blockchain*, a "tightly-coupled" multi-blockchain system (cf. [2.8.14](#2-8-14-interaction-between-blockchains-loosely-coupled-and-tightly-coupled-systems)) with bottom-up approach to sharding (cf. [2.8.12](#2-8-12-sharding-support) and [2.1.2](#2-1-2-infinite-sharding-paradigm)). To further increase potential performance, we introduced the 2-blockchain mechanism for replacing invalid blocks (cf. [2.1.17](#2-1-17-correcting-invalid-shardchain-blocks)) and Instant Hypercube Routing for faster communication between shards (cf. [2.4.20](#2-4-20-instant-hypercube-routing-fast-path-for-messages)). A brief comparison of the TON Blockchain to existing and proposed blockchain projects (cf. [2.8](#2-8-classification-of-blockchain-projects) and [2.9](#2-9-comparison-to-other-blockchain-projects)) highlights the benefits of this approach for systems that seek to handle millions of transactions per second. The *TON Network*, described in Chapter [3](#3-ton-networking), covers the networking demands of the proposed multi-blockchain infrastructure. This network component may also be used in combination with the blockchain to create a wide spectrum of applications and services, impossible using the blockchain alone (cf. [2.9.13](#2-9-13-is-it-possible-to-upload-facebook-into-a-blockchain)). These services, discussed in Chapter [4](#4-ton-services-and-applications), include *TON DNS*, a service for translating human-readable object identifiers into their addresses; *TON Storage*, a distributed platform for storing arbitrary files; *TON Proxy*, a service for anonymizing network access and accessing TON-powered services; and *TON Payments* (cf. Chapter [5](#5-ton-payments)), a platform for instant off-chain money transfers across the TON ecosystem that applications may use for micropayments. The TON infrastructure allows for specialized light client wallet and "ton-browser" desktop and smartphone applications that enable a browser-like experience for the end user (cf. [4.3.24](#4-3-24-ton-www)), making cryptocurrency payments and interaction with smart contracts and other services on the TON Platform accessible to the mass user. Such a light client can be integrated into the Telegram Messenger client (cf. [4.3.19](#4-3-19-a-light-wallet-and-ton-entity-explorer-can-be-built-into-telegram-messenger-clients)), thus eventually bringing a wealth of blockchain-based applications to hundreds of millions of users. *** ## A The TON Coin, or the Gram [#a--the-ton-coin-or-the-gram] The principal cryptocurrency of the TON Blockchain, and in particular of its masterchain and basic workchain, is the *TON Coin*, also known as the *Gram* (GRM). It is used to make deposits required to become a validator; transaction fees, gas payments (i.e., smart-contract message processing fees) and persistent storage payments are also usually collected in Grams. ### A.1. Subdivision and terminology [#a1-subdivision-and-terminology] A *Gram* is subdivided into one billion ($10^9$) smaller units, called *nanograms*, *ngrams* or simply *nanos*. All transfers and account balances are expressed as non-negative integer multiples of nanos. Other units include: * A *nano*, *ngram* or *nanogram* is the smallest unit, equal to $10^{-9}$ Grams. * A *micro* or *microgram* equals one thousand ($10^3$) nanos. * A *milli* is one million ($10^6$) nanos, or one thousandth part ($10^{-3}$) of a Gram. * A *Gram* equals one billion ($10^9$) nanos. * A *kilogram*, or *kGram*, equals one thousand ($10^3$) Grams. * A *megagram*, or *MGram*, equals one million ($10^6$) Grams, or $10^{15}$ nanos. * Finally, a *gigagram*, or *GGram*, equals one billion ($10^9$) Grams, or $10^{18}$ nanos. There will be no need for larger units, because the initial supply of Grams will be limited to five billion ($5\cdot10^9$) Grams (i.e., 5 Gigagrams). ### A.2. Smaller units for expressing gas prices [#a2-smaller-units-for-expressing-gas-prices] If the necessity for smaller units arises, "specks" equal to $2^{-16}$ nanograms will be used. For example, gas prices may be indicated in specks. However, the actual fee to be paid, computed as the product of the gas price and the amount of gas consumed, will be always rounded down to the nearest multiple of $2^{16}$ specks and expressed as an integer number of nanos. ### A.3. Original supply, mining rewards and inflation [#a3-original-supply-mining-rewards-and-inflation] The total supply of Grams is originally limited to $5$ Gigagrams (i.e., five billion Grams or $5\cdot10^{18}$ nanos). This supply will increase very slowly, as rewards to validators for mining new masterchain and shardchain blocks accumulate. These rewards would amount to approximately $20\%$ (the exact number may be adjusted in future) of the validator's stake per year, provided the validator diligently performs its duties, signs all blocks, never goes offline and never signs invalid blocks. In this way, the validators will have enough profit to invest into better and faster hardware needed to process the ever growing quantity of users' transactions. We expect that at most $10\%$^[37](#fn37) of the total supply of Grams, on average, will be bound in validator stakes at any given moment. This will produce an inflation rate of $2\%$ per year, and as a result, will double the total supply of Grams (to ten Gigagrams) in 35 years. Essentially, this inflation represents a payment made by all members of the community to the validators for keeping the system up and running. On the other hand, if a validator is caught misbehaving, a part or all of its stake will be taken away as a punishment, and a larger portion of it will subsequently be "burned", decreasing the total supply of Grams. This would lead to deflation. A smaller portion of the fine may be redistributed to the validator or the "fisherman" who committed a proof of the guilty validator's misbehavior. ### A.4. Original price of Grams [#a4-original-price-of-grams] The price of the first Gram to be sold will equal approximately \$0.1 USD. Every subsequent Gram to be sold (by the TON Reserve, controlled by the TON Foundation) will be priced one billionth higher than the previous one. In this way, the $n$-th Gram to be put into circulation will be sold at approximately: $$ p(n) \approx 0.1 \cdot (1 + 10^{-9})^n \quad \text{USD} \tag{26} $$ or an approximately equivalent (because of quickly changing market exchange rates) amount of other (crypto)currencies, such as BTC or ETH. #### A.4.1. Exponentially priced cryptocurrencies [#a41-exponentially-priced-cryptocurrencies] We say that the Gram is an *exponentially priced cryptocurrency*, meaning that the price of the $n$-th Gram to be put into circulation is approximately $p(n)$ given by the formula $$ p(n)=p_0\cdot e^{\alpha n} \tag{27} $$ with specific values $p_0=0.1$ USD and $\alpha=10^{-9}$. More precisely, a small fraction $dn$ of a new coin is worth $p(n)\,dn$ dollars, once $n$ coins are put into circulation. (Here $n$ is not necessarily an integer.) Other important parameters of such a cryptocurrency include $n$, the total number of coins in circulation, and $N\geq n$, the total number of coins that can exist. For the Gram, $N=5\cdot 10^9$. #### A.4.2. Total price of first $n$ coins [#a42-total-price-of-first-n-coins] The total price $T(n)=\int_0^n p(n)\,dn\approx p(0)+p(1)+\cdots+p(n-1)$ of the first $n$ coins of an exponentially priced cryptocurrency (e.g., the Gram) to be put into circulation can be computed by $$ T(n)=p_0\cdot\alpha^{-1}(e^{\alpha n}-1) \tag{28} $$ #### A.4.3. Total price of next $\Delta n$ coins [#a43-total-price-of-next-delta-n-coins] The total price $T(n+\Delta n)-T(n)$ of $\Delta n$ coins put into circulation after $n$ previously existing coins can be computed by $$ T(n+\Delta n)-T(n)=p_0\cdot\alpha^{-1}(e^{\alpha(n+\Delta n)}-e^{\alpha n})=p(n)\cdot\alpha^{-1}(e^{\alpha\,\Delta n}-1) \quad (29) $$ #### A.4.4. Buying next coins with total value $T$ [#a44-buying-next-coins-with-total-value-t] Suppose that $n$ coins have already been put into circulation, and that one wants to spend $T$ (dollars) on buying new coins. The quantity of newly-obtained coins $\Delta n$ can be computed by putting $T(n+\Delta n)-T(n)=T$ into the ([29](#a-4-3-total-price-of-next-coins)), yielding $$ \Delta n=\alpha^{-1}\log\left(1+\frac{T\cdot\alpha}{p(n)}\right) \tag{30} $$ Of course, if $T\lll p(n)\alpha^{-1}$, then $\Delta n\approx T/p(n)$. #### A.4.5. Market price of Grams [#a45-market-price-of-grams] Of course, if the free market price falls below $p(n):=0.1\cdot (1+10^{-9})^n$, once $n$ Grams are put into circulation, nobody would buy new Grams from the TON Reserve; they would choose to buy their Grams on the free market instead, without increasing the total quantity of Grams in circulation. On the other hand, the market price of a Gram cannot become much higher than $p(n)$, otherwise it would make sense to obtain new Grams from the TON Reserve. This means that the market price of Grams would not be subject to sudden spikes (and drops); this is important because stakes (validator deposits) are frozen for at least one month, and gas prices cannot change too fast either. So, the overall economic stability of the system requires some mechanism that would prevent the exchange rate of the Gram from changing too drastically, such as the one described above. #### A.4.6. Buying back the Grams [#a46-buying-back-the-grams] If the market price of the Gram falls below $0.5\cdot p(n)$, when there are a total of $n$ Grams in circulation (i.e., not kept on a special account controlled by the TON Reserve), the TON Reserve reserves the right to buy some Grams back and decrease $n$, the total quantity of Grams in circulation. This may be required to prevent sudden falls of the Gram exchange rate. #### A.4.7. Selling new Grams at a higher price [#a47-selling-new-grams-at-a-higher-price] The TON Reserve will sell only up to one half (i.e., $2.5\cdot10^9$ Grams) of the total supply of Grams according to the price formula ([26](#a-4-original-price-of-grams)). It reserves the right not to sell any of the remaining Grams at all, or to sell them at a higher price than $p(n)$, but never at a lower price (taking into account the uncertainty of quickly changing exchange rates). The rationale here is that once at least half of all Grams have been sold, the total value of the Gram market will be sufficiently high, and it will be more difficult for outside forces to manipulate the exchange rate than it may be at the very beginning of the Gram's deployment. ### A.5. Using unallocated Grams [#a5-using-unallocated-grams] The TON Reserve will use the bulk of "unallocated" Grams (approximately $5\cdot10^9-n$ Grams)—i.e., those residing in the special account of the TON Reserve and some other accounts explicitly linked to it—only as validator stakes (because the TON Foundation itself will likely have to provide most of the validators during the first deployment phase of the TON Blockchain), and for voting in the masterchain for or against proposals concerning changes in the "configurable parameters" and other protocol changes, in the way determined by the TON Foundation (i.e., its creators—the development team). This also means that the TON Foundation will have a majority of votes during the first deployment phase of the TON Blockchain, which may be useful if a lot of parameters end up needing to be adjusted, or if the need arises for hard or soft forks. Later, when less than half of all Grams remain under control of the TON Foundation, the system will become more democratic. Hopefully it will have become more mature by then, without the need to adjust parameters too frequently. #### A.5.1. Some unallocated Grams will be given to developers [#a51-some-unallocated-grams-will-be-given-to-developers] A predefined (relatively small) quantity of "unallocated" Grams (e.g., 200 Megagrams, equal to 4% of the total supply) will be transferred during the deployment of the TON Blockchain to a special account controlled by the TON Foundation, and then some "rewards" may be paid from this account to the developers of the open source TON software, with a minimum two-year vesting period. #### A.5.2. The TON Foundation needs Grams for operational purposes [#a52-the-ton-foundation-needs-grams-for-operational-purposes] Recall that the TON Foundation will receive the fiat and cryptocurrency obtained by selling Grams from the TON Reserve, and will use them for the development and deployment of the TON Project. For instance, the original set of validators, as well as an initial set of TON Storage and TON Proxy nodes may be installed by the TON Foundation. While this is necessary for the quick start of the project, the ultimate goal is to make the project as decentralized as possible. To this end, the TON Foundation may need to encourage installation of third-party validators and TON Storage and TON Proxy nodes—for example, by paying them for storing old blocks of the TON Blockchain or proxying network traffic of a selected subset of services. Such payments will be made in Grams; therefore, the TON Foundation will need a significant amount of Grams for operational purposes. #### A.5.3. Taking a pre-arranged amount from the Reserve [#a53-taking-a-pre-arranged-amount-from-the-reserve] The TON Foundation will transfer to its account a small part of the TON Reserve—say, 10% of all coins (i.e. 500 Megagrams) after the end of the initial sale of Grams—to be used for its own purposes as outlined in [A.5.2](#a-5-2-the-ton-foundation-needs-grams-for-operational-purposes). This is best done simultaneously with the transfer of the funds intended for TON developers, as mentioned in [A.5.1](#a-5-1-some-unallocated-grams-will-be-given-to-developers). After the transfers to the TON Foundation and the TON developers, the TON Reserve price $p(n)$ of the Gram will immediately rise by a certain amount, known in advance. For example, if 10% of all coins are transferred for the purposes of the TON Foundation, and 4% are transferred for the encouragement of the developers, then the total quantity $n$ of coins in circulation will immediately increase by $\Delta n=7\cdot10^8$, with the price of the Gram multiplying by $e^{\alpha\,\Delta n}=e^{0.7}\approx 2$ (i.e, doubling). The remaining "unallocated" Grams will be used by the TON Reserve as explained above in [A.5](#a-5-using-unallocated-grams). If the TON Foundation needs any more Grams thereafter, it will simply convert into Grams some of the funds it had previously obtained during the sale of the coins, either on the free market or by buying Grams from the TON Reserve. To prevent excessive centralization, the TON Foundation will never endeavour to have more than 10% of the total amount of Grams (i.e., 500 Megagrams) on its account. ### A.6. Bulk sales of Grams [#a6-bulk-sales-of-grams] When a lot of people simultaneously want to buy large amounts of Grams from the TON Reserve, it makes sense not to process their orders immediately, because this would lead to results very dependent on the timing of specific orders and their processing sequence. Instead, orders for buying Grams may be collected during some pre-defined period of time (e.g., a day or a month) and then processed all together at once. If $k$ orders with $i$-th order worth $T_i$ dollars arrive, then the total amount $T=T_1+T_2+\cdots+T_k$ is used to buy $\Delta n$ new coins according to ([30](#a-4-4-buying-next-coins-with-total-value)), and the sender of the $i$-th order is allotted $\Delta n\cdot T_i/T$ of these coins. In this way, all buyers obtain their Grams at the same average price of $T/\Delta n$ USD per Gram. After that, a new round of collecting orders for buying new Grams begins. When the total value of Gram buying orders becomes low enough, this system of "bulk sales" may be replaced with a system of immediate sales of Grams from the TON Reserve according to the formula ([30](#a-4-4-buying-next-coins-with-total-value)). The "bulk sales" mechanism will probably be used extensively during the initial phase of collecting investments in the TON Project. *** ## References [#references] \[1] K. Birman, *Reliable Distributed Systems: Technologies, Web Services and Applications*, Springer, 2005. \[2] V. Buterin, *Ethereum: A next-generation smart contract and decentralized application platform*, [https://github.com/ethereum/wiki/wiki/White-Paper](https://github.com/ethereum/wiki/wiki/White-Paper), 2013. \[3] M. Ben-Or, B. Kelmer, T. Rabin, *Asynchronous secure computations with optimal resilience*, in *Proceedings of the thirteenth annual ACM symposium on Principles of distributed computing*, p. 183–192. ACM, 1994. \[4] M. Castro, B. Liskov, et al., *Practical byzantine fault tolerance*, Proceedings of the Third Symposium on Operating Systems Design and Implementation (1999), p. 173–186, available at [http://pmg.csail.mit.edu/papers/osdi99.pdf](http://pmg.csail.mit.edu/papers/osdi99.pdf). \[5] EOS.IO, *EOS.IO technical white paper*, [https://github.com/EOSIO/Documentation/blob/master/TechnicalWhitePaper.md](https://github.com/EOSIO/Documentation/blob/master/TechnicalWhitePaper.md), 2017. \[6] D. Goldschlag, M. Reed, P. Syverson, *Onion Routing for Anonymous and Private Internet Connections*, Communications of the ACM, **42**, num. 2 (1999), [http://www.onion-router.net/Publications/CACM-1999.pdf](http://www.onion-router.net/Publications/CACM-1999.pdf). \[7] L. Lamport, R. Shostak, M. Pease, *The byzantine generals problem*, ACM Transactions on Programming Languages and Systems, **4/3** (1982), p. 382–401. \[8] S. Larimer, *The history of BitShares*, [https://docs.bitshares.org/bitshares/history.html](https://docs.bitshares.org/bitshares/history.html), 2013. \[9] M. Luby, A. Shokrollahi, et al., *RaptorQ forward error correction scheme for object delivery*, IETF RFC 6330, [https://tools.ietf.org/html/rfc6330](https://tools.ietf.org/html/rfc6330), 2011. \[10] P. Maymounkov, D. Mazières, *Kademlia: A peer-to-peer information system based on the XOR metric*, in *IPTPS '01 revised papers from the First International Workshop on Peer-to-Peer Systems*, p. 53–65, available at [http://pdos.csail.mit.edu/\~petar/papers/maymounkov-kademlia-lncs.pdf](http://pdos.csail.mit.edu/~petar/papers/maymounkov-kademlia-lncs.pdf), 2002. \[11] A. Miller, Yu Xia, et al., *The honey badger of BFT protocols*, Cryptology e-print archive 2016/99, [https://eprint.iacr.org/2016/199.pdf](https://eprint.iacr.org/2016/199.pdf), 2016. \[12] S. Nakamoto, *Bitcoin: A peer-to-peer electronic cash system*, [https://bitcoin.org/bitcoin.pdf](https://bitcoin.org/bitcoin.pdf), 2008. \[13] S. Peyton Jones, *Implementing lazy functional languages on stock hardware: the Spineless Tagless G-machine*, Journal of Functional Programming **2** (2), p. 127–202, 1992. \[14] A. Shokrollahi, M. Luby, *Raptor Codes*, IEEE Transactions on Information Theory **6**, no. 3–4 (2006), p. 212–322. \[15] M. van Steen, A. Tanenbaum, *Distributed Systems, 3rd ed.*, 2017. \[16] The Univalent Foundations Program, *Homotopy Type Theory: Univalent Foundations of Mathematics*, Institute for Advanced Study, 2013, available at [https://homotopytypetheory.org/book](https://homotopytypetheory.org/book). \[17] G. Wood, *PolkaDot: vision for a heterogeneous multi-chain framework*, draft 1, [https://github.com/w3f/polkadot-white-paper/raw/master/PolkaDotPaper.pdf](https://github.com/w3f/polkadot-white-paper/raw/master/PolkaDotPaper.pdf), 2016. *** ## Footnotes [#footnotes] 1. [https://github.com/ethereum/wiki/wiki/Sharding-FAQ](https://github.com/ethereum/wiki/wiki/Sharding-FAQ) [Back ↑](#2-1-1-list-of-blockchain-types) 2. Actually, two-thirds by stake is enough to achieve consensus, but an effort is made to collect as many signatures as possible. [Back ↑](#2-1-15-generation-of-new-blocks-by-validators) 3. [https://coq.inria.fr](https://coq.inria.fr) [Back ↑](#2-2-4-dependent-type-theory-coq-and-tl) 4. [https://core.telegram.org/mtproto/TL](https://core.telegram.org/mtproto/TL) [Back ↑](#2-2-4-dependent-type-theory-coq-and-tl) 5. One can show that this encoding is optimal for approximately half of all edge labels of a Patricia tree with random or consecutive indices. Remaining edge labels are likely to be long (i.e., almost 256 bits long). Therefore, a nearly optimal encoding for edge labels is to use the above code with prefix 0 for "short" bit strings, and encode 1, then nine bits containing length $l=|s|$ of bitstring $s$, and then the $l$ bits of $s$ for "long" bitstrings (with $l\geq10$). [Back ↑](#2-3-8-merkle-patricia-trees) 6. A *light node* is a node that does not keep track of the full state of a shardchain; instead, it keeps minimal information such as the hashes of the several most recent blocks, and relies on information obtained from full nodes when it becomes necessary to inspect some parts of the full state. [Back ↑](#2-3-10-merkle-proofs) 7. A *full node* is a node keeping track of the complete up-to-date state of the shardchain in question. [Back ↑](#2-3-10-merkle-proofs) 8. These two descriptor bytes, present in any TVM cell, describe only the total number of references and the total number of raw bytes; references are kept together either before or after all raw bytes. [Back ↑](#2-3-12-peculiarities-of-ton-vm) 9. Actually, $\text{Leaf}$ and $\text{Node}$ are constructors of an auxiliary type, $\text{HashmapAux}(n,X)$. Type $\text{Hashmap}(n,X)$ has constructors $\text{Root}$ and $\text{EmptyRoot}$, with $\text{Root}$ containing a value of type $\text{HashmapAux}(n,X)$. [Back ↑](#2-3-12-peculiarities-of-ton-vm) 10. Logically; the "bag of cells" representation described in [2.5.5](#2-5-5-low-level-perspective%3A-bag-of-cells) identifies all duplicate cells, transforming this tree into a directed acyclic graph (dag) when serialized. [Back ↑](#2-3-14-tvm-cells) 11. A more expensive alternative is to publish such a "global" smart contract in the masterchain. [Back ↑](#2-3-18-local-and-global-smart-contracts-smart-contract-instances) 12. This is a sort of "broadcast" feature for all shards, and as such, it must be quite expensive. [Back ↑](#2-3-18-local-and-global-smart-contracts-smart-contract-instances) 13. The above needs to be literally true only for the basic workchain and its shardchains; other workchains may provide other ways of creating messages. [Back ↑](#2-4-11-creating-messages-smart-contracts-and-transactions) 14. As a degenerate case, this shardchain may coincide with the originating shardchain—for example, if we are working inside a workchain which has not yet been split. [Back ↑](#2-4-12-delivering-messages) 15. This is not necessarily the final version of the algorithm used to compute the next hop for hypercube routing. In particular, hexadecimal digits may be replaced by $r$-bit groups, with $r$ a configurable parameter, not necessarily equal to four. [Back ↑](#2-4-19-hypercube-routing-slow-path-for-messages-with-assured-delivery) 16. However, the validators have some incentive to do so as soon as possible, because they will be able to collect all forwarding fees associated with the message that have not yet been consumed along the slow path. [Back ↑](#2-4-20-instant-hypercube-routing-fast-path-for-messages) 17. In fact, one might temporarily or permanently disable the "instant delivery" mechanism altogether, and the system would continue working, albeit more slowly. [Back ↑](#2-4-20-instant-hypercube-routing-fast-path-for-messages) 18. One can show that, if Merkle proofs for all data stored in a tree of cells are needed equally often, one should use cells with $b+ch\approx 2(h+r)$ to minimize average Merkle proof size, where $h=32$ is the hash size in bytes, and $r\approx4$ is the "byte size" of a cell reference. In other words, a cell should contain either two references and a few raw bytes, or one reference and about 36 raw bytes, or no references at all with 72 raw bytes. [Back ↑](#2-5-5-low-level-perspective-bag-of-cells) 19. A better implementation would be to keep the state of the smart contract as a serialized string, if it is small, or in a separate $B$-tree, if it is large; then the top-level structure representing the state of a blockchain would be a $B$-tree, whose leaves are allowed to contain references to other $B$-trees. [Back ↑](#2-5-5-low-level-perspective-bag-of-cells) 20. It makes sense to generate and use a new key pair for every validator election. [Back ↑](#2-6-7-global-validator-set-election) 21. A possible exception is the state of output queues of the neighboring shardchains, needed to guarantee the message ordering requirements described in [2.4.21](#2-4-21-collecting-input-messages-from-output-queues-of-neighboring-shardchains), because the size of Merkle proofs might become prohibitive in this case. [Back ↑](#2-6-11-validation-of-block-candidates) 22. Actually, the shard configuration is completely determined by the last masterchain block; this simplifies getting access to the shard configuration. [Back ↑](#2-7-1-shard-configuration) 23. Unless some validators are temporarily or permanently banned because of signing invalid blocks—then they are automatically excluded from all task groups. [Back ↑](#2-7-4-validator-task-groups-for-new-shardchains) 24. More like 15, for the time being. However, some upgrades are being planned to make Ethereum transaction throughput several times larger. [Back ↑](#2-8-2-single-blockchain-vs-multi-blockchain-projects) 25. Some people even claim DPOS block generation times of half a second, which does not seem realistic if validators are scattered across several continents. [Back ↑](#2-8-5-comparison-of-dpos-and-bft-pos) 26. For instance, EOS, one of the best DPOS projects proposed up to this date, promises a 45-second confirmation and inter-blockchain interaction delay (cf. EOS White Paper, "Transaction Confirmation" and "Latency of Interchain Communication" sections). [Back ↑](#2-8-5-comparison-of-dpos-and-bft-pos) 27. For example, the Plasma project plans to use the Ethereum blockchain as its (external) masterchain; it does not interact much with Ethereum otherwise, and it could have been suggested and implemented by a team unrelated to the Ethereum project. [Back ↑](#2-8-16-complications-of-changing-the-genome-of-a-blockchain-project) 28. As of 2017, Ethereum is still struggling to transition from PoW to a combined PoW+PoS system; we hope it will become a truly PoS system someday. [Back ↑](#2-8-16-complications-of-changing-the-genome-of-a-blockchain-project) 29. There are sharding proposals for Ethereum dating back to 2015; it is unclear how they might be implemented and deployed without disrupting Ethereum or creating an essentially independent parallel project. [Back ↑](#2-8-16-complications-of-changing-the-genome-of-a-blockchain-project) 30. [https://blog.ethereum.org/2015/08/01/introducing-casper-friendly-ghost/](https://blog.ethereum.org/2015/08/01/introducing-casper-friendly-ghost/) [Back ↑](#2-9-5-casper) 31. [https://geti2p.net/en/docs/how/garlic-routing](https://geti2p.net/en/docs/how/garlic-routing) [Back ↑](#3-1-6-channel-as-a-tunnel-identifier) 32. If there are sufficiently many nodes in a bucket, it can be subdivided further into, say, eight sub-buckets depending on the top four bits of the Kademlia distance. This would speed up DHT lookups. [Back ↑](#3-2-6-kademlia-routing-table) 33. Alternatively, the abstract address might be stored in the DHT as explained in [3.2.12](#3-2-12-locating-services). [Back ↑](#3-3-5-joining-an-overlay-network) 34. [https://core.telegram.org/mtproto](https://core.telegram.org/mtproto) [Back ↑](#4-1-4-telegram-messenger-as-a-ton-service-mtproto-over-rldp) 35. [https://telegram.org/](https://telegram.org/) [Back ↑](#4-1-4-telegram-messenger-as-a-ton-service-mtproto-over-rldp) 36. TL-schemes can be TL-serialized themselves; cf. [https://core.telegram.org/mtproto/TL-tl](https://core.telegram.org/mtproto/TL-tl). [Back ↑](#4-3-14-public-interfaces-of-a-smart-contract) 37. The maximum total amount of validator stakes is a configurable parameter of the blockchain, so this restriction can be enforced by the protocol if necessary. [Back ↑](#a-3-original-supply-mining-rewards-and-inflation) # Telegram Open Network Virtual Machine (/blockchain-basics/whitepapers/tvm) **Author**: Nikolai Durov
**Date**: March 23, 2020
: [Original whitepaper, PDF](/resources/pdfs/tvm.pdf) ## Abstract [#abstract] The aim of this text is to provide a description of the Telegram Open Network Virtual Machine (TON VM or TVM), used to execute smart contracts in the TON Blockchain. ## Introduction [#introduction] The primary purpose of the Telegram Open Network Virtual Machine (TON VM or TVM) is to execute smart-contract code in the TON Blockchain. TVM must support all operations required to parse incoming messages and persistent data, and to create new messages and modify persistent data. Additionally, TVM must meet the following requirements: * It must provide for possible future extensions and improvements while retaining backward compatibility and interoperability, because the code of a smart contract, once committed into the blockchain, must continue working in a predictable manner regardless of any future modifications to the VM. * It must strive to attain high "(virtual) machine code" density, so that the code of a typical smart contract occupies as little persistent blockchain storage as possible. * It must be completely deterministic. In other words, each run of the same code with the same input data must produce the same result, regardless of specific software and hardware used.^[1](#fn1) The design of TVM is guided by these requirements. While this document describes a preliminary and experimental version of TVM,^[2](#fn2) the backward compatibility mechanisms built into the system allow us to be relatively unconcerned with the efficiency of the operation encoding used for TVM code in this preliminary version. TVM is not intended to be implemented in hardware (e.g., in a specialized microprocessor chip); rather, it should be implemented in software running on conventional hardware. This consideration lets us incorporate some high-level concepts and operations in TVM that would require convoluted microcode in a hardware implementation but pose no significant problems for a software implementation. Such operations are useful for achieving high code density and minimizing the byte (or storage cell) profile of smart-contract code when deployed in the TON Blockchain. # 1 Overview [#1---overview] This chapter provides an overview of the main features and design principles of TVM. More detail on each topic is provided in subsequent chapters. ## 1.0 Notation for bitstrings [#10---notation-for-bitstrings] The following notation is used for bit strings (or *bitstrings*)—i.e., finite strings consisting of binary digits (bits), $\texttt{0}$ and $\texttt{1}$—throughout this document. ### 1.0.1. Hexadecimal notation for bitstrings [#101-hexadecimal-notation-for-bitstrings] When the length of a bitstring is a multiple of four, we subdivide it into groups of four bits and represent each group by one of sixteen hexadecimal digits $\texttt{0}$--$\texttt{9}$, $\texttt{A}$--$\texttt{F}$ in the usual manner: $\texttt{0}_{16}\leftrightarrow\texttt{0000}$, $\texttt{1}_{16}\leftrightarrow\texttt{0001}$, $\ldots$, $\texttt{F}_{16}\leftrightarrow\texttt{1111}$. The resulting hexadecimal string is our equivalent representation for the original binary string. ### 1.0.2. Bitstrings of lengths not divisible by four [#102-bitstrings-of-lengths-not-divisible-by-four] If the length of a binary string is not divisible by four, we augment it by one $\texttt{1}$ and several (maybe zero) $\texttt{0}$s at the end, so that its length becomes divisible by four, and then transform it into a string of hexadecimal digits as described above. To indicate that such a transformation has taken place, a special "completion tag" $\texttt{\_}$ is added to the end of the hexadecimal string. The reverse transformation (applied if the completion tag is present) consists in first replacing each hexadecimal digit by four corresponding bits, and then removing all trailing zeroes (if any) and the last $\texttt{1}$ immediately preceding them (if the resulting bitstring is non-empty at this point). Notice that there are several admissible hexadecimal representations for the same bitstring. Among them, the shortest one is "canonical". It can be deterministically obtained by the above procedure. For example, $\texttt{8A}$ corresponds to binary string $\texttt{10001010}$, while $\texttt{8A\_}$ and $\texttt{8A0\_}$ both correspond to $\texttt{100010}$. An empty bitstring may be represented by either ' ', '$\texttt{8\_}$', '$\texttt{0\_}$', '$\texttt{\_}$', or '$\texttt{00\_}$'. ### 1.0.3. Emphasizing that a string is a hexadecimal representation of a bitstring [#103-emphasizing-that-a-string-is-a-hexadecimal-representation-of-a-bitstring] Sometimes we need to emphasize that a string of hexadecimal digits (with or without a $\texttt{\_}$ at the end) is the hexadecimal representation of a bitstring. In such cases, we either prepend $\texttt{x}$ to the resulting string (e.g., $\texttt{x8A}$), or prepend $\texttt{x\{}$ and append $\texttt{\}}$ (e.g., $\texttt{x\{2D9\_\}}$, which is $\texttt{00101101100}$). This should not be confused with hexadecimal numbers, usually prepended by $\texttt{0x}$ (e.g., $\texttt{0x2D9}$ or $\texttt{0x2d9}$, which is the integer 729). ### 1.0.4. Serializing a bitstring into a sequence of octets [#104-serializing-a-bitstring-into-a-sequence-of-octets] When a bitstring needs to be represented as a sequence of 8-bit bytes (octets), which take values in integers $0\ldots255$, this is achieved essentially in the same fashion as above: we split the bitstring into groups of eight bits and interpret each group as the binary representation of an integer $0\ldots255$. If the length of the bitstring is not a multiple of eight, the bitstring is augmented by a binary $\texttt{1}$ and up to seven binary $\texttt{0}$s before being split into groups. The fact that such a completion has been applied is usually reflected by a "completion tag" bit. For instance, $\texttt{00101101100}$ corresponds to the sequence of two octets $(\texttt{0x2d}, \texttt{0x90})$ (hexadecimal), or $(45,144)$ (decimal), along with a completion tag bit equal to $\texttt{1}$ (meaning that the completion has been applied), which must be stored separately. In some cases, it is more convenient to assume the completion is enabled by default rather than store an additional completion tag bit separately. Under such conventions, $8n$-bit strings are represented by $n+1$ octets, with the last octet always equal to $\texttt{0x80}=128$. ## 1.1 TVM is a stack machine [#11---tvm-is-a-stack-machine] First of all, *TVM is a stack machine*. This means that, instead of keeping values in some "variables" or "general-purpose registers", they are kept in a (LIFO) *stack*, at least from the "low-level" (TVM) perspective.^[3](#fn3) Most operations and user-defined functions take their arguments from the top of the stack, and replace them with their result. For example, the integer addition primitive (built-in operation) $\texttt{ADD}$ does not take any arguments describing which registers or immediate values should be added together and where the result should be stored. Instead, the two top values are taken from the stack, they are added together, and their sum is pushed into the stack in their place. ### 1.1.1. TVM values [#111-tvm-values] The entities that can be stored in the TVM stack will be called *TVM values*, or simply *values* for brevity. They belong to one of several predefined *value types*. Each value belongs to exactly one value type. The values are always kept on the stack along with tags uniquely determining their types, and all built-in TVM operations (or *primitives*) only accept values of predefined types. For example, the integer addition primitive $\texttt{ADD}$ accepts only two integer values, and returns one integer value as a result. One cannot supply $\texttt{ADD}$ with two strings instead of two integers expecting it to concatenate these strings or to implicitly transform the strings into their decimal integer values; any attempt to do so will result in a run-time type-checking exception. ### 1.1.2. Static typing, dynamic typing, and run-time type checking [#112-static-typing-dynamic-typing-and-run-time-type-checking] In some respects TVM performs a kind of dynamic typing using run-time type checking. However, this does not make the TVM code a "dynamically typed language" like PHP or Javascript, because all primitives accept values and return results of predefined (value) types, each value belongs to strictly one type, and values are never implicitly converted from one type to another. If, on the other hand, one compares the TVM code to the conventional microprocessor machine code, one sees that the TVM mechanism of value tagging prevents, for example, using the address of a string as a number—or, potentially even more disastrously, using a number as the address of a string—thus eliminating the possibility of all sorts of bugs and security vulnerabilities related to invalid memory accesses, usually leading to memory corruption and segmentation faults. This property is highly desirable for a VM used to execute smart contracts in a blockchain. In this respect, TVM's insistence on tagging all values with their appropriate types, instead of reinterpreting the bit sequence in a register depending on the needs of the operation it is used in, is just an additional run-time type-safety mechanism. An alternative would be to somehow analyze the smart-contract code for type correctness and type safety before allowing its execution in the VM, or even before allowing it to be uploaded into the blockchain as the code of a smart contract. Such a static analysis of code for a Turing-complete machine appears to be a time-consuming and non-trivial problem (likely to be equivalent to the stopping problem for Turing machines), something we would rather avoid in a blockchain smart-contract context. One should bear in mind that one always can implement compilers from statically typed high-level smart-contract languages into the TVM code (and we do expect that most smart contracts for TON will be written in such languages), just as one can compile statically typed languages into conventional machine code (e.g., x86 architecture). If the compiler works correctly, the resulting machine code will never generate any run-time type-checking exceptions. All type tags attached to values processed by TVM will always have expected values and may be safely ignored during the analysis of the resulting TVM code, apart from the fact that the run-time generation and verification of these type tags by TVM will slightly slow down the execution of the TVM code. ### 1.1.3. Preliminary list of value types [#113-preliminary-list-of-value-types] A preliminary list of value types supported by TVM is as follows: * *Integer* — Signed 257-bit integers, representing integer numbers in the range $-2^{256}\ldots2^{256}-1$, as well as a special "not-a-number" value $\texttt{NaN}$. * *Cell* — A *TVM cell* consists of at most 1023 bits of data, and of at most four references to other cells. All persistent data (including TVM code) in the TON Blockchain is represented as a [collection of TVM cells](/blockchain-basics/whitepapers/ton#2-5-14-“everything-is-a-bag-of-cells”-philosophy). * *Tuple* — An ordered collection of up to 255 components, having arbitrary value types, possibly distinct. May be used to represent non-persistent values of arbitrary algebraic data types. * *Null* — A type with exactly one value $\bot$, used for representing empty lists, empty branches of binary trees, absence of return value in some situations, and so on. * *Slice* — A *TVM cell slice*, or *slice* for short, is a contiguous "sub-cell" of an existing cell, containing some of its bits of data and some of its references. Essentially, a slice is a read-only view for a subcell of a cell. Slices are used for unpacking data previously stored (or serialized) in a cell or a tree of cells. * *Builder* — A *TVM cell builder*, or *builder* for short, is an "incomplete" cell that supports fast operations of appending bitstrings and cell references at its end. Builders are used for packing (or serializing) data from the top of the stack into new cells (e.g., before transferring them to persistent storage). * *Continuation* — Represents an "execution token" for TVM, which may be invoked (executed) later. As such, it generalizes function addresses (i.e., function pointers and references), subroutine return addresses, instruction pointer addresses, exception handler addresses, closures, partial applications, anonymous functions, and so on. This list of value types is incomplete and may be extended in future revisions of TVM without breaking the old TVM code, due mostly to the fact that all originally defined primitives accept only values of types known to them and will fail (generate a type-checking exception) if invoked on values of new types. Furthermore, existing value types themselves can also be extended in the future: for example, 257-bit *Integer* might become 513-bit *LongInteger*, with originally defined arithmetic primitives failing if either of the arguments or the result does not fit into the original subtype *Integer*. Backward compatibility with respect to the introduction of new value types and extension of existing value types will be discussed [later](#5-1-4-changing-the-behavior-of-old-operations). ## 1.2 Categories of TVM instructions [#12---categories-of-tvm-instructions] TVM *instructions*, also called *primitives* and sometimes *(built-in) operations*, are the smallest operations atomically performed by TVM that can be present in the TVM code. They fall into several categories, depending on the [types of values](#1-1-3-preliminary-list-of-value-types) they work on. The most important of these categories are: * *Stack (manipulation) primitives* — Rearrange data in the TVM stack, so that the other primitives and user-defined functions can later be called with correct arguments. Unlike most other primitives, they are polymorphic, i.e., work with values of arbitrary types. * *Tuple (manipulation) primitives* — Construct, modify, and decompose *Tuple*s. Similarly to the stack primitives, they are polymorphic. * *Constant* or *literal primitives* — Push into the stack some "constant" or "literal" values embedded into the TVM code itself, thus providing arguments to the other primitives. They are somewhat similar to stack primitives, but are less generic because they work with values of specific types. * *Arithmetic primitives* — Perform the usual integer arithmetic operations on values of type *Integer*. * *Cell (manipulation) primitives* — Create new cells and store data in them (*cell creation primitives*) or read data from previously created cells (*cell parsing primitives*). Because all memory and persistent storage of TVM consists of cells, these cell manipulation primitives actually correspond to "memory access instructions" of other architectures. Cell creation primitives usually work with values of type *Builder*, while cell parsing primitives work with *Slice*s. * *Continuation* and *control flow primitives* — Create and modify *Continuation*s, as well as execute existing *Continuation*s in different ways, including conditional and repeated execution. * *Custom* or *application-specific primitives* — Efficiently perform specific high-level actions required by the application (in our case, the TON Blockchain), such as computing hash functions, performing elliptic curve cryptography, sending new blockchain messages, creating new smart contracts, and so on. These primitives correspond to standard library functions rather than microprocessor instructions. ## 1.3 Control registers [#13---control-registers] While TVM is a stack machine, some rarely changed values needed in almost all functions are better passed in certain special registers, and not near the top of the stack. Otherwise, a prohibitive number of stack reordering operations would be required to manage all these values. To this end, the TVM model includes, apart from the stack, up to 16 special *control registers*, denoted by $\texttt{c0}$ to $\texttt{c15}$, or $\texttt{c}(0)$ to $\texttt{c}(15)$. The original version of TVM makes use of only some of these registers; the rest may be supported later. ### 1.3.1. Values kept in control registers [#131-values-kept-in-control-registers] The values kept in control registers are of the same types as those kept on the stack. However, some control registers accept only values of specific types, and any attempt to load a value of a different type will lead to an exception. ### 1.3.2. List of control registers [#132-list-of-control-registers] The original version of TVM defines and uses the following control registers: * $\texttt{c0}$ — Contains the *next continuation* or *return continuation* (similar to the subroutine return address in conventional designs). This value must be a *Continuation*. * $\texttt{c1}$ — Contains the *alternative (return) continuation*; this value must be a *Continuation*. It is used in some (experimental) control flow primitives, allowing TVM to define and call "subroutines with two exit points". * $\texttt{c2}$ — Contains the *exception handler*. This value is a *Continuation*, invoked whenever an exception is triggered. * $\texttt{c3}$ — Contains the *current dictionary*, essentially a hashmap containing the code of all functions used in the program. This value is also a [Continuation](#4-6-functions%2C-recursion%2C-and-dictionaries), not a *Cell* as one might expect. * $\texttt{c4}$ — Contains the *root of persistent data*, or simply the *data*. This value is a *Cell*. When the code of a smart contract is invoked, $\texttt{c4}$ points to the root cell of its persistent data kept in the blockchain state. If the smart contract needs to modify this data, it changes $\texttt{c4}$ before returning. * $\texttt{c5}$ — Contains the *output actions*. It is also a *Cell* initialized by a reference to an empty cell, but its final value is considered one of the smart contract outputs. For instance, the $\texttt{SENDMSG}$ primitive, specific for the TON Blockchain, simply inserts the message into a list stored in the output actions. * $\texttt{c7}$ — Contains the *root of temporary data*. It is a *Tuple*, initialized by a reference to an empty *Tuple* before invoking the smart contract and discarded after its termination.^[4](#fn4) More control registers may be defined in the future for specific TON Blockchain or high-level programming language purposes, if necessary. ## 1.4 Total state of TVM (SCCCG) [#14---total-state-of-tvm-scccg] The total state of TVM consists of the following components: * *[Stack](#1-1-tvm-is-a-stack-machine)* — Contains zero or more [values](#1-1-1-tvm-values), each belonging to one of [value types](#1-1-3-preliminary-list-of-value-types). * *Control registers* $\mathit{c0}$–$\mathit{c15}$ — Contain some [specific values](#1-3-2-list-of-control-registers). (Only seven control registers are used in the current version.) * *Current continuation* $\mathit{cc}$ — Contains the current continuation (i.e., the code that would be normally executed after the current primitive is completed). This component is similar to the instruction pointer register ($\texttt{ip}$) in other architectures. * *Current codepage* $\mathit{cp}$ — A special signed 16-bit integer value that selects the way the next TVM opcode will be decoded. For example, future versions of TVM might use different codepages to add new opcodes while preserving backward compatibility. * *Gas limits* $\mathit{gas}$ — Contains four signed 64-bit integers: the current gas limit $g_l$, the maximal gas limit $g_m$, the remaining gas $g_r$, and the gas credit $g_c$. Always $0\leq g_l\leq g_m$, $g_c\geq0$, and $g_r\leq g_l+g_c$; $g_c$ is usually initialized by zero, $g_r$ is initialized by $g_l+g_c$ and gradually decreases as the TVM runs. When $g_r$ becomes negative or if the final value of $g_r$ is less than $g_c$, an *out of gas* exception is triggered. Notice that there is no "return stack" containing the return addresses of all previously called but unfinished functions. Instead, only [control register $\texttt{c0}$](#4-1-9-subroutine-calls%3A-or-primitives) is used. Also notice that there are no general-purpose registers, because [TVM is a stack machine](#1-1-tvm-is-a-stack-machine). So the above list, which can be summarized as "stack, control, continuation, codepage, and gas" (SCCCG), similarly to the classical SECD machine state ("stack, environment, control, dump"), is indeed the *total* state of TVM.^[5](#fn5) ## 1.5 Integer arithmetic [#15---integer-arithmetic] All arithmetic primitives of TVM operate on several arguments of type *Integer*, taken from the top of the stack, and return their results, of the same type, into the stack. Recall that *Integer* represents all integer values in the range $-2^{256}\leq x<2^{256}$, and additionally contains a special value $\texttt{NaN}$ ("not-a-number"). If one of the results does not fit into the supported range of integers—or if one of the arguments is a $\texttt{NaN}$—then this result or all of the results are replaced by a $\texttt{NaN}$, and (by default) an integer overflow exception is generated. However, special "quiet" versions of arithmetic operations will simply produce $\texttt{NaN}$s and keep going. If these $\texttt{NaN}$s end up being used in a "non-quiet" arithmetic operation, or in a non-arithmetic operation, an integer overflow exception will occur. ### 1.5.1. Absence of automatic conversion of integers [#151-absence-of-automatic-conversion-of-integers] Notice that TVM *Integer*s are "mathematical" integers, and not 257-bit strings interpreted differently depending on the primitive used, as is common for other machine code designs. For example, TVM has only one multiplication primitive $\texttt{MUL}$, rather than two ($\texttt{MUL}$ for unsigned multiplication and $\texttt{IMUL}$ for signed multiplication) as occurs, for example, in the popular x86 architecture. ### 1.5.2. Automatic overflow checks [#152-automatic-overflow-checks] Notice that all TVM arithmetic primitives perform overflow checks of the results. If a result does not fit into the *Integer* type, it is replaced by a $\texttt{NaN}$, and (usually) an exception occurs. In particular, the result is *not* automatically reduced modulo $2^{256}$ or $2^{257}$, as is common for most hardware machine code architectures. ### 1.5.3. Custom overflow checks [#153-custom-overflow-checks] In addition to automatic overflow checks, TVM includes custom overflow checks, performed by primitives $\texttt{FITS}$ $n$ and $\texttt{UFITS}$ $n$, where $1\leq n\leq256$. These primitives check whether the value on (the top of) the stack is an integer $x$ in the range $-2^{n-1}\leq x<2^{n-1}$ or $0\leq x<2^n$, respectively, and replace the value with a $\texttt{NaN}$ and (optionally) generate an integer overflow exception if this is not the case. This greatly simplifies the implementation of arbitrary $n$-bit integer types, signed or unsigned: the programmer or the compiler must insert appropriate $\texttt{FITS}$ or $\texttt{UFITS}$ primitives either after each arithmetic operation (which is more reasonable, but requires more checks) or before storing computed values and returning them from functions. This is important for smart contracts, where unexpected integer overflows happen to be among the most common source of bugs. ### 1.5.4. Reduction modulo $2^n$ [#154-reduction-modulo-2n] TVM also has a primitive $\texttt{MODPOW2}$ $n$, which reduces the integer at the top of the stack modulo $2^n$, with the result ranging from $0$ to $2^n-1$. ### 1.5.5. *Integer* is 257-bit, not 256-bit [#155-integer-is-257-bit-not-256-bit] One can understand now why TVM's *Integer* is (signed) 257-bit, not 256-bit. The reason is that it is the smallest integer type containing both signed 256-bit integers and unsigned 256-bit integers, which does not require [automatic reinterpreting](#1-5-1-absence-of-automatic-conversion-of-integers) of the same 256-bit string depending on the operation used. ### 1.5.6. Division and rounding [#156-division-and-rounding] The most important division primitives are $\texttt{DIV}$, $\texttt{MOD}$, and $\texttt{DIVMOD}$. All of them take two numbers from the stack, $x$ and $y$ ($y$ is taken from the top of the stack, and $x$ is originally under it), compute the quotient $q$ and remainder $r$ of the division of $x$ by $y$ (i.e., two integers such that $x=yq+r$ and $|r|<|y|$), and return either $q$, $r$, or both of them. If $y$ is zero, then all of the expected results are replaced by $\texttt{NaN}$s, and (usually) an integer overflow exception is generated. The implementation of division in TVM somewhat differs from most other implementations with regards to rounding. By default, these primitives round to $-\infty$, meaning that $q=\lfloor x/y\rfloor$, and $r$ has the same sign as $y$. (Most conventional implementations of division use "rounding to zero" instead, meaning that $r$ has the same sign as $x$.) Apart from this "floor rounding", two other rounding modes are available, called "ceiling rounding" (with $q=\lceil x/y\rceil$, and $r$ and $y$ having opposite signs) and "nearest rounding" (with $q=\lfloor x/y+1/2\rfloor$ and $|r|\leq|y|/2$). These rounding modes are selected by using other division primitives, with letters $\texttt{C}$ and $\texttt{R}$ appended to their mnemonics. For example, $\texttt{DIVMODR}$ computes both the quotient and the remainder using rounding to the nearest integer. ### 1.5.7. Combined multiply-divide, multiply-shift, and shift-divide operations [#157-combined-multiply-divide-multiply-shift-and-shift-divide-operations] To simplify implementation of fixed-point arithmetic, TVM supports combined multiply-divide, multiply-shift, and shift-divide operations with double-length (i.e., 514-bit) intermediate product. For example, $\texttt{MULDIVMODR}$ takes three integer arguments from the stack, $a$, $b$, and $c$, first computes $ab$ using a 514-bit intermediate result, and then divides $ab$ by $c$ using rounding to the nearest integer. If $c$ is zero or if the quotient does not fit into *Integer*, either two $\texttt{NaN}$s are returned, or an integer overflow exception is generated, depending on whether a quiet version of the operation has been used. Otherwise, both the quotient and the remainder are pushed into the stack. *** # 2 The stack [#2---the-stack] This chapter contains a general discussion and comparison of register and stack machines, expanded further in [Appendix C](#c-code-density-of-stack-and-register-machines), and describes the two main classes of stack manipulation primitives employed by TVM: the *basic* and the *compound stack manipulation primitives*. An informal explanation of their sufficiency for all stack reordering required for correctly invoking other primitives and user-defined functions is also provided. Finally, the problem of efficiently implementing TVM [stack manipulation primitives](#2-3-efficiency-of-stack-manipulation-primitives) will be discussed. ## 2.1 Stack calling conventions [#21----stack-calling-conventions] A stack machine, such as TVM, uses the stack—and especially the values near the top of the stack—to pass arguments to called functions and primitives (such as built-in arithmetic operations) and receive their results. This section discusses the TVM stack calling conventions, introduces some notation, and compares TVM stack calling conventions with those of certain register machines. ### 2.1.1. Notation for "stack registers" [#211-notation-for-stack-registers] Recall that a stack machine, as opposed to a more conventional register machine, lacks general-purpose registers. However, one can treat the values near the top of the stack as a kind of "stack registers". We denote by $\texttt{s0}$ or $\texttt{s}(0)$ the value at the top of the stack, by $\texttt{s1}$ or $\texttt{s}(1)$ the value immediately under it, and so on. The total number of values in the stack is called its *depth*. If the depth of the stack is $n$, then $\texttt{s}(0)$, $\texttt{s}(1)$, $\ldots$, $\texttt{s}(n-1)$ are well-defined, while $\texttt{s}(n)$ and all subsequent $\texttt{s}(i)$ with $i>n$ are not. Any attempt to use $\texttt{s}(i)$ with $i\geq n$ should produce a stack underflow exception. A compiler, or a human programmer in "TVM code", would use these "stack registers" to hold all declared variables and intermediate values, similarly to the way general-purpose registers are used on a register machine. ### 2.1.2. Pushing and popping values [#212-pushing-and-popping-values] When a value $x$ is *pushed* into a stack of depth $n$, it becomes the new $\texttt{s0}$; at the same time, the old $\texttt{s0}$ becomes the new $\texttt{s1}$, the old $\texttt{s1}$—the new $\texttt{s2}$, and so on. The depth of the resulting stack is $n+1$. Similarly, when a value $x$ is *popped* from a stack of depth $n\geq1$, it is the old value of $\texttt{s0}$ (i.e., the old value at the top of the stack). After this, it is removed from the stack, and the old $\texttt{s1}$ becomes the new $\texttt{s0}$ (the new value at the top of the stack), the old $\texttt{s2}$ becomes the new $\texttt{s1}$, and so on. The depth of the resulting stack is $n-1$. If originally $n=0$, then the stack is *empty*, and a value cannot be popped from it. If a primitive attempts to pop a value from an empty stack, a *stack underflow* exception occurs. ### 2.1.3. Notation for hypothetical general-purpose registers [#213-notation-for-hypothetical-general-purpose-registers] In order to compare stack machines with sufficiently general register machines, we will denote the general-purpose registers of a register machine by $\texttt{r0}$, $\texttt{r1}$, and so on, or by $\texttt{r}(0)$, $\texttt{r}(1)$, $\ldots$, $\texttt{r}(n-1)$, where $n$ is the total number of registers. When we need a specific value of $n$, we will use $n=16$, corresponding to the very popular x86-64 architecture. ### 2.1.4. The top-of-stack register $\texttt{s0}$ vs. the accumulator register $\texttt{r0}$ [#214-the-top-of-stack-register-texttts0-vs-the-accumulator-register-textttr0] Some register machine architectures require one of the arguments for most arithmetic and logical operations to reside in a special register called the *accumulator*. In our comparison, we will assume that the accumulator is the general-purpose register $\texttt{r0}$; otherwise we could simply renumber the registers. In this respect, the accumulator is somewhat similar to the top-of-stack "register" $\texttt{s0}$ of a stack machine, because virtually all operations of a stack machine both use $\texttt{s0}$ as one of their arguments and return their result as $\texttt{s0}$. ### 2.1.5. Register calling conventions [#215-register-calling-conventions] When compiled for a register machine, high-level language functions usually receive their arguments in certain registers in a predefined order. If there are too many arguments, these functions take the remainder from the stack (yes, a register machine usually has a stack, too!). Some register calling conventions pass no arguments in registers at all, however, and only use the stack (for example, the original calling conventions used in implementations of Pascal and C, although modern implementations of C use some registers as well). For simplicity, we will assume that up to $m\leq n$ function arguments are passed in registers, and that these registers are $\texttt{r0}$, $\texttt{r1}$, $\ldots$, $\texttt{r}(m-1)$, in that order (if some other registers are used, we can simply renumber them).^[6](#fn6) ### 2.1.6. Order of function arguments [#216-order-of-function-arguments] If a function or primitive requires $m$ arguments $x_1$, $\ldots$, $x_m$, they are pushed by the caller into the stack in the same order, starting from $x_1$. Therefore, when the function or primitive is invoked, its first argument $x_1$ is in $\texttt{s}(m-1)$, its second argument $x_2$ is in $\texttt{s}(m-2)$, and so on. The last argument $x_m$ is in $\texttt{s0}$ (i.e., at the top of the stack). It is the called function or primitive's responsibility to remove its arguments from the stack. In this respect the TVM stack calling conventions—obeyed, at least, by TVM primitives—match those of Pascal and Forth, and are the opposite of those of C (in which the arguments are pushed into the stack in the reverse order, and are removed by the caller after it regains control, not the callee). Of course, an implementation of a high-level language for TVM might choose some other calling conventions for its functions, different from the default ones. This might be useful for certain functions—for instance, if the total number of arguments depends on the value of the first argument, as happens for "variadic functions" such as $\texttt{scanf}$ and $\texttt{printf}$. In such cases, the first one or several arguments are better passed near the top of the stack, not somewhere at some unknown location deep in the stack. ### 2.1.7. Arguments to arithmetic primitives on register machines [#217-arguments-to-arithmetic-primitives-on-register-machines] On a stack machine, built-in arithmetic primitives (such as $\texttt{ADD}$ or $\texttt{DIVMOD}$) follow the same calling conventions as user-defined functions. In this respect, user-defined functions (for example, a function computing the square root of a number) might be considered as "extensions" or "custom upgrades" of the stack machine. This is one of the clearest advantages of stack machines (and of stack programming languages such as Forth) compared to register machines. In contrast, arithmetic instructions (built-in operations) on register machines usually get their parameters from general-purpose registers encoded in the full opcode. A binary operation, such as $\texttt{SUB}$, thus requires two arguments, $\texttt{r}(i)$ and $\texttt{r}(j)$, with $i$ and $j$ specified by the instruction. A register $\texttt{r}(k)$ for storing the result also must be specified. Arithmetic operations can take several possible forms, depending on whether $i$, $j$, and $k$ are allowed to take arbitrary values: * Three-address form — Allows the programmer to arbitrarily choose not only the two source registers $\texttt{r}(i)$ and $\texttt{r}(j)$, but also a separate destination register $\texttt{r}(k)$. This form is common for most RISC processors, and for the XMM and AVX SIMD instruction sets in the x86-64 architecture. * Two-address form — Uses one of the two operand registers (usually $\texttt{r}(i)$) to store the result of an operation, so that $k=i$ is never indicated explicitly. Only $i$ and $j$ are encoded inside the instruction. This is the most common form of arithmetic operations on register machines, and is quite popular on microprocessors (including the x86 family). * One-address form — Always takes one of the arguments from the accumulator $\texttt{r0}$, and stores the result in $\texttt{r0}$ as well; then $i=k=0$, and only $j$ needs to be specified by the instruction. This form is used by some simpler microprocessors (such as Intel 8080). Note that this flexibility is available only for built-in operations, but not for user-defined functions. In this respect, register machines are not as easily "upgradable" as stack machines.^[7](#fn7) ### 2.1.8. Return values of functions [#218-return-values-of-functions] In stack machines such as TVM, when a function or primitive needs to return a result value, it simply pushes it into the stack (from which all arguments to the function have already been removed). Therefore, the caller will be able to access the result value through the top-of-stack "register" $\texttt{s0}$. This is in complete accordance with Forth calling conventions, but differs slightly from Pascal and C calling conventions, where the accumulator register $\texttt{r0}$ is normally used for the return value. ### 2.1.9. Returning several values [#219-returning-several-values] Some functions might want to return several values $y_1$, $\ldots$, $y_k$, with $k$ not necessarily equal to one. In these cases, the $k$ return values are pushed into the stack in their natural order, starting from $y_1$. For example, the "divide with remainder" primitive $\texttt{DIVMOD}$ needs to return two values, the quotient $q$ and the remainder $r$. Therefore, $\texttt{DIVMOD}$ pushes $q$ and $r$ into the stack, in that order, so that the quotient is available thereafter at $\texttt{s1}$ and the remainder at $\texttt{s0}$. The net effect of $\texttt{DIVMOD}$ is to divide the original value of $\texttt{s1}$ by the original value of $\texttt{s0}$, and return the quotient in $\texttt{s1}$ and the remainder in $\texttt{s0}$. In this particular case the depth of the stack and the values of all other "stack registers" remain unchanged, because $\texttt{DIVMOD}$ takes two arguments and returns two results. In general, the values of other "stack registers" that lie in the stack below the arguments passed and the values returned are shifted according to the change of the depth of the stack. In principle, some primitives and user-defined functions might return a variable number of result values. In this respect, the remarks above about [variadic functions](#2-1-6-order-of-function-arguments) apply: the total number of result values and their types should be determined by the values near the top of the stack. (For example, one might push the return values $y_1$, $\ldots$, $y_k$, and then push their total number $k$ as an integer. The caller would then determine the total number of returned values by inspecting $\texttt{s0}$.) In this respect TVM, again, faithfully observes Forth calling conventions. ### 2.1.10. Stack notation [#2110-stack-notation] When a stack of depth $n$ contains values $z_1$, $\ldots$, $z_n$, in that order, with $z_1$ the deepest element and $z_n$ the top of the stack, the contents of the stack are often represented by a list $z_1$ $z_2$ $\ldots$ $z_n$, in that order. When a primitive transforms the original stack state $S'$ into a new state $S''$, this is often written as $S'$ -- $S''$; this is the so-called *stack notation*. For example, the action of the division primitive $\texttt{DIV}$ can be described by $S$ $x$ $y$ -- $S$ $\lfloor x/y\rfloor$, where $S$ is any list of values. This is usually abbreviated as $x$ $y$ -- $\lfloor x/y\rfloor$, tacitly assuming that all other values deeper in the stack remain intact. Alternatively, one can describe $\texttt{DIV}$ as a primitive that runs on a stack $S'$ of depth $n\geq2$, divides $\texttt{s1}$ by $\texttt{s0}$, and returns the floor-rounded quotient as $\texttt{s0}$ of the new stack $S''$ of depth $n-1$. The new value of $\texttt{s}(i)$ equals the old value of $\texttt{s}(i+1)$ for $1\leq i^[8](#fn8) Proceeding in this manner, we see that we can put the original values of $x$, $y$, and $z$—or their copies, if needed—into locations $\texttt{s2}$, $\texttt{s1}$, and $\texttt{s0}$, using a sequence of push and exchange operations ([2.2.4](#2-2-4-mnemonics-of-compound-stack-operations) and [2.2.5](#2-2-5-semantics-of-compound-stack-operations) for a more detailed explanation). In order to generate this sequence, the compiler will need to know only the three values $i$, $j$ and $k$, describing the old locations of variables or temporary values in question, and some flags describing whether each value will be needed thereafter or is needed only for this primitive or function call. The locations of other variables and temporary values will be affected in the process, but a compiler (or a human programmer) can easily track their new locations. Similarly, if the results returned from a function need to be discarded or moved to other stack registers, a suitable sequence of exchange and pop operations will do the job. In the typical case of one return value in $\texttt{s0}$, this is achieved either by an $\texttt{XCHG s}(i)$ or a $\texttt{POP s}(i)$ (in most cases, a $\texttt{DROP}$) operation.^[9](#fn9) Rearranging the result value or values before returning from a function is essentially the same problem as arranging arguments for a function call, and is achieved similarly. ### 2.2.3. Compound stack manipulation primitives [#223-compound-stack-manipulation-primitives] In order to improve the density of the TVM code and simplify development of compilers, compound stack manipulation primitives may be defined, each combining up to four exchange and push or exchange and pop basic primitives. Such compound stack operations might include, for example: * $\texttt{XCHG2 s}(i)\texttt{,s}(j)$ — Equivalent to $\texttt{XCHG s1,s}(i)$; $\texttt{XCHG s}(j)$. * $\texttt{PUSH2 s}(i)\texttt{,s}(j)$ — Equivalent to $\texttt{PUSH s}(i)$; $\texttt{PUSH s}(j+1)$. * $\texttt{XCPU s}(i)\texttt{,s}(j)$ — Equivalent to $\texttt{XCHG s}(i)$; $\texttt{PUSH s}(j)$. * $\texttt{PUXC s}(i)\texttt{,s}(j)$ — Equivalent to $\texttt{PUSH s}(i)$; $\texttt{SWAP}$; $\texttt{XCHG s}(j+1)$. When $j\neq i$ and $j\neq0$, it is also equivalent to $\texttt{XCHG s}(j)$; $\texttt{PUSH s}(i)$; $\texttt{SWAP}$. * $\texttt{XCHG3 s}(i)\texttt{,s}(j)\texttt{,s}(k)$ — Equivalent to $\texttt{XCHG s2,s}(i)$; $\texttt{XCHG s1,s}(j)$; $\texttt{XCHG s}(k)$. * $\texttt{PUSH3 s}(i)\texttt{,s}(j)\texttt{,s}(k)$ — Equivalent to $\texttt{PUSH s}(i)$; $\texttt{PUSH s}(j+1)$; $\texttt{PUSH s}(k+2)$. Of course, such operations make sense only if they admit a more compact encoding than the equivalent sequence of basic operations. For example, if all top-of-stack exchanges, $\texttt{XCHG s1,s}(i)$ exchanges, and push and pop operations admit one-byte encodings, the only compound stack operations suggested above that might merit inclusion in the set of stack manipulation primitives are $\texttt{PUXC}$, $\texttt{XCHG3}$, and $\texttt{PUSH3}$. These compound stack operations essentially augment other primitives (instructions) in the code with the "true" locations of their operands, somewhat similarly to what happens with two-address or three-address register machine code. However, instead of encoding these locations inside the opcode of the arithmetic or another instruction, as is customary for register machines, we indicate these locations in a preceding compound stack manipulation operation. The advantage of such an approach is that [user-defined functions](#2-1-7-arguments-to-arithmetic-primitives-on-register-machines) (or rarely used specific primitives added in a [future version](#c-3-sample-non-leaf-function) of TVM) can benefit from it as well. ### 2.2.4. Mnemonics of compound stack operations [#224-mnemonics-of-compound-stack-operations] The mnemonics of [compound stack](#2-2-3-compound-stack-manipulation-primitives) operations, some examples of which have been provided are created as follows. The $\gamma\geq2$ formal arguments $\texttt{s}(i_1)$, $\ldots$, $\texttt{s}(i_\gamma)$ to such an operation $O$ represent the values in the original stack that will end up in $\texttt{s}(\gamma-1)$, $\ldots$, $\texttt{s0}$ after the execution of this compound operation, at least if all $i_\nu$, $1\leq\nu\leq\gamma$, are distinct and at least $\gamma$. The mnemonic itself of the operation $O$ is a sequence of $\gamma$ two-letter strings $\texttt{PU}$ and $\texttt{XC}$, with $\texttt{PU}$ meaning that the corresponding argument is to be PUshed (i.e., a copy is to be created), and $\texttt{XC}$ meaning that the value is to be eXChanged (i.e., no other copy of the original value is created). Sequences of several $\texttt{PU}$ or $\texttt{XC}$ strings may be abbreviated to one $\texttt{PU}$ or $\texttt{XC}$ followed by the number of copies. (For instance, we write $\texttt{PUXC2PU}$ instead of $\texttt{PUXCXCPU}$.) As an exception, if a mnemonic would consist of only $\texttt{PU}$ or only $\texttt{XC}$ strings, so that the compound operation is equivalent to a sequence of $m$ PUSHes or eXCHanGes, the notation $\texttt{PUSH}m$ or $\texttt{XCHG}m$ is used instead of $\texttt{PU}m$ or $\texttt{XC}m$. ### 2.2.5. Semantics of compound stack operations [#225-semantics-of-compound-stack-operations] Each compound $\gamma$-ary operation $O$ $\texttt{s}(i_1)$,$\ldots$,$\texttt{s}(i_\gamma)$ is translated into an equivalent sequence of basic stack operations by induction in $\gamma$ as follows: * As a base of induction, if $\gamma=0$, the only nullary compound stack operation corresponds to an empty sequence of basic stack operations. * Equivalently, we might begin the induction from $\gamma=1$. Then $\texttt{PU s}(i)$ corresponds to the sequence consisting of one basic operation $\texttt{PUSH s}(i)$, and $\texttt{XC s}(i)$ corresponds to the one-element sequence consisting of $\texttt{XCHG s}(i)$. * Otherwise, if $\gamma\geq2$, compound operation $O$ has one of two forms: 1. $O$ $\texttt{s}(i_1)$,$\ldots$,$\texttt{s}(i_\gamma)$, with $O=\texttt{XC}O'$, where $O'$ is a compound operation of arity $\gamma-1$ (i.e., the mnemonic of $O'$ consists of $\gamma-1$ strings $\texttt{XC}$ and $\texttt{PU}$). Let $\alpha$ be the total quantity of $\texttt{PU}$shes in $O$, and $\beta$ be that of e$\texttt{XC}$hanges, so that $\alpha+\beta=\gamma$. Then the original operation is translated into $\texttt{XCHG s}(\beta-1)\texttt{,s}(i_1)$, followed by the translation of $O'$ $\texttt{s}(i_2)$,$\ldots$,$\texttt{s}(i_\gamma)$, defined by the induction hypothesis. 2. $O$ $\texttt{s}(i_1)$,$\ldots$,$\texttt{s}(i_\gamma)$, with $O=\texttt{PU}O'$, where $O'$ is a compound operation of arity $\gamma-1$. Then the original operation is translated into $\texttt{PUSH s}(i_1)$; $\texttt{XCHG s}(\beta)$, followed by the translation of $O'$ $\texttt{s}(i_2+1)$,$\ldots$,$\texttt{s}(i_\gamma+1)$, defined by the induction hypothesis.^[10](#fn10) ### 2.2.6. Stack manipulation instructions are polymorphic [#226-stack-manipulation-instructions-are-polymorphic] Notice that the stack manipulation instructions are almost the only "polymorphic" primitives in TVM—i.e., they work with values of arbitrary types (including the value types that will appear only in future revisions of TVM). For example, $\texttt{SWAP}$ always interchanges the two top values of the stack, even if one of them is an integer and the other is a cell. Almost all other instructions, especially the data processing instructions (including arithmetic instructions), require each of their arguments to be of some fixed type (possibly different for different arguments). ## 2.3 Efficiency of stack manipulation primitives [#23---efficiency-of-stack-manipulation-primitives] Stack manipulation primitives employed by a stack machine, such as TVM, have to be implemented very efficiently, because they constitute more than half of all the instructions used in a typical program. In fact, TVM performs all these instructions in a (small) constant time, regardless of the values involved (even if they represent very large integers or very large trees of cells). ### 2.3.1. Implementation of stack manipulation primitives: using references for operations instead of objects [#231-implementation-of-stack-manipulation-primitives-using-references-for-operations-instead-of-objects] The efficiency of TVM's implementation of stack manipulation primitives results from the fact that a typical TVM implementation keeps in the stack not the value objects themselves, but only the references (pointers) to such objects. Therefore, a $\texttt{SWAP}$ instruction only needs to interchange the references at $\texttt{s0}$ and $\texttt{s1}$, not the actual objects they refer to. ### 2.3.2. Efficient implementation of $\texttt{DUP}$ and $\texttt{PUSH}$ instructions using copy-on-write [#232--efficient-implementation-of-textttdup-and-textttpush-instructions-using-copy-on-write] Furthermore, a $\texttt{DUP}$ (or, more generally, $\texttt{PUSH s}(i)$) instruction, which appears to make a copy of a potentially large object, also works in small constant time, because it uses a copy-on-write technique of delayed copying: it copies only the reference instead of the object itself, but increases the "reference counter" inside the object, thus sharing the object between the two references. If an attempt to modify an object with a reference counter greater than one is detected, a separate copy of the object in question is made first (incurring a certain "non-uniqueness penalty" or "copying penalty" for the data manipulation instruction that triggered the creation of a new copy). ### 2.3.3. Garbage collecting and reference counting [#233-garbage-collecting-and-reference-counting] When the reference counter of a TVM object becomes zero (for example, because the last reference to such an object has been consumed by a $\texttt{DROP}$ operation or an arithmetic instruction), it is immediately freed. Because cyclic references are impossible in TVM data structures, this method of reference counting provides a fast and convenient way of freeing unused objects, replacing slow and unpredictable garbage collectors. ### 2.3.4. Transparency of the implementation: Stack values are "values", not "references" [#234-transparency-of-the-implementation-stack-values-are-values-not-references] Regardless of the implementation details just discussed, all stack values are really "values", not "references", from the perspective of the TVM programmer, similarly to the values of all types in functional programming languages. Any attempt to modify an existing object referred to from any other objects or stack locations will result in a transparent replacement of this object by its perfect copy before the modification is actually performed. In other words, the programmer should always act as if the objects themselves were directly manipulated by stack, arithmetic, and other data transformation primitives, and treat the previous discussion only as an explanation of the high efficiency of the stack manipulation primitives. ### 2.3.5. Absence of circular references [#235-absence-of-circular-references] One might attempt to create a circular reference between two cells, $A$ and $B$, as follows: first create $A$ and write some data into it; then create $B$ and write some data into it, along with a reference to previously constructed cell $A$; finally, add a reference to $B$ into $A$. While it may seem that after this sequence of operations we obtain a cell $A$, which refers to $B$, which in turn refers to $A$, this is not the case. In fact, we obtain a new cell $A'$, which contains a copy of the data originally stored into cell $A$ along with a reference to cell $B$, which contains a reference to (the original) cell $A$. In this way the transparent copy-on-write mechanism and the "everything is a value" paradigm enable us to create new cells using only previously constructed cells, thus forbidding the appearance of circular references. This property also applies to all other data structures: for instance, the absence of circular references enables TVM to use reference counting to immediately free unused memory instead of relying on garbage collectors. Similarly, this property is crucial for storing data in the TON Blockchain. *** # 3 Cells, memory, and persistent storage [#3---cells-memory-and-persistent-storage] This chapter briefly describes TVM cells, used to represent all data structures inside the TVM memory and its persistent storage, and the basic operations used to create cells, write (or serialize) data into them, and read (or deserialize) data from them. ## 3.1 Generalities on cells [#31---generalities-on-cells] This section presents a classification and general descriptions of cell types. ### 3.1.1. TVM memory and persistent storage consist of cells [#311-tvm-memory-and-persistent-storage-consist-of-cells] Recall that the TVM memory and persistent storage consist of *(TVM) cells*. Each cell contains up to 1023 bits of data and up to four references to other cells.^[11](#fn11) [Circular references](#2-3-5-absence-of-circular-references) are forbidden and cannot be created by means of TVM. In this way, all cells kept in TVM memory and persistent storage constitute a directed acyclic graph (DAG). ### 3.1.2. Ordinary and exotic cells [#312-ordinary-and-exotic-cells] Apart from the data and references, a cell has a *cell type*, encoded by an integer $-1\ldots255$. A cell of type $-1$ is called *ordinary*; such cells do not require any special processing. Cells of other types are called *exotic*, and may be *loaded*—automatically replaced by other cells when an attempt to deserialize them (i.e., to convert them into a *Slice* by a $\texttt{CTOS}$ instruction) is made. They may also exhibit a non-trivial behavior when their hashes are computed. The most common use for exotic cells is to represent some other cells—for instance, cells present in an external library, or pruned from the original tree of cells when a Merkle proof has been created. The type of an exotic cell is stored as the first eight data bits of its data. If an exotic cell has less than eight data bits, it is invalid. ### 3.1.3. The level of a cell [#313-the-level-of-a-cell] Every cell $c$ has another attribute $\text{Lvl}(c)$ called its *(de Brujn) level*, which currently takes integer values in the range $0\ldots3$. The level of an ordinary cell is always equal to the maximum of the levels of all its children $c_i$: $$ \text{Lvl}(c)=\max_{1\leq i\leq r}\text{Lvl}(c_i) \tag{1} $$ for an ordinary cell $c$ containing $r$ references to cells $c_1$, $\ldots$, $c_r$. If $r=0$, $\text{Lvl}(c)=0$. Exotic cells may have different rules for setting their level. A cell's level affects the number of *higher hashes* it has. More precisely, a level $l$ cell has $l$ higher hashes $\text{Hash}_1(c)$, $\ldots$, $\text{Hash}_l(c)$ in addition to its representation hash $\text{Hash}(c)=\text{Hash}_\infty(c)$. Cells of non-zero level appear inside *Merkle proofs* and *Merkle updates*, after some branches of the tree of cells representing a value of an abstract data type are pruned. ### 3.1.4. Standard cell representation [#314-standard-cell-representation] When a cell needs to be transferred by a network protocol or stored in a disk file, it must be *serialized*. The standard representation $\text{CellRepr}(c)=\text{CellRepr}_\infty(c)$ of a cell $c$ as an octet (byte) sequence is constructed as follows: 1. Two descriptor bytes $d_1$ and $d_2$ are serialized first. Byte $d_1$ equals $r+8s+32l$, where $0\leq r\leq 4$ is the quantity of cell references contained in the cell, $0\leq l\leq 3$ is the level of the cell, and $0\leq s\leq 1$ is $1$ for exotic cells and $0$ for ordinary cells. Byte $d_2$ equals $\lfloor b/8\rfloor+\lceil b/8\rceil$, where $0\leq b\leq 1023$ is the quantity of data bits in $c$. 2. Then the data bits are serialized as $\lceil b/8\rceil$ 8-bit octets (bytes). If $b$ is not a multiple of eight, a binary $\texttt{1}$ and up to six binary $\texttt{0}$s are appended to the data bits. After that, the data is split into $\lceil b/8\rceil$ eight-bit groups, and each group is interpreted as an unsigned big-endian integer $0\ldots 255$ and stored into an octet. 3. Finally, each of the $r$ cell references is represented by 32 bytes containing the 256-bit [representation hash](#3-1-5-the-representation-hash-of-a-cell) $\text{Hash}(c_i)$ of the cell $c_i$ referred to. In this way, $2+\lceil b/8\rceil+32r$ bytes of $\text{CellRepr}(c)$ are obtained. ### 3.1.5. The representation hash of a cell [#315-the-representation-hash-of-a-cell] The 256-bit *representation hash* or simply *hash* $\text{Hash}(c)$ of a cell $c$ is recursively defined as the SHA-256 of the standard representation of the cell $c$: $$ \text{Hash}(c):=\text{Sha256}\bigl(\text{CellRepr}(c)\bigr) \tag{2} $$ Notice that [cyclic cell references](#2-3-5-absence-of-circular-references) are not allowed and cannot be created by means of the TVM, so this recursion always ends, and the representation hash of any cell is well-defined. ### 3.1.6. The higher hashes of a cell [#316-the-higher-hashes-of-a-cell] Recall that a cell $c$ of level $l$ has $l$ higher hashes $\text{Hash}_i(c)$, $1\leq i\leq l$, as well. Exotic cells have their own rules for computing their higher hashes. Higher hashes $\text{Hash}_i(c)$ of an ordinary cell $c$ are computed similarly to its representation hash, but using the higher hashes $\text{Hash}_i(c_j)$ of its children $c_j$ instead of their representation hashes $\text{Hash}(c_j)$. By convention, we set $\text{Hash}_\infty(c):=\text{Hash}(c)$, and $\text{Hash}_i(c):=\text{Hash}_\infty(c)=\text{Hash}(c)$ for all $i>l$.^[12](#fn12) ### 3.1.7. Types of exotic cells [#317-types-of-exotic-cells] TVM currently supports the following cell types: * Type $-1$: *Ordinary cell* — Contains up to 1023 bits of data and up to four cell references. * Type 1: *Pruned branch cell $c$* — May have any level $1\leq l\leq 3$. It contains exactly $8+256l$ data bits: first an 8-bit integer equal to 1 (representing the cell's type), then its $l$ higher hashes $\text{Hash}_1(c)$, $\ldots$, $\text{Hash}_l(c)$. The level $l$ of a pruned branch cell may be called its *de Brujn index*, because it determines the outer Merkle proof or Merkle update during the construction of which the branch has been pruned. An attempt to load a pruned branch cell usually leads to an exception. * Type 2: *Library reference cell* — Always has level 0, and contains $8+256$ data bits, including its 8-bit type integer 2 and the representation hash $\text{Hash}(c')$ of the library cell being referred to. When loaded, a library reference cell may be transparently replaced by the cell it refers to, if found in the current *library context*. * Type 3: *Merkle proof cell $c$* — Has exactly one reference $c_1$ and level $0\leq l\leq 3$, which must be one less than the level of its only child $c_1$: $$ \text{Lvl}(c)=\max(\text{Lvl}(c_1)-1,0) \tag{3} $$ The $8+256$ data bits of a Merkle proof cell contain its 8-bit type integer 3, followed by $\text{Hash}_1(c_1)$ (assumed to be equal to $\text{Hash}(c_1)$ if $\text{Lvl}(c_1)=0$). The higher hashes $\text{Hash}_i(c)$ of $c$ are computed similarly to the higher hashes of an ordinary cell, but with $\text{Hash}_{i+1}(c_1)$ used instead of $\text{Hash}_i(c_1)$. When loaded, a Merkle proof cell is replaced by $c_1$. * Type 4: *Merkle update cell $c$* — Has two children $c_1$ and $c_2$. Its level $0\leq l\leq 3$ is given by $$ \text{Lvl}(c)=\max(\text{Lvl}(c_1)-1,\text{Lvl}(c_2)-1,0) \tag{4} $$ A Merkle update behaves like a Merkle proof for both $c_1$ and $c_2$, and contains $8+256+256$ data bits with $\text{Hash}_1(c_1)$ and $\text{Hash}_1(c_2)$. However, an extra requirement is that *all pruned branch cells $c'$ that are descendants of $c_2$ and are bound by $c$ must also be descendants of $c_1$.*^[13](#fn13) When a Merkle update cell is loaded, it is replaced by $c_2$. ### 3.1.8. All values of algebraic data types are trees of cells [#318-all-values-of-algebraic-data-types-are-trees-of-cells] Arbitrary values of arbitrary algebraic data types (e.g., all types used in functional programming languages) can be serialized into trees of cells (of level 0), and such representations are used for representing such values within TVM. The [copy-on-write mechanism](#2-3-2-efficient-implementation-of-and-instructions-using-copy-on-write) allows TVM to identify cells containing the same data and references, and to keep only one copy of such cells. This actually transforms a tree of cells into a directed acyclic graph (with the additional property that all its vertices be accessible from a marked vertex called the "root"). However, this is a storage optimization rather than an essential property of TVM. From the perspective of a TVM code programmer, one should think of TVM data structures as trees of cells. ### 3.1.9. TVM code is a tree of cells [#319-tvm-code-is-a-tree-of-cells] The TVM code itself is also represented by a tree of cells. Indeed, TVM code is simply a value of some complex algebraic data type, and as such, it can be serialized into a tree of cells. The exact way in which the TVM code (e.g., TVM assembly code) is transformed into a tree of cells is explained later ([4.1.4](#4-1-4-normal-work-of-tvm%2C-or-the-main-loop) and [5.2](#5-2-instruction-encoding)), in sections discussing control flow instructions, continuations, and TVM instruction encoding. ### 3.1.10. "Everything is a bag of cells" paradigm [#3110-everything-is-a-bag-of-cells-paradigm] All the data used by the TON Blockchain, including the blocks themselves and the blockchain state, can be represented—and are represented—as collections, or [bags of cells](/blockchain-basics/whitepapers/ton#2-5-14-“everything-is-a-bag-of-cells”-philosophy). We see that TVM's [structure of data](#3-1-8-all-values-of-algebraic-data-types-are-trees-of-cells) and [code](#3-1-9-tvm-code-is-a-tree-of-cells) nicely fits into this "everything is a bag of cells" paradigm. In this way, TVM can naturally be used to execute smart contracts in the TON Blockchain, and the TON Blockchain can be used to store the code and persistent data of these smart contracts between invocations of TVM. (Of course, both TVM and the TON Blockchain have been designed so that this would become possible.) ## 3.2 Data manipulation instructions and cells [#32---data-manipulation-instructions-and-cells] The next large group of TVM instructions consists of *data manipulation instructions*, also known as *cell manipulation instructions* or simply *cell instructions*. They correspond to memory access instructions of other architectures. ### 3.2.1. Classes of cell manipulation instructions [#321-classes-of-cell-manipulation-instructions] The TVM cell instructions are naturally subdivided into two principal classes: * *Cell creation instructions* or *serialization instructions*, used to construct new cells from values previously kept in the stack and previously constructed cells. * *Cell parsing instructions* or *deserialization instructions*, used to extract data previously stored into cells by cell creation instructions. Additionally, there are *exotic cell instructions* used to create and inspect [exotic cells](#3-1-2-ordinary-and-exotic-cells), which in particular are used to represent pruned branches of Merkle proofs and Merkle proofs themselves. ### 3.2.2. *Builder* and *Slice* values [#322-builder-and-slice-values] Cell creation instructions usually work with [Builder values](#1-1-3-preliminary-list-of-value-types), which can be kept only in the stack. Such values represent partially constructed cells, for which fast operations for appending bitstrings, integers, other cells, and references to other cells can be defined. Similarly, cell parsing instructions make heavy use of *Slice* values, which represent either the remainder of a partially parsed cell, or a value (subcell) residing inside such a cell and extracted from it by a parsing instruction. ### 3.2.3. *Builder* and *Slice* values exist only as stack values [#323-builder-and-slice-values-exist-only-as-stack-values] Notice that *Builder* and *Slice* objects appear only as values in a TVM stack. They cannot be stored in "memory" (i.e., trees of cells) or "persistent storage" (which is also a bag of cells). In this sense, there are far more *Cell* objects than *Builder* or *Slice* objects in a TVM environment, but, somewhat paradoxically, a TVM program sees *Builder* and *Slice* objects in its stack more often than *Cell*s. In fact, a TVM program does not have much use for *Cell* values, because they are immutable and opaque; all cell manipulation primitives require that a *Cell* value be transformed into either a *Builder* or a *Slice* first, before it can be modified or inspected. ### 3.2.4. TVM has no separate *Bitstring* value type [#324-tvm-has-no-separate-bitstring-value-type] Notice that TVM offers no separate bitstring value type. Instead, bitstrings are represented by *Slices* that happen to have no references at all, but can still contain up to 1023 data bits. ### 3.2.5. Cells and cell primitives are bit-oriented, not byte-oriented [#325-cells-and-cell-primitives-are-bit-oriented-not-byte-oriented] An important point is that *TVM regards data kept in cells as sequences (strings, streams) of (up to 1023) bits, not of bytes*. In other words, TVM is a *bit-oriented machine*, not a byte-oriented machine. If necessary, an application is free to use, say, 21-bit integer fields inside records serialized into TVM cells, thus using fewer persistent storage bytes to represent the same data. ### 3.2.6. Taxonomy of cell creation (serialization) primitives [#326-taxonomy-of-cell-creation-serialization-primitives] Cell creation primitives usually accept a *Builder* argument and an argument representing the value to be serialized. Additional arguments controlling some aspects of the serialization process (e.g., how many bits should be used for serialization) can be also provided, either in the stack or as an immediate value inside the instruction. The result of a cell creation primitive is usually another *Builder*, representing the concatenation of the original builder and the serialization of the value provided. Therefore, one can suggest a classification of cell serialization primitives according to the answers to the following questions: * Which is the type of values being serialized? * How many bits are used for serialization? If this is a variable number, does it come from the stack, or from the instruction itself? * What happens if the value does not fit into the prescribed number of bits? Is an exception generated, or is a success flag equal to zero silently returned in the top of stack? * What happens if there is insufficient space left in the *Builder*? Is an exception generated, or is a zero success flag returned along with the unmodified original *Builder*? The mnemonics of cell serialization primitives usually begin with $\texttt{ST}$. Subsequent letters describe the following attributes: * The type of values being serialized and the serialization format (e.g., $\texttt{I}$ for signed integers, $\texttt{U}$ for unsigned integers). * The source of the field width in bits to be used (e.g., $\texttt{X}$ for integer serialization instructions means that the bit width $n$ is supplied in the stack; otherwise it has to be embedded into the instruction as an immediate value). * The action to be performed if the operation cannot be completed (by default, an exception is generated; "quiet" versions of serialization instructions are marked by a $\texttt{Q}$ letter in their mnemonics). This classification scheme is used to create a more complete taxonomy of [cell serialization primitives](#a-7-1-cell-serialization-primitives). ### 3.2.7. Integer serialization primitives [#327-integer-serialization-primitives] Integer serialization primitives can be classified according to the above taxonomy as well. For example: * There are signed and unsigned (big-endian) integer serialization primitives. * The size $n$ of the bit field to be used ($1\leq n\leq 257$ for signed integers, $0\leq n\leq 256$ for unsigned integers) can either come from the top of stack or be embedded into the instruction itself. * If the integer $x$ to be serialized is not in the range $-2^{n-1}\leq x<2^{n-1}$ (for signed integer serialization) or $0\leq x<2^n$ (for unsigned integer serialization), a range check exception is usually generated, and if $n$ bits cannot be stored into the provided *Builder*, a cell overflow exception is usually generated. * Quiet versions of serialization instructions do not throw exceptions; instead, they push $-1$ on top of the resulting *Builder* upon success, or return the original *Builder* with $0$ on top of it to indicate failure. Integer serialization instructions have mnemonics like $\texttt{STU 20}$ ("store an unsigned 20-bit integer value") or $\texttt{STIXQ}$ ("quietly store an integer value of variable length provided in the stack"). The full list of these [instructions](#a-7-1-cell-serialization-primitives)—includes their mnemonics, descriptions, and opcodes. ### 3.2.8. Integers in cells are big-endian by default [#328-integers-in-cells-are-big-endian-by-default] Notice that the default order of bits in *Integers* serialized into *Cells* is *big-endian*, not little-endian.^[14](#fn14) In this respect *TVM is a big-endian machine*. However, this affects only the serialization of integers inside cells. The internal representation of the *Integer* value type is implementation-dependent and irrelevant for the operation of TVM. Besides, there are some special primitives such as $\texttt{STULE}$ for (de)serializing little-endian integers, which must be stored into an integral number of bytes (otherwise "little-endianness" does not make sense, unless one is also willing to revert the order of bits inside octets). Such primitives are useful for interfacing with the little-endian world—for instance, for parsing custom-format messages arriving to a TON Blockchain smart contract from the outside world. ### 3.2.9. Other serialization primitives [#329-other-serialization-primitives] Other cell creation primitives serialize bitstrings (i.e., cell slices without references), either taken from the stack or supplied as literal arguments; cell slices (which are concatenated to the cell builder in an obvious way); other *Builders* (which are also concatenated); and cell references ($\texttt{STREF}$). ### 3.2.10. Other cell creation primitives [#3210-other-cell-creation-primitives] In addition to the cell serialization primitives for certain built-in value types described above, there are simple primitives that create a new empty *Builder* and push it into the stack ($\texttt{NEWC}$), or transform a *Builder* into a *Cell* ($\texttt{ENDC}$), thus finishing the cell creation process. An $\texttt{ENDC}$ can be combined with a $\texttt{STREF}$ into a single instruction $\texttt{ENDCST}$, which finishes the creation of a cell and immediately stores a reference to it in an "outer" *Builder*. There are also primitives that obtain the quantity of data bits or references already stored in a *Builder*, and check how many data bits or references can be stored. ### 3.2.11. Taxonomy of cell deserialisation primitives [#3211-taxonomy-of-cell-deserialisation-primitives] Cell parsing, or deserialization, [primitives](#3-2-6-taxonomy-of-cell-creation-serialization-primitives) can be classified with the following modifications: * They work with *Slices* (representing the remainder of the cell being parsed) instead of *Builders*. * They return deserialized values instead of accepting them as arguments. * They may come in two flavors, depending on whether they remove the deserialized portion from the *Slice* supplied ("fetch operations") or leave it unmodified ("prefetch operations"). * Their mnemonics usually begin with $\texttt{LD}$ (or $\texttt{PLD}$ for prefetch operations) instead of $\texttt{ST}$. For example, an unsigned big-endian 20-bit integer previously serialized into a cell by a $\texttt{STU 20}$ instruction is likely to be deserialized later by a matching $\texttt{LDU 20}$ instruction. Again, more detailed information about these instructions is provided in [A.7.2](#a-7-2-cell-deserialization-primitives). ### 3.2.12. Other cell slice primitives [#3212-other-cell-slice-primitives] In addition to the cell deserialisation primitives outlined above, TVM provides some obvious primitives for initializing and completing the cell deserialization process. For instance, one can convert a *Cell* into a *Slice* ($\texttt{CTOS}$), so that its deserialisation might begin; or check whether a *Slice* is empty, and generate an exception if it is not ($\texttt{ENDS}$); or deserialize a cell reference and immediately convert it into a *Slice* ($\texttt{LDREFTOS}$, equivalent to two instructions $\texttt{LDREF}$ and $\texttt{CTOS}$). ### 3.2.13. Modifying a serialized value in a cell [#3213-modifying-a-serialized-value-in-a-cell] The reader might wonder how the values serialized inside a cell may be modified. Suppose a cell contains three serialized 29-bit integers, $(x,y,z)$, representing the coordinates of a point in space, and we want to replace $y$ with $y'=y+1$, leaving the other coordinates intact. How would we achieve this? TVM does not offer any ways to modify existing values ([2.3.4](#2-3-4-transparency-of-the-implementation:-stack-values-are-“values”,-not-“references”) and [2.3.5](#2-3-5-absence-of-circular-references)), so our example can only be accomplished with a series of operations as follows: 1. Deserialize the original cell into three *Integer*s $x$, $y$, $z$ in the stack (e.g., by $\texttt{CTOS}$; $\texttt{LDI 29}$; $\texttt{LDI 29}$; $\texttt{LDI 29}$; $\texttt{ENDS}$). 2. Increase $y$ by one (e.g., by $\texttt{SWAP}$; $\texttt{INC}$; $\texttt{SWAP}$). 3. Finally, serialize the resulting *Integer*s into a new cell (e.g., by $\texttt{XCHG s2}$; $\texttt{NEWC}$; $\texttt{STI 29}$; $\texttt{STI 29}$; $\texttt{STI 29}$; $\texttt{ENDC}$). ### 3.2.14. Modifying the persistent storage of a smart contract [#3214-modifying-the-persistent-storage-of-a-smart-contract] If the TVM code wants to modify its persistent storage, represented by the tree of cells rooted at $\texttt{c4}$, it simply needs to rewrite control register $\texttt{c4}$ by the root of the tree of cells containing the new value of its persistent storage. (If only part of the persistent storage needs to be [modified](#3-2-13-modifying-a-serialized-value-in-a-cell).) *** ## 3.3 Hashmaps, or dictionaries [#33---hashmaps-or-dictionaries] *Hashmaps*, or *dictionaries*, are a specific data structure represented by a tree of cells. Essentially, a hashmap represents a map from *keys*, which are bitstrings of either fixed or variable length, into *values* of an arbitrary type $X$, in such a way that fast lookups and modifications be possible. While any such structure might be inspected or modified with the aid of generic cell serialization and deserialization primitives, TVM introduces special primitives to facilitate working with these hashmaps. ### 3.3.1. Basic hashmap types [#331-basic-hashmap-types] The two most basic hashmap types predefined in TVM are *HashmapE* $n$ $X$ or *HashmapE*$(n,X)$, which represents a partially defined map from $n$-bit strings (called *keys*) for some fixed $0\leq n\leq 1023$ into *values* of some type $X$, and *Hashmap*$(n,X)$, which is similar to *HashmapE*$(n,X)$ but is not allowed to be empty (i.e., it must contain at least one key-value pair). Other hashmap types are also available—for example, one with keys of arbitrary length up to some predefined bound (up to 1023 bits). ### 3.3.2. Hashmaps as Patricia trees [#332-hashmaps-as-patricia-trees] The abstract representation of a hashmap in TVM is a *Patricia tree*, or a *compact binary trie*. It is a binary tree with edges labelled by bitstrings, such that the concatenation of all edge labels on a path from the root to a leaf equals a key of the hashmap. The corresponding value is kept in this leaf (for hashmaps with keys of fixed length), or optionally in the intermediate vertices as well (for hashmaps with keys of variable length). Furthermore, any intermediate vertex must have two children, and the label of the left child must begin with a binary zero, while the label of the right child must begin with a binary one. This enables us not to store the first bit of the edge labels explicitly. It is easy to see that any collection of key-value pairs (with distinct keys) is represented by a unique Patricia tree. ### 3.3.3. Serialization of hashmaps [#333-serialization-of-hashmaps] The serialization of a hashmap into a tree of cells (or, more generally, into a *Slice*) is defined by the following TL-B scheme:^[15](#fn15) ``` bit#_ _:(## 1) = Bit; hm_edge#_ {n:#} {X:Type} {l:#} {m:#} label:(HmLabel ~l n) {n = (~m) + l} node:(HashmapNode m X) = Hashmap n X; hmn_leaf#_ {X:Type} value:X = HashmapNode 0 X; hmn_fork#_ {n:#} {X:Type} left:^(Hashmap n X) right:^(Hashmap n X) = HashmapNode (n + 1) X; hml_short$0 {m:#} {n:#} len:(Unary ~n) s:(n * Bit) = HmLabel ~n m; hml_long$10 {m:#} n:(#<= m) s:(n * Bit) = HmLabel ~n m; hml_same$11 {m:#} v:Bit n:(#<= m) = HmLabel ~n m; unary_zero$0 = Unary ~0; unary_succ$1 {n:#} x:(Unary ~n) = Unary ~(n + 1); hme_empty$0 {n:#} {X:Type} = HashmapE n X; hme_root$1 {n:#} {X:Type} root:^(Hashmap n X) = HashmapE n X; true#_ = True; _ {n:#} _:(Hashmap n True) = BitstringSet n; ``` ### 3.3.4. Brief explanation of TL-B schemes [#334-brief-explanation-of-tl-b-schemes] A TL-B scheme, like the one above, includes the following components. The right-hand side of each "equation" is a *type*, either simple (such as $\texttt{Bit}$ or $\texttt{True}$) or parametrized (such as $\texttt{Hashmap}$ $n$ $X$). The parameters of a type must be either natural numbers (i.e., non-negative integers, which are required to fit into 32 bits in practice), such as $n$ in $\texttt{Hashmap}$ $n$ $X$, or other types, such as $X$ in $\texttt{Hashmap}$ $n$ $X$. The left-hand side of each equation describes a way to define, or even to serialize, a value of the type indicated in the right-hand side. Such a description begins with the name of a *constructor*, such as $\texttt{hm\_edge}$ or $\texttt{hml\_long}$, immediately followed by an optional *constructor tag*, such as #\_ or \$10, which describes the bitstring used to encode (serialize) the constructor in question. Such tags may be given in either binary (after a dollar sign) or [hexadecimal notation](#1-0-notation-for-bitstrings) (after a hash sign), using the conventions. If a tag is not explicitly provided, TL-B computes a default 32-bit constructor tag by hashing the text of the "equation" defining this constructor in a certain fashion. Therefore, empty tags must be explicitly provided by #\_ or $\_. All constructor names must be distinct, and constructor tags for the same type must constitute a prefix code (otherwise the deserialization would not be unique). The constructor and its optional tag are followed by *field definitions*. Each field definition is of the form $\textit{ident}:\textit{type-expr}$, where $\textit{ident}$ is an identifier with the name of the field ^[16](#fn16) (replaced by an underscore for anonymous fields), and $\textit{type-expr}$ is the field's type. The type provided here is a *type expression*, which may include simple types or parametrized types with suitable parameters. *Variables*—i.e., the (identifiers of the) previously defined fields of types $\#$ (natural numbers) or $\textit{Type}$ (type of types)—may be used as parameters for the parametrized types. The serialization process recursively serializes each field according to its type, and the serialization of a value ultimately consists of the concatenation of bitstrings representing the constructor (i.e., the constructor tag) and the field values. Some fields may be *implicit*. Their definitions are surrounded by curly braces, which indicate that the field is not actually present in the serialization, but that its value must be deduced from other data (usually the parameters of the type being serialized). Some occurrences of "variables" (i.e., already-defined fields) are prefixed by a tilde. This indicates that the variable's occurrence is used in the opposite way of the default behavior: in the left-hand side of the equation, it means that the variable will be deduced (computed) based on this occurrence, instead of substituting its previously computed value; in the right-hand side, conversely, it means that the variable will not be deduced from the type being serialized, but rather that it will be computed during the deserialization process. In other words, a tilde transforms an "input argument" into an "output argument", and vice versa.^[17](#fn17) Finally, some equalities may be included in curly brackets as well. These are certain "equations", which must be satisfied by the "variables" included in them. If one of the variables is prefixed by a tilde, its value will be uniquely determined by the values of all other variables participating in the equation (which must be known at this point) when the definition is processed from the left to the right. A caret (^) preceding a type $X$ means that instead of serializing a value of type $X$ as a bitstring inside the current cell, we place this value into a separate cell, and add a reference to it into the current cell. Therefore `^`$X$ means "the type of references to cells containing values of type $X$". Parametrized type $\texttt{\#<= }p$ with $p:\texttt{\#}$ (this notation means "$p$ of type $\texttt{\#}$", i.e., a natural number) denotes the subtype of the natural numbers type $\texttt{\#}$, consisting of integers $0\ldots p$; it is serialized into $\lceil\log_2(p+1)\rceil$ bits as an unsigned big-endian integer. Type $\texttt{\#}$ by itself is serialized as an unsigned 32-bit integer. Parametrized type $\texttt{\#\# }b$ with $b:\texttt{\#<=}31$ is equivalent to $\texttt{\#<= }2^b-1$ (i.e., it is an unsigned $b$-bit integer). ### 3.3.5. Application to the serialization of hashmaps [#335-application-to-the-serialization-of-hashmaps] Let us explain the net result of applying the [general rules](#3-3-4-brief-explanation-of-tl-b-schemes) to the [TL-B scheme](#3-3-3-serialization-of-hashmaps). Suppose we wish to serialize a value of type *HashmapE* $n$ $X$ for some integer $0\leq n\leq 1023$ and some type $X$ (i.e., a dictionary with $n$-bit keys and values of type $X$, admitting an abstract representation as a [Patricia tree](#3-3-2-hashmaps-as-patricia-trees)). First of all, if our dictionary is empty, it is serialized into a single binary $\texttt{0}$, which is the tag of nullary constructor $\texttt{hme\_empty}$. Otherwise, its serialization consists of a binary $\texttt{1}$ (the tag of $\texttt{hme\_root}$), along with a reference to a cell containing the serialization of a value of type *Hashmap* $n$ $X$ (i.e., a necessarily non-empty dictionary). The only way to serialize a value of type *Hashmap* $n$ $X$ is given by the $\texttt{hm\_edge}$ constructor, which instructs us to serialize first the label $\texttt{label}$ of the edge leading to the root of the subtree under consideration (i.e., the common prefix of all keys in our (sub)dictionary). This label is of type $\texttt{HmLabel}$ $l^\perp$ $n$, which means that it is a bitstring of length at most $n$, serialized in such a way that the true length $l$ of the label, $0\leq l\leq n$, becomes known from the [serialization](#3-3-6-serialization-of-labels) of the label. The label must be followed by the serialization of a $\texttt{node}$ of type $\texttt{HashmapNode}$ $m$ $X$, where $m=n-l$. It corresponds to a vertex of the Patricia tree, representing a non-empty subdictionary of the original dictionary with $m$-bit keys, obtained by removing from all the keys of the original subdictionary their common prefix of length $l$. If $m=0$, a value of type $\texttt{HashmapNode}$ $0$ $X$ is given by the $\texttt{hmn\_leaf}$ constructor, which describes a leaf of the Patricia tree—or, equivalently, a subdictionary with $0$-bit keys. A leaf simply consists of the corresponding $\texttt{value}$ of type $X$ and is serialized accordingly. On the other hand, if $m>0$, a value of type $\texttt{HashmapNode}$ $m$ $X$ corresponds to a fork (i.e., an intermediate node) in the Patricia tree, and is given by the $\texttt{hmn\_fork}$ constructor. Its serialization consists of $\texttt{left}$ and $\texttt{right}$, two references to cells containing values of type $\texttt{Hashmap}$ $m-1$ $X$, which correspond to the left and the right child of the intermediate node in question—or, equivalently, to the two subdictionaries of the original dictionary consisting of key-value pairs with keys beginning with a binary $\texttt{0}$ or a binary $\texttt{1}$, respectively. Because the first bit of all keys in each of these subdictionaries is known and fixed, it is removed, and the resulting (necessarily non-empty) subdictionaries are recursively serialized as values of type $\texttt{Hashmap}$ $m-1$ $X$. ### 3.3.6. Serialization of labels [#336-serialization-of-labels] There are several ways to serialize a label of length at most $n$, if its exact length is $l\leq n$ (recall that the exact length must be deducible from the serialization of the label itself, while the upper bound $n$ is known before the label is serialized or deserialized). These ways are described by the three constructors $\texttt{hml\_short}$, $\texttt{hml\_long}$, and $\texttt{hml\_same}$ of type $\texttt{HmLabel}$ $l^\perp$ $n$: * $\texttt{hml\_short}$ — Describes a way to serialize "short" labels, of small length $l\leq n$. Such a serialization consists of a binary $\texttt{0}$ (the constructor tag of $\texttt{hml\_short}$), followed by $l$ binary $\texttt{1}$s and one binary $\texttt{0}$ (the unary representation of the length $l$), followed by $l$ bits comprising the label itself. * $\texttt{hml\_long}$ — Describes a way to serialize "long" labels, of arbitrary length $l\leq n$. Such a serialization consists of a binary $\texttt{10}$ (the constructor tag of $\texttt{hml\_long}$), followed by the big-endian binary representation of the length $0\leq l\leq n$ in $\lceil\log_2(n+1)\rceil$ bits, followed by $l$ bits comprising the label itself. * $\texttt{hml\_same}$ — Describes a way to serialize "long" labels, consisting of $l$ repetitions of the same bit $v$. Such a serialization consists of $\texttt{11}$ (the constructor tag of $\texttt{hml\_same}$), followed by the bit $v$, followed by the length $l$ stored in $\lceil\log_2(n+1)\rceil$ bits as before. Each label can always be serialized in at least two different fashions, using $\texttt{hml\_short}$ or $\texttt{hml\_long}$ constructors. Usually the shortest serialization (and in the case of a tie—the lexicographically smallest among the shortest) is preferred and is generated by TVM hashmap primitives, while the other variants are still considered valid. This label encoding scheme has been designed to be efficient for dictionaries with "random" keys (e.g., hashes of some data), as well as for dictionaries with "regular" keys (e.g., big-endian representations of integers in some range). ### 3.3.7. An example of dictionary serialization [#337-an-example-of-dictionary-serialization] Consider a dictionary with three 16-bit keys 13, 17, and 239 (considered as big-endian integers) and corresponding 16-bit values 169, 289, and 57121. In binary form: ``` 0000000000001101 => 0000000010101001 0000000000010001 => 0000000100100001 0000000011101111 => 1101111100100001 ``` The corresponding Patricia tree consists of a root $A$, two intermediate nodes $B$ and $C$, and three leaf nodes $D$, $E$, and $F$, corresponding to 13, 17, and 239, respectively. The root $A$ has only one child, $B$; the label on the edge $AB$ is $00000000=0^8$. The node $B$ has two children: its left child is an intermediate node $C$ with the edge $BC$ labelled by $(0)00$, while its right child is the leaf $F$ with $BF$ labelled by $(1)1101111$. Finally, $C$ has two leaf children $D$ and $E$, with $CD$ labelled by $(0)1101$ and $CE$—by $(1)0001$. The corresponding value of type $\texttt{HashmapE}$ 16 ($\texttt{\#\#}$ 16) may be written in human-readable form as: ``` (hme_root$1 root:^(hm_edge label:(hml_same$11 v:0 n:8) node:(hm_fork left:^(hm_edge label:(hml_short$0 len:$110 s:$00) node:(hm_fork left:^(hm_edge label:(hml_long$10 n:4 s:$1101) node:(hm_leaf value:169)) right:^(hm_edge label:(hml_long$10 n:4 s:$0001) node:(hm_leaf value:289)))) right:^(hm_edge label:(hml_long$10 n:7 s:$1101111) node:(hm_leaf value:57121))))) ``` The serialization of this data structure into a tree of cells consists of six cells with the following binary data contained in them: ``` A := 1 A.0 := 11 0 01000 A.0.0 := 0 110 00 A.0.0.0 := 10 100 1101 0000000010101001 A.0.0.1 := 10 100 0001 0000000100100001 A.0.1 := 10 111 1101111 1101111100100001 ``` Here $A$ is the root cell, $A.0$ is the cell at the first reference of $A$, $A.1$ is the cell at the second reference of $A$, and so on. This tree of cells can be represented more compactly using the [hexadecimal notation](#1-0-notation-for-bitstrings), using indentation to reflect the tree-of-cells structure: ``` C_ C8 62_ A68054C_ A08090C_ BEFDF21 ``` A total of 93 data bits and 5 references in 6 cells have been used to serialize this dictionary. Notice that a straightforward representation of three 16-bit keys and their corresponding 16-bit values would already require 96 bits (albeit without any references), so this particular serialization turns out to be quite efficient. ### 3.3.8. Ways to describe the serialization of type $X$ [#338-ways-to-describe-the-serialization-of-type-x] Notice that the built-in TVM primitives for dictionary manipulation need to know something about the serialization of type $X$; otherwise, they would not be able to work correctly with $\mathit{Hashmap}$ $n$ $X$, because values of type $X$ are immediately contained in the Patricia tree leaf cells. There are several options available to describe the serialization of type $X$: * The simplest case is when $X = \text{\textasciicircum}Y$ for some other type $Y$. In this case the serialization of $X$ itself always consists of one reference to a cell, which in fact must contain a value of type $Y$, something that is not relevant for dictionary manipulation primitives. * Another simple case is when the serialization of any value of type $X$ always consists of $0\leq b\leq 1023$ data bits and $0\leq r\leq 4$ references. Integers $b$ and $r$ can then be passed to a dictionary manipulation primitive as a simple description of $X$. (Notice that the previous case corresponds to $b=0$, $r=1$.) * A more sophisticated case can be described by four integers $1\leq b_0,b_1\leq 1023$, $0\leq r_0,r_1\leq 4$, with $b_i$ and $r_i$ used when the first bit of the serialization equals $i$. When $b_0=b_1$ and $r_0=r_1$, this case reduces to the previous one. * Finally, the most general description of the serialization of a type $X$ is given by a *splitting function* $\mathit{split}_X$ for $X$, which accepts one *Slice* parameter $s$, and returns two *Slice*s, $s'$ and $s''$, where $s'$ is the only prefix of $s$ that is the serialization of a value of type $X$, and $s''$ is the remainder of $s$. If no such prefix exists, the splitting function is expected to throw an exception. Notice that a compiler for a high-level language, which supports some or all algebraic TL-B types, is likely to automatically generate splitting functions for all types defined in the program. ### 3.3.9. A simplifying assumption on the serialization of $X$ [#339-a-simplifying-assumption-on-the-serialization-of-x] One may notice that values of type $X$ always occupy the remaining part of an $\texttt{hm\_edge}$/$\texttt{hme\_leaf}$ cell inside the serialization of a *HashmapE* $n$ $X$. Therefore, if we do not insist on strict validation of all dictionaries accessed, we may assume that everything left unparsed in an $\texttt{hm\_edge}$/$\texttt{hme\_leaf}$ cell after deserializing its $\texttt{label}$ is a value of type $X$. This greatly simplifies the creation of dictionary manipulation primitives, because in most cases they turn out not to need any information about $X$ at all. ### 3.3.10. Basic dictionary operations [#3310-basic-dictionary-operations] Let us present a classification of basic operations with dictionaries (i.e., values $D$ of type *HashmapE* $n$ $X$): * $\text{Get}(D,k)$ — Given $D$:*HashmapE*$(n,X)$ and a key $k:n\cdot\texttt{bit}$, returns the corresponding value $D[k]:X^?$ kept in $D$. * $\text{Set}(D,k,x)$ — Given $D$:*HashmapE*$(n,X)$, a key $k:n\cdot\texttt{bit}$, and a value $x:X$, sets $D'[k]$ to $x$ in a [copy](#2-3-4-transparency-of-the-implementation%3A-stack-values-are-“values”%2C-not-“references”) $D'$ of $D$, and returns the resulting dictionary $D'$. * $\text{Add}(D,k,x)$ — Similar to $\text{Set}$, but adds the key-value pair $(k,x)$ to $D$ only if key $k$ is absent in $D$. * $\text{Replace}(D,k,x)$ — Similar to $\text{Set}$, but changes $D'[k]$ to $x$ only if key $k$ is already present in $D$. * $\text{GetSet}$, $\text{GetAdd}$, $\text{GetReplace}$ — Similar to $\text{Set}$, $\text{Add}$, and $\text{Replace}$, respectively, but returns the old value of $D[k]$ as well. * $\text{Delete}(D,k)$ — Deletes key $k$ from dictionary $D$, and returns the resulting dictionary $D'$. * $\text{GetMin}(D)$, $\text{GetMax}(D)$ — Gets the minimal or maximal key $k$ from dictionary $D$, along with the associated value $x:X$. * $\text{RemoveMin}(D)$, $\text{RemoveMax}(D)$ — Similar to $\text{GetMin}$ and $\text{GetMax}$, but also removes the key in question from dictionary $D$, and returns the modified dictionary $D'$. May be used to iterate over all elements of $D$, effectively using (a copy of) $D$ itself as an iterator. * $\text{GetNext}(D,k)$ — Computes the minimal key $k'>k$ (or $k'\geq k$ in a variant) and returns it along with the corresponding value $x':X$. May be used to iterate over all elements of $D$. * $\text{GetPrev}(D,k)$ — Computes the maximal key $k'^[18](#fn18) * $\text{ForEachRev}(D,f)$ — Similar to $\text{ForEach}$, but processes all key-value pairs in reverse order. * $\text{TreeReduce}(D,o,f,g)$ — Given $D$:*HashmapE*$(n,X)$, a value $o:X$, and two functions $f:X\to Y$ and $g:Y\times Y\to Y$, performs a "tree reduction" of $D$ by first applying $f$ to all the leaves, and then using $g$ to compute the value corresponding to a fork starting from the values assigned to its children.^[19](#fn19) ### 3.3.11. Taxonomy of dictionary primitives [#3311-taxonomy-of-dictionary-primitives] The [dictionary primitives](#a-10-dictionary-manipulation-primitives), can be classified according to the following categories: * Which [dictionary operation](#3-3-10-basic-dictionary-operations) do they perform? * Are they specialized for the case $X = \text{\textasciicircum}Y$ If so, do they represent values of type $Y$ by *Cell*s or by *Slice*s? (Generic versions always represent values of type $X$ as *Slice*s.) * Are the dictionaries themselves passed and returned as *Cell*s or as *Slice*s? (Most primitives represent dictionaries as *Slice*s.) * Is the key length $n$ fixed inside the primitive, or is it passed in the stack? * Are the keys represented by *Slice*s, or by signed or unsigned *Integer*s? In addition, TVM includes special serialization/deserialization primitives, such as $\texttt{STDICT}$, $\texttt{LDDICT}$, and $\texttt{PLDDICT}$. They can be used to extract a dictionary from a serialization of an encompassing object, or to insert a dictionary into such a serialization. *** ## 3.4 Hashmaps with variable-length keys [#34---hashmaps-with-variable-length-keys] TVM provides some support for [dictionaries, or hashmaps](#3-3-hashmaps%2C-or-dictionaries), with variable-length keys, in addition to its support for dictionaries with fixed-length keys. ### 3.4.1. Serialization of dictionaries with variable-length keys [#341-serialization-of-dictionaries-with-variable-length-keys] The [serialization](#3-3-3-serialization-of-hashmaps) of a *VarHashmap* into a tree of cells (or, more generally, into a *Slice*) is defined by a TL-B scheme: ``` vhm_edge#_ {n:#} {X:Type} {l:#} {m:#} label:(HmLabel ~l n) {n = (~m) + l} node:(VarHashmapNode m X) = VarHashmap n X; vhmn_leaf$00 {n:#} {X:Type} value:X = VarHashmapNode n X; vhmn_fork$01 {n:#} {X:Type} left:^(VarHashmap n X) right:^(VarHashmap n X) value:(Maybe X) = VarHashmapNode (n + 1) X; vhmn_cont$1 {n:#} {X:Type} branch:bit child:^(VarHashmap n X) value:X = VarHashmapNode (n + 1) X; nothing$0 {X:Type} = Maybe X; just$1 {X:Type} value:X = Maybe X; vhme_empty$0 {n:#} {X:Type} = VarHashmapE n X; vhme_root$1 {n:#} {X:Type} root:^(VarHashmap n X) = VarHashmapE n X; ``` ### 3.4.2. Serialization of prefix codes [#342-serialization-of-prefix-codes] One special case of a dictionary with variable-length keys is that of a *prefix code*, where the keys cannot be prefixes of each other. Values in such dictionaries may occur only in the leaves of a Patricia tree. The serialization of a prefix code is defined by the following TL-B scheme: ``` phm_edge#_ {n:#} {X:Type} {l:#} {m:#} label:(HmLabel ~l n) {n = (~m) + l} node:(PfxHashmapNode m X) = PfxHashmap n X; phmn_leaf$0 {n:#} {X:Type} value:X = PfxHashmapNode n X; phmn_fork$1 {n:#} {X:Type} left:^(PfxHashmap n X) right:^(PfxHashmap n X) = PfxHashmapNode (n + 1) X; phme_empty$0 {n:#} {X:Type} = PfxHashmapE n X; phme_root$1 {n:#} {X:Type} root:^(PfxHashmap n X) = PfxHashmapE n X; ``` *** # 4 Control flow, continuations, and exceptions [#4----control-flow-continuations-and-exceptions] This chapter describes *continuations*, which may represent execution tokens and exception handlers in TVM. Continuations are deeply involved with the control flow of a TVM program; in particular, subroutine calls and conditional and iterated execution are implemented in TVM using special primitives that accept one or more continuations as their arguments. We conclude this chapter with a discussion of the problem of recursion and of families of mutually recursive functions, exacerbated by the fact that cyclic references are not allowed in TVM data structures (including TVM code). ## 4.1 Continuations and subroutines [#41---continuations-and-subroutines] Recall that [Continuation values](#1-1-3-preliminary-list-of-value-types) represent "execution tokens" that can be executed later—for example, by $\texttt{EXECUTE}$=$\texttt{CALLX}$ ("execute" or "call indirect") or $\texttt{JMPX}$ ("jump indirect") primitives. As such, the continuations are heavily used by control flow primitives, enabling subroutine calls, conditional expressions, loops, and so on. ### 4.1.1. Ordinary continuations [#411-ordinary-continuations] The most common kind of continuations are the *ordinary continuations*, containing the following data: * A *Slice* $\texttt{code}$ ([1.1.3](#1-1-3-preliminary-list-of-value-types) and [3.2.2](#3-2-2-builder-and-slice-values)), containing (the remainder of) the TVM code to be executed. * A (possibly empty) *Stack* $\texttt{stack}$, containing the original contents of the stack for the code to be executed. * A (possibly empty) list $\texttt{save}$ of pairs $(\texttt{c}(i),v_i)$ (also called "savelist"), containing the values of control registers to be restored before the execution of the code. * A 16-bit integer value $\texttt{cp}$, selecting the TVM codepage used to interpret the TVM code from $\texttt{code}$. * An optional non-negative integer $\texttt{nargs}$, indicating the number of arguments expected by the continuation. ### 4.1.2. Simple ordinary continuations [#412-simple-ordinary-continuations] In most cases, the ordinary continuations are the simplest ones, having empty $\texttt{stack}$ and $\texttt{save}$. They consist essentially of a reference $\texttt{code}$ to (the remainder of) the code to be executed, and of the codepage $\texttt{cp}$ to be used while decoding the instructions from this code. ### 4.1.3. Current continuation cc [#413-current-continuation-cc] The "current continuation" $\texttt{cc}$ is an important part of the total state of TVM, representing the code being executed right now. In particular, what we call [the current stack](#1-1-tvm-is-a-stack-machine) (or simply "the stack") when discussing all other primitives is in fact the stack of the current continuation. All other components of the total state of TVM may be also thought of as parts of the current continuation $\texttt{cc}$; however, they may be extracted from the current continuation and kept separately as part of the total state for performance reasons. This is why we describe the stack, the control registers, and the codepage as separate parts of the [TVM state](#1-4-total-state-of-tvm-scccg). ### 4.1.4. Normal work of TVM, or the main loop [#414-normal-work-of-tvm-or-the-main-loop] TVM usually performs the following operations: If the current continuation $\texttt{cc}$ is an ordinary one, it decodes the first instruction from the *Slice* $\texttt{code}$, similarly to the way other cells are deserialized by TVM $\texttt{LD*}$ primitives ([3.2](#3-2-data-manipulation-instructions-and-cells) and [3.2.11](#3-2-11-taxonomy-of-cell-deserialisation-primitives)): it decodes the opcode first, and then the parameters of the instruction (e.g., 4-bit fields indicating "stack registers" involved for stack manipulation primitives, or constant values for "push constant" or "literal" primitives). The remainder of the *Slice* is then put into the $\texttt{code}$ of the new $\texttt{cc}$, and the decoded operation is executed on the current stack. This entire process is repeated until there are no operations left in $\texttt{cc.code}$. If the $\texttt{code}$ is empty (i.e., contains no bits of data and no references), or if a (rarely needed) explicit subroutine return ($\texttt{RET}$) instruction is encountered, the current continuation is discarded, and the "return continuation" from control register $\texttt{c0}$ is [loaded](#4-1-6-switching-to-another-continuation:-and) into $\texttt{cc}$ instead.^[20](#fn20) Then the execution continues by parsing operations from the new current continuation. ### 4.1.5. Extraordinary continuations [#415-extraordinary-continuations] In addition to the [ordinary continuations](#4-1-1-ordinary-continuations), TVM includes some *extraordinary continuations*, representing certain less common states. Examples of extraordinary continuations include: * The continuation $\texttt{ec\_quit}$ with its parameter set to zero, which represents the end of the work of TVM. This continuation is the original value of $\texttt{c0}$ when TVM begins executing the code of a smart contract. * The continuation $\texttt{ec\_until}$, which contains references to two other continuations (ordinary or not) representing the body of the loop being executed and the code to be executed after the loop. Execution of an extraordinary continuation by TVM depends on its specific class, and [differs](#4-1-4-normal-work-of-tvm,-or-the-main-loop) from the operations for ordinary continuations.^[21](#fn21) ### 4.1.6. Switching to another continuation: $\texttt{JMP}$ and $\texttt{RET}$ [#416-switching-to-another-continuation-textttjmp-and-textttret] The process of switching to another continuation $c$ may be performed by such instructions as $\texttt{JMPX}$ (which takes $c$ from the stack) or $\texttt{RET}$ (which uses $\texttt{c0}$ as $c$). This process is slightly more complex than simply setting the value of $\texttt{cc}$ to $c$: before doing this, either all values or the top $n$ values in the current stack are moved to the stack of the continuation $c$, and only then is the remainder of the current stack discarded. If all values need to be moved (the most common case), and if the continuation $c$ has an empty stack (also the most common case; notice that extraordinary continuations are assumed to have an empty stack), then the new stack of $c$ equals the stack of the current continuation, so we can simply transfer the current stack in its entirety to $c$. (If we keep the current stack as a separate part of the total state of TVM, we have to do nothing at all.) ### 4.1.7. Determining the number $n$ of arguments passed to the next continuation $c$ [#417-determining-the-number-n-of-arguments-passed-to-the-next-continuation-c] By default, $n$ equals the depth of the current stack. However, if $c$ has an explicit value of $\texttt{nargs}$ (number of arguments to be provided), then $n$ is computed as $n'$, equal to $c$.$\texttt{nargs}$ minus the current depth of $c$'s stack. Furthermore, there are special forms of $\texttt{JMPX}$ and $\texttt{RET}$ that provide an explicit value $n''$, the number of parameters from the current stack to be passed to continuation $c$. If $n''$ is provided, it must be less than or equal to the depth of the current stack, or else a stack underflow exception occurs. If both $n'$ and $n''$ are provided, we must have $n'\leq n''$, in which case $n=n'$ is used. If $n''$ is provided and $n'$ is not, then $n=n''$ is used. One could also imagine that the default value of $n''$ equals the depth of the original stack, and that $n''$ values are always removed from the top of the original stack even if only $n'$ of them are actually moved to the stack of the next continuation $c$. Even though the remainder of the current stack is discarded afterwards, this description will become useful later. ### 4.1.8. Restoring control registers from the new continuation $c$ [#418-restoring-control-registers-from-the-new-continuation-c] After the new stack is computed, the values of control registers present in $c$.$\texttt{save}$ are restored accordingly, and the current codepage $\texttt{cp}$ is also set to $c$.$\texttt{cp}$. Only then does TVM set $\texttt{cc}$ equal to the new $c$ and begin its execution.^[22](#fn22) ### 4.1.9. Subroutine calls: $\texttt{CALLX}$ or $\texttt{EXECUTE}$ primitives [#419-subroutine-calls-textttcallx-or-textttexecute-primitives] The execution of continuations as subroutines is slightly more complicated than switching to continuations. Consider the $\texttt{CALLX}$ or $\texttt{EXECUTE}$ primitive, which takes a continuation $c$ from the (current) stack and executes it as a subroutine. Apart from doing the stack manipulations described in [4.1.6](#4-1-6-switching-to-another-continuation:-and) and [4.1.7](#4-1-7-determining-the-number-of-arguments-passed-to-the-next-continuation) and setting the new [control registers](#4-1-8-restoring-control-registers-from-the-new-continuation), these primitives perform several additional steps: 1. After the top $n''$ values are [removed](#4-1-7-determining-the-number-of-arguments-passed-to-the-next-continuation) from the current stack, the (usually empty) remainder is not discarded, but instead is stored in the (old) current continuation $\texttt{cc}$. 2. The old value of the special register $\texttt{c0}$ is saved into the (previously empty) savelist $\texttt{cc.save}$. 3. The continuation $\texttt{cc}$ thus modified is not discarded, but instead is set as the new $\texttt{c0}$, which performs the role of "next continuation" or "return continuation" for the subroutine being called. 4. After that, the switching to $c$ continues as before. In particular, some control registers are restored from $c$.$\texttt{save}$, potentially overwriting the value of $\texttt{c0}$ set in the previous step. (Therefore, a good optimization would be to check that $\texttt{c0}$ is present in $c$.$\texttt{save}$ from the very beginning, and skip the three previous steps as useless in this case.) In this way, the called subroutine can return control to the caller by switching the current continuation to the return continuation saved in $\texttt{c0}$. Nested subroutine calls work correctly because the previous value of $\texttt{c0}$ ends up saved into the new $\texttt{c0}$'s control register savelist $\texttt{c0.save}$, from which it is restored later. ### 4.1.10. Determining the number of arguments passed to and/or return values accepted from a subroutine [#4110-determining-the-number-of-arguments-passed-to-andor-return-values-accepted-from-a-subroutine] Similarly to $\texttt{JMPX}$ and $\texttt{RET}$, $\texttt{CALLX}$ also has special (rarely used) forms, which allow us to explicitly specify the number $n''$ of arguments passed from the current stack to the called subroutine (by default, $n''$ equals the depth of the current stack, i.e., it is passed in its entirety). Furthermore, a second number $n'''$ can be specified, used to set $\texttt{nargs}$ of the modified $\texttt{cc}$ continuation before storing it into the new $\texttt{c0}$; the new $\texttt{nargs}$ equals the depth of the old stack minus $n''$ plus $n'''$. This means that the caller is willing to pass exactly $n''$ arguments to the called subroutine, and is willing to accept exactly $n'''$ results in their stead. Such forms of $\texttt{CALLX}$ and $\texttt{RET}$ are mostly intended for library functions that accept functional arguments and want to invoke them safely. Another application is related to the "virtualization support" of TVM, which enables TVM code to run other TVM code inside a "virtual TVM machine". Such virtualization techniques might be useful for implementing sophisticated [payment channels](/blockchain-basics/whitepapers/ton#5-ton-payments) in the TON Blockchain. ### 4.1.11. $\texttt{CALLCC}$: call with current continuation [#4111-textttcallcc-call-with-current-continuation] Notice that TVM supports a form of the "call with current continuation" primitive. Namely, primitive $\texttt{CALLCC}$ is similar to $\texttt{CALLX}$ or $\texttt{JMPX}$ in that it takes a continuation $c$ from the stack and switches to it; however, $\texttt{CALLCC}$ does not discard the previous current continuation $c'$ (as $\texttt{JMPX}$ does) and does not write $c'$ to $\texttt{c0}$ (as $\texttt{CALLX}$ does), but rather pushes $c'$ into the (new) stack as an extra argument to $c$. The primitive $\texttt{JMPXDATA}$ does a similar thing, but pushes only the (remainder of the) code of the previous current continuation as a *Slice*. ## 4.2 Control flow primitives: conditional and iterated execution [#42---control-flow-primitives-conditional-and-iterated-execution] ### 4.2.1. Conditional execution: $\texttt{IF}$, $\texttt{IFNOT}$, $\texttt{IFELSE}$ [#421-conditional-execution-textttif-textttifnot-textttifelse] An important modification of $\texttt{EXECUTE}$ (or $\texttt{CALLX}$) consists in its conditional forms. For example, $\texttt{IF}$ accepts an integer $x$ and a continuation $c$, and executes $c$ (in the same way as $\texttt{EXECUTE}$ would do it) only if $x$ is non-zero; otherwise both values are simply discarded from the stack. Similarly, $\texttt{IFNOT}$ accepts $x$ and $c$, but executes $c$ only if $x=0$. Finally, $\texttt{IFELSE}$ accepts $x$, $c$, and $c'$, removes these values from the stack, and executes $c$ if $x\neq0$ or $c'$ if $x=0$. ### 4.2.2. Iterated execution and loops [#422-iterated-execution-and-loops] More sophisticated modifications of $\texttt{EXECUTE}$ include: * $\texttt{REPEAT}$ — Takes an integer $n$ and a continuation $c$, and executes $c$ $n$ times.^[23](#fn23) * $\texttt{WHILE}$ — Takes $c'$ and $c''$, executes $c'$, and then takes the top value $x$ from the stack. If $x$ is non-zero, it executes $c''$ and then begins a new loop by executing $c'$ again; if $x$ is zero, it stops. * $\texttt{UNTIL}$ — Takes $c$, executes it, and then takes the top integer $x$ from the stack. If $x$ is zero, a new iteration begins; if $x$ is non-zero, the previously executed code is resumed. ### 4.2.3. Constant, or literal, continuations [#423-constant-or-literal-continuations] We see that we can create arbitrarily complex conditional expressions and loops in the TVM code, provided we have a means to push constant continuations into the stack. In fact, TVM includes special versions of "literal" or "constant" primitives that cut the next $n$ bytes or bits from the remainder of the current code $\texttt{cc.code}$ into a cell slice, and then push it into the stack not as a *Slice* (as a $\texttt{PUSHSLICE}$ does) but as a simple ordinary *Continuation* (which has only $\texttt{code}$ and $\texttt{cp}$). The simplest of these primitives is $\texttt{PUSHCONT}$, which has an immediate argument $n$ describing the number of subsequent bytes (in a byte-oriented version of TVM) or bits to be converted into a simple continuation. Another primitive is $\texttt{PUSHREFCONT}$, which removes the first cell reference from the current continuation $\texttt{cc.code}$, converts the cell referred to into a cell slice, and finally converts the cell slice into a simple continuation. ### 4.2.4. Constant continuations combined with conditional or iterated execution primitives [#424-constant-continuations-combined-with-conditional-or-iterated-execution-primitives] Because constant continuations are very often used as arguments to conditional or iterated execution primitives, combined versions of these primitives (e.g., $\texttt{IFCONT}$ or $\texttt{UNTILREFCONT}$) may be defined in a future revision of TVM, which combine a $\texttt{PUSHCONT}$ or $\texttt{PUSHREFCONT}$ with another primitive. If one inspects the resulting code, $\texttt{IFCONT}$ looks very much like the more customary "conditional-branch-forward" instruction. ## 4.3 Operations with continuations [#43--operations-with-continuations] ### 4.3.1 Continuations are opaque [#431--continuations-are-opaque] Notice that all continuations are *opaque*, at least in the current version of TVM, meaning that there is no way to modify a continuation or inspect its internal data. Almost the only use of a continuation is to supply it to a control flow primitive. While there are some arguments in favor of including support for non-opaque continuations in TVM (along with opaque continuations, which are required for virtualization), the current revision offers no such support. ### 4.3.2. Allowed operations with continuations [#432-allowed-operations-with-continuations] However, some operations with opaque continuations are still possible, mostly because they are equivalent to operations of the kind "create a new continuation, which will do something special, and then invoke the original continuation". Allowed operations with continuations include: * Push one or several values into the stack of a continuation $c$ (thus creating a partial application of a function, or a closure). * Set the saved value of a control register $\texttt{c}(i)$ inside the savelist $c$.$\texttt{save}$ of a continuation $c$. If there is already a value for the control register in question, this operation silently does nothing. ### 4.3.3. Example: operations with control registers [#433-example-operations-with-control-registers] TVM has some primitives to set and inspect the values of control registers. The most important of them are $\texttt{PUSH c}(i)$ (pushes the current value of $\texttt{c}(i)$ into the stack) and $\texttt{POP c}(i)$ (sets the value of $\texttt{c}(i)$ from the stack, if the supplied value is of the correct type). However, there is also a modified version of the latter instruction, called $\texttt{POPSAVE c}(i)$, which saves the old value of $\texttt{c}(i)$ (for $i>0$) into the [continuation](#4-3-2-allowed-operations-with-continuations) at $\texttt{c0}$ before setting the new value. ### 4.3.4. Example: setting the number of arguments to a function in its code [#434-example-setting-the-number-of-arguments-to-a-function-in-its-code] The primitive $\texttt{LEAVEARGS}$ $n$ demonstrates another application of continuations in an operation: it leaves only the top $n$ values of the current stack, and moves the remainder to the stack of the continuation in $\texttt{c0}$. This primitive enables a called function to "return" unneeded arguments to its caller's stack, which is useful in some situations (e.g., those related to exception handling). ### 4.3.5. Boolean circuits [#435-boolean-circuits] A continuation $c$ may be thought of as a piece of code with two optional exit points kept in the savelist of $c$: the principal exit point given by $c$.$\texttt{c0}$:=$c$.$\texttt{save}$($\texttt{c0}$), and the auxiliary exit point given by $c$.$\texttt{c1}$:=$c$.$\texttt{save}$($\texttt{c1}$). If executed, a continuation performs whatever action it was created for, and then (usually) transfers control to the principal exit point, or, on some occasions, to the auxiliary exit point. We sometimes say that a continuation $c$ with both exit points $c$.$\texttt{c0}$ and $c$.$\texttt{c1}$ defined is a *two-exit continuation*, or a *boolean circuit*, especially if the choice of the exit point depends on some internally-checked condition. ### 4.3.6. Composition of continuations [#436-composition-of-continuations] One can *compose* two continuations $c$ and $c'$ simply by setting $c$.$\texttt{c0}$ or $c$.$\texttt{c1}$ to $c'$. This creates a new continuation denoted by $c\circ_0c'$ or $c\circ_1c'$, which differs from $c$ in its savelist. (Recall that if the savelist of $c$ already has an entry corresponding to the control register in question, such an operation silently [does nothing](#4-3-2-allowed-operations-with-continuations). By composing continuations, one can build chains or other graphs, possibly with loops, representing the control flow. In fact, the resulting graph resembles a flow chart, with the boolean circuits corresponding to the "condition nodes" (containing code that will transfer control either to $\texttt{c0}$ or to $\texttt{c1}$ depending on some condition), and the one-exit continuations corresponding to the "action nodes". ### 4.3.7. Basic continuation composition primitives [#437-basic-continuation-composition-primitives] Two basic primitives for composing continuations are $\texttt{COMPOS}$ (also known as $\texttt{SETCONT c0}$ and $\texttt{BOOLAND}$) and $\texttt{COMPOSALT}$ (also known as $\texttt{SETCONT c1}$ and $\texttt{BOOLOR}$), which take $c$ and $c'$ from the stack, set $c$.$\texttt{c0}$ or $c$.$\texttt{c1}$ to $c'$, and return the resulting continuation $c''=c\circ_0c'$ or $c\circ_1c'$. All other continuation composition operations can be expressed in terms of these two primitives. ### 4.3.8. Advanced continuation composition primitives [#438-advanced-continuation-composition-primitives] However, TVM can compose continuations not only taken from stack, but also taken from $\texttt{c0}$ or $\texttt{c1}$, or from the current continuation $\texttt{cc}$; likewise, the result may be pushed into the stack, stored into either $\texttt{c0}$ or $\texttt{c1}$, or used as the new current continuation (i.e., the control may be transferred to it). Furthermore, TVM can define conditional composition primitives, performing some of the above actions only if an integer value taken from the stack is non-zero. For instance, $\texttt{EXECUTE}$ can be described as $\texttt{cc}\leftarrow c\circ_0\texttt{cc}$, with continuation $c$ taken from the original stack. Similarly, $\texttt{JMPX}$ is $\texttt{cc}\leftarrow c$, and $\texttt{RET}$ (also known as $\texttt{RETTRUE}$ in a boolean circuit context) is $\texttt{cc}\leftarrow\texttt{c0}$. Other interesting primitives include $\texttt{THENRET}$ ($c'\leftarrow c\circ_0\texttt{c0}$) and $\texttt{ATEXIT}$ ($\texttt{c0}\leftarrow c\circ_0\texttt{c0}$). Finally, some "experimental" primitives also involve $\texttt{c1}$ and $\circ_1$. For example: * $\texttt{RETALT}$ or $\texttt{RETFALSE}$ does $\texttt{cc}\leftarrow\texttt{c1}$. * Conditional versions of $\texttt{RET}$ and $\texttt{RETALT}$ may also be useful: $\texttt{RETBOOL}$ takes an integer $x$ from the stack, and performs $\texttt{RETTRUE}$ if $x\neq0$, $\texttt{RETFALSE}$ otherwise. * $\texttt{INVERT}$ does $\texttt{c0}\leftrightarrow\texttt{c1}$; if the two continuations in $\texttt{c0}$ and $\texttt{c1}$ represent the two branches we should select depending on some boolean expression, $\texttt{INVERT}$ negates this expression on the outer level. * $\texttt{INVERTCONT}$ does $c$.$\texttt{c0}\leftrightarrow c$.$\texttt{c1}$ to a continuation $c$ taken from the stack. * Variants of $\texttt{ATEXIT}$ include $\texttt{ATEXITALT}$ ($\texttt{c1}\leftarrow c\circ_1\texttt{c1}$) and $\texttt{SETEXITALT}$ ($\texttt{c1}\leftarrow (c\circ_0\texttt{c0})\circ_1\texttt{c1}$). * $\texttt{BOOLEVAL}$ takes a continuation $c$ from the stack and does $\texttt{cc}\leftarrow \bigl((c\circ_0(\texttt{PUSH}\,-1))\circ_1(\texttt{PUSH}\,0)\bigr)\circ_0\texttt{cc}$. If $c$ represents a boolean circuit, the net effect is to evaluate it and push either $-1$ or $0$ into the stack before continuing. ## 4.4 Continuations as objects [#44--continuations-as-objects] ### 4.4.1. Representing objects using continuations [#441-representing-objects-using-continuations] Object-oriented programming in Smalltalk (or Objective C) style may be implemented with the aid of continuations. For this, an object is represented by a special continuation $o$. If it has any data fields, they can be kept in the stack of $o$, making $o$ a partial application (i.e., a continuation with a non-empty stack). When somebody wants to invoke a method $m$ of $o$ with arguments $x_1$, $x_2$, $\ldots$, $x_n$, she pushes the arguments into the stack, then pushes a magic number corresponding to the method $m$, and then executes $o$ passing $n+1$ [arguments](#4-1-10-determining-the-number-of-arguments-passed-to-and%2For-return-values-accepted-from-a-subroutine). Then $o$ uses the top-of-stack integer $m$ to select the branch with the required method, and executes it. If $o$ needs to modify its state, it simply computes a new continuation $o'$ of the same sort (perhaps with the same code as $o$, but with a different initial stack). The new continuation $o'$ is returned to the caller along with whatever other return values need to be returned. ### 4.4.2. Serializable objects [#442-serializable-objects] Another way of representing Smalltalk-style objects as continuations, or even as trees of cells, consists in using the $\texttt{JMPREFDATA}$ primitive (a [variant](#4-1-11-%3A-call-with-current-continuation) of $\texttt{JMPXDATA}$), which takes the first cell reference from the code of the current continuation, transforms the cell referred to into a simple ordinary continuation, and transfers control to it, first pushing the remainder of the current continuation as a *Slice* into the stack. In this way, an object might be represented by a cell $\tilde o$ that contains $\texttt{JMPREFDATA}$ at the beginning of its data, and the actual code of the object in the first reference (one might say that the first reference of cell $\tilde o$ is the *class* of object $\tilde o$). Remaining data and references of this cell will be used for storing the fields of the object. Such objects have the advantage of being trees of cells, and not just continuations, meaning that they can be stored into the persistent storage of a TON smart contract. ### 4.4.3. Unique continuations and capabilities [#443-unique-continuations-and-capabilities] It might make sense (in a future revision of TVM) to mark some continuations as *unique*, meaning that they cannot be copied, even in a delayed manner, by increasing their reference counter to a value greater than one. If an opaque continuation is unique, it essentially becomes a *capability*, which can either be used by its owner exactly once or be transferred to somebody else. For example, imagine a continuation that [represents](#4-4-1-representing-objects-using-continuations) the output stream to a printer (this is an example of a continuation used as an object). When invoked with one integer argument $n$, this continuation outputs the character with code $n$ to the printer, and returns a new continuation of the same kind reflecting the new state of the stream. Obviously, copying such a continuation and using the two copies in parallel would lead to some unintended side effects; marking it as unique would prohibit such adverse usage. ## 4.5 Exception handling [#45--exception-handling] TVM's exception handling is quite simple and consists in a transfer of control to the continuation kept in control register $\texttt{c2}$. ### 4.5.1. Two arguments of the exception handler: exception parameter and exception number [#451-two-arguments-of-the-exception-handler-exception-parameter-and-exception-number] Every exception is characterized by two arguments: the *exception number* (an *Integer*) and the *exception parameter* (any value, most often a zero *Integer*). Exception numbers 0–31 are reserved for TVM, while all other exception numbers are available for user-defined exceptions. ### 4.5.2. Primitives for throwing an exception [#452-primitives-for-throwing-an-exception] There are several special primitives used for throwing an exception. The most general of them, $\texttt{THROWANY}$, takes two arguments, $v$ and $0\leq n<2^{16}$, from the stack, and throws the exception with number $n$ and value $v$. There are variants of this primitive that assume $v$ to be a zero integer, store $n$ as a literal value, and/or are conditional on an integer value taken from the stack. User-defined exceptions may use arbitrary values as $v$ (e.g., trees of cells) if needed. ### 4.5.3. Exceptions generated by TVM [#453-exceptions-generated-by-tvm] Of course, some exceptions are generated by normal primitives. For example, an arithmetic overflow exception is generated whenever the result of an arithmetic operation does not fit into a signed 257-bit integer. In such cases, the arguments of the exception, $v$ and $n$, are determined by TVM itself. ### 4.5.4. Exception handling [#454-exception-handling] The exception handling itself consists in a control transfer to the exception handler—i.e., the continuation specified in control register $\texttt{c2}$, with $v$ and $n$ supplied as the two arguments to this continuation, as if a $\texttt{JMP}$ to $\texttt{c2}$ had been requested with $n''=2$ arguments ([4.1.7](#4-1-7-determining-the-number-of-arguments-passed-to-the-next-continuation) and [4.1.6](#4-1-6-switching-to-another-continuation:-and)). As a consequence, $v$ and $n$ end up in the top of the stack of the exception handler. The remainder of the old stack is discarded. Notice that if the continuation in $\texttt{c2}$ has a value for $\texttt{c2}$ in its savelist, it will be used to set up the new value of $\texttt{c2}$ before executing the exception handler. In particular, if the exception handler invokes $\texttt{THROWANY}$, it will re-throw the original exception with the restored value of $\texttt{c2}$. This trick enables the exception handler to handle only some exceptions, and pass the rest to an outer exception handler. ### 4.5.5. Default exception handler [#455-default-exception-handler] When an instance of TVM is created, $\texttt{c2}$ contains a reference to the "default exception handler continuation", which is an $\texttt{ec\_fatal}$ [extraordinary continuation](#4-1-5-extraordinary-continuations). Its execution leads to the termination of the execution of TVM, with the arguments $v$ and $n$ of the exception returned to the outside caller. In the context of the TON Blockchain, $n$ will be stored as a part of the transaction's result. ### 4.5.6. $\texttt{TRY}$ primitive [#456-texttttry-primitive] A $\texttt{TRY}$ primitive can be used to implement C++- like exception handling. This primitive accepts two continuations, $c$ and $c'$. It stores the old value of $\texttt{c2}$ into the savelist of $c'$, sets $\texttt{c2}$ to $c'$, and executes $c$ just as $\texttt{EXECUTE}$ would, but additionally saving the old value of $\texttt{c2}$ into the savelist of the new $\texttt{c0}$ as well. Usually a version of the $\texttt{TRY}$ primitive with an explicit number of arguments $n''$ passed to the continuation $c$ is used. The net result is roughly equivalent to C$++$'s $\texttt{try}$ \{ $c$ } $\texttt{catch(...)}$ \{ $c'$ } operator. ### 4.5.7. List of predefined exceptions [#457-list-of-predefined-exceptions] Predefined exceptions of TVM correspond to exception numbers $n$ in the range 0–31. They include: * *Normal termination* ($n=0$) — Should never be generated, but it is useful for some tricks. * *Alternative termination* ($n=1$) — Again, should never be generated. * *Stack underflow* ($n=2$) — Not enough arguments in the stack for a primitive. * *Stack overflow* ($n=3$) — More values have been stored on a stack than allowed by this version of TVM. * *Integer overflow* ($n=4$) — Integer does not fit into $-2^{256}\leq x<2^{256}$, or a division by zero has occurred. * *Range check error* ($n=5$) — Integer out of expected range. * *Invalid opcode* ($n=6$) — Instruction or its immediate arguments cannot be decoded. * *Type check error* ($n=7$) — An argument to a primitive is of incorrect value type. * *Cell overflow* ($n=8$) — Error in one of the serialization primitives. * *Cell underflow* ($n=9$) — Deserialization error. * *Dictionary error* ($n=10$) — Error while deserializing a dictionary object. * *Unknown error* ($n=11$) — Unknown error, may be thrown by user programs. * *Fatal error* ($n=12$) — Thrown by TVM in situations deemed impossible. * *Out of gas* ($n=13$) — Thrown by TVM when the remaining gas ($g_r$) becomes negative. This exception usually cannot be caught and leads to an immediate termination of TVM. Most of these exceptions have no parameter (i.e., use a zero integer instead). The order in which these exceptions are checked is outlined [below](#4-5-8-order-of-stack-underflow,-type-check,-and-range-check-exceptions). ### 4.5.8. Order of stack underflow, type check, and range check exceptions [#458-order-of-stack-underflow-type-check-and-range-check-exceptions] All TVM primitives first check whether the stack contains the required number of arguments, generating a stack underflow exception if this is not the case. Only then are the type tags of the arguments and their ranges (e.g., if a primitive expects an argument not only to be an *Integer*, but also to be in the range from 0 to 256) checked, starting from the value in the top of the stack (the last argument) and proceeding deeper into the stack. If an argument's type is incorrect, a type-checking exception is generated; if the type is correct, but the value does not fall into the expected range, a range check exception is generated. Some primitives accept a variable number of arguments, depending on the values of some small fixed subset of arguments located near the top of the stack. In this case, the above procedure is first run for all arguments from this small subset. Then it is repeated for the remaining arguments, once their number and types have been determined from the arguments already processed. ## 4.6 Functions, recursion, and dictionaries [#46---functions-recursion-and-dictionaries] ### 4.6.1. The problem of recursion [#461-the-problem-of-recursion] The [conditional and iterated](#4-2-control-flow-primitives:-conditional-and-iterated-execution) execution primitives—along with the unconditional branch, call, and return [primitives](#4-1-continuations-and-subroutines)—enable one to implement more or less arbitrary code with nested loops and conditional expressions, with one notable exception: one can only create new constant continuations from parts of the current continuation. (In particular, one cannot invoke a subroutine from itself in this way.) Therefore, the code being executed—i.e., the current continuation—gradually becomes smaller and smaller.^[24](#fn24) ### 4.6.2. Y-combinator solution: pass a continuation as an argument to itself [#462-y-combinator-solution-pass-a-continuation-as-an-argument-to-itself] One way of dealing with the problem of recursion is by passing a copy of the continuation representing the body of a recursive function as an extra argument to itself. Consider, for example, the following code for a factorial function: ``` 71 PUSHINT 1 9C PUSHCONT { 22 PUSH s2 72 PUSHINT 2 B9 LESS DC IFRET 59 ROTREV 21 PUSH s1 A8 MUL 01 SWAP A5 DEC 02 XCHG s2 20 DUP D9 JMPX } 20 DUP D8 EXECUTE 30 DROP 31 NIP ``` This roughly corresponds to defining an auxiliary function $\mathit{body}$ with three arguments $n$, $x$, and $f$, such that $\mathit{body}(n,x,f)$ equals $x$ if $n<2$ and $f(n-1,nx,f)$ otherwise, then invoking $\mathit{body}(n,1,\mathit{body})$ to compute the factorial of $n$. The recursion is then implemented with the aid of the $\texttt{DUP}$; $\texttt{EXECUTE}$ construction, or $\texttt{DUP}$; $\texttt{JMPX}$ in the case of tail recursion. This trick is equivalent to applying $Y$-combinator to a function $\mathit{body}$. ### 4.6.3. A variant of Y-combinator solution [#463-a-variant-of-y-combinator-solution] Another way of recursively computing the factorial, more closely following the classical recursive definition $$ \mathit{fact}(n):=\begin{cases}1&\quad\text{if }n<2,\\n\cdot\mathit{fact}(n-1)&\quad\text{otherwise}\end{cases} \tag{5} $$ is as follows: ```asm 9D PUSHCONT { 21 OVER C102 LESSINT 2 92 PUSHCONT { 5B 2DROP 71 PUSHINT 1 } E0 IFJMP 21 OVER A5 DEC 01 SWAP 20 DUP D8 EXECUTE A8 MUL } 20 DUP D9 JMPX ``` This definition of the factorial function is two bytes shorter than the previous one, but it uses general recursion instead of tail recursion, so it cannot be easily transformed into a loop. ### 4.6.4. Comparison: non-recursive definition of the factorial function [#464-comparison-non-recursive-definition-of-the-factorial-function] Incidentally, a non-recursive definition of the factorial with the aid of a $\texttt{REPEAT}$ loop is also possible, and it is much shorter than both recursive definitions: ```asm 71 PUSHINT 1 01 SWAP 20 DUP 94 PUSHCONT { 66 TUCK A8 MUL 01 SWAP A5 DEC } E4 REPEAT 30 DROP ``` ### 4.6.5. Several mutually recursive functions [#465-several-mutually-recursive-functions] If one has a collection $f_1$, $\ldots$, $f_n$ of mutually recursive functions, one can use the same trick by passing the whole collection of continuations $\{f_i\}$ in the stack as an extra $n$ arguments to each of these functions. However, as $n$ grows, this becomes more and more cumbersome, since one has to reorder these extra arguments in the stack to work with the "true" arguments, and then push their copies into the top of the stack before any recursive call. ### 4.6.6. Combining several functions into one tuple [#466-combining-several-functions-into-one-tuple] One might also combine a collection of continuations representing functions $f_1$, $\ldots$, $f_n$ into a "tuple" ${\mathbf f}:=(f_1,\ldots,f_n)$, and pass this tuple as one stack element ${\mathbf f}$. For instance, when $n\leq4$, each function can be represented by a cell $\tilde f_i$ (along with the tree of cells rooted in this cell), and the tuple may be represented by a cell $\tilde{\mathbf f}$, which has references to its component cells $\tilde f_i$. However, this would lead to the necessity of "unpacking" the needed component from this tuple before each recursive call. ### 4.6.7. Combining several functions into a selector function [#467-combining-several-functions-into-a-selector-function] Another approach is to combine several functions $f_1$, $\ldots$, $f_n$ into one "selector function" $f$, which takes an extra argument $i$, $1\leq i\leq n$, from the top of the stack, and invokes the appropriate function $f_i$. Stack machines such as TVM are well-suited to this approach, because they do not require the functions $f_i$ to have the same number and types of arguments. Using this approach, one would need to pass only one extra argument, $f$, to each of these functions, and push into the stack an extra argument $i$ before each recursive call to $f$ to select the correct function to be called. ### 4.6.8. Using a dedicated register to keep the selector function [#468-using-a-dedicated-register-to-keep-the-selector-function] However, even if we use one of the two previous approaches to combine all functions into one extra argument, passing this argument to all mutually recursive functions is still quite cumbersome and requires a lot of additional stack manipulation operations. Because this argument changes very rarely, one might use a dedicated register to keep it and transparently pass it to all functions called. This is the approach used by TVM by default. ### 4.6.9. Special register $c3$ for the selector function [#469-special-register-c3-for-the-selector-function] In fact, TVM uses a dedicated register $\texttt{c3}$ to keep the continuation representing the current or global "selector function", which can be used to invoke any of a family of mutually recursive functions. [Special primitives](#a-8-7-dictionary-subroutine-calls-and-jumps) $\texttt{CALL}$ $nn$ or $\texttt{CALLDICT}$ $nn$ are equivalent to $\texttt{PUSHINT}$ $nn$; $\texttt{PUSH c3}$; $\texttt{EXECUTE}$, and similarly $\texttt{JMP}$ $nn$ or $\texttt{JMPDICT}$ $nn$ are equivalent to $\texttt{PUSHINT}$ $nn$; $\texttt{PUSH c3}$; $\texttt{JMPX}$. In this way a TVM program, which ultimately is a large collection of mutually recursive functions, may initialize $\texttt{c3}$ with the correct selector function representing the family of all the functions in the program, and then use $\texttt{CALL}$ $nn$ to invoke any of these functions by its index (sometimes also called the *selector* of a function). ### 4.6.10. Initialization of $c3$ [#4610-initialization-of-c3] A TVM program might initialize $\texttt{c3}$ by means of a $\texttt{POP c3}$ instruction. However, because this usually is the very first action undertaken by a program (e.g., a smart contract), TVM makes some provisions for the automatic initialization of $\texttt{c3}$. Namely, $\texttt{c3}$ is initialized by the code (the initial value of $\texttt{cc}$) of the program itself, and an extra zero (or, in some cases, some other predefined number $s$) is pushed into the stack before the program's execution. This is approximately equivalent to invoking $\texttt{JMPDICT 0}$ (or $\texttt{JMPDICT}$ $s$) at the very beginning of a program—i.e., the function with index zero is effectively the `main()` function for the program. ### 4.6.11. Creating selector functions and $\texttt{switch}$ statements [#4611-creating-selector-functions-and-textttswitch-statements] TVM makes special provisions for simple and concise implementation of selector functions (which usually constitute the top level of a TVM program) or, more generally, arbitrary `switch` or `case` statements (which are also useful in TVM programs). The most important [primitives](#a-8-2-conditional-control-flow-primitives) included for this purpose are $\texttt{IFBITJMP}$, $\texttt{IFNBITJMP}$, $\texttt{IFBITJMPREF}$, and $\texttt{IFNBITJMPREF}$. They effectively enable one to combine subroutines, kept either in separate cells or as subslices of certain cells, into a binary decision tree with decisions made according to the indicated bits of the integer passed in the top of the stack. Another instruction, useful for the implementation of [sum-product](#a-7-2-cell-deserialization-primitives) types, is $\texttt{PLDUZ}$. This instruction preloads the first several bits of a *Slice* into an *Integer*, which can later be inspected by $\texttt{IFBITJMP}$ and other similar instructions. ### 4.6.12. Alternative: using a hashmap to select the correct function [#4612-alternative-using-a-hashmap-to-select-the-correct-function] Yet another alternative is to use a [Hashmap](#3-3-hashmaps%2C-or-dictionaries) to hold the "collection" or "dictionary" of the code of all functions in a program, and use the [hashmap lookup primitives](#a-10-dictionary-manipulation-primitives) to select the code of the required function, which can then be $\texttt{BLESS}$ed into a [continuation](#a-8-5-creating-simple-continuations-and-closures) and executed. Special combined "lookup, bless, and execute" primitives, such as $\texttt{DICTIGETJMP}$ and $\texttt{DICTIGETEXEC}$, are also [available](#a-10-11-special-dictionary-and-prefix-code-dictionary-operations%2C-and-constant-dictionaries). This approach may be more efficient for larger programs and `switch` statements. *** # 5. Codepages and instruction encoding [#5-codepages-and-instruction-encoding] This chapter describes the codepage mechanism, which allows TVM to be flexible and extendable while preserving backward compatibility with respect to previously generated code. We also discuss some general considerations about instruction encodings (applicable to arbitrary machine code, not just TVM), as well as the implications of these considerations for TVM and the choices made while designing TVM's (experimental) codepage zero. The instruction encodings themselves are presented later in [Appendix A](#a-instructions-and-opcodes). ## 5.1 Codepages and interoperability of different TVM versions [#51---codepages-and-interoperability-of-different-tvm-versions] The *codepages* are an essential mechanism of backward compatibility and of future extensions to TVM. They enable transparent execution of code written for different revisions of TVM, with transparent interaction between instances of such code. The mechanism of the codepages, however, is general and powerful enough to enable some other originally unintended applications. ### 5.1.1. Codepages in continuations [#511-codepages-in-continuations] Every [ordinary continuation](#4-1-1-ordinary-continuations) contains a 16-bit *codepage* field $\texttt{cp}$, which determines the codepage that will be used to execute its code. If a [continuation](#4-2-3-constant%2C-or-literal%2C-continuations) is created by a $\texttt{PUSHCONT}$ or similar primitive, it usually inherits the current codepage (i.e., the codepage of $\texttt{cc}$).^[25](#fn25) ### 5.1.2. Current codepage [#512-current-codepage] The [current codepage](#1-4-total-state-of-tvm-scccg) $\texttt{cp}$ is the codepage of the current continuation $\texttt{cc}$. It determines the way the next instruction will be decoded from $\texttt{cc.code}$, the remainder of the current continuation's code. Once the instruction has been decoded and executed, it determines the next value of the current codepage. In most cases, the current codepage is left unchanged. On the other hand, all primitives that switch the current continuation load the new value of $\texttt{cp}$ from the new current continuation. In this way, all code in continuations is always interpreted exactly as it was intended to be. ### 5.1.3. Different versions of TVM may use different codepages [#513-different-versions-of-tvm-may-use-different-codepages] Different versions of TVM may use different codepages for their code. For example, the original version of TVM might use codepage zero. A newer version might use codepage one, which contains all the previously defined opcodes, along with some newly defined ones, using some of the previously unused opcode space. A subsequent version might use yet another codepage, and so on. However, a newer version of TVM will execute old code for codepage zero exactly as before. If the old code contained an opcode used for some new operations that were undefined in the original version of TVM, it will still generate an invalid opcode exception, because the new operations are absent in codepage zero. ### 5.1.4. Changing the behavior of old operations [#514-changing-the-behavior-of-old-operations] New codepages can also change the effects of some operations present in the old codepages while preserving their opcodes and mnemonics. For example, imagine a future 513-bit upgrade of TVM (replacing the current 257-bit design). It might use a 513-bit *Integer* type within the same arithmetic primitives as before. However, while the opcodes and instructions in the new codepage would look exactly like the old ones, they would work differently, accepting 513-bit integer arguments and results. On the other hand, during the execution of the same code in codepage zero, the new machine would generate exceptions whenever the integers used in arithmetic and other primitives do not fit into 257 bits.^[26](#fn26) In this way, the upgrade would not change the behavior of the old code. ### 5.1.5. Improving instruction encoding [#515-improving-instruction-encoding] Another application for codepages is to change instruction encodings, reflecting improved knowledge of the actual frequencies of such instructions in the code base. In this case, the new codepage will have exactly the same instructions as the old one, but with different encodings, potentially of differing lengths. For example, one might create an experimental version of the first version of TVM, using a (prefix) bitcode instead of the original bytecode, aiming to achieve higher code density. ### 5.1.6. Making instruction encoding context-dependent [#516-making-instruction-encoding-context-dependent] Another way of using codepages to improve code density is to use several codepages with different subsets of the whole instruction set defined in each of them, or with the whole instruction set defined, but with different length encodings for the same instructions in different codepages. Imagine, for instance, a "stack manipulation" codepage, where stack manipulation primitives have short encodings at the expense of all other operations, and a "data processing" codepage, where all other operations are shorter at the expense of stack manipulation operations. If stack manipulation operations tend to come one after another, we can automatically switch to "stack manipulation" codepage after executing any such instruction. When a data processing instruction occurs, we switch back to "data processing" codepage. If conditional probabilities of the class of the next instruction depending on the class of the previous instruction are considerably different from corresponding unconditional probabilities, this technique—automatically switching into stack manipulation mode to rearrange the stack with shorter instructions, then switching back—might considerably improve the code density. ### 5.1.7. Using codepages for status and control flags [#517-using-codepages-for-status-and-control-flags] Another potential application of multiple codepages inside the same revision of TVM consists in switching between several codepages depending on the result of the execution of some instructions. For example, imagine a version of TVM that uses two new codepages, 2 and 3. Most operations do not change the current codepage. However, the integer comparison operations will switch to codepage 2 if the condition is false, and to codepage 3 if it is true. Furthermore, a new operation $\texttt{?EXECUTE}$, similar to $\texttt{EXECUTE}$, will indeed be equivalent to $\texttt{EXECUTE}$ in codepage 3, but will instead be a $\texttt{DROP}$ in codepage 2. Such a trick effectively uses bit 0 of the current codepage as a status flag. Alternatively, one might create a couple of codepages—say, 4 and 5—which differ only in their cell deserialisation primitives. For instance, in codepage 4 they might work as before, while in codepage 5 they might deserialize data not from the beginning of a *Slice*, but from its end. Two new instructions—say, $\texttt{CLD}$ and $\texttt{STD}$—might be used for switching to codepage 4 or codepage 5. Clearly, we have now described a status flag, affecting the execution of some instructions in a certain new manner. ### 5.1.8. Setting the codepage in the code itself [#518-setting-the-codepage-in-the-code-itself] For convenience, we reserve some opcode in all [codepages](#a-13-codepage-primitives)—say, $\texttt{FF}$ $n$—for the instruction $\texttt{SETCP}$ $n$, with $n$ from 0 to 255. Then by inserting such an instruction into the very beginning of (the main function of) a program (e.g., a TON Blockchain smart contract) or a library function, we can ensure that the code will always be executed in the intended codepage. ## 5.2 Instruction encoding [#52--instruction-encoding] This section discusses the general principles of instruction encoding valid for all codepages and all versions of TVM. Later, [5.3](#5-3-instruction-encoding-in-codepage-zero) discusses the choices made for the experimental "codepage zero". ### 5.2.1. Instructions are encoded by a binary prefix code [#521-instructions-are-encoded-by-a-binary-prefix-code] All complete instructions (i.e., instructions along with all their parameters, such as the names of stack registers $s(i)$ or other embedded constants) of a TVM codepage are encoded by a *binary prefix code*. This means that a (finite) binary string (i.e., a bitstring) corresponds to each complete instruction, in such a way that binary strings corresponding to different complete instructions do not coincide, and no binary string among the chosen subset is a prefix of another binary string from this subset. ### 5.2.2. Determining the first instruction from a code stream [#522-determining-the-first-instruction-from-a-code-stream] As a consequence of this encoding method, any binary string admits at most one prefix, which is an encoding of some complete instruction. In particular, the code $\texttt{cc.code}$ of the current continuation (which is a *Slice*, and thus a bitstring along with some cell references) admits at most one such prefix, which corresponds to the (uniquely determined) instruction that TVM will execute first. After execution, this prefix is removed from the code of the current continuation, and the next instruction can be decoded. ### 5.2.3. Invalid opcode [#523-invalid-opcode] If no prefix of $\texttt{cc.code}$ encodes a valid instruction in the current codepage, an invalid opcode [exception](#4-5-7-list-of-predefined-exceptions) is generated. However, the case of an empty $\texttt{cc.code}$ is treated [separately](#4-1-4-normal-work-of-tvm%2C-or-the-main-loop) (the exact behavior may depend on the current codepage). ### 5.2.4. Special case: end-of-code padding [#524-special-case-end-of-code-padding] As an exception to the above rule, some codepages may accept some values of $\texttt{cc.code}$ that are too short to be valid instruction encodings as additional variants of $\texttt{NOP}$, thus effectively using the same procedure for them as for an empty $\texttt{cc.code}$. Such bitstrings may be used for padding the code near its end. For example, if [binary string](#1-0-3-emphasizing-that-a-string-is-a-hexadecimal-representation-of-a-bitstring) $\texttt{00000000}$ (i.e., $\texttt{x00}$, is used in a codepage to encode $\texttt{NOP}$, its proper prefixes cannot encode any instructions. So this codepage may accept $\texttt{0}$, $\texttt{00}$, $\texttt{000}$, $\ldots$, $\texttt{0000000}$ as variants of $\texttt{NOP}$ if this is all that is left in $\texttt{cc.code}$, instead of generating an invalid opcode exception. Such a padding may be useful, for example, if the $\texttt{PUSHCONT}$ primitive creates only [continuations](#4-2-3-constant%2C-or-literal%2C-continuations) with code consisting of an integral number of bytes, but not all instructions are encoded by an integral number of bytes. ### 5.2.5. TVM code is a bitcode, not a bytecode [#525-tvm-code-is-a-bitcode-not-a-bytecode] Recall that TVM is a bit-oriented machine in the sense that its *Cell*s (and *Slice*s) are naturally considered as [sequences of bits](#3-2-5-cells-and-cell-primitives-are-bit-oriented,-not-byte-oriented), not just of octets (bytes). Because the TVM code is also kept in cells ([3.1.9](#3-1-9-tvm-code-is-a-tree-of-cells) and [4.1.4](#4-1-4-normal-work-of-tvm%2C-or-the-main-loop)), there is no reason to use only bitstrings of length divisible by eight as encodings of complete instructions. In other words, generally speaking, *the TVM code is a bitcode, not a bytecode*. That said, some codepages (such as our experimental codepage zero) may opt to use a bytecode (i.e., to use only encodings consisting of an integral number of bytes)—either for simplicity, or for the ease of debugging and of studying memory (i.e., cell) dumps.^[27](#fn27) ### 5.2.6. Opcode space used by a complete instruction [#526-opcode-space-used-by-a-complete-instruction] Recall from coding theory that the lengths of bitstrings $l_i$ used in a binary prefix code satisfy Kraft–McMillan inequality $\sum_i2^{-l_i}\leq1$. This is applicable in particular to the (complete) instruction encoding used by a TVM codepage. We say that *a particular complete instruction* (or, more precisely, *the encoding of a complete instruction*) *utilizes the portion $2^{-l}$ of the opcode space*, if it is encoded by an $l$-bit string. One can see that all complete instructions together utilize at most $1$ (i.e., "at most the whole opcode space"). ### 5.2.7. Opcode space used by an instruction, or a class of instructions [#527-opcode-space-used-by-an-instruction-or-a-class-of-instructions] The above terminology is extended to instructions (considered with all admissible values of their parameters), or even classes of instructions (e.g., all arithmetic instructions). We say that an (incomplete) instruction, or a class of instructions, occupies portion $\alpha$ of the opcode space, if $\alpha$ is the sum of the portions of the opcode space occupied by all complete instructions belonging to that class. ### 5.2.8. Opcode space for bytecodes [#528-opcode-space-for-bytecodes] A useful approximation of the above definitions is as follows: Consider all 256 possible values for the first byte of an instruction encoding. Suppose that $k$ of these values correspond to the specific instruction or class of instructions we are considering. Then this instruction or class of instructions occupies approximately the portion $k/256$ of the opcode space. This approximation shows why all instructions cannot occupy together more than the portion $256/256=1$ of the opcode space, at least without compromising the uniqueness of instruction decoding. ### 5.2.9. Almost optimal encodings [#529-almost-optimal-encodings] Coding theory tells us that in an optimally dense encoding, the portion of the opcode space used by a complete instruction ($2^{-l}$, if the complete instruction is encoded in $l$ bits) should be approximately equal to the probability or frequency of its occurrence in real programs.^[28](#fn28) The same should hold for (incomplete) instructions, or primitives (i.e., generic instructions without specified values of parameters), and for classes of instructions. ### 5.2.10. Example: stack manipulation primitives [#5210-example-stack-manipulation-primitives] For instance, if stack manipulation instructions constitute approximately half of all instructions in a typical TVM program, one should allocate approximately half of the opcode space for encoding stack manipulation instructions. One might reserve the first bytes ("opcodes") $\texttt{0x00}$-$\texttt{0x7f}$ for such instructions. If a quarter of these instructions are $\texttt{XCHG}$, it would make sense to reserve $\texttt{0x00}$-$\texttt{0x1f}$ for $\texttt{XCHG}$s. Similarly, if half of all $\texttt{XCHG}$s involve the top of stack $\texttt{s0}$, it would make sense to use $\texttt{0x00}$-$\texttt{0x0f}$ to encode $\texttt{XCHG s0,s}(i)$. ### 5.2.11. Simple encodings of instructions [#5211-simple-encodings-of-instructions] In most cases, *simple* encodings of complete instructions are used. Simple encodings begin with a fixed bitstring called the *opcode* of the instruction, followed by, say, 4-bit fields containing the indices $i$ of stack registers $\texttt{s}(i)$ specified in the instruction, followed by all other constant (literal, immediate) parameters included in the complete instruction. While simple encodings may not be exactly optimal, they admit short descriptions, and their decoding and encoding can be easily implemented. If a (generic) instruction uses a simple encoding with an $l$-bit opcode, then the instruction will utilize $2^{-l}$ portion of the opcode space. This observation might be useful for considerations described in [5.2.9](#5-2-9-almost-optimal-encodings) and [5.2.10](#5-2-10-example:-stack-manipulation-primitives). ### 5.2.12. Optimizing code density further: Huffman codes [#5212-optimizing-code-density-further-huffman-codes] One might construct optimally dense binary code for the set of all complete instructions, provided their probabilities or frequences in real code are known. This is the well-known Huffman code (for the given probability distribution). However, such code would be highly unsystematic and hard to decode. ### 5.2.13. Practical instruction encodings [#5213-practical-instruction-encodings] In practice, instruction encodings used in TVM and other virtual machines offer a compromise between code density and ease of encoding and decoding. Such a compromise may be achieved by selecting [simple encodings](#5-2-11-simple-encodings-of-instructions) for all instructions (maybe with separate simple encodings for some often used variants, such as $\texttt{XCHG s0,s}(i)$ among all $\texttt{XCHG s}(i)\texttt{,s}(j)$), and allocating opcode space for such simple encodings using the heuristics outlined in [5.2.9](#5-2-9-almost-optimal-encodings) and [5.2.10](#5-2-10-example:-stack-manipulation-primitives); this is the approach currently used in TVM. *** ## 5.3 Instruction encoding in codepage zero [#53---instruction-encoding-in-codepage-zero] This section provides details about the experimental instruction encoding for codepage zero, as described elsewhere in this [document](#a-instructions-and-opcodes) and used in the preliminary test version of TVM. ### 5.3.1. Upgradability [#531-upgradability] First of all, even if this preliminary version somehow gets into the production version of the TON Blockchain, the [codepage mechanism](#5-1-codepages-and-interoperability-of-different-tvm-versions) enables us to introduce better versions later without compromising backward compatibility.^[29](#fn29) So in the meantime, we are free to experiment. ### 5.3.2. Choice of instructions [#532-choice-of-instructions] We opted to include many "experimental" and not strictly necessary instructions in codepage zero just to see how they might be used in real code. For example, we have both the [basic](#2-2-1-basic-stack-manipulation-primitives) and the [compound](#2-2-3-compound-stack-manipulation-primitives) stack manipulation primitives, as well as some "unsystematic" ones such as $\texttt{ROT}$ (mostly borrowed from Forth). If such primitives are rarely used, their inclusion just wastes some part of the opcode space and makes the encodings of other instructions slightly less effective, something we can afford at this stage of TVM's development. ### 5.3.3. Using experimental instructions [#533-using-experimental-instructions] Some of these experimental instructions have been assigned quite long opcodes, just to fit more of them into the opcode space. One should not be afraid to use them just because they are long; if these instructions turn out to be useful, they will receive shorter opcodes in future revisions. Codepage zero is not meant to be fine-tuned in this respect. ### 5.3.4. Choice of bytecode [#534-choice-of-bytecode] We opted to use a bytecode (i.e., to use encodings of complete instructions of lengths divisible by eight). While this may not produce optimal code density, because such a length restriction makes it more difficult to match portions of opcode space used for the encoding of instructions with estimated frequencies of these instructions in TVM code [5.2.11](#5-2-11-simple-encodings-of-instructions) and [5.2.9](#5-2-9-almost-optimal-encodings)), such an approach has its advantages: it admits a simpler instruction decoder and simplifies [debugging](#5-2-5-tvm-code-is-a-bitcode%2C-not-a-bytecode). After all, we do not have enough data on the relative frequencies of different instructions right now, so our code density optimizations are likely to be very approximate at this stage. The ease of debugging and experimenting and the simplicity of implementation are more important at this point. ### 5.3.5. Simple encodings for all instructions [#535-simple-encodings-for-all-instructions] For similar reasons, we opted to use simple encodings for all instructions ([5.2.11](#5-2-11-simple-encodings-of-instructions) and [5.2.13](#5-2-13-practical-instruction-encodings)), with separate [simple encodings](#5-2-13-practical-instruction-encodings) for some very frequently used subcases. That said, we tried to distribute opcode space using the heuristics described in [5.2.9](#5-2-9-almost-optimal-encodings) and [5.2.10](#5-2-10-example:-stack-manipulation-primitives). ### 5.3.6. Lack of context-dependent encodings [#536-lack-of-context-dependent-encodings] This version of TVM also does not use [context-dependent encodings](#5-1-6-making-instruction-encoding-context-dependent). They may be added at a later stage, if deemed useful. ### 5.3.7. The list of all instructions [#537-the-list-of-all-instructions] The list of all instructions available in codepage zero, along with their encodings and (in some cases) short descriptions, may be found in [Appendix A](#a-instructions-and-opcodes). *** # A Instructions and opcodes [#a---instructions-and-opcodes] This appendix lists all [instructions](#5-3-instruction-encoding-in-codepage-zero) available in the (experimental) codepage zero of TVM. We list the instructions in lexicographical opcode order. However, the opcode space is distributed in such way as to make all instructions in each category (e.g., arithmetic primitives) have neighboring opcodes. So we first list a number of stack manipulation primitives, then constant primitives, arithmetic primitives, comparison primitives, cell primitives, continuation primitives, dictionary primitives, and finally application-specific primitives. We use [hexadecimal notation](#1-0-notation-for-bitstrings) for bitstrings. Stack registers $\texttt{s}(i)$ usually have $0\leq i\leq 15$, and $i$ is encoded in a 4-bit field (or, on a few rare occasions, in an 8-bit field). Other immediate parameters are usually 4-bit, 8-bit, or variable length. The [stack notation](#2-1-10-stack-notation) is extensively used throughout this appendix. ## A.1 Gas prices [#a1--gas-prices] The gas price for most primitives equals the *basic gas price*, computed as $P_b:=10+b+5r$, where $b$ is the instruction length in bits and $r$ is the number of cell references included in the instruction. When the gas price of an instruction differs from this basic price, it is indicated in parentheses after its mnemonics, either as *($x$)*, meaning that the total gas price equals $x$, or as *(+$x$)*, meaning $P_b+x$. Apart from integer constants, the following expressions may appear: * $C_r$ — The total price of "reading" cells (i.e., transforming cell references into cell slices). Currently equal to 100 or 25 gas units per cell depending on whether it is the first time a cell with this hash is being "read" during the current run of the VM or not. * $L$ — The total price of loading cells. Depends on the loading action required. * $B_w$ — The total price of creating new *Builder*s. Currently equal to 0 gas units per builder. * $C_w$ — The total price of creating new *Cell*s from *Builder*s. Currently equal to 500 gas units per cell. By default, the gas price of an instruction equals $P:=P_b+C_r+L+B_w+C_w$. ## A.2 Stack manipulation primitives [#a2---stack-manipulation-primitives] This section includes both the [basic](#2-2-1-basic-stack-manipulation-primitives) and the [compound](#2-2-3-compound-stack-manipulation-primitives) stack manipulation primitives, as well as some "unsystematic" ones. Some compound stack manipulation primitives, such as $\texttt{XCPU}$ or $\texttt{XCHG2}$, turn out to have the same length as an equivalent sequence of simpler operations. We have included these primitives regardless, so that they can easily be allocated shorter opcodes in a future revision of TVM—or removed for good. Some stack manipulation instructions have two mnemonics: one Forth-style (e.g., $\texttt{-ROT}$), the other conforming to the usual rules for identifiers (e.g., $\texttt{ROTREV}$). Whenever a stack manipulation primitive (e.g., $\texttt{PICK}$) accepts an integer parameter $n$ from the stack, it must be within the range $0\ldots255$; otherwise a range check exception happens before any further checks. ### A.2.1. Basic stack manipulation primitives [#a21-basic-stack-manipulation-primitives] * $\texttt{00}$ — $\texttt{NOP}$, does nothing. * $\texttt{01}$ — $\texttt{XCHG s1}$, also known as $\texttt{SWAP}$. * $\texttt{0}i$ — $\texttt{XCHG s}(i)$ or $\texttt{XCHG s0,s}(i)$, interchanges the top of the stack with $\texttt{s}(i)$, $1\leq i\leq 15$. * $\texttt{10}ij$ — $\texttt{XCHG s}(i)\texttt{,s}(j)$, $1\leq i0$. * $\texttt{B9}$ — $\texttt{LESS}$ ($x$ $y$ -- $xy$). * $\texttt{BD}$ — $\texttt{NEQ}$ ($x$ $y$ -- $x\neq y$), equivalent to $\texttt{EQUAL}$; $\texttt{NOT}$. * $\texttt{BE}$ — $\texttt{GEQ}$ ($x$ $y$ -- $x\geq y$), equivalent to $\texttt{LESS}$; $\texttt{NOT}$. * $\texttt{BF}$ — $\texttt{CMP}$ ($x$ $y$ -- $\text{sgn}(x-y)$), computes the sign of $x-y$: $-1$ if $xy$. No integer overflow can occur here unless $x$ or $y$ is a $\texttt{NaN}$. * $\texttt{C0}yy$ — $\texttt{EQINT}$ $yy$ ($x$ -- $x=yy$) for $-2^7\leq yy<2^7$. * $\texttt{C000}$ — $\texttt{ISZERO}$, checks whether an integer is zero. Corresponds to Forth's $\texttt{0=}$. * $\texttt{C1}yy$ — $\texttt{LESSINT}$ $yy$ ($x$ -- $xyy$) for $-2^7\leq yy<2^7$. * $\texttt{C200}$ — $\texttt{ISPOS}$, checks whether an integer is positive. Corresponds to Forth's $\texttt{0>}$. * $\texttt{C2FF}$ — $\texttt{ISNNEG}$, checks whether an integer is non-negative. * $\texttt{C3}yy$ — $\texttt{NEQINT}$ $yy$ ($x$ -- $x\neq yy$) for $-2^7\leq yy<2^7$. * $\texttt{C4}$ — $\texttt{ISNAN}$ ($x$ -- $x=\texttt{NaN}$), checks whether $x$ is a $\texttt{NaN}$. * $\texttt{C5}$ — $\texttt{CHKNAN}$ ($x$ -- $x$), throws an arithmetic overflow exception if $x$ is a $\texttt{NaN}$. * $\texttt{C6}$ — reserved for integer comparison. ### A.6.2. Other comparison [#a62-other-comparison] Most of these "other comparison" primitives actually compare the data portions of *Slice*s as bitstrings. * $\texttt{C700}$ — $\texttt{SEMPTY}$ ($s$ -- $s=\emptyset$), checks whether a *Slice* $s$ is empty (i.e., contains no bits of data and no cell references). * $\texttt{C701}$ — $\texttt{SDEMPTY}$ ($s$ -- $s\approx\emptyset$), checks whether *Slice* $s$ has no bits of data. * $\texttt{C702}$ — $\texttt{SREMPTY}$ ($s$ -- $r(s)=0$), checks whether *Slice* $s$ has no references. * $\texttt{C703}$ — $\texttt{SDFIRST}$ ($s$ -- $s_0=1$), checks whether the first bit of *Slice* $s$ is a one. * $\texttt{C704}$ — $\texttt{SDLEXCMP}$ ($s$ $s'$ -- $c$), compares the data of $s$ lexicographically with the data of $s'$, returning $-1$, 0, or 1 depending on the result. * $\texttt{C705}$ — $\texttt{SDEQ}$ ($s$ $s'$ -- $s\approx s'$), checks whether the data parts of $s$ and $s'$ coincide, equivalent to $\texttt{SDLEXCMP}$; $\texttt{ISZERO}$. * $\texttt{C708}$ — $\texttt{SDPFX}$ ($s$ $s'$ -- $?$), checks whether $s$ is a prefix of $s'$. * $\texttt{C709}$ — $\texttt{SDPFXREV}$ ($s$ $s'$ -- $?$), checks whether $s'$ is a prefix of $s$, equivalent to $\texttt{SWAP}$; $\texttt{SDPFX}$. * $\texttt{C70A}$ — $\texttt{SDPPFX}$ ($s$ $s'$ -- $?$), checks whether $s$ is a proper prefix of $s'$ (i.e., a prefix distinct from $s'$). * $\texttt{C70B}$ — $\texttt{SDPPFXREV}$ ($s$ $s'$ -- $?$), checks whether $s'$ is a proper prefix of $s$. * $\texttt{C70C}$ — $\texttt{SDSFX}$ ($s$ $s'$ -- $?$), checks whether $s$ is a suffix of $s'$. * $\texttt{C70D}$ — $\texttt{SDSFXREV}$ ($s$ $s'$ -- $?$), checks whether $s'$ is a suffix of $s$. * $\texttt{C70E}$ — $\texttt{SDPSFX}$ ($s$ $s'$ -- $?$), checks whether $s$ is a proper suffix of $s'$. * $\texttt{C70F}$ — $\texttt{SDPSFXREV}$ ($s$ $s'$ -- $?$), checks whether $s'$ is a proper suffix of $s$. * $\texttt{C710}$ — $\texttt{SDCNTLEAD0}$ ($s$ -- $n$), returns the number of leading zeroes in $s$. * $\texttt{C711}$ — $\texttt{SDCNTLEAD1}$ ($s$ -- $n$), returns the number of leading ones in $s$. * $\texttt{C712}$ — $\texttt{SDCNTTRAIL0}$ ($s$ -- $n$), returns the number of trailing zeroes in $s$. * $\texttt{C713}$ — $\texttt{SDCNTTRAIL1}$ ($s$ -- $n$), returns the number of trailing ones in $s$. ## A.7 Cell primitives [#a7-cell-primitives] The cell primitives are mostly either *cell serialization primitives*, which work with *Builder*s, or *cell deserialization primitives*, which work with *Slice*s. ### A.7.1. Cell serialization primitives [#a71-cell-serialization-primitives] All these primitives first check whether there is enough space in the Builder, and only then check the range of the value being serialized. * $\texttt{C8}$ — $\texttt{NEWC}$ ( -- $b$), creates a new empty *Builder*. * $\texttt{C9}$ — $\texttt{ENDC}$ ($b$ -- $c$), converts a *Builder* into an ordinary *Cell*. * $\texttt{CA}cc$ — $\texttt{STI}$ $cc+1$ ($x$ $b$ -- $b'$), stores a signed $cc+1$-bit integer $x$ into *Builder* $b$ for $0\leq cc\leq 255$, throws a range check exception if $x$ does not fit into $cc+1$ bits. * $\texttt{CB}cc$ — $\texttt{STU}$ $cc+1$ ($x$ $b$ -- $b'$), stores an unsigned $cc+1$-bit integer $x$ into *Builder* $b$. In all other respects it is similar to $\texttt{STI}$. * $\texttt{CC}$ — $\texttt{STREF}$ ($c$ $b$ -- $b'$), stores a reference to *Cell* $c$ into *Builder* $b$. * $\texttt{CD}$ — $\texttt{STBREFR}$ or $\texttt{ENDCST}$ ($b$ $b''$ -- $b$), equivalent to $\texttt{ENDC}$; $\texttt{SWAP}$; $\texttt{STREF}$. * $\texttt{CE}$ — $\texttt{STSLICE}$ ($s$ $b$ -- $b'$), stores *Slice* $s$ into *Builder* $b$. * $\texttt{CF00}$ — $\texttt{STIX}$ ($x$ $b$ $l$ -- $b'$), stores a signed $l$-bit integer $x$ into $b$ for $0\leq l\leq 257$. * $\texttt{CF01}$ — $\texttt{STUX}$ ($x$ $b$ $l$ -- $b'$), stores an unsigned $l$-bit integer $x$ into $b$ for $0\leq l\leq 256$. * $\texttt{CF02}$ — $\texttt{STIXR}$ ($b$ $x$ $l$ -- $b'$), similar to $\texttt{STIX}$, but with arguments in a different order. * $\texttt{CF03}$ — $\texttt{STUXR}$ ($b$ $x$ $l$ -- $b'$), similar to $\texttt{STUX}$, but with arguments in a different order. * $\texttt{CF04}$ — $\texttt{STIXQ}$ ($x$ $b$ $l$ -- $x$ $b$ $f$ or $b'$ $0$), a quiet version of $\texttt{STIX}$. If there is no space in $b$, sets $b'=b$ and $f=-1$. If $x$ does not fit into $l$ bits, sets $b'=b$ and $f=1$. If the operation succeeds, $b'$ is the new *Builder* and $f=0$. However, $0\leq l\leq 257$, with a range check exception if this is not so. * $\texttt{CF05}$ — $\texttt{STUXQ}$ ($x$ $b$ $l$ -- $b'$ $f$). * $\texttt{CF06}$ — $\texttt{STIXRQ}$ ($b$ $x$ $l$ -- $b$ $x$ $f$ or $b'$ $0$). * $\texttt{CF07}$ — $\texttt{STUXRQ}$ ($b$ $x$ $l$ -- $b$ $x$ $f$ or $b'$ $0$). * $\texttt{CF08}cc$ — a longer version of $\texttt{STI}$ $cc+1$. * $\texttt{CF09}cc$ — a longer version of $\texttt{STU}$ $cc+1$. * $\texttt{CF0A}cc$ — $\texttt{STIR}$ $cc+1$ ($b$ $x$ -- $b'$), equivalent to $\texttt{SWAP}$; $\texttt{STI}$ $cc+1$. * $\texttt{CF0B}cc$ — $\texttt{STUR}$ $cc+1$ ($b$ $x$ -- $b'$), equivalent to $\texttt{SWAP}$; $\texttt{STU}$ $cc+1$. * $\texttt{CF0C}cc$ — $\texttt{STIQ}$ $cc+1$ ($x$ $b$ -- $x$ $b$ $f$ or $b'$ $0$). * $\texttt{CF0D}cc$ — $\texttt{STUQ}$ $cc+1$ ($x$ $b$ -- $x$ $b$ $f$ or $b'$ $0$). * $\texttt{CF0E}cc$ — $\texttt{STIRQ}$ $cc+1$ ($b$ $x$ -- $b$ $x$ $f$ or $b'$ $0$). * $\texttt{CF0F}cc$ — $\texttt{STURQ}$ $cc+1$ ($b$ $x$ -- $b$ $x$ $f$ or $b'$ $0$). * $\texttt{CF10}$ — a longer version of $\texttt{STREF}$ ($c$ $b$ -- $b'$). * $\texttt{CF11}$ — $\texttt{STBREF}$ ($b'$ $b$ -- $b''$), equivalent to $\texttt{SWAP}$; $\texttt{STBREFREV}$. * $\texttt{CF12}$ — a longer version of $\texttt{STSLICE}$ ($s$ $b$ -- $b'$). * $\texttt{CF13}$ — $\texttt{STB}$ ($b'$ $b$ -- $b''$), appends all data from *Builder* $b'$ to *Builder* $b$. * $\texttt{CF14}$ — $\texttt{STREFR}$ ($b$ $c$ -- $b'$). * $\texttt{CF15}$ — $\texttt{STBREFR}$ ($b$ $b'$ -- $b''$), a longer encoding of $\texttt{STBREFR}$. * $\texttt{CF16}$ — $\texttt{STSLICER}$ ($b$ $s$ -- $b'$). * $\texttt{CF17}$ — $\texttt{STBR}$ ($b$ $b'$ -- $b''$), concatenates two *Builder*s, equivalent to $\texttt{SWAP}$; $\texttt{STB}$. * $\texttt{CF18}$ — $\texttt{STREFQ}$ ($c$ $b$ -- $c$ $b$ $-1$ or $b'$ $0$). * $\texttt{CF19}$ — $\texttt{STBREFQ}$ ($b'$ $b$ -- $b'$ $b$ $-1$ or $b''$ $0$). * $\texttt{CF1A}$ — $\texttt{STSLICEQ}$ ($s$ $b$ -- $s$ $b$ $-1$ or $b'$ $0$). * $\texttt{CF1B}$ — $\texttt{STBQ}$ ($b'$ $b$ -- $b'$ $b$ $-1$ or $b''$ $0$). * $\texttt{CF1C}$ — $\texttt{STREFRQ}$ ($b$ $c$ -- $b$ $c$ $-1$ or $b'$ $0$). * $\texttt{CF1D}$ — $\texttt{STBREFRQ}$ ($b$ $b'$ -- $b$ $b'$ $-1$ or $b''$ $0$). * $\texttt{CF1E}$ — $\texttt{STSLICERQ}$ ($b$ $s$ -- $b$ $s$ $-1$ or $b''$ $0$). * $\texttt{CF1F}$ — $\texttt{STBRQ}$ ($b$ $b'$ -- $b$ $b'$ $-1$ or $b''$ $0$). * $\texttt{CF20}$ — $\texttt{STREFCONST}$, equivalent to $\texttt{PUSHREF}$; $\texttt{STREFR}$. * $\texttt{CF21}$ — $\texttt{STREF2CONST}$, equivalent to $\texttt{STREFCONST}$; $\texttt{STREFCONST}$. * $\texttt{CF23}$ — $\texttt{ENDXC}$ ($b$ $x$ -- $c$), if $x\neq0$, creates a *special* or [exotic cell](#3-1-2-ordinary-and-exotic-cells) from *Builder* $b$. The type of the exotic cell must be stored in the first 8 bits of $b$. If $x=0$, it is equivalent to $\texttt{ENDC}$. Otherwise some validity checks on the data and references of $b$ are performed before creating the exotic cell. * $\texttt{CF28}$ — $\texttt{STILE4}$ ($x$ $b$ -- $b'$), stores a little-endian signed 32-bit integer. * $\texttt{CF29}$ — $\texttt{STULE4}$ ($x$ $b$ -- $b'$), stores a little-endian unsigned 32-bit integer. * $\texttt{CF2A}$ — $\texttt{STILE8}$ ($x$ $b$ -- $b'$), stores a little-endian signed 64-bit integer. * $\texttt{CF2B}$ — $\texttt{STULE8}$ ($x$ $b$ -- $b'$), stores a little-endian unsigned 64-bit integer. * $\texttt{CF30}$ — $\texttt{BDEPTH}$ ($b$ -- $x$), returns the depth of *Builder* $b$. If no cell references are stored in $b$, then $x=0$; otherwise $x$ is one plus the maximum of depths of cells referred to from $b$. * $\texttt{CF31}$ — $\texttt{BBITS}$ ($b$ -- $x$), returns the number of data bits already stored in *Builder* $b$. * $\texttt{CF32}$ — $\texttt{BREFS}$ ($b$ -- $y$), returns the number of cell references already stored in $b$. * $\texttt{CF33}$ — $\texttt{BBITREFS}$ ($b$ -- $x$ $y$), returns the numbers of both data bits and cell references in $b$. * $\texttt{CF35}$ — $\texttt{BREMBITS}$ ($b$ -- $x'$), returns the number of data bits that can still be stored in $b$. * $\texttt{CF36}$ — $\texttt{BREMREFS}$ ($b$ -- $y'$). * $\texttt{CF37}$ — $\texttt{BREMBITREFS}$ ($b$ -- $x'$ $y'$). * $\texttt{CF38}cc$ — $\texttt{BCHKBITS}$ $cc+1$ ($b$ --), checks whether $cc+1$ bits can be stored into $b$, where $0\leq cc\leq 255$. * $\texttt{CF39}$ — $\texttt{BCHKBITS}$ ($b$ $x$ -- ), checks whether $x$ bits can be stored into $b$, $0\leq x\leq 1023$. If there is no space for $x$ more bits in $b$, or if $x$ is not within the range $0\ldots1023$, throws an exception. * $\texttt{CF3A}$ — $\texttt{BCHKREFS}$ ($b$ $y$ -- ), checks whether $y$ references can be stored into $b$, $0\leq y\leq 7$. * $\texttt{CF3B}$ — $\texttt{BCHKBITREFS}$ ($b$ $x$ $y$ -- ), checks whether $x$ bits and $y$ references can be stored into $b$, $0\leq x\leq 1023$, $0\leq y\leq 7$. * $\texttt{CF3C}cc$ — $\texttt{BCHKBITSQ}$ $cc+1$ ($b$ -- $?$), checks whether $cc+1$ bits can be stored into $b$, where $0\leq cc\leq 255$. * $\texttt{CF3D}$ — $\texttt{BCHKBITSQ}$ ($b$ $x$ -- $?$), checks whether $x$ bits can be stored into $b$, $0\leq x\leq 1023$. * $\texttt{CF3E}$ — $\texttt{BCHKREFSQ}$ ($b$ $y$ -- $?$), checks whether $y$ references can be stored into $b$, $0\leq y\leq 7$. * $\texttt{CF3F}$ — $\texttt{BCHKBITREFSQ}$ ($b$ $x$ $y$ -- $?$), checks whether $x$ bits and $y$ references can be stored into $b$, $0\leq x\leq 1023$, $0\leq y\leq 7$. * $\texttt{CF40}$ — $\texttt{STZEROES}$ ($b$ $n$ -- $b'$), stores $n$ binary zeroes into *Builder* $b$. * $\texttt{CF41}$ — $\texttt{STONES}$ ($b$ $n$ -- $b'$), stores $n$ binary ones into *Builder* $b$. * $\texttt{CF42}$ — $\texttt{STSAME}$ ($b$ $n$ $x$ -- $b'$), stores $n$ binary $x$es ($0\leq x\leq1$) into *Builder* $b$. * $\texttt{CFC0\_xysss}$ — $\texttt{STSLICECONST}$ $sss$ ($b$ -- $b'$), stores a constant subslice $sss$ consisting of $0\leq x\leq 3$ references and up to $8y+1$ data bits, with $0\leq y\leq 7$. Completion bit is assumed. * $\texttt{CF81}$ — $\texttt{STSLICECONST '0'}$ or $\texttt{STZERO}$ ($b$ -- $b'$), stores one binary zero. * $\texttt{CF83}$ — $\texttt{STSLICECONST '1'}$ or $\texttt{STONE}$ ($b$ -- $b'$), stores one binary one. * $\texttt{CFA2}$ — equivalent to $\texttt{STREFCONST}$. * $\texttt{CFA3}$ — almost equivalent to $\texttt{STSLICECONST '1'}$; $\texttt{STREFCONST}$. * $\texttt{CFC2}$ — equivalent to $\texttt{STREF2CONST}$. * $\texttt{CFE2}$ — $\texttt{STREF3CONST}$. ### A.7.2. Cell deserialization primitives [#a72-cell-deserialization-primitives] * $\texttt{D0}$ — $\texttt{CTOS}$ ($c$ -- $s$), converts a *Cell* into a *Slice*. Notice that $c$ must be either an ordinary cell, or an [exotic cell](#3-1-2-ordinary-and-exotic-cells) which is automatically *loaded* to yield an ordinary cell $c'$, converted into a *Slice* afterwards. * $\texttt{D1}$ — $\texttt{ENDS}$ ($s$ -- ), removes a *Slice* $s$ from the stack, and throws an exception if it is not empty. * $\texttt{D2}$ $cc$ — $\texttt{LDI}$ $cc+1$ ($s$ -- $x$ $s'$), loads (i.e., parses) a signed $cc+1$-bit integer $x$ from *Slice* $s$, and returns the remainder of $s$ as $s'$. * $\texttt{D3}$ $cc$ — $\texttt{LDU}$ $cc+1$ ($s$ -- $x$ $s'$), loads an unsigned $cc+1$-bit integer $x$ from *Slice* $s$. * $\texttt{D4}$ — $\texttt{LDREF}$ ($s$ -- $c$ $s'$), loads a cell reference $c$ from $s$. * $\texttt{D5}$ — $\texttt{LDREFRTOS}$ ($s$ -- $s'$ $s''$), equivalent to $\texttt{LDREF}$; $\texttt{SWAP}$; $\texttt{CTOS}$. * $\texttt{D6}$ $cc$ — $\texttt{LDSLICE}$ $cc+1$ ($s$ -- $s''$ $s'$), cuts the next $cc+1$ bits of $s$ into a separate *Slice* $s''$. * $\texttt{D700}$ — $\texttt{LDIX}$ ($s$ $l$ -- $x$ $s'$), loads a signed $l$-bit ($0\leq l\leq 257$) integer $x$ from *Slice* $s$, and returns the remainder of $s$ as $s'$. * $\texttt{D701}$ — $\texttt{LDUX}$ ($s$ $l$ -- $x$ $s'$), loads an unsigned $l$-bit integer $x$ from (the first $l$ bits of) $s$, with $0\leq l\leq 256$. * $\texttt{D702}$ — $\texttt{PLDIX}$ ($s$ $l$ -- $x$), preloads a signed $l$-bit integer from *Slice* $s$, for $0\leq l\leq 257$. * $\texttt{D703}$ — $\texttt{PLDUX}$ ($s$ $l$ -- $x$), preloads an unsigned $l$-bit integer from $s$, for $0\leq l\leq 256$. * $\texttt{D704}$ — $\texttt{LDIXQ}$ ($s$ $l$ -- $x$ $s'$ $-1$ or $s$ $0$), quiet version of $\texttt{LDIX}$: loads a signed $l$-bit integer from $s$ similarly to $\texttt{LDIX}$, but returns a success flag, equal to $-1$ on success or to $0$ on failure (if $s$ does not have $l$ bits), instead of throwing a cell underflow exception. * $\texttt{D705}$ — $\texttt{LDUXQ}$ ($s$ $l$ -- $x$ $s'$ $-1$ or $s$ $0$), quiet version of $\texttt{LDUX}$. * $\texttt{D706}$ — $\texttt{PLDIXQ}$ ($s$ $l$ -- $x$ $-1$ or $0$), quiet version of $\texttt{PLDIX}$. * $\texttt{D707}$ — $\texttt{PLDUXQ}$ ($s$ $l$ -- $x$ $-1$ or $0$), quiet version of $\texttt{PLDUX}$. * $\texttt{D708}$ $cc$ — $\texttt{LDI}$ $cc+1$ ($s$ -- $x$ $s'$), a longer encoding for $\texttt{LDI}$. * $\texttt{D709}$ $cc$ — $\texttt{LDU}$ $cc+1$ ($s$ -- $x$ $s'$), a longer encoding for $\texttt{LDU}$. * $\texttt{D70A}$ $cc$ — $\texttt{PLDI}$ $cc+1$ ($s$ -- $x$), preloads a signed $cc+1$-bit integer from *Slice* $s$. * $\texttt{D70B}$ $cc$ — $\texttt{PLDU}$ $cc+1$ ($s$ -- $x$), preloads an unsigned $cc+1$-bit integer from $s$. * $\texttt{D70C}$ $cc$ — $\texttt{LDIQ}$ $cc+1$ ($s$ -- $x$ $s'$ $-1$ or $s$ $0$), a quiet version of $\texttt{LDI}$. * $\texttt{D70D}$ $cc$ — $\texttt{LDUQ}$ $cc+1$ ($s$ -- $x$ $s'$ $-1$ or $s$ $0$), a quiet version of $\texttt{LDU}$. * $\texttt{D70E}$ $cc$ — $\texttt{PLDIQ}$ $cc+1$ ($s$ -- $x$ $-1$ or $0$), a quiet version of $\texttt{PLDI}$. * $\texttt{D70F}$ $cc$ — $\texttt{PLDUQ}$ $cc+1$ ($s$ -- $x$ $-1$ or $0$), a quiet version of $\texttt{PLDU}$. * $\texttt{D714\_}c$ — $\texttt{PLDUZ}$ $32(c+1)$ ($s$ -- $s$ $x$), preloads the first $32(c+1)$ bits of *Slice* $s$ into an unsigned integer $x$, for $0\leq c\leq 7$. If $s$ is shorter than necessary, missing bits are assumed to be zero. This operation is intended to be used along with $\texttt{IFBITJMP}$ and similar instructions. * $\texttt{D718}$ — $\texttt{LDSLICEX}$ ($s$ $l$ -- $s''$ $s'$), loads the first $0\leq l\leq 1023$ bits from *Slice* $s$ into a separate *Slice* $s''$, returning the remainder of $s$ as $s'$. * $\texttt{D719}$ — $\texttt{PLDSLICEX}$ ($s$ $l$ -- $s''$), returns the first $0\leq l\leq 1023$ bits of $s$ as $s''$. * $\texttt{D71A}$ — $\texttt{LDSLICEXQ}$ ($s$ $l$ -- $s''$ $s'$ $-1$ or $s$ $0$), a quiet version of $\texttt{LDSLICEX}$. * $\texttt{D71B}$ — $\texttt{PLDSLICEXQ}$ ($s$ $l$ -- $s'$ $-1$ or $0$), a quiet version of $\texttt{LDSLICEXQ}$. * $\texttt{D71C}$ $cc$ — $\texttt{LDSLICE}$ $cc+1$ ($s$ -- $s''$ $s'$), a longer encoding for $\texttt{LDSLICE}$. * $\texttt{D71D}$ $cc$ — $\texttt{PLDSLICE}$ $cc+1$ ($s$ -- $s''$), returns the first $0= 1 } rewrite_pfx:(bits depth) = Anycast; addr_std$10 anycast:(Maybe Anycast) workchain_id:int8 address:bits256 = MsgAddressInt; addr_var$11 anycast:(Maybe Anycast) addr_len:(## 9) workchain_id:int32 address:(bits addr_len) = MsgAddressInt; _ _:MsgAddressInt = MsgAddress; _ _:MsgAddressExt = MsgAddress; int_msg_info$0 ihr_disabled:Bool bounce:Bool bounced:Bool src:MsgAddress dest:MsgAddressInt value:CurrencyCollection ihr_fee:Grams fwd_fee:Grams created_lt:uint64 created_at:uint32 = CommonMsgInfoRelaxed; ext_out_msg_info$11 src:MsgAddress dest:MsgAddressExt created_lt:uint64 created_at:uint32 = CommonMsgInfoRelaxed; ``` A deserialized $\texttt{MsgAddress}$ is represented by a *Tuple* $t$ as follows: * $\texttt{addr\_none}$ is represented by $t=(0)$, i.e., a *Tuple* containing exactly one *Integer* equal to zero. * $\texttt{addr\_extern}$ is represented by $t=(1,s)$, where *Slice* $s$ contains the field $\texttt{external\_address}$. In other words, $t$ is a pair (a *Tuple* consisting of two entries), containing an *Integer* equal to one and *Slice* $s$. * $\texttt{addr\_std}$ is represented by $t=(2,u,x,s)$, where $u$ is either a *Null* (if $\texttt{anycast}$ is absent) or a *Slice* $s'$ containing $\texttt{rewrite\_pfx}$ (if $\texttt{anycast}$ is present). Next, *Integer* $x$ is the $\texttt{workchain\_id}$, and *Slice* $s$ contains the $\texttt{address}$. * $\texttt{addr\_var}$ is represented by $t=(3,u,x,s)$, where $u$, $x$, and $s$ have the same meaning as for $\texttt{addr\_std}$. The following primitives, which use the above conventions, are defined: * $\texttt{FA40}$ — $\texttt{LDMSGADDR}$ ($s$ - $s'$ $s''$), loads from *CellSlice* $s$ the only prefix that is a valid $\texttt{MsgAddress}$, and returns both this prefix $s'$ and the remainder $s''$ of $s$ as *CellSlice*s. * $\texttt{FA41}$ — $\texttt{LDMSGADDRQ}$ ($s$ - $s'$ $s''$ $-1$ or $s$ $0$), a quiet version of $\texttt{LDMSGADDR}$: on success, pushes an extra $-1$; on failure, pushes the original $s$ and a zero. * $\texttt{FA42}$ — $\texttt{PARSEMSGADDR}$ ($s$ - $t$), decomposes *CellSlice* $s$ containing a valid $\texttt{MsgAddress}$ into a *Tuple* $t$ with separate fields of this $\texttt{MsgAddress}$. If $s$ is not a valid $\texttt{MsgAddress}$, a cell deserialization exception is thrown. * $\texttt{FA43}$ — $\texttt{PARSEMSGADDRQ}$ ($s$ - $t$ $-1$ or $0$), a quiet version of $\texttt{PARSEMSGADDR}$: returns a zero on error instead of throwing an exception. * $\texttt{FA44}$ — $\texttt{REWRITESTDADDR}$ ($s$ - $x$ $y$), parses *CellSlice* $s$ containing a valid $\texttt{MsgAddressInt}$ (usually a $\texttt{msg\_addr\_std}$), applies rewriting from the $\texttt{anycast}$ (if present) to the same-length prefix of the address, and returns both the workchain $x$ and the 256-bit address $y$ as *Integer*s. If the address is not 256-bit, or if $s$ is not a valid serialization of $\texttt{MsgAddressInt}$, throws a cell deserialization exception. * $\texttt{FA45}$ — $\texttt{REWRITESTDADDRQ}$ ($s$ - $x$ $y$ $-1$ or $0$), a quiet version of primitive $\texttt{REWRITESTDADDR}$. * $\texttt{FA46}$ — $\texttt{REWRITEVARADDR}$ ($s$ - $x$ $s'$), a variant of $\texttt{REWRITESTDADDR}$ that returns the (rewritten) address as a *Slice* s, even if it is not exactly 256 bit long (represented by a $\texttt{msg\_addr\_var}$). * $\texttt{FA47}$ — $\texttt{REWRITEVARADDRQ}$ ($s$ - $x$ $s'$ $-1$ or $0$), a quiet version of primitive $\texttt{REWRITEVARADDR}$. * $\texttt{FA48}$-$\texttt{FA5F}$ — Reserved for message and address manipulation primitives. ### A.11.10. Outbound message and output action primitives [#a1110-outbound-message-and-output-action-primitives] * $\texttt{FB00}$ — $\texttt{SENDRAWMSG}$ ($c$ $x$ - ), sends a raw message contained in *Cell* $c$, which should contain a correctly serialized object $\texttt{Message}$ $X$, with the only exception that the source address is allowed to have dummy value $\texttt{addr\_none}$ (to be automatically replaced with the current smart-contract address), and $\texttt{ihr\_fee}$, $\texttt{fwd\_fee}$, $\texttt{created\_lt}$ and $\texttt{created\_at}$ fields can have arbitrary values (to be rewritten with correct values during the action phase of the current transaction). Integer parameter $x$ contains the flags. Currently $x=0$ is used for ordinary messages; $x=128$ is used for messages that are to carry all the remaining balance of the current smart contract (instead of the value originally indicated in the message); $x=64$ is used for messages that carry all the remaining value of the inbound message in addition to the value initially indicated in the new message (if bit 0 is not set, the gas fees are deducted from this amount); $x'=x+1$ means that the sender wants to pay transfer fees separately; $x'=x+2$ means that any errors arising while processing this message during the action phase should be ignored. Finally, $x'=x+32$ means that the current account must be destroyed if its resulting balance is zero. This flag is usually employed together with $+128$. * $\texttt{FB02}$ — $\texttt{RAWRESERVE}$ ($x$ $y$ - ), creates an output action which would reserve exactly $x$ nanograms (if $y=0$), at most $x$ nanograms (if $y=2$), or all but $x$ nanograms (if $y=1$ or $y=3$), from the remaining balance of the account. It is roughly equivalent to creating an outbound message carrying $x$ nanograms (or $b-x$ nanograms, where $b$ is the remaining balance) to oneself, so that the subsequent output actions would not be able to spend more money than the remainder. Bit $+2$ in $y$ means that the external action does not fail if the specified amount cannot be reserved; instead, all remaining balance is reserved. Bit $+8$ in $y$ means $x\leftarrow -x$ before performing any further actions. Bit $+4$ in $y$ means that $x$ is increased by the original balance of the current account (before the compute phase), including all extra currencies, before performing any other checks and actions. Currently $x$ must be a non-negative integer, and $y$ must be in the range $0\ldots 15$. * $\texttt{FB03}$ — $\texttt{RAWRESERVEX}$ ($x$ $D$ $y$ - ), similar to $\texttt{RAWRESERVE}$, but also accepts a dictionary $D$ (represented by a *Cell* or *Null*) with extra currencies. In this way currencies other than Grams can be reserved. * $\texttt{FB04}$ — $\texttt{SETCODE}$ ($c$ - ), creates an output action that would change this smart contract code to that given by *Cell* $c$. Notice that this change will take effect only after the successful termination of the current run of the smart contract. * $\texttt{FB06}$ — $\texttt{SETLIBCODE}$ ($c$ $x$ - ), creates an output action that would modify the collection of this smart contract libraries by adding or removing library with code given in *Cell* $c$. If $x=0$, the library is actually removed if it was previously present in the collection (if not, this action does nothing). If $x=1$, the library is added as a private library, and if $x=2$, the library is added as a public library (and becomes available to all smart contracts if the current smart contract resides in the masterchain); if the library was present in the collection before, its public/private status is changed according to $x$. Values of $x$ other than $0\ldots 2$ are invalid. * $\texttt{FB07}$ — $\texttt{CHANGELIB}$ ($h$ $x$ - ), creates an output action similarly to $\texttt{SETLIBCODE}$, but instead of the library code accepts its hash as an unsigned 256-bit integer $h$. If $x\neq0$ and the library with hash $h$ is absent from the library collection of this smart contract, this output action will fail. * $\texttt{FB08}$-$\texttt{FB3F}$ — Reserved for output action primitives. ## A.12 Debug primitives [#a12--debug-primitives] Opcodes beginning with $\texttt{FE}$ are reserved for the *debug primitives*. These primitives have known fixed operation length, and behave as (multibyte) NOP operations. In particular, they never change the stack contents, and never throw exceptions, unless there are not enough bits to completely decode the opcode. However, when invoked in a TVM instance with debug mode enabled, these primitives can produce specific output into the text debug log of the TVM instance, never affecting the TVM state (so that from the perspective of TVM the behavior of debug primitives in debug mode is exactly the same). For instance, a debug primitive might dump all or some of the values near the top of the stack, display the current state of TVM and so on. ### A.12.1. Debug primitives as multibyte NOPs [#a121-debug-primitives-as-multibyte-nops] * $\texttt{FE}nn$ — $\texttt{DEBUG}$ $nn$, for $0\leq nn<240$, is a two-byte NOP. * $\texttt{FEF}nssss$ — $\texttt{DEBUGSTR}$ $ssss$, for $0\leq n<16$, is an $(n+3)$-byte NOP, with the $(n+1)$-byte "contents string" $ssss$ skipped as well. ### A.12.2. Debug primitives as operations without side-effect [#a122-debug-primitives-as-operations-without-side-effect] Next we describe the debug primitives that might (and actually are) implemented in a version of TVM. Notice that another TVM implementation is free to use these codes for other debug purposes, or treat them as multibyte NOPs. Whenever these primitives need some arguments from the stack, they inspect these arguments, but leave them intact in the stack. If there are insufficient values in the stack, or they have incorrect types, debug primitives may output error messages into the debug log, or behave as NOPs, but they cannot throw exceptions. * $\texttt{FE00}$ — $\texttt{DUMPSTK}$, dumps the stack (at most the top 255 values) and shows the total stack depth. * $\texttt{FE0}n$ — $\texttt{DUMPSTKTOP}$ $n$, $1\leq n<15$, dumps the top $n$ values from the stack, starting from the deepest of them. If there are $d^[30](#fn30) *** # C Code density of stack and register machines [#c---code-density-of-stack-and-register-machines] This appendix extends the general consideration of [stack manipulation](#2-2-stack-manipulation-primitives) primitives, explaining the choice of such primitives for TVM, with a comparison of stack machines and register machines in terms of the quantity of primitives used and the code density. We do this by comparing the machine code that might be generated by an optimizing compiler for the same source files, for different (abstract) stack and register machines. It turns out that the stack machines (at least those equipped with the [basic stack manipulation](#2-2-1-basic-stack-manipulation-primitives) primitives have far superior code density. Furthermore, the stack machines have excellent extendability with respect to additional arithmetic and arbitrary data processing operations, especially if one considers machine code automatically generated by optimizing compilers. ## C.1 Sample leaf function [#c1---sample-leaf-function] We start with a comparison of machine code generated by an (imaginary) optimizing compiler for several abstract register and stack machines, corresponding to the same high-level language source code that contains the definition of a leaf function (i.e., a function that does not call any other functions). For both the register machines and stack machines, we observe the notation and [conventions](#2-1-stack-calling-conventions). ### C.1.1. Sample source file for a leaf function [#c11-sample-source-file-for-a-leaf-function] The source file we consider contains one function $f$ that takes six integer arguments $a$, $b$, $c$, $d$, $e$, and $f$ and returns two integer values, $x$ and $y$, which are the solutions of the system of two linear equations: $$ \begin{cases} ax + by = e \\ cx + dy = f \end{cases} \tag{6} $$ The source code of the function, in a programming language similar to C, might look as follows: ``` (int, int) f(int a, int b, int c, int d, int e, int f) { int D = a*d - b*c; int Dx = e*d - b*f; int Dy = a*f - e*c; return (Dx / D, Dy / D); } ``` We assume that the [register machines](#2-1-stack-calling-conventions) we consider accept the six parameters $a$ $\ldots$ $f$ in registers $\texttt{r0}$ $\ldots$ $\texttt{r5}$, and return the two values $x$ and $y$ in $\texttt{r0}$ and $\texttt{r1}$. We also assume that the register machines have 16 registers, and that the stack machine can directly access $\texttt{s0}$ to $\texttt{s15}$ by its stack manipulation primitives; the stack machine will accept the parameters in $\texttt{s5}$ to $\texttt{s0}$, and return the two values in $\texttt{s0}$ and $\texttt{s1}$, somewhat similarly to the register machine. Finally, we assume at first that the register machine is allowed to destroy values in all registers (which is slightly unfair towards the stack machine); this assumption will be revisited later. ### C.1.2. Three-address register machine [#c12-three-address-register-machine] The machine code (or rather the corresponding assembly code) for a three-address [register machine](#2-1-7-arguments-to-arithmetic-primitives-on-register-machines)) might look as follows: ``` IMUL r6,r0,r3 // r6 := r0 * r3 = ad IMUL r7,r1,r2 // r7 := bc SUB r6,r6,r7 // r6 := ad-bc = D IMUL r3,r4,r3 // r3 := ed IMUL r1,r1,r5 // r1 := bf SUB r3,r3,r1 // r3 := ed-bf = Dx IMUL r1,r0,r5 // r1 := af IMUL r7,r4,r2 // r7 := ec SUB r1,r1,r7 // r1 := af-ec = Dy IDIV r0,r3,r6 // x := Dx/D IDIV r1,r1,r6 // y := Dy/D RET ``` We have used 12 operations and at least 23 bytes (each operation uses $3\times 4=12$ bits to indicate the three registers involved, and at least 4 bits to indicate the operation performed; thus we need two or three bytes to encode each operation). A more realistic estimate would be 34 (three bytes for each arithmetic operation) or 31 bytes (two bytes for addition and subtraction, three bytes for multiplication and division). ### C.1.3. Two-address register machine [#c13-two-address-register-machine] The machine code for a two-address register machine might look as follows: ``` MOV r6,r0 // r6 := r0 = a MOV r7,r1 // r7 := b IMUL r6,r3 // r6 := r6*r3 = ad IMUL r7,r2 // r7 := bc IMUL r3,r4 // r3 := de IMUL r1,r5 // r1 := bf SUB r6,r7 // r6 := ad-bc = D IMUL r5,r0 // r5 := af SUB r3,r1 // r3 := de-bf = Dx IMUL r2,r4 // r2 := ce MOV r0,r3 // r0 := Dx SUB r5,r2 // r5 := af-ce = Dy IDIV r0,r6 // r0 := x = Dx/D MOV r1,r5 // r1 := Dy IDIV r1,r6 // r1 := Dy/D RET ``` We have used 16 operations; optimistically assuming each of them (with the exception of $\texttt{RET}$) can be encoded by two bytes, this code would require 31 bytes.^[31](#fn31) ### C.1.4. One-address register machine [#c14-one-address-register-machine] The machine code for a one-address register machine might look as follows: ``` MOV r8,r0 // r8 := r0 = a XCHG r1 // r0 <-> r1; r0 := b, r1 := a MOV r6,r0 // r6 := b IMUL r2 // r0 := r0*r2; r0 := bc MOV r7,r0 // r7 := bc MOV r0,r8 // r0 := a IMUL r3 // r0 := ad SUB r7 // r0 := ad-bc = D XCHG r1 // r1 := D, r0 := b IMUL r5 // r0 := bf XCHG r3 // r0 := d, r3 := bf IMUL r4 // r0 := de SUB r3 // r0 := de-bf = Dx IDIV r1 // r0 := Dx/D = x XCHG r2 // r0 := c, r2 := x IMUL r4 // r0 := ce XCHG r5 // r0 := f, r5 := ce IMUL r8 // r0 := af SUB r5 // r0 := af-ce = Dy IDIV r1 // r0 := Dy/D = y MOV r1,r0 // r1 := y MOV r0,r2 // r0 := x RET ``` We have used 23 operations; if we assume one-byte encoding for all arithmetic operations and $\texttt{XCHG}$, and two-byte encodings for $\texttt{MOV}$, the total size of the code will be 29 bytes. Notice, however, that to obtain the compact code shown above we had to choose a specific order of computation, and made heavy use of the commutativity of multiplication. (For example, we compute $bc$ before $af$, and $af-bc$ immediately after $af$.) It is not clear whether a compiler would be able to make all such optimizations by itself. ### C.1.5. Stack machine with basic stack primitives [#c15-stack-machine-with-basic-stack-primitives] The machine code for a stack machine equipped with [basic stack manipulation](#2-2-1-basic-stack-manipulation-primitives) primitives might look as follows: ``` PUSH s5 // a b c d e f a PUSH s3 // a b c d e f a d IMUL // a b c d e f ad PUSH s5 // a b c d e f ad b PUSH s5 // a b c d e f ad b c IMUL // a b c d e f ad bc SUB // a b c d e f ad-bc XCHG s3 // a b c ad-bc e f d PUSH s2 // a b c ad-bc e f d e IMUL // a b c ad-bc e f de XCHG s5 // a de c ad-bc e f b PUSH s1 // a de c ad-bc e f b f IMUL // a de c ad-bc e f bf XCHG s1,s5 // a f c ad-bc e de bf SUB // a f c ad-bc e de-bf XCHG s3 // a f de-bf ad-bc e c IMUL // a f de-bf ad-bc ec XCHG s3 // a ec de-bf ad-bc f XCHG s1,s4 // ad-bc ec de-bf a f IMUL // D ec Dx af XCHG s1 // D ec af Dx XCHG s2 // D Dx af ec SUB // D Dx Dy XCHG s1 // D Dy Dx PUSH s2 // D Dy Dx D IDIV // D Dy x XCHG s2 // x Dy D IDIV // x y RET ``` We have used 29 operations; assuming one-byte encodings for all stack operations involved (including $\texttt{XCHG s1,s}(i)$), we have used 29 code bytes as well. Notice that with one-byte encoding, the "unsystematic" operation $\texttt{ROT}$ (equivalent to $\texttt{XCHG s1}$; $\texttt{XCHG s2}$) would reduce the operation and byte count to 28. This shows that such "unsystematic" operations, borrowed from Forth, may indeed reduce the code size on some occasions. Notice as well that we have implicitly used the commutativity of multiplication in this code, computing $de-bf$ instead of $ed-bf$ as specified in high-level language source code. If we were not allowed to do so, an extra $\texttt{XCHG s1}$ would need to be inserted before the third $\texttt{IMUL}$, increasing the total size of the code by one operation and one byte. The code presented above might have been produced by a rather unsophisticated compiler that simply computed all expressions and subexpressions in the order they appear, then rearranged the arguments near the [top of the stack](#2-2-2-basic-stack-manipulation-primitives-suffice) before each operation. The only "manual" optimization done here involves computing $ec$ before $af$; one can check that the other order would lead to slightly shorter code of 28 operations and bytes (or 29, if we are not allowed to use the commutativity of multiplication), but the $\texttt{ROT}$ optimization would not be applicable. ### C.1.6. Stack machine with compound stack primitives [#c16-stack-machine-with-compound-stack-primitives] A stack machine with [compound stack](#2-2-3-compound-stack-manipulation-primitives) primitives would not significantly improve code density of the code presented above, at least in terms of bytes used. The only difference is that, if we were not allowed to use commutativity of multiplication, the extra $\texttt{XCHG s1}$ inserted before the third $\texttt{IMUL}$ might be combined with two previous operations $\texttt{XCHG s3}$, $\texttt{PUSH s2}$ into one compound operation $\texttt{PUXC s2,s3}$; we provide the resulting code below. To make this less redundant, we show a version of the code that computes subexpression $af$ before $ec$ as specified in the original source file. We see that this replaces six operations (starting from line 15) with five other operations, and disables the $\texttt{ROT}$ optimization: ``` PUSH s5 // a b c d e f a PUSH s3 // a b c d e f a d IMUL // a b c d e f ad PUSH s5 // a b c d e f ad b PUSH s5 // a b c d e f ad b c IMUL // a b c d e f ad bc SUB // a b c d e f ad-bc PUXC s2,s3 // a b c ad-bc e f e d IMUL // a b c ad-bc e f ed XCHG s5 // a ed c ad-bc e f b PUSH s1 // a ed c ad-bc e f b f IMUL // a ed c ad-bc e f bf XCHG s1,s5 // a f c ad-bc e ed bf SUB // a f c ad-bc e ed-bf XCHG s4 // a ed-bf c ad-bc e f XCHG s1,s5 // e Dx c D a f IMUL // e Dx c D af XCHG s2 // e Dx af D c XCHG s1,s4 // D Dx af e c IMUL // D Dx af ec SUB // D Dx Dy XCHG s1 // D Dy Dx PUSH s2 // D Dy Dx D IDIV // D Dy x XCHG s2 // x Dy D IDIV // x y RET ``` We have used a total of 27 operations and 28 bytes, the same as the previous version (with the $\texttt{ROT}$ optimization). However, we did not use the commutativity of multiplication here, so we can say that compound stack manipulation primitives enable us to reduce the code size from 29 to 28 bytes. Yet again, notice that the above code might have been generated by an unsophisticated compiler. Manual optimizations might lead to more compact code; for instance, we could use compound operations such as $\texttt{XCHG3}$ to prepare in advance not only the correct values of $\texttt{s0}$ and $\texttt{s1}$ for the next arithmetic operation, but also the value of $\texttt{s2}$ for the arithmetic operation after that. The next section provides an example of such an optimization. ### C.1.7. Stack machine with compound stack primitives and manually optimized code [#c17-stack-machine-with-compound-stack-primitives-and-manually-optimized-code] The previous version of code for a stack machine with compound stack primitives can be manually optimized as follows. By interchanging $\texttt{XCHG}$ operations with preceding $\texttt{XCHG}$, $\texttt{PUSH}$, and arithmetic operations whenever possible, we obtain code fragment $\texttt{XCHG s2,s6}$; $\texttt{XCHG s1,s0}$; $\texttt{XCHG s0,s5}$, which can then be replaced by compound operation $\texttt{XCHG3 s6,s0,s5}$. This compound operation would admit a two-byte encoding, thus leading to 27-byte code using only 21 operations: ``` PUSH2 s5,s2 // a b c d e f a d IMUL // a b c d e f ad PUSH2 s5,s4 // a b c d e f ad b c IMUL // a b c d e f ad bc SUB // a b c d e f ad-bc PUXC s2,s3 // a b c ad-bc e f e d IMUL // a b c D e f ed XCHG3 s6,s0,s5 // (same as XCHG s2,s6; XCHG s1,s0; XCHG s0,s5) // e f c D a ed b PUSH s5 // e f c D a ed b f IMUL // e f c D a ed bf SUB // e f c D a ed-bf XCHG s4 // e Dx c D a f IMUL // e Dx c D af XCHG2 s4,s2 // D Dx af e c IMUL // D Dx af ec SUB // D Dx Dy XCPU s1,s2 // D Dy Dx D IDIV // D Dy x XCHG s2 // x Dy D IDIV // x y RET ``` It is interesting to note that this version of stack machine code contains only 9 stack manipulation primitives for 11 arithmetic operations. It is not clear, however, whether an optimizing compiler would be able to reorganize the code in such a manner by itself. ## C.2 Comparison of machine code for sample leaf function [#c2---comparison-of-machine-code-for-sample-leaf-function] [Table 1](#table-1) summarizes the properties of machine code corresponding to the [same source file](#c-1-1-sample-source-file-for-a-leaf-function), generated for a hypothetical [three-address register machine](#c-1-2-three-address-register-machine), with both "optimistic" and "realistic" instruction encodings; a [two-address machine](#c-1-3-two-address-register-machine); a [one-address machine](#c-1-4-one-address-register-machine); and a stack machine, similar to TVM, using either only the [basic stack manipulation](#c-1-5-stack-machine-with-basic-stack-primitives) primitives or both the basic and the [composite stack](#c-1-7-stack-machine-with-compound-stack-primitives-and-manually-optimized-code) primitives. The meaning of the columns in [Table 1](#table-1) is as follows: * "Operations" — The quantity of instructions used, split into "data" (i.e., register move and exchange instructions for register machines, and stack manipulation instructions for stack machines) and "arithmetic" (instructions for adding, subtracting, multiplying and dividing integer numbers). The "total" is one more than the sum of these two, because there is also a one-byte $\texttt{RET}$ instruction at the end of machine code. * "Code bytes" — The total amount of code bytes used. * "Opcode space" — The portion of "opcode space" (i.e., of possible choices for the first byte of the encoding of an instruction) used by data and arithmetic instructions in the assumed instruction encoding. For example, the "optimistic" encoding for the three-address machine assumes two-byte encodings for all arithmetic instructions *op* $\texttt{r}(i)\texttt{, r}(j)\texttt{, r}(k)$. Each arithmetic instruction would then consume portion $16/256=1/16$ of the opcode space. Notice that for the stack machine we have assumed one-byte encodings for $\texttt{XCHG s}(i)$, $\texttt{PUSH s}(i)$ and $\texttt{POP s}(i)$ in all cases, augmented by $\texttt{XCHG s1,s}(i)$ for the basic stack instructions case only. As for the compound stack operations, we have assumed two-byte encodings for $\texttt{PUSH3}$, $\texttt{XCHG3}$, $\texttt{XCHG2}$, $\texttt{XCPU}$, $\texttt{PUXC}$, $\texttt{PUSH2}$, but not for $\texttt{XCHG s1,s}(i)$. | Machine | Operations | | | Code bytes | | | Opcode space | | | | --------------- | ---------- | ----- | ----- | ---------- | ----- | --------- | ------------ | ---------- | ------ | | | data | arith | total | data | arith | **total** | data | **arith** | total | | 3-addr. (opt.) | 0 | 11 | 12 | 0 | 22 | **23** | 0/256 | **64/256** | 65/256 | | 3-addr. (real.) | 0 | 11 | 12 | 0 | 30 | **31** | 0/256 | **34/256** | 35/256 | | 2-addr. | 4 | 11 | 16 | 8 | 22 | **31** | 1/256 | **4/256** | 6/256 | | 1-addr. | 11 | 11 | 23 | 17 | 11 | **29** | 17/256 | **64/256** | 82/256 | | stack (basic) | 16 | 11 | 28 | 16 | 11 | **28** | 64/256 | **4/256** | 69/256 | | stack (comp.) | 9 | 11 | 21 | 15 | 11 | **27** | 84/256 | **4/256** | 89/256 | **Table 1.** A summary of machine code properties for hypothetical 3-address, 2-address, 1-address, and stack machines, generated for a [sample leaf function](#c-1-1-sample-source-file-for-a-leaf-function). The two most important columns, reflecting code density and extendability to other operations, are marked by bold font. Smaller values are better in both of these columns. The "code bytes" column reflects the density of the code for the specific sample source. However, "opcode space" is also important, because it reflects the extendability of the achieved density to other classes of operations (e.g., if one were to complement arithmetic operations with string manipulation operations and so on). Here the "arithmetic" subcolumn is more important than the "data" subcolumn, because no further data manipulation operations would be required for such extensions. We see that the three-address register machine with the "optimistic" encoding, assuming two-byte encodings for all three-register arithmetic operations, achieves the best code density, requiring only 23 bytes. However, this comes at a price: each arithmetic operation consumes 1/16 of the opcode space, so the four operations already use a quarter of the opcode space. At most 11 other operations, arithmetic or not, might be added to this architecture while preserving such high code density. On the other hand, when we consider the "realistic" encoding for the three-address machine, using two-byte encodings only for the most frequently used addition/subtraction operations (and longer encodings for less frequently used multiplication/division operations, reflecting the fact that the possible extension operations would likely fall in this class), then the three-address machine ceases to offer such attractive code density. In fact, the two-address machine becomes equally attractive at this point: it is capable of achieving the same code size of 31 bytes as the three-address machine with the "realistic" encoding, using only 6/256 of the opcode space for this! However, 31 bytes is the worst result in this table. The one-address machine uses 29 bytes, slightly less than the two-address machine. However, it utilizes a quarter of the opcode space for its arithmetic operations, hampering its extendability. In this respect it is similar to the three-address machine with the "optimistic" encoding, but requires 29 bytes instead of 23! So there is no reason to use the one-address machine at all, in terms of extendability (reflected by opcode space used for arithmetic operations) compared to code density. Finally, the stack machine wins the competition in terms of code density (27 or 28 bytes), losing only to the three-address machine with the "optimistic" encoding (which, however, is terrible in terms of extendability). To summarize: the two-address machine and stack machine achieve the best extendability with respect to additional arithmetic or data processing instructions (using only 1/256 of code space for each such instruction), while the stack machine additionally achieves the best code density by a small margin. The stack machine utilizes a significant part of its code space (more than a quarter) for data (i.e., stack) manipulation instructions; however, this does not seriously hamper extendability, because the stack manipulation instructions occupy a constant part of the opcode space, regardless of all other instructions and extensions. While one might still be tempted to use a two-address register machine, we will explain [shortly](#c-3-sample-non-leaf-function) why the two-address register machine offers worse code density and extendability in practice than it appears based on this table. As for the choice between a stack machine with only basic stack manipulation primitives or one supporting compound stack primitives as well, the case for the more sophisticated stack machine appears to be weaker: it offers only one or two fewer bytes of code at the expense of using considerably more opcode space for stack manipulation, and the optimized code using these additional instructions is hard for programmers to write and for compilers to automatically generate. ### C.2.1. Register calling conventions: some registers must be preserved by functions [#c21-register-calling-conventions-some-registers-must-be-preserved-by-functions] Up to this point, we have considered the machine code of only one function, without taking into account the interplay between this function and other functions in the same program. Usually a program consists of more than one function, and when a function is not a "simple" or "leaf" function, it must call other functions. Therefore, it becomes important whether a called function preserves all or at least some registers. If it preserves all registers except those used to return results, the caller can safely keep its local and temporary variables in certain registers; however, the callee needs to save all the registers it will use for its temporary values somewhere (usually into the stack, which also exists on register machines), and then restore the original values. On the other hand, if the called function is allowed to destroy all registers, it can be written in the manner described in [C.1.2](#c-1-2-three-address-register-machine), [C.1.3](#c-1-3-two-address-register-machine), and [C.1.4](#c-1-4-one-address-register-machine), but the caller will now be responsible for saving all its temporary values into the stack before the call, and restoring these values afterwards. In most cases, calling conventions for register machines require preservation of some but not all registers. We will assume that $m\leq n$ registers will be preserved by functions (unless they are used for return values), and that these registers are $\texttt{r}$ $(n-m)$ $\ldots$ $\texttt{r}$ $(n-1)$. Case $m=0$ corresponds to the case "the callee is free to destroy all registers" considered so far; it is quite painful for the caller. Case $m=n$ corresponds to the case "the callee must preserve all registers"; it is quite painful for the callee, as we will see in a moment. Usually a value of $m$ around $n/2$ is used in practice. The following sections consider cases $m=0$, $m=8$, and $m=16$ for our register machines with $n=16$ registers. ### C.2.2. Case $m=0$: no registers to preserve [#c22-case-m0-no-registers-to-preserve] This case has been considered and summarized in [C.2](#c-2-comparison-of-machine-code-for-sample-leaf-function) and [Table 1](#table-1) above. ### C.2.3. Case $m=n=16$: all registers must be preserved [#c23-case-mn16-all-registers-must-be-preserved] This case is the most painful one for the called function. It is especially difficult for leaf functions like the one we have been considering, which do not benefit at all from the fact that other functions preserve some registers when called—they do not call any functions, but instead must preserve all registers themselves. In order to estimate the consequences of assuming $m=n=16$, we will assume that all our register machines are equipped with a stack, and with one-byte instructions $\texttt{PUSH r}(i)$ and $\texttt{POP r}(i)$, which push or pop a register into/from the stack. For example, the [three-address machine](#c-1-2-three-address-register-machine) code destroys the values in registers $\texttt{r2}$, $\texttt{r3}$, $\texttt{r6}$, and $\texttt{r7}$; this means that the code of this function must be augmented by four instructions $\texttt{PUSH r2}$; $\texttt{PUSH r3}$; $\texttt{PUSH r6}$; $\texttt{PUSH r7}$ at the beginning, and by four instructions $\texttt{POP r7}$; $\texttt{POP r6}$; $\texttt{POP r3}$; $\texttt{POP r2}$ right before the $\texttt{RET}$ instruction, in order to restore the original values of these registers from the stack. These four additional $\texttt{PUSH}$/$\texttt{POP}$ pairs would increase the operation count and code size in bytes by $4\times 2=8$. A similar analysis can be done for other register machines as well, leading to [Table 2](#table-2). | Machine | $\mathit{r}$ | Operations | | | Code bytes | | | Opcode space | | | | --------------- | ------------ | ---------- | ----- | ----- | ---------- | ----- | --------- | ------------ | ---------- | ------- | | | | data | arith | total | data | arith | **total** | data | **arith** | total | | 3-addr. (opt.) | *4* | 8 | 11 | 20 | 8 | 22 | **31** | 32/256 | **64/256** | 97/256 | | 3-addr. (real.) | *4* | 8 | 11 | 20 | 8 | 30 | **39** | 32/256 | **34/256** | 67/256 | | 2-addr. | *5* | 14 | 11 | 26 | 18 | 22 | **41** | 33/256 | **4/256** | 38/256 | | 1-addr. | *6* | 23 | 11 | 35 | 29 | 11 | **41** | 49/256 | **64/256** | 114/256 | | stack (basic) | *0* | 16 | 11 | 28 | 16 | 11 | **28** | 64/256 | **4/256** | 69/256 | | stack (comp.) | *0* | 9 | 11 | 21 | 15 | 11 | **27** | 84/256 | **4/256** | 89/256 | **Table 2.** A summary of machine code properties for hypothetical 3-address, 2-address, 1-address, and stack machines, generated for a [sample leaf function](#c-1-1-sample-source-file-for-a-leaf-function), assuming all of the 16 registers must be preserved by called functions ($m=n=16$). The new column labeled $r$ denotes the number of registers to be saved and restored, leading to $2r$ more operations and code bytes compared to [Table 1](#table-1). Newly-added $\texttt{PUSH}$ and $\texttt{POP}$ instructions for register machines also utilize 32/256 of the opcode space. The two rows corresponding to stack machines remain unchanged. We see that under these assumptions the stack machines are the obvious winners in terms of code density, and are in the winning group with respect to extendability. ### C.2.4. Case $m = 8$, $n = 16$: registers $\texttt{r8}$ $\ldots$ $\texttt{r15}$ must be preserved [#c24-case-m--8-n--16-registers-textttr8-ldots-textttr15-must-be-preserved] The analysis of this case is similar to the previous one. The results are summarized in [Table 3](#table-3). | Machine | $\mathit{r}$ | Operations | | | Code bytes | | | Opcode space | | | | --------------- | ------------ | ---------- | ----- | ----- | ---------- | ----- | --------- | ------------ | ---------- | ------- | | | | data | arith | total | data | arith | **total** | data | **arith** | total | | 3-addr. (opt.) | *0* | 0 | 11 | 12 | 0 | 22 | **23** | 32/256 | **64/256** | 97/256 | | 3-addr. (real.) | *0* | 0 | 11 | 12 | 0 | 30 | **31** | 32/256 | **34/256** | 67/256 | | 2-addr. | *0* | 4 | 11 | 16 | 8 | 22 | **31** | 33/256 | **4/256** | 38/256 | | 1-addr. | *1* | 13 | 11 | 25 | 19 | 11 | **31** | 49/256 | **64/256** | 114/256 | | stack (basic) | *0* | 16 | 11 | 28 | 16 | 11 | **28** | 64/256 | **4/256** | 69/256 | | stack (comp.) | *0* | 9 | 11 | 21 | 15 | 11 | **27** | 84/256 | **4/256** | 89/256 | **Table 3.** A summary of machine code properties for hypothetical 3-address, 2-address, 1-address and stack machines, generated for a [sample leaf function](#c-1-1-sample-source-file-for-a-leaf-function), assuming that only the last 8 of the 16 registers must be preserved by called functions ($m=8$, $n=16$). This table is similar to [Table 2](#table-2), but has smaller values of $r$. Notice that the resulting table is very similar to [Table 1](#table-1), apart from the "Opcode space" columns and the row for the one-address machine. Therefore, the conclusions of [C.2](#c-2-comparison-of-machine-code-for-sample-leaf-function) still apply in this case, with some minor modifications. We must emphasize, however, that *these conclusions are valid only for leaf functions, i.e., functions that do not call other functions*. Any program aside from the very simplest will have many non-leaf functions, especially if we are minimizing resulting machine code size (which prevents inlining of functions in most cases). ### C.2.5. A fairer comparison using a binary code instead of a byte code [#c25-a-fairer-comparison-using-a-binary-code-instead-of-a-byte-code] The reader may have noticed that our preceding discussion of $k$-address register machines and stack machines depended very much on our insistence that complete instructions be encoded by an integer number of bytes. If we had been allowed to use a "bit" or "binary code" instead of a byte code for encoding instructions, we could more evenly balance the opcode space used by different machines. For instance, the opcode of `SUB` for a three-address machine had to be either 4-bit (good for code density, bad for opcode space) or 12-bit (very bad for code density), because the complete instruction has to occupy a multiple of eight bits (e.g., 16 or 24 bits), and $3\cdot 4=12$ of those bits have to be used for the three register names. Therefore, let us get rid of this restriction. Now that we can use any number of bits to encode an instruction, we can choose all opcodes of the same length for all the machines considered. For instance, all arithmetic instructions can have 8-bit opcodes, as the stack machine does, using $1/256$ of the opcode space each; then the three-address register machine will use 20 bits to encode each complete arithmetic instruction. All $\texttt{MOV}$s, $\texttt{XCHG}$s, $\texttt{PUSH}$es, and $\texttt{POP}$s on register machines can be assumed to have 4-bit opcodes, because this is what we do for the most common stack manipulation primitives on a stack machine. The results of these changes are shown in [Table 4](#table-4). We can see that the performance of the various machines is much more balanced, with the stack machine still the winner in terms of the code density, but with the three-address machine enjoying the second place it really merits. If we were to consider the decoding speed and the possibility of parallel execution of instructions, we would have to choose the three-address machine, because it uses only 12 instructions instead of 21. | Machine | $\mathit{r}$ | Operations | | | Code bytes | | | Opcode space | | | | ------------- | ------------ | ---------- | ----- | ----- | ---------- | ----- | --------- | ------------ | --------- | ------ | | | | data | arith | total | data | arith | **total** | data | **arith** | total | | 3-addr. | *0* | 0 | 11 | 12 | 0 | 27.5 | **28.5** | 64/256 | **4/256** | 69/256 | | 2-addr. | *0* | 4 | 11 | 16 | 6 | 22 | **29** | 64/256 | **4/256** | 69/256 | | 1-addr. | *1* | 13 | 11 | 25 | 16 | 16.5 | **32.5** | 64/256 | **4/256** | 69/256 | | stack (basic) | *0* | 16 | 11 | 28 | 16 | 11 | **28** | 64/256 | **4/256** | 69/256 | | stack (comp.) | *0* | 9 | 11 | 21 | 15 | 11 | **27** | 84/256 | **4/256** | 89/256 | **Table 4.** A summary of machine code properties for hypothetical 3-address, 2-address, 1-address and stack machines, generated for a [sample leaf function](#c-1-1-sample-source-file-for-a-leaf-function), assuming that only 8 of the 16 registers must be preserved by functions ($m=8$, $n=16$). This time we can use fractions of bytes to encode instructions, so as to match opcode space used by different machines. All arithmetic instructions have 8-bit opcodes, all data/stack manipulation instructions have 4-bit opcodes. In other respects this table is similar to [Table 3](#table-3). *** ## C.3 Sample non-leaf function [#c3---sample-non-leaf-function] This section compares the machine code for different register machines for a sample non-leaf function. Again, we assume that either $m=0$, $m=8$, or $m=16$ registers are preserved by called functions, with $m=8$ representing the compromise made by most modern compilers and operating systems. ### C.3.1. Sample source code for a non-leaf function [#c31-sample-source-code-for-a-non-leaf-function] A sample source file may be obtained by replacing the built-in integer type with a custom *Rational* type, represented by a pointer to an object in memory, in our function for solving systems of [two linear equations](#c-1-1-sample-source-file-for-a-leaf-function): ``` struct Rational; typedef struct Rational *num; extern num r_add(num, num); extern num r_sub(num, num); extern num r_mul(num, num); extern num r_div(num, num); (num, num) r_f(num a, num b, num c, num d, num e, num f) { num D = r_sub(r_mul(a, d), r_mul(b, c)); // a*d-b*c num Dx = r_sub(r_mul(e, d), r_mul(b, f)); // e*d-b*f num Dy = r_sub(r_mul(a, f), r_mul(e, c)); // a*f-e*c return (r_div(Dx, D), r_div(Dy, D)); // Dx/D, Dy/D } ``` We will ignore all questions related to allocating new objects of type *Rational* in memory (e.g., in heap), and to preventing memory leaks. We may assume that the called subroutines $\texttt{r\_sub}$, $\texttt{r\_mul}$, and so on allocate new objects simply by advancing some pointer in a pre-allocated buffer, and that unused objects are later freed by a garbage collector, external to the code being analysed. Rational numbers will now be represented by pointers, addresses, or references, which will fit into registers of our hypothetical register machines or into the stack of our stack machines. If we want to use TVM as an instance of these stack machines, we should use values of type *Cell* to represent such references to objects of type *Rational* in memory. We assume that subroutines (or functions) are called by a special $\texttt{CALL}$ instruction, which is encoded by three bytes, including the specification of the function to be called (e.g., the index in a "global function table"). ### C.3.2. Three-address and two-address register machines, $m=0$ preserved registers [#c32-three-address-and-two-address-register-machines-m0-preserved-registers] Because our sample function does not use built-in arithmetic instructions at all, compilers for our hypothetical three-address and two-address register machines will produce the same machine code. Apart from the previously introduced $\texttt{PUSH r}(i)$ and $\texttt{POP r}(i)$ one-byte instructions, we assume that our two- and three-address machines support the following two-byte instructions: $\texttt{MOV r}(i)\texttt{,s}(j)$, $\texttt{MOV s}(j)\texttt{,r}(i)$, and $\texttt{XCHG r}(i)\texttt{,s}(j)$, for $0\leq i,j\leq 15$. Such instructions occupy only 3/256 of the opcode space, so their addition seems quite natural. We first assume that $m=0$ (i.e., that all subroutines are free to destroy the values of all registers). In this case, our machine code for $\texttt{r\_f}$ does not have to preserve any registers, but has to save all registers containing useful values into the stack before calling any subroutines. A size-optimizing compiler might produce the following code: ``` PUSH r4 // STACK: e PUSH r1 // STACK: e b PUSH r0 // .. e b a PUSH r6 // .. e b a f PUSH r2 // .. e b a f c PUSH r3 // .. e b a f c d MOV r0,r1 // b MOV r1,r2 // c CALL r_mul // bc PUSH r0 // .. e b a f c d bc MOV r0,s4 // a MOV r1,s1 // d CALL r_mul // ad POP r1 // bc; .. e b a f c d CALL r_sub // D:=ad-bc XCHG r0,s4 // b ; .. e D a f c d MOV r1,s2 // f CALL r_mul // bf POP r1 // d ; .. e D a f c PUSH r0 // .. e D a f c bf MOV r0,s5 // e CALL r_mul // ed POP r1 // bf; .. e D a f c CALL r_sub // Dx:=ed-bf XCHG r0,s4 // e ; .. Dx D a f c POP r1 // c ; .. Dx D a f CALL r_mul // ec XCHG r0,s1 // a ; .. Dx D ec f POP r1 // f ; .. Dx D ec CALL r_mul // af POP r1 // ec; .. Dx D CALL r_sub // Dy:=af-ec XCHG r0,s1 // Dx; .. Dy D MOV r1,s0 // D CALL r_div // x:=Dx/D XCHG r0,s1 // Dy; .. x D POP r1 // D ; .. x CALL r_div // y:=Dy/D MOV r1,r0 // y POP r0 // x ; .. RET ``` We have used 41 instructions: 17 one-byte (eight $\texttt{PUSH}$/$\texttt{POP}$ pairs and one $\texttt{RET}$), 13 two-byte ($\texttt{MOV}$ and $\texttt{XCHG}$; out of them 11 "new" ones, involving the stack), and 11 three-byte ($\texttt{CALL}$), for a total of $17\cdot1+13\cdot2+11\cdot3=76$ bytes.^[32](#fn32) ### C.3.3. Three-address and two-address register machines, $m=8$ preserved registers [#c33-three-address-and-two-address-register-machines-m8-preserved-registers] Now we have eight registers, $\texttt{r8}$ to $\texttt{r15}$, that are preserved by subroutine calls. We might keep some intermediate values there instead of pushing them into the stack. However, the penalty for doing so consists in a $\texttt{PUSH}$/$\texttt{POP}$ pair for every such register that we choose to use, because our function is also required to preserve its original value. It seems that using these registers under such a penalty does not improve the density of the code, so the optimal code for three- and two-address machines for $m=8$ [preserved registers](#c-3-2-three-address-and-two-address-register-machines,-preserved-registers) is the same, with a total of 42 instructions and 74 code bytes. ### C.3.4. Three-address and two-address register machines, $m=16$ preserved registers [#c34-three-address-and-two-address-register-machines-m16-preserved-registers] This time *all* registers must be preserved by the subroutines, excluding those used for returning the results. This means that our code must preserve the original values of $\texttt{r2}$ to $\texttt{r5}$, as well as any other registers it uses for temporary values. A straightforward way of writing the code of our subroutine would be to push registers $\texttt{r2}$ up to, say, $\texttt{r8}$ into the stack, then perform all the operations required, using $\texttt{r6}$—$\texttt{r8}$ for intermediate values, and finally restore registers from the stack. However, this would not optimize code size. We choose another approach: ``` PUSH r0 // STACK: a PUSH r1 // STACK: a b MOV r0,r1 // b MOV r1,r2 // c CALL r_mul // bc PUSH r0 // .. a b bc MOV r0,s2 // a MOV r1,r3 // d CALL r_mul // ad POP r1 // bc; .. a b CALL r_sub // D:=ad-bc XCHG r0,s0 // b; .. a D MOV r1,r5 // f CALL r_mul // bf PUSH r0 // .. a D bf MOV r0,r4 // e MOV r1,r3 // d CALL r_mul // ed POP r1 // bf; .. a D CALL r_sub // Dx:=ed-bf XCHG r0,s1 // a ; .. Dx D MOV r1,r5 // f CALL r_mul // af PUSH r0 // .. Dx D af MOV r0,r4 // e MOV r1,r2 // c CALL r_mul // ec MOV r1,r0 // ec POP r0 // af; .. Dx D CALL r_sub // Dy:=af-ec XCHG r0,s1 // Dx; .. Dy D MOV r1,s0 // D CALL r_div // x:=Dx/D XCHG r0,s1 // Dy; .. x D POP r1 // D ; .. x CALL r_div // y:=Dy/D MOV r1,r0 // y POP r0 // x RET ``` We have used 39 instructions: 11 one-byte, 17 two-byte (among them 5 "new" instructions), and 11 three-byte, for a total of $11\cdot1+17\cdot2+11\cdot3=78$ bytes. Somewhat paradoxically, the code size in bytes is slightly longer than in the [previous case](#c-3-2-three-address-and-two-address-register-machines,-preserved-registers), contrary to what one might have expected. This is partially due to the fact that we have assumed two-byte encodings for "new" $\texttt{MOV}$ and $\texttt{XCHG}$ instructions involving the stack, similarly to the "old" instructions. Most existing architectures (such as x86-64) use longer encodings (maybe even twice as long) for their counterparts of our "new" move and exchange instructions compared to the "usual" register-register ones. Taking this into account, we see that we would have obtained here 83 bytes (versus 87 for the [code](#c-3-2-three-address-and-two-address-register-machines,-preserved-registers)) assuming three-byte encodings of new operations, and 88 bytes (versus 98) assuming four-byte encodings. This shows that, for two-address architectures without optimized encodings for register-stack move and exchange operations, $m=16$ preserved registers might result in slightly shorter code for some non-leaf functions, at the expense of leaf functions [C.2.3](#c-2-3-case-%3A-all-registers-must-be-preserved) and [C.2.4](#c-2-4-case-%2C-%3A-registers-must-be-preserved), which would become considerably longer. ### C.3.5. One-address register machine, $m=0$ preserved registers [#c35-one-address-register-machine-m0-preserved-registers] For our one-address register machine, we assume that new register-stack instructions work through the accumulator only. Therefore, we have three new instructions, $\texttt{LD s}(j)$ (equivalent to $\texttt{MOV r0,s}(j)$ of two-address machines), $\texttt{ST s}(j)$ (equivalent to $\texttt{MOV s}(j)\texttt{,r0}$), and $\texttt{XCHG s}(j)$ (equivalent to $\texttt{XCHG r0,s}(j)$). To make the comparison with two-address machines more interesting, we assume one-byte encodings for these new instructions, even though this would consume $48/256=3/16$ of the opcode space. By adapting the [code](#c-3-2-three-address-and-two-address-register-machines%2C-preserved-registers) to the one-address machine, we obtain the following: ``` PUSH r4 // STACK: e PUSH r1 // STACK: e b PUSH r0 // .. e b a PUSH r6 // .. e b a f PUSH r2 // .. e b a f c PUSH r3 // .. e b a f c d LD s1 // r0:=c XCHG r1 // r0:=b, r1:=c CALL r_mul // bc PUSH r0 // .. e b a f c d bc LD s1 // d XCHG r1 // r1:=d LD s4 // a CALL r_mul // ad POP r1 // bc; .. e b a f c d CALL r_sub // D:=ad-bc XCHG s4 // b ; .. e D a f c d XCHG r1 LD s2 // f XCHG r1 // r0:=b, r1:=f CALL r_mul // bf POP r1 // d ; .. e D a f c PUSH r0 // .. e D a f c bf LD s5 // e CALL r_mul // ed POP r1 // bf; .. e D a f c CALL r_sub // Dx:=ed-bf XCHG s4 // e ; .. Dx D a f c POP r1 // c ; .. Dx D a f CALL r_mul // ec XCHG s1 // a ; .. Dx D ec f POP r1 // f ; .. Dx D ec CALL r_mul // af POP r1 // ec; .. Dx D CALL r_sub // Dy:=af-ec XCHG s1 // Dx; .. Dy D POP r1 // D ; .. Dy PUSH r1 // .. Dy D CALL r_div // x:=Dx/D XCHG s1 // Dy; .. x D POP r1 // D ; .. x CALL r_div // y:=Dy/D XCHG r1 // r1:=y POP r0 // r0:=x ; .. RET ``` We have used 45 instructions: 34 one-byte and 11 three-byte, for a total of 67 bytes. Compared to the 76 bytes used by [two- and three-address machines](#c-3-2-three-address-and-two-address-register-machines%2C-preserved-registers), we see that, again, the one-address register machine code may be denser than that of two-register machines, at the expense of utilizing more [opcode space](#c-2-comparison-of-machine-code-for-sample-leaf-function). However, this time the extra 3/16 of the opcode space was used for data manipulation instructions, which do not depend on specific arithmetic operations or user functions invoked. ### C.3.6. One-address register machine, $m=8$ preserved registers [#c36-one-address-register-machine-m8-preserved-registers] As explained [above](#c-3-3-three-address-and-two-address-register-machines%2C-preserved-registers), the preservation of $\texttt{r8}$—$\texttt{r15}$ between subroutine calls does not improve the size of our previously written code, so the one-address machine will use for $m=8$ the same [code](#c-3-5-one-address-register-machine%2C-preserved-registers). ### C.3.7. One-address register machine, $m=16$ preserved registers [#c37-one-address-register-machine-m16-preserved-registers] We simply adapt the [code](#c-3-4-three-address-and-two-address-register-machines%2C-preserved-registers) to the one-address register machine: ``` PUSH r0 // STACK: a PUSH r1 // STACK: a b MOV r0,r1 // b MOV r1,r2 // c CALL r_mul // bc PUSH r0 // .. a b bc LD s2 // a MOV r1,r3 // d CALL r_mul // ad POP r1 // bc; .. a b CALL r_sub // D:=ad-bc XCHG s0 // b; .. a D MOV r1,r5 // f CALL r_mul // bf PUSH r0 // .. a D bf MOV r0,r4 // e MOV r1,r3 // d CALL r_mul // ed POP r1 // bf; .. a D CALL r_sub // Dx:=ed-bf XCHG s1 // a ; .. Dx D MOV r1,r5 // f CALL r_mul // af PUSH r0 // .. Dx D af MOV r0,r4 // e MOV r1,r2 // c CALL r_mul // ec MOV r1,r0 // ec POP r0 // af; .. Dx D CALL r_sub // Dy:=af-ec XCHG s1 // Dx; .. Dy D POP r1 // D ; .. Dy PUSH r1 // .. Dy D CALL r_div // x:=Dx/D XCHG s1 // Dy; .. x D POP r1 // D ; .. x CALL r_div // y:=Dy/D MOV r1,r0 // y POP r0 // x RET ``` We have used 40 instructions: 18 one-byte, 11 two-byte, and 11 three-byte, for a total of $18\cdot1+11\cdot2+11\cdot3=73$ bytes. ### C.3.8. Stack machine with basic stack primitives [#c38-stack-machine-with-basic-stack-primitives] We reuse the [code](#c-1-5-stack-machine-with-basic-stack-primitives), simply replacing arithmetic primitives (VM instructions) with subroutine calls. The only substantive modification is the insertion of the previously optional $\texttt{XCHG s1}$ before the third multiplication, because even an optimizing compiler cannot now know whether $\texttt{CALL r\_mul}$ is a commutative operation. We have also used the "tail recursion optimization" by replacing the final $\texttt{CALL r\_div}$ followed by $\texttt{RET}$ with $\texttt{JMP r\_div}$. ``` PUSH s5 // a b c d e f a PUSH s3 // a b c d e f a d CALL r_mul // a b c d e f ad PUSH s5 // a b c d e f ad b PUSH s5 // a b c d e f ad b c CALL r_mul // a b c d e f ad bc CALL r_sub // a b c d e f ad-bc XCHG s3 // a b c ad-bc e f d PUSH s2 // a b c ad-bc e f d e XCHG s1 // a b c ad-bc e f e d CALL r_mul // a b c ad-bc e f ed XCHG s5 // a ed c ad-bc e f b PUSH s1 // a ed c ad-bc e f b f CALL r_mul // a ed c ad-bc e f bf XCHG s1,s5 // a f c ad-bc e ed bf CALL r_sub // a f c ad-bc e ed-bf XCHG s3 // a f ed-bf ad-bc e c CALL r_mul // a f ed-bf ad-bc ec XCHG s3 // a ec ed-bf ad-bc f XCHG s1,s4 // ad-bc ec ed-bf a f CALL r_mul // D ec Dx af XCHG s1 // D ec af Dx XCHG s2 // D Dx af ec CALL r_sub // D Dx Dy XCHG s1 // D Dy Dx PUSH s2 // D Dy Dx D CALL r_div // D Dy x XCHG s2 // x Dy D JMP r_div // x y ``` We have used 29 instructions; assuming one-byte encodings for all stack operations, and three-byte encodings for $\texttt{CALL}$ and $\texttt{JMP}$ instructions, we end up with 51 bytes. ### C.3.9. Stack machine with compound stack primitives [#c39-stack-machine-with-compound-stack-primitives] We again reuse the [code](#c-1-7-stack-machine-with-compound-stack-primitives-and-manually-optimized-code), replacing arithmetic primitives with subroutine calls and making the tail recursion optimization: ``` PUSH2 s5,s2 // a b c d e f a d CALL r_mul // a b c d e f ad PUSH2 s5,s4 // a b c d e f ad b c CALL r_mul // a b c d e f ad bc CALL r_sub // a b c d e f ad-bc PUXC s2,s3 // a b c ad-bc e f e d CALL r_mul // a b c D e f ed XCHG3 s6,s0,s5 // (same as XCHG s2,s6; XCHG s1,s0; XCHG s0,s5) // e f c D a ed b PUSH s5 // e f c D a ed b f CALL r_mul // e f c D a ed bf CALL r_sub // e f c D a ed-bf XCHG s4 // e Dx c D a f CALL r_mul // e Dx c D af XCHG2 s4,s2 // D Dx af e c CALL r_mul // D Dx af ec CALL r_sub // D Dx Dy XCPU s1,s2 // D Dy Dx D CALL r_div // D Dy x XCHG s2 // x Dy D JMP r_div // x y ``` This code uses only 20 instructions, 9 stack-related and 11 control flow-related ($\texttt{CALL}$ and $\texttt{JMP}$), for a total of 48 bytes. ## C.4 Comparison of machine code for sample non-leaf function [#c4---comparison-of-machine-code-for-sample-non-leaf-function] [Table 5](#table-5) summarizes the properties of machine code corresponding to the [same source file](#c-3-1-sample-source-code-for-a-non-leaf-function). We consider only the "realistically" encoded three-address machines. Three-address and two-address machines have the same code density properties, but differ in the utilization of opcode space. The one-address machine, somewhat surprisingly, managed to produced shorter code than the two-address and three-address machines, at the expense of using up more than half of all opcode space. The stack machine is the obvious winner in this code density contest, without compromizing its excellent extendability (measured in opcode space used for arithmetic and other data transformation instructions). | Machine | $m$ | **Operations** | | | **Code bytes** | | | **Opcode space** | | | | ------------- | ----- | -------------- | ----- | ----- | -------------- | ----- | --------- | ---------------- | ---------- | ------- | | | | data | cont. | total | data | cont. | **total** | data | **arith** | total | | 3-addr. | *0,8* | 29 | 12 | 41 | 42 | 34 | **76** | 35/256 | **34/256** | 72/256 | | | *16* | 27 | 12 | 39 | 44 | 34 | **78** | | | | | 2-addr. | *0,8* | 29 | 12 | 41 | 42 | 34 | **76** | 37/256 | **4/256** | 44/256 | | | *16* | 27 | 12 | 39 | 44 | 34 | **78** | | | | | 1-addr. | *0,8* | 33 | 12 | 45 | 33 | 34 | **67** | 97/256 | **64/256** | 164/256 | | | *16* | 28 | 12 | 40 | 39 | 34 | **73** | | | | | stack (basic) | $-$ | 18 | 11 | 29 | 18 | 33 | **51** | 64/256 | **4/256** | 71/256 | | stack (comp.) | $-$ | 9 | 11 | 20 | 15 | 33 | **48** | 84/256 | **4/256** | 91/256 | **Table 5**: A summary of machine code properties for hypothetical 3-address, 2-address, 1-address, and stack machines, generated for a [sample non-leaf function](#c-3-1-sample-source-code-for-a-non-leaf-function), assuming $m$ of the 16 registers must be preserved by called subroutines. ### C.4.1. Combining with results for leaf functions [#c41-combining-with-results-for-leaf-functions] It is instructive to compare this table with the results in [C.2](#c-2-comparison-of-machine-code-for-sample-leaf-function) for a sample leaf function, summarized in [Table 1](#table-1) (for $m=0$ preserved registers) and the very similar [Table 3](#table-3) (for $m=8$ preserved registers), and, if one is still interested in case $m=16$ (which turned out to be worse than $m=8$ in almost all situations), also to [Table 2](#table-2). We see that the stack machine beats all register machines on non-leaf functions. As for the leaf functions, only the three-address machine with the "optimistic" encoding of arithmetic instructions was able to beat the stack machine, winning by 15%, by compromising its extendability. However, the same three-address machine produces 25% longer code for non-leaf functions. If a typical program consists of a mixture of leaf and non-leaf functions in approximately equal proportion, then the stack machine will still win. ### C.4.2. A fairer comparison using a binary code instead of a byte code [#c42-a-fairer-comparison-using-a-binary-code-instead-of-a-byte-code] Similarly to [C.2.5](#c-2-5-a-fairer-comparison-using-a-binary-code-instead-of-a-byte-code), we may offer a fairer comparison of different register machines and the stack machine by using arbitrary binary codes instead of byte codes to encode instructions, and matching the opcode space used for data manipulation and arithmetic instructions by different machines. The results of this modified comparison are summarized in [Table 6](#table-6). We see that the stack machines still win by a large margin, while using less opcode space for stack/data manipulation. | Machine | $m$ | **Operations** | | | **Code bytes** | | | **Opcode space** | | | | ------------- | ----- | -------------- | ----- | ----- | -------------- | ----- | --------- | ---------------- | --------- | ------- | | | | data | cont. | total | data | cont. | **total** | data | **arith** | total | | 3-addr. | *0,8* | 29 | 12 | 41 | 35.5 | 34 | **69.5** | 110/256 | **4/256** | 117/256 | | | *16* | 27 | 12 | 39 | 35.5 | 34 | **69.5** | | | | | 2-addr. | *0,8* | 29 | 12 | 41 | 35.5 | 34 | **69.5** | 110/256 | **4/256** | 117/256 | | | *16* | 27 | 12 | 39 | 35.5 | 34 | **69.5** | | | | | 1-addr. | *0,8* | 33 | 12 | 45 | 33 | 34 | **67** | 112/256 | **4/256** | 119/256 | | | *16* | 28 | 12 | 40 | 33.5 | 34 | **67.5** | | | | | stack (basic) | $-$ | 18 | 11 | 29 | 18 | 33 | **51** | 64/256 | **4/256** | 71/256 | | stack (comp.) | $-$ | 9 | 11 | 20 | 15 | 33 | **48** | 84/256 | **4/256** | 91/256 | **Table 6**: A summary of machine code properties for hypothetical 3-address, 2-address, 1-address, and stack machines, generated for a [sample non-leaf function](#c-3-1-sample-source-code-for-a-non-leaf-function), assuming $m$ of the 16 registers must be preserved by called subroutines. This time we use fractions of bytes to encode instructions, enabling a fairer comparison. Otherwise, this table is similar to [Table 5](#table-5). ### C.4.3. Comparison with real machines [#c43-comparison-with-real-machines] Note that our hypothetical register machines have been considerably optimized to produce shorter code than actually existing register machines; the latter are subject to other design considerations apart from code density and extendability, such as backward compatibility, faster instruction decoding, parallel execution of neighboring instructions, ease of automatically producing optimized code by compilers, and so on. For example, the very popular two-address register architecture x86-64 produces code that is approximately twice as long as our "ideal" results for the two-address machines. On the other hand, our results for the stack machines are directly applicable to TVM, which has been explicitly designed with the considerations presented in this appendix in mind. Furthermore, the actual TVM code is even *shorter* (in bytes) than shown in [Table 5](#table-5) because of the presence of the two-byte $\texttt{CALL}$ instruction, allowing TVM to call up to 256 user-defined functions from the dictionary at $\texttt{c3}$. This means that one should subtract 10 bytes from the results for stack machines in [Table 5](#table-5) if one wants to specifically consider TVM, rather than an abstract stack machine; this produces a code size of approximately 40 bytes (or shorter), almost half that of an abstract two-address or three-address machine. ### C.4.4. Automatic generation of optimized code [#c44-automatic-generation-of-optimized-code] An interesting point is that the stack machine code in our samples might have been generated automatically by a very simple optimizing compiler, which rearranges values near the top of the stack appropriately before invoking each primitive or calling a function as explained in [2.2.2](#2-2-2-basic-stack-manipulation-primitives-suffice) and [2.2.5](#2-2-5-semantics-of-compound-stack-operations). The only exception is the unimportant [manual](#c-1-7-stack-machine-with-compound-stack-primitives-and-manually-optimized-code) $\texttt{XCHG3}$ optimization, which enabled us to shorten the code by one more byte. By contrast, the heavily optimized (with respect to size) code for register machines shown in [C.3.2](#c-3-2-three-address-and-two-address-register-machines%2C-preserved-registers) and [C.3.3](#c-3-3-three-address-and-two-address-register-machines%2C-preserved-registers) is unlikely to be produced automatically by an optimizing compiler. Therefore, if we had compared compiler-generated code instead of manually-generated code, the advantages of stack machines with respect to code density would have been even more striking. ## References [#references] \[1] N. Durov, *Telegram Open Network*, 2017. ## Footnotes [#footnotes] **1** For example, there are no floating-point arithmetic operations (which could be efficiently implemented using hardware-supported *double* type on most modern CPUs) present in TVM, because the result of performing such operations is dependent on the specific underlying hardware implementation and rounding mode settings. Instead, TVM supports special integer arithmetic operations, which can be used to simulate fixed-point arithmetic if needed. [Back ↑](#ref-fn1) **2** The production version will likely require some tweaks and modifications prior to launch, which will become apparent only after using the experimental version in the test environment for some time. [Back ↑](#ref-fn2) **3** A high-level smart-contract language might create a visibility of variables for the ease of programming; however, the high-level source code working with variables will be translated into TVM machine code keeping all the values of these variables in the TVM stack. [Back ↑](#ref-fn3) **4** In the TON Blockchain context, `c7` is initialized with a singleton *Tuple*, the only component of which is a *Tuple* containing blockchain-specific data. The smart contract is free to modify `c7` to store its temporary data provided the first component of this *Tuple* remains intact. [Back ↑](#ref-fn4) **5** Strictly speaking, there is also the current *library context*, which consists of a dictionary with 256-bit keys and cell values, used to load library reference cells of [Types of exotic cells](#3-1-7-types-of-exotic-cells). [Back ↑](#ref-fn5) **6** Our inclusion of `r0` here creates a minor conflict with our assumption that the accumulator register, if present, is also `r0`; for simplicity, we will resolve this problem by assuming that the first argument to a function is passed in the accumulator. [Back ↑](#ref-fn6) **7** For instance, if one writes a function for extracting square roots, this function will always accept its argument and return its result in the same registers, in contrast with a hypothetical built-in square root instruction, which could allow the programmer to arbitrarily choose the source and destination registers. Therefore, a user-defined function is tremendously less flexible than a built-in instruction on a register machine. [Back ↑](#ref-fn7) **8** Of course, if the second option is used, this will destroy the original arrangement of $x$ in the top of the stack. In this case, one should either issue a `SWAP` before `XCHG s(j')`, or replace the previous operation `XCHG s(i)` with `XCHG s1, s(i)`, so that $x$ is exchanged with `s1` from the beginning. [Back ↑](#ref-fn8) **9** Notice that the most common `XCHG s(i)` operation is not really required here if we do not insist on keeping the same temporary value or variable always in the same stack location, but rather keep track of its subsequent locations. We will move it to some other location while preparing the arguments to the next primitive or function call. [Back ↑](#ref-fn9) **10** An alternative, arguably better, translation of `PU`$O'$ `s(i_1)`,...,`s(i_γ)` consists of the translation of $O'$ `s(i_2)`,...,`s(i_γ)`, followed by `PUSH s(i_1+α-1)`; `XCHG s(γ-1)`. [Back ↑](#ref-fn10) **11** From the perspective of low-level cell operations, these data bits and cell references are not intermixed. In other words, an (ordinary) cell essentially is a couple consisting of a list of up to 1023 bits and of a list of up to four cell references, without prescribing an order in which the references and the data bits should be deserialized, even though TL-B schemes appear to suggest such an order. [Back ↑](#ref-fn11) **12** From a theoretical perspective, we might say that a cell $c$ has an infinite sequence of hashes $(\text{Hash}_i(c))_{i\geq1}$, which eventually stabilizes: $\text{Hash}_i(c)\to\text{Hash}_\infty(c)$. Then the level $l$ is simply the largest index $i$, such that $\text{Hash}_i(c)\neq\text{Hash}_\infty(c)$. [Back ↑](#ref-fn12) **13** A pruned branch cell $c'$ of level $l$ is *bound* by a Merkle (proof or update) cell $c$ if there are exactly $l$ Merkle cells on the path from $c$ to its descendant $c'$, including $c$. [Back ↑](#ref-fn13) **14** Negative numbers are represented using two's complement. For instance, integer $-17$ is serialized by instruction `STI 8` into bitstring `xEF`. [Back ↑](#ref-fn14) **15** A description of an older version of TL may be found at [https://core.telegram.org/mtproto/TL](https://core.telegram.org/mtproto/TL). [Back ↑](#ref-fn15) **16** The field's name is useful for representing values of the type being defined in human-readable form, but it does not affect the binary serialization. [Back ↑](#ref-fn16) **17** This is the "linear negation" operation $(-)^\perp$ of linear logic, hence our notation `~`. [Back ↑](#ref-fn17) **18** In fact, $f$ may receive $m$ extra arguments and return $m$ modified values, which are passed to the next invocation of $f$. This may be used to implement "map" and "reduce" operations with dictionaries. [Back ↑](#ref-fn18) **19** Versions of this operation may be introduced where $f$ and $g$ receive an additional bitstring argument, equal to the key (for leaves) or to the common prefix of all keys (for forks) in the corresponding subtree. [Back ↑](#ref-fn19) **20** If there are no bits of data left in `code`, but there is still exactly one reference, an implicit `JMP` to the cell at that reference is performed instead of an implicit `RET`. [Back ↑](#ref-fn20) **21** Technically, TVM may simply invoke a virtual method `run()` of the continuation currently in `cc`. [Back ↑](#ref-fn21) **22** The already used savelist `cc.save` of the new `cc` is emptied before the execution starts. [Back ↑](#ref-fn22) **23** The implementation of `REPEAT` involves an extraordinary continuation that remembers the remaining number of iterations, the body of the loop $c$, and the return continuation $c'$. (The latter term represents the remainder of the body of the function that invoked `REPEAT`, which would be normally stored in `c0` of the new `cc`.) [Back ↑](#ref-fn23) **24** An important point here is that the tree of cells representing a TVM program cannot have cyclic references, so using `CALLREF` along with a reference to a cell higher up the tree would not work. [Back ↑](#ref-fn24) **25** This is not exactly true. A more precise statement is that usually the codepage of the newly-created continuation is a known function of the current codepage. [Back ↑](#ref-fn25) **26** This is another important mechanism of backward compatibility. All values of newly-added types, as well as values belonging to extended original types that do not belong to the original types (e.g., 513-bit integers that do not fit into 257 bits in the example above), are treated by all instructions (except stack manipulation instructions, which are naturally polymorphic, [Polymorphism of stack manipulation primitives](#2-3-3-polymorphism-of-stack-manipulation-primitives)) in the old codepages as "values of incorrect type", and generate type-checking exceptions accordingly. [Back ↑](#ref-fn26) **27** If the cell dumps are hexadecimal, encodings consisting of an integral number of hexadecimal digits (i.e., having length divisible by four bits) might be equally convenient. [Back ↑](#ref-fn27) **28** Notice that it is the probability of occurrence in the code that counts, not the probability of being executed. An instruction occurring in the body of a loop executed a million times is still counted only once. [Back ↑](#ref-fn28) **29** Notice that any modifications after launch cannot be done unilaterally; rather they would require the support of at least two-thirds of validators. [Back ↑](#ref-fn29) **30** The preliminary version of TVM does not use codepage -2 for this purpose. This may change in the future. [Back ↑](#ref-fn30) **31** It is interesting to compare this code with that generated by optimizing C compilers for the x86-64 architecture. First of all, the integer division operation for x86-64 uses the one-address form, with the (double-length) dividend to be supplied in accumulator pair `r2:r0`. The quotient is also returned in `r0`. As a consequence, two single-to-double extension operations (`CDQ` or `CQO`) and at least one move operation need to be added. Secondly, the encoding used for arithmetic and move operations is less optimistic than in our example above, requiring about three bytes per operation on average. As a result, we obtain a total of 43 bytes for 32-bit integers, and 68 bytes for 64-bit integers. [Back ↑](#ref-fn31) **32** Code produced for this function by an optimizing compiler for x86-64 architecture with size-optimization enabled actually occupied 150 bytes, due mostly to the fact that actual instruction encodings are about twice as long as we had optimistically assumed. [Back ↑](#ref-fn32) # Builders and Slices (/blockchain-basics/tvm/builders-and-slices) In TVM, the `Cell` type contains only metadata of the cell: level, hashes, and depths. To read actual data, TVM need to *load* cell from celldb, key-value storage of the node, which stores cells by their representation hashes. [`CTOS`](/blockchain-basics/tvm/instructions#d0-ctos) instruction loads a cell by its metadata from `Cell` type, and provides a `Slice`, a read-only wrapper for the cell's content. To simplify coding cell deserializers in smart contracts, instead of behaving like a simple bit/ref array, `Slice` is a "read cursor": it allows loading a piece of data from the beginning of the slice, returning that data and the slice that contains remaining data. On the other hand, there is a `Builder` type, which provides a convenient way to serialize data to a cell. Only the `Cell` type can be used outside of TVM: in output actions and in persistent storage. ## Builder [#builder] Builder provides a way to construct a cell from a sequence of values of the following TVM types: integers, cells (as references), slices, and builders. Tuples, continuations, and `null` are not serializable. For example, serialize the following numbers to a cell: ``` 1 (uint4) 2 (uint4) -1 (int8) ``` First, create an empty builder using [`NEWC`](/blockchain-basics/tvm/instructions#c8-newc): ```fift Fift NEWC // returns empty builder x{} ``` Then, put a number on the stack: ```fift Fift 1 INT // stack: x{} 1 ``` And call [`STU`](/blockchain-basics/tvm/instructions#cb-stu) ("STore Unsigned integer") to store integer into builder (swapping builder and value to meet `STU` input order): ```fift Fift SWAP // stack: 1 x{} 4 STU // stack: x{0001} ``` Then, store the other two numbers: ```fift Fift 2 INT // x{0001} 2 SWAP // 2 x{0001} 4 STU // x{00010010} -1 INT // x{00010010} -1 SWAP // -1 x{00010010} 8 STI // x{0001001011111111} ``` And, finally, [`ENDC`](/blockchain-basics/tvm/instructions#c9-endc) instruction finalizes the builder to a cell. ## Slice [#slice] Slice allows reading data back from a cell, field by field. For example, deserialize bitstring `x{0001001011111111}` created above. [`CTOS`](/blockchain-basics/tvm/instructions#d0-ctos) ("Cell TO Slice") loads a `Cell` to a `Slice`. ```fift Fift // assume a cell with bitstring x{0001001011111111} is on the stack CTOS // x{0001001011111111} ``` Then, call [`LDU`](/blockchain-basics/tvm/instructions#d3-ldu) ("LoaD Unsigned integer") to read first value (`uint4`). ```fift Fift 4 LDU // 1 x{001011111111} ``` `LDU` takes the first 4 bits from a slice and creates a new slice without these 4 bits: `x{0001|001011111111}` slices into a number `0001` and a slice `x{001011111111}`. Similarly, read another two numbers: ```fift Fift 4 LDU // 1 2 x{11111111} 8 LDI // 1 2 -1 x{} ``` A common way to ensure there is no data left inside the slice is to call [`ENDS`](/blockchain-basics/tvm/instructions#d1-ends). # Continuations (/blockchain-basics/tvm/continuations) [Continuation](https://en.wikipedia.org/wiki/Continuation) is a value that contains executable code. Continuations are used whenever non-linear code execution is required: * conditions * loops * function calls * throwing and catching exceptions Continuation can be thought as "pointer to a code", with an important distinction that, unlike pointers on other machines, it's not a number. ## Ordinary continuation [#ordinary-continuation] The most common kind of continuations are the ordinary continuations, which are just code Slices, containing (the remainder of) TVM bitcode. Optionally, it can contain any of the additional parameters: * **Stack**. A list of values that will be pushed on stack before continuation is executed. * **Savelist**. A list of values for registers before continuation is executed. * **Codepage**. Bitcode version used to run this continuation. * **Number of arguments (`nargs`)**. Number of values from call-side stack to push onto new stack before continuation is executed. ## Control flow [#control-flow] ### Jumps [#jumps] The simplest way to change `cc` is to use [`JMPREF`](/blockchain-basics/tvm/instructions#db3d-jmpref) instruction. It just sets `cc` to the reference operand of `JMPREF` (stack and registers are not affected). The following rules are applied during the jump: * Initialize a new stack with the target continuation initial stack * Move `nargs` elements from the caller stack to the new stack, if the target continuation has `nargs` * If the target continuation `nargs` is not defined, move all elements from the caller stack to the new stack * Pop register values from target continuation savelist Due to the limitation of the `Cell` type, one continuation can contain no more than 1023 bits of bitcode. To execute longer functions, we could pass `JMPREF` as a last instruction, which will continue execution of a function in a new continuation. ```fift Fift // some instructions <{ // next instructions that exceed the 1023-bit limit are placed in a child cell }> JMPREF ``` To simplify things, TVM has an *implicit jump* mechanism, which automatically jumps to the next reference of `cc` when there are no more instructions to execute. ### Calls [#calls] *Call* is a special type of jump, which also saves `cc` to `c0`, so the callee can pass execution back to the caller. That is how [`CALLREF`](/blockchain-basics/tvm/instructions#db3c-callref) works. ```fift Fift 2 PUSHINT 3 PUSHINT <{ ADD }> CALLREF // returns 5 ``` After `ADD` is executed, there are no more instructions to execute in `cc`, and also no references for implicit jumps. *Implicit return* sets `cc` back to `c0`, which was a previous `cc`. Let's look at the *composition* of continuations which `CALLREF` produces: During the call, the remaining of the current continuation is saved to `c0`. Also, current `c0` is pushed to the savelist of `cc` to restore its original value after return. If we would call function `f1`, then call `f2` inside `f1` and `f3` inside `f2`, there will be a callstack formed by savelists of continuations: `c0` value inside `f3` can be represented as `(rest of f2) ◦0 (rest of f1) ◦0 (rest of the caller)`. `a ◦i b` is a continuation composition operator, which saves continuation `b` as a c_i register of continuation `b`, so, we can say that `b` is executed after `a` by register c_i. ## Extraordinary continuations [#extraordinary-continuations] ### Quit [#quit] **TL-B**: `vmc_quit$1000 exit_code:int32 = VmCont` Exits TVM with `exit_code`. During [initialization of TVM](/blockchain-basics/tvm/initialization), `c0` is set to `Quit(0)`, and `c1` to `Quit(1)`. ### ExcQuit [#excquit] **TL-B**: `vmc_quit_exc$1001 = VmCont` Default exception handler. Terminates TVM with exception code popped from the stack. During [initialization of TVM](/blockchain-basics/tvm/initialization), `c2` is set to `ExcQuit`. ### PushInt [#pushint] **TL-B**: `vmc_pushint$1111 value:int32 next:^VmCont = VmCont` Pushes `value` on the stack and jumps to `next`. This continuation is only used in [`BOOLEVAL`](/blockchain-basics/tvm/instructions#edf9-booleval) instruction. ### Envelope [#envelope] **TL-B**: `vmc_envelope$01 cdata:VmControlData next:^VmCont = VmCont` Updates current VM state with `cdata` and jumps to `next`. ### Repeat [#repeat] **TL-B**: `vmc_repeat$10100 count:uint63 body:^VmCont after:^VmCont = VmCont` Executes `body` `count` times, then jumps to `after`. Under the hood, it just sets `body` `c0` to `Repeat(count - 1, body, after)` if `count > 0`, otherwise jumps to `after`. Used in [`REPEAT`](/blockchain-basics/tvm/instructions#e4-repeat) and variants. ### Again [#again] **TL-B**: `vmc_again$110001 body:^VmCont = VmCont` Executes `body` infinite times by setting `body` `c0` to `Again(body)`. Used in [`AGAIN`](/blockchain-basics/tvm/instructions#ea-again) and variants. ### Until [#until] **TL-B**: `vmc_until$110000 body:^VmCont after:^VmCont = VmCont` Pops bool from stack, jumps to `body` with `c0 = Until(body, after)` if bool is `false`, otherwise jumps to `after`. Used in [`UNTIL`](/blockchain-basics/tvm/instructions#e6-until) and variants. ### WhileCondition [#whilecondition] **TL-B**: `vmc_while_cond$110010 cond:^VmCont body:^VmCont after:^VmCont = VmCont` Represents a branching point of a while loop. Pops a bool from the stack, jumps to `body` with `c0 = WhileBody(cond, body, after)` if the bool is `true`, otherwise jumps to `after`. Used in [`WHILE`](/blockchain-basics/tvm/instructions#e8-while) and variants. ### WhileBody [#whilebody] **TL-B**: `vmc_while_body$110011 cond:^VmCont body:^VmCont after:^VmCont = VmCont` Represents a delayed iteration of a while loop. Jumps to `cond` with `c0 = WhileCondition(cond, body, after)`. It is assumed that the evaluation of `cond` leaves a bool at the top of the stack for the following `WhileCondition` to check. Used in [`WHILE`](/blockchain-basics/tvm/instructions#e8-while) and variants. # Exit codes (/blockchain-basics/tvm/exit-codes) An exit code is a 32-bit signed integer that indicates whether the compute or action phase of the transaction was successful. If not, it holds the code of the exception that occurred. Each transaction on TON Blockchain consists of multiple phases. An *exit code* is a 32-bit signed integer that indicates whether the [compute](#compute) or [action](#action) phase of the transaction was successful, and if not, holds the code of the exception that occurred. Each exit code represents its own exception or the resulting state of the transaction. Exit codes 0 and 1 indicate normal (successful) execution of the [compute phase](#compute). Exit (or [result](#action)) code 0 indicates normal (successful) execution of the [action phase](#action). Any other exit code indicates that a certain exception has occurred and that the transaction was not successful in one way or another, i.e., the transaction was reverted or the inbound message has bounced back. TON Blockchain reserves exit code values from 0 to 127. The range from 256 to 65535 is free for developer-defined exit codes. ## Table of exit codes [#table-of-exit-codes] The following table lists exit codes with their origin (where they can occur) and a short description for each. | Exit code | Origin | Brief description | | :----------------------------------------------------------- | :---------------------------------- | :----------------------------------------------------------------------------------------------------- | | [0](#0%3A-normal-termination) | [Compute][c] and [action][a] phases | Standard successful execution exit code. | | [1](#1%3A-alternative-termination) | [Compute phase][c] | Alternative successful execution exit code. Reserved, but does not occur. | | [2](#2%3A-stack-underflow) | [Compute phase][c] | Stack underflow. | | [3](#3%3A-stack-overflow) | [Compute phase][c] | Stack overflow. | | [4](#4%3A-integer-overflow) | [Compute phase][c] | Integer overflow. | | [5](#5%3A-integer-out-of-expected-range) | [Compute phase][c] | Range check error — an integer is out of its expected range. | | [6](#6%3A-invalid-opcode) | [Compute phase][c] | Invalid [TVM][tvm] opcode. | | [7](#7%3A-type-check-error) | [Compute phase][c] | Type check error. | | [8](#8%3A-cell-overflow) | [Compute phase][c] | Cell overflow. | | [9](#9%3A-cell-underflow) | [Compute phase][c] | Cell underflow. | | [10](#10%3A-dictionary-error) | [Compute phase][c] | Dictionary error. | | [11](#11%3A-%22unknown%22-error) | [Compute phase][c] | Described in [TVM][tvm] docs as "Unknown error, may be thrown by user programs." | | [12](#12%3A-fatal-error) | [Compute phase][c] | Fatal error. Thrown by [TVM][tvm] in situations deemed impossible. | | [13](#13%3A-out-of-gas-error) | [Compute phase][c] | Out of gas error. | | [-14](#-14%3A-out-of-gas-error) | [Compute phase][c] | Same as 13. Negative, so that it [cannot be faked](#13%3A-out-of-gas-error). | | [14](#14%3A-virtualization-error) | [Compute phase][c] | VM virtualization error. Reserved, but never thrown. | | [32](#32%3A-action-list-is-invalid) | [Action phase][a] | Action list is invalid. | | [33](#33%3A-action-list-is-too-long) | [Action phase][a] | Action list is too long. | | [34](#34%3A-invalid-or-unsupported-action) | [Action phase][a] | Action is invalid or not supported. | | [35](#35%3A-invalid-source-address-in-outbound-message) | [Action phase][a] | Invalid source address in outbound message. | | [36](#36%3A-invalid-destination-address-in-outbound-message) | [Action phase][a] | Invalid destination address in outbound message. | | [37](#37%3A-not-enough-toncoin) | [Action phase][a] | Not enough Toncoin. | | [38](#38%3A-not-enough-extra-currencies) | [Action phase][a] | Not enough extra currencies. | | [39](#39%3A-outbound-message-does-not-fit-into-cell) | [Action phase][a] | Outbound message does not fit into a cell after rewriting. | | [40](#40%3A-cannot-process-message) | [Action phase][a] | Cannot process a message — not enough funds, the message is too large, or its Merkle depth is too big. | | [41](#41%3A-library-reference-is-null) | [Action phase][a] | Library reference is null during library change action. | | [42](#42%3A-library-change-action-error) | [Action phase][a] | Library change action error. | | [43](#43%3A-library-limits-exceeded) | [Action phase][a] | Exceeded the maximum number of cells in the library or the maximum depth of the Merkle tree. | | [50](#50%3A-account-state-size-exceeded-limits) | [Action phase][a] | Account state size exceeded limits. | {/* NOTE: Some might depend on a phase; in such cases, the table entry might be: | number | [Compute][c] and [action][a] phases | Depends on the phase. */} [c]: /tvm/overview#compute-phase [a]: /tvm/overview#action-phase ## Exit codes in Blueprint projects [#exit-codes-in-blueprint-projects] In [Blueprint][bp] tests, exit codes from the [compute phase](#compute) are specified in the `exitCode` field of the object argument for the `toHaveTransaction()` method of the `expect()` matcher. The field for the [result](#action) codes (exit codes from the [action phase](#action)) in the same `toHaveTransaction()` method is called `actionResultCode`. {/* */} Additionally, one can examine the result of sending a message to a contract and discover the phases of each transaction and their values, including exit (or result) codes for the [compute phase](#compute) (or [action phase](#action)). Note that to do so, you'll have to perform a couple of type checks first: ```ts it('tests something, you name it', async () => { // Send a specific message to our contract and store the results const res = await your_contract_name.send({/* … */}); // Now, we have access to an array of executed transactions, // with the second one (index 1) being the one we look for const tx = res.transactions[1]!; // To do something useful with it, let's ensure that its type is 'generic' // and that the compute phase in it wasn't skipped if (tx.description.type === "generic" && tx.description.computePhase.type === "vm") { // Finally, we're able to freely peek into the transaction for general details, // such as printing out the exit code of the compute phase if we so desire console.log(tx.description.computePhase.exitCode); } }); ``` ## Compute and action phases [#compute-and-action-phases] ### 0: Normal termination [#0-normal-termination] This exit (or [result](#action)) code indicates the successful completion of the [compute phase](#compute) (or [action phase](#action)) of the transaction. ## Compute phase [#compute-phase] [TVM][tvm] initialization and all computations occur in the [compute phase][c]. If the compute phase fails (the resulting exit code is neither [0](#0%3A-normal-termination) nor [1](#1%3A-alternative-termination)), the transaction skips the [action phase](#action) and proceeds to the bounce phase. In this phase, a bounce message is formed for transactions initiated by the inbound message. ### 1: Alternative termination [#1-alternative-termination] This is an alternative exit code for the successful execution of the [compute phase](#compute). It is reserved but never occurs. ### 2: Stack underflow [#2-stack-underflow] If an operation consumes more elements than exist on the stack, an error with exit code 2 is thrown: `Stack underflow`. ```tolk title="Tolk" fun drop(): void asm "DROP" fun onInternalMessage() { try { // Removes 100 elements from the stack, causing an underflow repeat(100){ drop(); } } catch(exitCode) { // exitCode is 2 assert (exitCode == 2) throw 1111; } } ``` ### 3: Stack overflow [#3-stack-overflow] If there are too many elements copied into a closure continuation, an error with exit code 3 is thrown: `Stack overflow`. This occurs rarely unless you're deep in the [Fift and TVM assembly](/blockchain-basics/languages/fift/fift-and-tvm-assembly) trenches: ```tolk title="Tolk" // Remember kids, don't try to overflow the stack at home! fun stackOverflow(): void asm """ x{} SLICE // s BLESS // c 0 SETNUMARGS // c' 2 PUSHINT // c' 2 SWAP // 2 c' 1 -1 SETCONTARGS // ← this blows up """ fun onInternalMessage() { try { stackOverflow(); } catch(exitCode) { // exitCode is 3 assert (exitCode == 3) throw 1111; } } ``` ### 4: Integer overflow [#4-integer-overflow] If the value in a calculation goes beyond the range from $-2^{256}$ to $2^{256} - 1$ inclusive, or there's an attempt to divide or perform modulo by zero, an error with exit code 4 is thrown: `Integer overflow`. ```tolk title="Tolk" fun touch(y: T): void asm "NOP" // so that the compiler doesn't remove instructions fun pow2(y: int): int asm "POW2" fun onInternalMessage() { var x = -pow2(255) - pow2(255); var zero = x - x; try { touch(-x); // integer overflow by negation // since the max positive value is 2^{256} - 1 } catch(exitCode) { // exitCode is 4 assert (exitCode == 4) throw 1111; } try { touch(x / zero); // division by zero! } catch (exitCode) { // exitCode is 4 assert (exitCode == 4) throw 1111; } try { touch(x * x * x); // integer overflow! } catch (exitCode) { // exitCode is 4 assert (exitCode == 4) throw 1111; } // There can also be an integer overflow when performing: // addition (+), // subtraction (-), // division (/) by a negative number or modulo (%) by zero } ``` ### 5: Integer out of expected range [#5-integer-out-of-expected-range] A range check error occurs when some integer is out of its expected range. Any attempt to store an unexpected amount of data or specify an out-of-bounds value throws an error with exit code 5: `Integer out of expected range`. Examples of specifying an out-of-bounds value: ```tolk title="Tolk" fun touch(y: T): void asm "NOP" // so that the compiler doesn't remove instructions fun pow2(y: int): int asm "POW2" fun onInternalMessage() { try { // Repeat only operates on an inclusive range from 1 to 2^{31} - 1 // Any valid integer value greater than that causes an error with exit code 5 repeat (pow2(55)) { touch("smash. I. must."); } } catch(exitCode) { // exitCode is 5 assert (exitCode == 5) throw 1111; } try { // Builder.storeUint() function can only use up to 256 bits, thus 512 is too much: touch(beginCell().storeUint(-1, 512).toCell()); } catch (exitCode) { // exitCode is 5 assert (exitCode == 5) throw 1111; } try { touch(beginCell().storeUint(100, 2).toCell()); // maximum value is 2^{2} - 1 = 3 < 100 } catch(exitCode) { // exitCode is 5 assert (exitCode == 5) throw 1111; } try { val deployMsg = createMessage({ bounce: false, dest: { workchain: 0, stateInit: { code: beginCell().endCell(), data: beginCell().endCell(), }, toShard: { fixedPrefixLength: pow2(52), // but fixedPrefixLength is uint5 closeTo: contract.getAddress() }, }, value: 1, body: beginCell().endCell(), }); deployMsg.send(SEND_MODE_PAY_FEES_SEPARATELY); } catch (exitCode) { // exitCode is 5 assert (exitCode == 5) throw 1111; } } ``` ### 6: Invalid opcode [#6-invalid-opcode] If you specify an instruction that is not defined in the current [TVM][tvm] version or attempt to set an unsupported [code page][tvm], an error with exit code 6 is thrown: `Invalid opcode`. ```tolk title="Tolk" // There's no such code page, and an attempt to set it fails fun invalidOpcode(): void asm "42 SETCP" fun onInternalMessage() { try { invalidOpcode(); } catch (exitCode) { // exitCode is 6 assert (exitCode == 6) throw 1111; } } ``` ### 7: Type check error [#7-type-check-error] If an argument to a primitive is of an incorrect value type or there is any other mismatch in types during the [compute phase](#compute), an error with exit code 7 is thrown: `Type check error`. ```tolk title="Tolk" fun touch(y: T): void asm "NOP" // so that the compiler doesn't remove instructions // The actual returned value type doesn't match the declared one fun typeCheckError(): cell asm "42 PUSHINT"; fun onInternalMessage() { try { // it isn't cell touch(typeCheckError().beginParse()); } catch (exitCode) { // exitCode is 7 assert (exitCode == 7) throw 1111; } } ``` ### 8: Cell overflow [#8-cell-overflow] To construct a `cell`, a `builder` primitive is used. If you try to store more than 1023 bits of data or more than four references to other cells, an error with exit code 8 is thrown: `Cell overflow`. This error can be triggered by manual construction of the cells via relevant methods, such as `storeInt()`, or when using structs, their convenience methods. ```tolk title="Tolk" fun touch(y: T): void asm "NOP" // so that the compiler doesn't remove instructions fun onInternalMessage() { // Too many bits try { val data = beginCell() .storeInt(0, 250) .storeInt(0, 250) .storeInt(0, 250) .storeInt(0, 250) .storeInt(0, 24) // 1024 bits! .toCell(); touch(data); } catch (exitCode) { // exitCode is 8 assert (exitCode == 8) throw 1111; } // Too many refs try { val data = beginCell() .storeRef(beginCell().endCell()) .storeRef(beginCell().endCell()) .storeRef(beginCell().endCell()) .storeRef(beginCell().endCell()) .storeRef(beginCell().endCell()) // 5 refs! .toCell(); touch(data); } catch (exitCode) { // exitCode is 8 assert (exitCode == 8) throw 1111; } } ``` ### 9: Cell underflow [#9-cell-underflow] To parse a `cell`, a `slice` primitive is used. If you try to load more data or references than a `slice` contains, an error with exit code 9 is thrown: `Cell underflow`. The most common cause of this error is a mismatch between the expected and actual memory layouts of the cells, so it's recommended to use Tolk structs for parsing the cells instead of manual parsing via relevant methods, such as `loadInt()`. ```tolk title="Tolk" fun touch(y: T): void asm "NOP" // so that the compiler doesn't remove instructions fun onInternalMessage() { // Too few bits try { touch(beginCell().endCell().beginParse().loadInt(1)); // 0 bits! } catch (exitCode) { // exitCode is 9 assert (exitCode == 9) throw 1111; } // Too few refs try { touch(beginCell().endCell().beginParse().loadRef()); // 0 refs! } catch (exitCode) { // exitCode is 9 assert (exitCode == 9) throw 1111; } } ``` ### 10: Dictionary error [#10-dictionary-error] In Tolk, the `map` type is an abstraction over the ["hash" map dictionaries of TVM](/blockchain-basics/languages/func/dictionaries). If there is incorrect manipulation of dictionaries, such as improper assumptions about their memory layout, an error with exit code 10 is thrown: `Dictionary error`. Note that Tolk prevents you from getting this error unless you perform [TVM assembly](/blockchain-basics/languages/fift/fift-and-tvm-assembly) work yourself: ```tolk title="Tolk" import "@stdlib/tvm-dicts"; fun touch(y: T): void asm "NOP" // so that the compiler doesn't remove instructions fun cast(y: T): U asm "NOP" fun cell?.addIntToIDict(mutate self, key: int, number: int): void { return self.iDictSetBuilder(32, key, beginCell().storeInt(number, 32)); } fun onInternalMessage() { var dict = createEmptyDict(); dict.addIntToIDict(0, 0); dict.addIntToIDict(1, 1); // The Int to Int dictionary is being misinterpreted as a map val m: map = cast(dict); try { // And the error happens only when we touch it touch(m.get(0).isFound); } catch (exitCode) { // exitCode is 10 assert (exitCode == 10) throw 1111; } } ``` ### 11: "Unknown" error [#11-unknown-error] Described in the [TVM][tvm] docs as "Unknown error, may be thrown by user programs," although most commonly used for problems with queuing a message send or problems with getters. In particular, if you try to send an ill-formed message on-chain or to call a non-existent getter function off-chain, an exit code 11 will be thrown. ```tolk title="Tolk" fun sendMessage(msg: cell, mode: int): void asm "SENDMSG" fun onInternalMessage() { try { // fails in the Compute phase when the message is ill-formed sendMessage(beginCell().endCell(), 0); } catch (exitCode) { // exitCode is 11 assert (exitCode == 11) throw 1111; } } ``` ### 12: Fatal error [#12-fatal-error] Fatal error. Thrown by TVM in situations deemed impossible. ### 13: Out of gas error [#13-out-of-gas-error] If there isn't enough gas to complete computations in the [compute phase](#compute), an error with exit code 13 is thrown: `Out of gas error`. However, this code isn't immediately shown as is — instead, the bitwise NOT operation is applied, changing the value from 13 to -14. Only then is the code displayed. This is done to prevent the resulting code (-14) from being produced artificially in user contracts, as all functions that can throw an exit code can only specify integers in the range from 0 to 65535 inclusive. ```tolk title="Tolk" import "@stdlib/gas-payments"; fun onInternalMessage() { setGasLimit(100); } ``` ### -14: Out of gas error [#-14-out-of-gas-error] See [exit code 13](#13%3A-out-of-gas-error). ### 14: Virtualization error [#14-virtualization-error] Virtualization error related to pruned branch cells. Reserved but never thrown. ## Action phase [#action-phase] The [action phase][a] is processed after the successful execution of the [compute phase](#compute). It attempts to perform the actions stored in the action list by [TVM][tvm] during the compute phase. Some actions may fail during processing, in which case those actions may be skipped or the whole transaction may revert, depending on the mode of actions. The code indicating the resulting state of the [action phase][a] is called a *result code*. Since it is also a 32-bit signed integer that essentially serves the same purpose as the *exit code* of the [compute phase](#compute), it is common to call the result code an exit code as well. ### 32: Action list is invalid [#32-action-list-is-invalid] If the list of actions contains exotic cells, an action entry cell does not have references, or some action entry cell cannot be parsed, an error with exit code 32 is thrown: `Action list is invalid`. ### 33: Action list is too long [#33-action-list-is-too-long] If there are more than 255 actions queued for execution, the [action phase](#action) will throw an error with an exit code 33: `Action list is too long`. ```tolk title="Tolk" import "@stdlib/gas-payments"; fun onInternalMessage() { // For example, let's attempt to queue the reservation of a specific amount of nanoToncoins // This won't fail in the compute phase, but will result in exit code 33 in the action phase repeat (256) { reserveToncoinsOnBalance(1000000, RESERVE_MODE_AT_MOST); } } ``` ### 34: Invalid or unsupported action [#34-invalid-or-unsupported-action] There are only four supported actions at the moment: changing the contract code, sending a message, reserving a specific amount of nanoToncoin, and changing the library cell. If there is any issue with the specified action (invalid message, unsupported action, etc.), an error with exit code 34 is thrown: `Invalid or unsupported action`. ```tolk title="Tolk" fun onInternalMessage() { // For example, let's try to send an ill-formed message: // won't fail in the compute phase, but will result in exit code 34 in the Action phase sendRawMessage(beginCell().endCell(), 0); } ``` ### 35: Invalid source address in outbound message [#35-invalid-source-address-in-outbound-message] If the source address in the outbound message is not equal to `addr_none` or to the address of the contract that initiated this message, an error with exit code 35 is thrown: `Invalid source address in outbound message`. ### 36: Invalid destination address in outbound message [#36-invalid-destination-address-in-outbound-message] If the destination address in the outbound message is invalid, e.g., it does not conform to the relevant [TL-B][tlb] schemas, contains an unknown workchain ID, or has an invalid length for the given workchain, an error with exit code 36 is thrown: `Invalid destination address in outbound message`. ### 37: Not enough Toncoin [#37-not-enough-toncoin] If all funds of the inbound message with base `mode` 64 set have already been consumed and there are not enough funds to pay for the failed action, or the [TL-B][tlb] layout of the provided value (`CurrencyCollection`) is invalid, or there are not enough funds to pay forward fees or not enough funds after deducting fees, an error with exit code 37 is thrown: `Not enough Toncoin`. ### 38: Not enough extra currencies [#38-not-enough-extra-currencies] Besides the native currency, Toncoin, TON Blockchain supports up to $2^{32}$ extra currencies. They differ from creating new Jettons because extra currencies are natively supported — one can potentially just specify an additional `HashmapE` of extra currency amounts in addition to the Toncoin amount in the internal message to another contract. Unlike Jettons, extra currencies can only be stored and transferred and do not have any other functionality. When there is not enough extra currency to send the specified amount, an exit code 38 is thrown: `Not enough extra currencies`. ### 39: Outbound message does not fit into cell [#39-outbound-message-does-not-fit-into-cell] When processing the message, TON Blockchain tries to pack it according to the relevant TL-B schemas, and if it cannot, an error with exit code 39 is thrown: `Outbound message doesn't fit into a cell`. ### 40: Cannot process message [#40-cannot-process-message] If there are not enough funds to process all the cells in a message, the message is too large, or its Merkle depth is too big, an error with exit code 40 is thrown: `Cannot process a message`. ### 41: Library reference is null [#41-library-reference-is-null] If a library reference is required during a library change action but is null, an error with exit code 41 is thrown: `Library reference is null`. ### 42: Library change action error [#42-library-change-action-error] If there's an error during an attempt at a library change action, an error with exit code 42 is thrown: `Library change action error`. ### 43: Library limits exceeded [#43-library-limits-exceeded] If the maximum number of cells in the library is exceeded or the maximum depth of the Merkle tree is exceeded, an error with exit code 43 is thrown: `Library limits exceeded`. ### 50: Account state size exceeded limits [#50-account-state-size-exceeded-limits] If the account state (contract storage, essentially) exceeds any of the limits specified in [config param 43 of TON Blockchain](/blockchain-basics/primitives/config#param-43) by the end of the [action phase](#action), an error with exit code 50 is thrown: `Account state size exceeded limits`. If the configuration is absent, the default values are: * `max_msg_bits` is equal to $2^{21}$ — maximum message size in bits. * `max_msg_cells` is equal to $2^{13}$ — maximum number of cells a message can occupy. * `max_library_cells` is equal to 1000 — maximum number of cells that can be used as library reference cells. * `max_vm_data_depth` is equal to $2^{9}$ — maximum cells depth in messages and account state. * `ext_msg_limits.max_size` is equal to 65535 — maximum external message size in bits. * `ext_msg_limits.max_depth` is equal to $2^{9}$ — maximum external message depth. * `max_acc_state_cells` is equal to $2^{16}$ — maximum number of cells that an account state can occupy. * `max_acc_state_bits` is equal to $2^{16} \times 1023$ — maximum account state size in bits. * `max_acc_public_libraries` is equal to $2^{8}$ — maximum number of library reference cells that an account state can use on the masterchain. * `defer_out_queue_size_limit` is equal to $2^{8}$ — maximum number of outbound messages to be queued (regarding validators and collators). {/* NOTE: Reserved a section until Tolk introduces any custom exit codes. ## Tolk compiler Tolk utilizes exit codes from 128 to 255. Note that exit codes used by Tolk indicate contract errors which can occur when using Tolk-generated code and are therefore thrown in the transaction's [compute phase](#compute), not during compilation. */} [tlb]: /languages/tl-b/overview [tvm]: /tvm/overview [bp]: /contract-dev/blueprint/overview [sb]: https://github.com/ton-org/sandbox [jest]: https://jestjs.io # Gas (/blockchain-basics/tvm/gas) Each instruction executed in TVM consumes gas. All instructions consume *basic gas*, which is calculated from the size of the instruction in the bitcode. Some instructions may consume *extra gas*, which is often not fixed but calculated based on the input data. ## Basic gas usage (per bit of executed code) [#basic-gas-usage-per-bit-of-executed-code] Each instruction consumes a fixed amount of `10` gas and `1` gas for each bit of this instruction, not including variable-length operands and references. Examples: | Instruction | TL-B | Gas | Notes | | ------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------ | ---- | -------------------------------------------------------------------------------------------------------------------------------------------------- | | [`NEWC`](/blockchain-basics/tvm/instructions#c8-newc) | `#C8` | `18` | 8-bit prefix without operands | | [`STU`](/blockchain-basics/tvm/instructions#cb-stu) | `#CB`
`cc:uint8` | `26` | 8-bit prefix, 8-bit operand | | [`PUSHINT_LONG`](/blockchain-basics/tvm/instructions#82-pushint_long) | `#82`
`l:(## 5)`
`xxx:(int (8 * l + 19))` | `23` | 8-bit prefix, 5-bit operand, length of `xxx` depends on `l`, so it is not included | | [`STSLICE_CONST`](/blockchain-basics/tvm/instructions#cfc0_-stsliceconst) | `#CFC0_`
`x:(## 2)`
`y:(## 3)`
`c:(x * ^Cell)`
`sss:((8 * y + 2) * Bit)` | `24` | 9-bit prefix (`CF` is 8 bits, `C0_` is `C_`, which is just bit `1`), 2-bit and 3-bit operands, refs `c` and variable-length `sss` are not included | ## Cell operations [#cell-operations] When any instruction internally finalizes a `Builder` to a `Cell`, it consumes `500` gas. When a `Cell` is loaded as a `Slice`, it consumes `100` gas for the first access in current smart contract invocation, and `25` gas for each subsequent load from cache. Cells are identified by representation hash, e.g., loading cell with the same hash for the second time will always cost `25` gas. This applies to all instructions that internally operate with cells (including dictionary operations). The only exceptions are: * `BTOS` converts a `Builder` to a `Slice` without consuming gas for cell operations. * `HASHBU` computes hash without consuming gas for converting `Builder` to a `Cell` ## Exceptions [#exceptions] TVM consumes `50` gas when any exception is thrown, both explicitly by [`THROW`](/blockchain-basics/tvm/instructions#f2c4_-throw)-like instructions or implicitly during execution of other instructions. This happens before the jump to the exception handler `c2`. ## Implicit jumps and returns [#implicit-jumps-and-returns] When the current continuation ends and there is a remaining reference, TVM jumps to it and consumes `10` gas. When there are no instructions to execute and references to jump to, implicit return to `c0` occurs, which consumes `5` gas. ## Nested continuations [#nested-continuations] Calling more than `8` extraordinary continuations in a chain consumes `1` gas for each subsequent continuation. ## Tuple operations [#tuple-operations] [`TUPLE`](/blockchain-basics/tvm/instructions#6f0-tuple), [`TUPLEVAR`](/blockchain-basics/tvm/instructions#6f80-tuplevar), [`UNTUPLE`](/blockchain-basics/tvm/instructions#6f2-untuple), [`UNTUPLEVAR`](/blockchain-basics/tvm/instructions#6f82-untuplevar), [`UNPACKFIRST`](/blockchain-basics/tvm/instructions#6f3-unpackfirst), [`UNPACKFIRSTVAR`](/blockchain-basics/tvm/instructions#6f83-unpackfirstvar), [`EXPLODE`](/blockchain-basics/tvm/instructions#6f4-explode), [`EXPLODEVAR`](/blockchain-basics/tvm/instructions#6f84-explodevar) consumes `1` gas for each entry been pushed or popped into a tuple. [`TPUSH`](/blockchain-basics/tvm/instructions#6f8c-tpush), [`TPOP`](/blockchain-basics/tvm/instructions#6f8d-tpop), [`SETINDEX`](/blockchain-basics/tvm/instructions#6f5-setindex), [`SETINDEXVAR`](/blockchain-basics/tvm/instructions#6f85-setindexvar), [`SETINDEXQ`](/blockchain-basics/tvm/instructions#6f7-setindexq)/[`SETINDEXVARQ`](/blockchain-basics/tvm/instructions#6f87-setindexvarq) consumes `len(tuple)` gas for the resulting tuple size after push/pop/set. Same applies to instructions operating with `c7`: [`SETGLOB`](/blockchain-basics/tvm/instructions#f87_-setglob)/[`SETGLOBVAR`](/blockchain-basics/tvm/instructions#f860-setglobvar), [`RANDU256`](/blockchain-basics/tvm/instructions#f810-randu256)/[`RAND`](/blockchain-basics/tvm/instructions#f811-rand), [`SETRAND`](/blockchain-basics/tvm/instructions#f814-setrand), [`ADDRAND`](/blockchain-basics/tvm/instructions#f815-addrand). ## Stack operations [#stack-operations] TVM consumes 1 gas for each stack element deeper than 32 elements inside the resulting new stack each time stack gets copied: when calling or jumping to a continuation with a non-empty argument number, an initial stack, or both, when extending a continuation stack using [`SETCONTARGS`](/blockchain-basics/tvm/instructions#ec-setcontargs_n) and similar instructions, when using [`RUNVM`](/blockchain-basics/tvm/instructions#db4-runvm) (both for initial and resulting stacks of the vm). ## Extra currency [#extra-currency] The first `5` executions of `GETEXTRABALANCE` consume at most `26 + 200` gas each. The subsequent executions incur the full gas cost of `26` (normal instruction cost) plus gas for loading cells (up to `3300` if the dictionary has maximum depth). ## RUNVM [#runvm] [`RUNVM`](/blockchain-basics/tvm/instructions#db4-runvm) and [`RUNVMX`](/blockchain-basics/tvm/instructions#db50-runvmx) consume `40` extra gas before starting a VM. ## Cryptography [#cryptography] ### CHKSIGNS/CHKSIGNU [#chksignschksignu] [`CHKSIGNS`](/blockchain-basics/tvm/instructions#f911-chksigns) and [`CHKSIGNU`](/blockchain-basics/tvm/instructions#f910-chksignu) can be invoked `10` times without extra gas cost. Next checks will cost `4000` gas each. ### HASHEXT [#hashext] `HASHEXT*` instructions always consume `1` extra gas for each part of the input. Additionally, the following gas is consumed for each hashed byte: | Algorithm | Gas consumed | | --------- | ------------- | | SHA256 | 1/33 per byte | | SHA512 | 1/16 per byte | | BLAKE2B | 1/19 per byte | | KECCAK256 | 1/11 per byte | | KECCAK512 | 1/6 per byte | Only the integer part of the gas is consumed; for example, 0-32 bytes of SHA256 cost 0 gas, 33-64 bytes cost 1 gas, and so on. ### RIST255 [#rist255] Instructions consume constant extra gas. | Instruction | Extra gas | | ------------------------------------------------------------------------------- | --------- | | [`RIST255_FROMHASH`](/blockchain-basics/tvm/instructions#f920-rist255_fromhash) | 600 | | [`RIST255_VALIDATE`](/blockchain-basics/tvm/instructions#f921-rist255_validate) | 200 | | [`RIST255_ADD`](/blockchain-basics/tvm/instructions#f922-rist255_add) | 600 | | [`RIST255_MUL`](/blockchain-basics/tvm/instructions#f924-rist255_mul) | 2000 | | [`RIST255_MULBASE`](/blockchain-basics/tvm/instructions#f925-rist255_mulbase) | 750 | ### Other instructions [#other-instructions] [`ECRECOVER`](/blockchain-basics/tvm/instructions#f912-ecrecover) consumes 1500 extra gas. `SECP256K1_XONLY_PUBKEY_TWEAK_ADD` consumes 1250 extra gas. [`P256_CHKSIGNU`](/blockchain-basics/tvm/instructions#f914-p256_chksignu) and [`P256_CHKSIGNS`](/blockchain-basics/tvm/instructions#f915-p256_chksigns) consume 3500 extra gas. ### BLS [#bls] #### Signature verification and aggregation [#signature-verification-and-aggregation] | Instruction | Gas consumed | Notes | | ----------------------------------------------------------------------------------------------- | ------------------- | --------------------------------------------------------------------------------- | | [`BLS_VERIFY`](/blockchain-basics/tvm/instructions#f93000-bls_verify) | `61000` | | | [`BLS_AGGREGATE`](/blockchain-basics/tvm/instructions#f93001-bls_aggregate) | `-2650 + 4350 * n` | `n` is the number of signatures aggregated. | | [`BLS_FASTAGGREGATEVERIFY`](/blockchain-basics/tvm/instructions#f93002-bls_fastaggregateverify) | `58000 + 3000 * n` | `n` is the number of public keys verified against one message/signature pair. | | [`BLS_AGGREGATEVERIFY`](/blockchain-basics/tvm/instructions#f93003-bls_aggregateverify) | `38500 + 22500 * n` | `n` is the number of `(public key, message)` pairs checked against one signature. | #### G1 group helpers [#g1-group-helpers] | Instruction | Gas consumed | | --------------------------------------------------------------------------------------------------------------------------------------------- | ------------ | | [`BLS_G1_ADD`](/blockchain-basics/tvm/instructions#f93010-bls_g1_add) / [`BLS_G1_SUB`](/blockchain-basics/tvm/instructions#f93011-bls_g1_sub) | `3900` | | [`BLS_G1_NEG`](/blockchain-basics/tvm/instructions#f93012-bls_g1_neg) | `750` | | [`BLS_G1_MUL`](/blockchain-basics/tvm/instructions#f93013-bls_g1_mul) | `5200` | | [`BLS_MAP_TO_G1`](/blockchain-basics/tvm/instructions#f93016-bls_map_to_g1) | `2350` | | [`BLS_G1_INGROUP`](/blockchain-basics/tvm/instructions#f93017-bls_g1_ingroup) | `2950` | [`BLS_G1_MULTIEXP`](/blockchain-basics/tvm/instructions#f93014-bls_g1_multiexp) consumes `11375 + 630 * n + (8820 * n) / max(log₂ n, 4)` extra gas, where `n` is the number of `(point, scalar)` pairs. Instructions [`BLS_G1_ZERO`](/blockchain-basics/tvm/instructions#f93015-bls_g1_zero) and [`BLS_G1_ISZERO`](/blockchain-basics/tvm/instructions#f93018-bls_g1_iszero) do not charge additional gas. #### G2 group helpers [#g2-group-helpers] | Instruction | Gas consumed | | --------------------------------------------------------------------------------------------------------------------------------------------- | ------------ | | [`BLS_G2_ADD`](/blockchain-basics/tvm/instructions#f93020-bls_g2_add) / [`BLS_G2_SUB`](/blockchain-basics/tvm/instructions#f93021-bls_g2_sub) | `6100` | | [`BLS_G2_NEG`](/blockchain-basics/tvm/instructions#f93022-bls_g2_neg) | `1550` | | [`BLS_G2_MUL`](/blockchain-basics/tvm/instructions#f93023-bls_g2_mul) | `10550` | | [`BLS_MAP_TO_G2`](/blockchain-basics/tvm/instructions#f93026-bls_map_to_g2) | `7950` | | [`BLS_G2_INGROUP`](/blockchain-basics/tvm/instructions#f93027-bls_g2_ingroup) | `4250` | [`BLS_G2_MULTIEXP`](/blockchain-basics/tvm/instructions#f93024-bls_g2_multiexp) consumes `30388 + 1280 * n + (22840 * n) / max(log₂ n, 4)` gas, where `n` is the number of `(point, scalar)` pairs. Instructions [`BLS_G2_ZERO`](/blockchain-basics/tvm/instructions#f93025-bls_g2_zero) and [`BLS_G2_ISZERO`](/blockchain-basics/tvm/instructions#f93028-bls_g2_iszero) do not charge additional gas. #### Pairing and constants [#pairing-and-constants] | Instruction | Gas consumed | Notes | | ----------------------------------------------------------------------- | ------------------- | ----------------------------------------------------------------------------- | | [`BLS_PAIRING`](/blockchain-basics/tvm/instructions#f93030-bls_pairing) | `20000 + 11800 * n` | `n` is the number of `(G1, G2)` pairs supplied for the pairing product check. | [`BLS_PUSHR`](/blockchain-basics/tvm/instructions#f93031-bls_pushr) do not charge additional gas. ## `GasLimits` structure [#gaslimits-structure] TVM has inner structure `GasLimits` for gas manipulations. Its fields are: * `gas_max`: the equivalent of contract's balance at the start of the compute phase in gas units. * `gas_limit`: the amount of gas that can be consumed during the virtual machine execution. At the start of the execution, it equals: * minimum of `gas_max` and the amount of gas that can be bought with the incoming message value (i.e., the amount of TON coins attached to the message) in the case of an internal message; * `0` in the case of an external message. * `gas_credit`: the amount of free gas that can be spent during the execution before accepting an external message. At the start of the execution, it equals: * minimum of `gas_max` and corresponding value in configuration parameter `20` for masterchain and `21` for basechain in the case of an external message; * `0` in the case of an internal message. * `gas_remaining`: the amount of available but not spent gas. At the start of the execution, it equals `gas_limit + gas_credit`. It decreases after each instruction execution by the amount of gas consumed by the instruction. * `gas_base`: an auxiliary parameter that is necessary for rebasing and shows the initial value of `gas_remaining`. At the start of the execution, it equals `gas_remaining`. Instructions `SETGASLIMIT` and `ACCEPT` change all above values except `gas_max`: * `SETGASLIMIT` sets `gas_limit` to the minimum of the indicated value and `gas_max`, `gas_credit` to zero, `gas_base` to the new `gas_limit`, and `gas_remaining` to `gas_remaining + (new gas_base - old gas_base)`. * `ACCEPT` is equivalent to `SETGASLIMIT` with the new gas limit equal to `2**63 - 1` (the maximum value of a signed 64-bits integer). The final value (in gas units) that will be deducted from contract's balance after the execution is `gas_base - gas_remaining`. Note that this value will be deducted if and only if after the execution `gas_credit` is zero, i.e. if `SETGASLIMIT` or `ACCEPT` was called at least once during the execution in the case of incoming external message. Without condition `gas_credit == 0`, there will be no commit of the new code and data. # Get methods (/blockchain-basics/tvm/get-method) Get methods are smart contract methods that are supposed to be executed off-chain. They are useful for structured retrieval of data from a smart contract ([`get_collection_data` get-method on an NFT collection](/blockchain-basics/standard/tokens/nft/nft-reference#return-collection-data)), and for any logic that is a part of a smart contract but is needed off-chain ([`get_nft_address_by_index` get-method on an NFT collection](/blockchain-basics/standard/tokens/nft/nft-reference#return-item-address-by-index)). Under the hood of APIs, this happens by fetching the actual state of the smart contract from the blockchain and executing TVM to get the result. This process is purely read-only and does not modify the blockchain state in any way. ## Defining [#defining] Get methods are processed by the [function selector](/blockchain-basics/tvm/registers#c3-%E2%80%94-function-selector). By convention, the ID of a get method is calculated as `crc16("name") | 0x10000` where `name` is set by the developer. This simplifies practical usage because a human-readable name has to be used instead of some arbitrary number. A minimal example of a smart contract that has a get method that follows the ID convention: ```fift "Asm.fif" include <{ // The ID from the top of the stack is compared with 97865 97865 EQINT // If ID != 97865, an 11 error is thrown by convention 11 THROWIFNOT // Otherwise, 123 is pushed as the result 123 PUSHINT }>s ``` But in practice, it is easier to use `PROGRAM{` from the Fift assembler that handles function selector logic. ```fift "Asm.fif" include PROGRAM{ DECLPROC main // crc16("get_x") | 0x10000 = 97865 97865 DECLMETHOD get_x main PROC:<{ }> get_x PROC:<{ 123 PUSHINT }> }END>s ``` The above is equivalent to the following Tolk code, which compiles to almost identical Fift code. ```tolk title="Tolk" fun main() { } get fun get_x(): int { return 123; } ``` ## Executing [#executing] In order to execute a get method, the actual state of the smart contract has to be fetched, and TVM has to be executed with [c7](/blockchain-basics/tvm/registers#c7-%E2%80%94-environment-information-and-global-variables) initialized and the desired parameters pushed on the stack. ### Local way [#local-way] With all the required values known, it is possible to execute a get method completely locally. A minimal example that uses a placeholder c7 for simplicity, as it is only necessary when the get method uses data from it during execution: ```fift "Asm.fif" include // example code // could also be defined as a constant cell without using assembly PROGRAM{ DECLPROC main 97865 DECLMETHOD get_x main PROC:<{ }> get_x PROC:<{ 123 PUSHINT }> }END>s constant code // example data // empty in this case constant data // example c7 // placeholder for simplicity 0 tuple 0x076ef1ea , 1 tuple constant c7 // execute method 97865 97865 code data c7 runvmctx .s // result: 123 0 C{96A296D224F285C67BEE93C30F8A309157F0DAA35DC5B87E410B78630A09CFC7} // where: // 123 is the value returned by the get method // 0 is the exit code // C{...} is a new data cell ``` Note that if the get method uses some values from c7, for example with instructions such as `NOW` or `MYCODE`, the c7 tuple should be populated according to its [structure](/blockchain-basics/tvm/registers#c7-%E2%80%94-environment-information-and-global-variables). ### Decentralized way [#decentralized-way] The process of fetching the actual contract state and initializing c7 can be handled by [liteserver](/blockchain-basics/nodes/overview) for easier execution. To execute a get method via liteserver, the request follows the [`liteServer.runSmcMethod` TL schema](https://github.com/ton-blockchain/ton/blob/f58297f1b668c7b49e8b30b65062951ca7c18acc/tl/generate/scheme/lite_api.tl#L90). In that request, `params:bytes` is a [BoC](/blockchain-basics/primitives/serialization/boc) of a serialized [`VmStack`](https://github.com/ton-blockchain/ton/blob/f58297f1b668c7b49e8b30b65062951ca7c18acc/crypto/block/block.tlb#L891) object containing the stack with arguments. The response follows the [liteServer.runMethodResult TL schema](https://github.com/ton-blockchain/ton/blob/f58297f1b668c7b49e8b30b65062951ca7c18acc/tl/generate/scheme/lite_api.tl#L39). Apart from the values used for initialization and proofs, the result is included as `result:mode.2?bytes`, which is a BoC of a serialized `VmStack` object, similarly to the request. An example execution via liteclient that handles serialization: ```text runmethod UQBKgXCNLPexWhs2L79kiARR1phGH1LwXxRbNsCFF9doczSI get_public_key ``` Result: ```text arguments: [ 78748 ] result: [ 37001869727465363790964079650574219024351072622925678701060821828351030750605 ] ``` ### High-level API [#high-level-api] The easiest path is using a high-level API, such as [TON Center](/applications/api/toncenter/introduction). It has a [`/api/v3/runGetMethod`](/applications/api/toncenter/v3/apiv2/run-get-method) endpoint that takes a smart contract address, a get method name, and arguments and returns the resulting stack. Example usage: ```bash curl -X 'POST' \ 'https://toncenter.com/api/v3/runGetMethod' \ -H 'accept: application/json' \ -H 'Content-Type: application/json' \ -d '{ "address": "EQBG-g6ahkAUGWpefWbx-D_9sQ8oWbvy6puuq78U2c4NUDFS", "method": "get_nft_address_by_index", "stack": [ { "type": "num", "value": "123" } ] }' ``` The result for this call is presented below. The stack in this case contains a single cell element in BoC format. ```text { "gas_used": 4049, "exit_code": 0, "stack": [ { "type": "cell", "value": "te6cckEBAQEAJAAAQ4AVoN3BhVDLKet4AYoVxOHz8WkaFncQfg/M79YWJEV4pxDg5fQi" } ] } ``` # Initialization (/blockchain-basics/tvm/initialization) ## Initialization of `cc`, `cp`, and gas limits [#initialization-of-cc-cp-and-gas-limits] * The original `cc`, current continuation, is initialized using the cell slice created from the `code` section of the smart contract. If the account is frozen or uninitialized, the code must be provided in the `init` field of the incoming message. * The `cp`, current TVM codepage, is set to the default value of 0. * The gas limit values are initialized based on the results of the [credit phase](/blockchain-basics/primitives/phases). ## Registers initialization [#registers-initialization]
For more info about registers, take a look at [Registers](/blockchain-basics/tvm/registers)
* `c0`: `Quit` — extraordinary continuation which terminates TVM with exit code `0`. * `c1`: `Quit` — extraordinary continuation which terminates TVM with exit code `1`. Both exit codes `0` and `1` are considered successful terminations of TVM. * `c2`: `ExcQuit` — extraordinary continuation which terminates TVM with an exception. In this case, the exit code is an exception number. * `c3`: root cell of code currently executing in TVM. * `c4`: root cell of account data. * `c5`: empty cell. * `c7`: `Tuple[Tuple[0x076ef1ea, 0, 0, ...]]`. ## Stack [#stack] The contents of the stack depend on the event that triggered the transaction: * Internal message * External message * Tick-tock * Split prepare * Merge install * [Get method (off-chain)](/blockchain-basics/tvm/get-method) The top of the stack is always the *function selector*, an *integer* that identifies the event that caused the transaction. The following function selectors are defined: | ID | Name | Description | | -- | ----------------- | -------------------------------------------------- | | 0 | onInternalMessage | Received an internal message | | -1 | onExternalMessage | Received an external message | | -2 | onRunTickTock | Received a tick-tock event | | -3 | onSplitPrepare | Received a split prepare event (unimplemented yet) | | -4 | onSplitInstall | Received a split install event (unimplemented yet) | Get methods can have arbitrary IDs and should not overlap with the ones listed above. ### External/internal message [#externalinternal-message] | Index | Name | Type | Description | | ----- | ----------------- | --------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------- | | `s0` | Function selector | `Integer` | `-1` for external messages, `0` for internal messages. | | `s1` | Message body | `Slice` | This is an arbitrary payload of a message, which can be used for text comments (when sending TONs from one wallet to another) or for smart contract commands. | | `s2` | Message | `Cell` | Cell containing message metadata (sender, receiver, amount) as well as message body. | | `s3` | Message value | `Integer` | Amount of received nanotons (`0` for externals). | | `s4` | Contract balance | `Integer` | Current account balance in nanotons. | ### Tick‑tock [#ticktock] | Index | Name | Type | Description | | ----- | ----------------- | ------- | ------------------------------------------------------ | | `s0` | Function selector | Integer | `-2` for tick-tock transactions. | | `s1` | Tick or tock? | Integer | `0` for tick transactions, `-1` for tock transactions. | | `s2` | Account address | Integer | 256-bit raw account address (without workchain). | | `s3` | Contract | Integer | Current account balance in nanotons. | ### Split/merge events [#splitmerge-events] These events are not implemented yet. Possible stack layout for split/merge events is described in [TON Blockchain](/blockchain-basics/whitepapers/tblkch#4-4-8-processing-split-prepare-transactions) whitepaper. However, it is subject to change. # Instructions (/blockchain-basics/tvm/instructions) {/* STATIC_START tvm_instructions */}
#### `00` NOP [#00-nop] Does nothing.
**Category:** Stack Basic (stack\_basic)
```fift Fift NOP ``` #### `0i` XCHG\_0I [#0i-xchg_0i] Interchanges `s0` with `s[i]`, `1 <= i <= 15`.
**Category:** Stack Basic (stack\_basic)
```fift Fift s[i] XCHG0 ``` **Aliases**: * `SWAP`
Same as `s1 XCHG0`. #### `10ij` XCHG\_IJ [#10ij-xchg_ij] Interchanges `s[i]` with `s[j]`, `1 <= i < j <= 15`.
**Category:** Stack Basic (stack\_basic)
```fift Fift s[i] s[j] XCHG ``` #### `11ii` XCHG\_0I\_LONG [#11ii-xchg_0i_long] Interchanges `s0` with `s[ii]`, `0 <= ii <= 255`.
**Category:** Stack Basic (stack\_basic)
```fift Fift s0 [ii] s() XCHG ``` #### `1i` XCHG\_1I [#1i-xchg_1i] Interchanges `s1` with `s[i]`, `2 <= i <= 15`.
**Category:** Stack Basic (stack\_basic)
```fift Fift s1 s[i] XCHG ``` #### `2i` PUSH [#2i-push] Pushes a copy of the old `s[i]` into the stack.
**Category:** Stack Basic (stack\_basic)
```fift Fift s[i] PUSH ``` **Aliases**: * `DUP`
Same as `s0 PUSH`. * `OVER`
Same as `s1 PUSH`. #### `3i` POP [#3i-pop] Pops the old `s0` value into the old `s[i]`.
**Category:** Stack Basic (stack\_basic)
```fift Fift s[i] POP ``` **Aliases**: * `DROP`
Same as `s0 POP`, discards the top-of-stack value. * `NIP`
Same as `s1 POP`. #### `4ijk` XCHG3 [#4ijk-xchg3] Equivalent to `s2 s[i] XCHG` `s1 s[j] XCHG` `s[k] XCHG0`.
**Category:** Stack Complex (stack\_complex)
```fift Fift s[i] s[j] s[k] XCHG3 ``` #### `50ij` XCHG2 [#50ij-xchg2] Equivalent to `s1 s[i] XCHG` `s[j] XCHG0`.
**Category:** Stack Complex (stack\_complex)
```fift Fift s[i] s[j] XCHG2 ``` #### `51ij` XCPU [#51ij-xcpu] Equivalent to `s[i] XCHG0` `s[j] PUSH`.
**Category:** Stack Complex (stack\_complex)
```fift Fift s[i] s[j] XCPU ``` #### `52ij` PUXC [#52ij-puxc] Equivalent to `s[i] PUSH` `SWAP` `s[j] XCHG0`.
**Category:** Stack Complex (stack\_complex)
```fift Fift s[i] s[j-1] PUXC ``` #### `53ij` PUSH2 [#53ij-push2] Equivalent to `s[i] PUSH` `s[j+1] PUSH`.
**Category:** Stack Complex (stack\_complex)
```fift Fift s[i] s[j] PUSH2 ``` #### `540ijk` XCHG3\_ALT [#540ijk-xchg3_alt] Long form of `XCHG3`.
**Category:** Stack Complex (stack\_complex)
```fift Fift s[i] s[j] s[k] XCHG3_l ``` #### `541ijk` XC2PU [#541ijk-xc2pu] Equivalent to `s[i] s[j] XCHG2` `s[k] PUSH`.
**Category:** Stack Complex (stack\_complex)
```fift Fift s[i] s[j] s[k] XC2PU ``` #### `542ijk` XCPUXC [#542ijk-xcpuxc] Equivalent to `s1 s[i] XCHG` `s[j] s[k-1] PUXC`.
**Category:** Stack Complex (stack\_complex)
```fift Fift s[i] s[j] s[k-1] XCPUXC ``` #### `543ijk` XCPU2 [#543ijk-xcpu2] Equivalent to `s[i] XCHG0` `s[j] s[k] PUSH2`.
**Category:** Stack Complex (stack\_complex)
```fift Fift s[i] s[j] s[k] XCPU2 ``` #### `544ijk` PUXC2 [#544ijk-puxc2] Equivalent to `s[i] PUSH` `s2 XCHG0` `s[j] s[k] XCHG2`.
**Category:** Stack Complex (stack\_complex)
```fift Fift s[i] s[j-1] s[k-1] PUXC2 ``` #### `545ijk` PUXCPU [#545ijk-puxcpu] Equivalent to `s[i] s[j-1] PUXC` `s[k] PUSH`.
**Category:** Stack Complex (stack\_complex)
```fift Fift s[i] s[j-1] s[k-1] PUXCPU ``` #### `546ijk` PU2XC [#546ijk-pu2xc] Equivalent to `s[i] PUSH` `SWAP` `s[j] s[k-1] PUXC`.
**Category:** Stack Complex (stack\_complex)
```fift Fift s[i] s[j-1] s[k-2] PU2XC ``` #### `547ijk` PUSH3 [#547ijk-push3] Equivalent to `s[i] PUSH` `s[j+1] s[k+1] PUSH2`.
**Category:** Stack Complex (stack\_complex)
```fift Fift s[i] s[j] s[k] PUSH3 ``` #### `55ij` BLKSWAP [#55ij-blkswap] Permutes two blocks `s[j+i+1] ... s[j+1]` and `s[j] ... s0`.
`0 <= i,j <= 15`
Equivalent to `[i+1] [j+1] REVERSE` `[j+1] 0 REVERSE` `[i+j+2] 0 REVERSE`.
**Category:** Stack Complex (stack\_complex)
```fift Fift [i+1] [j+1] BLKSWAP ``` **Aliases**: * `ROT2`
Rotates the three topmost pairs of stack entries. * `ROLL`
Rotates the top `i+1` stack entries.
Equivalent to `1 [i+1] BLKSWAP`. * `ROLLREV`
Rotates the top `i+1` stack entries in the other direction.
Equivalent to `[i+1] 1 BLKSWAP`. #### `56ii` PUSH\_LONG [#56ii-push_long] Pushes a copy of the old `s[ii]` into the stack.
`0 <= ii <= 255`
**Category:** Stack Complex (stack\_complex)
```fift Fift [ii] s() PUSH ``` #### `57ii` POP\_LONG [#57ii-pop_long] Pops the old `s0` value into the old `s[ii]`.
`0 <= ii <= 255`
**Category:** Stack Complex (stack\_complex)
```fift Fift [ii] s() POP ``` #### `58` ROT [#58-rot] Equivalent to `1 2 BLKSWAP` or to `s2 s1 XCHG2`.
**Category:** Stack Complex (stack\_complex)
```fift Fift ROT ``` #### `59` ROTREV [#59-rotrev] Equivalent to `2 1 BLKSWAP` or to `s2 s2 XCHG2`.
**Category:** Stack Complex (stack\_complex)
```fift Fift ROTREV -ROT ``` #### `5A` SWAP2 [#5a-swap2] Equivalent to `2 2 BLKSWAP` or to `s3 s2 XCHG2`.
**Category:** Stack Complex (stack\_complex)
```fift Fift SWAP2 2SWAP ``` #### `5B` DROP2 [#5b-drop2] Equivalent to `DROP` `DROP`.
**Category:** Stack Complex (stack\_complex)
```fift Fift DROP2 2DROP ``` #### `5C` DUP2 [#5c-dup2] Equivalent to `s1 s0 PUSH2`.
**Category:** Stack Complex (stack\_complex)
```fift Fift DUP2 2DUP ``` #### `5D` OVER2 [#5d-over2] Equivalent to `s3 s2 PUSH2`.
**Category:** Stack Complex (stack\_complex)
```fift Fift OVER2 2OVER ``` #### `5Eij` REVERSE [#5eij-reverse] Reverses the order of `s[j+i+1] ... s[j]`.
**Category:** Stack Complex (stack\_complex)
```fift Fift [i+2] [j] REVERSE ``` #### `5F0i` BLKDROP [#5f0i-blkdrop] Equivalent to `DROP` performed `i` times.
**Category:** Stack Complex (stack\_complex)
```fift Fift [i] BLKDROP ``` #### `5Fij` BLKPUSH [#5fij-blkpush] Equivalent to `PUSH s(j)` performed `i` times.
`1 <= i <= 15`, `0 <= j <= 15`.
**Category:** Stack Complex (stack\_complex)
```fift Fift [i] [j] BLKPUSH ``` #### `60` PICK [#60-pick] Pops integer `i` from the stack, then performs `s[i] PUSH`.
**Category:** Stack Complex (stack\_complex)
```fift Fift PICK PUSHX ``` #### `61` ROLLX [#61-rollx] Pops integer `i` from the stack, then performs `1 [i] BLKSWAP`.
**Category:** Stack Complex (stack\_complex)
```fift Fift ROLLX ``` #### `62` -ROLLX [#62--rollx] Pops integer `i` from the stack, then performs `[i] 1 BLKSWAP`.
**Category:** Stack Complex (stack\_complex)
```fift Fift -ROLLX ROLLREVX ``` #### `63` BLKSWX [#63-blkswx] Pops integers `i`,`j` from the stack, then performs `[i] [j] BLKSWAP`.
**Category:** Stack Complex (stack\_complex)
```fift Fift BLKSWX ``` #### `64` REVX [#64-revx] Pops integers `i`,`j` from the stack, then performs `[i] [j] REVERSE`.
**Category:** Stack Complex (stack\_complex)
```fift Fift REVX ``` #### `65` DROPX [#65-dropx] Pops integer `i` from the stack, then performs `[i] BLKDROP`.
**Category:** Stack Complex (stack\_complex)
```fift Fift DROPX ``` #### `66` TUCK [#66-tuck] Equivalent to `SWAP` `OVER` or to `s1 s1 XCPU`.
**Category:** Stack Complex (stack\_complex)
```fift Fift TUCK ``` #### `67` XCHGX [#67-xchgx] Pops integer `i` from the stack, then performs `s[i] XCHG`.
**Category:** Stack Complex (stack\_complex)
```fift Fift XCHGX ``` #### `68` DEPTH [#68-depth] Pushes the current depth of the stack.
**Category:** Stack Complex (stack\_complex)
```fift Fift DEPTH ``` #### `69` CHKDEPTH [#69-chkdepth] Pops integer `i` from the stack, then checks whether there are at least `i` elements, generating a stack underflow exception otherwise.
**Category:** Stack Complex (stack\_complex)
```fift Fift CHKDEPTH ``` #### `6A` ONLYTOPX [#6a-onlytopx] Pops integer `i` from the stack, then removes all but the top `i` elements.
**Category:** Stack Complex (stack\_complex)
```fift Fift ONLYTOPX ``` #### `6B` ONLYX [#6b-onlyx] Pops integer `i` from the stack, then leaves only the bottom `i` elements. Approximately equivalent to `DEPTH` `SWAP` `SUB` `DROPX`.
**Category:** Stack Complex (stack\_complex)
```fift Fift ONLYX ``` #### `6Cij` BLKDROP2 [#6cij-blkdrop2] Drops `i` stack elements under the top `j` elements.
`1 <= i <= 15`, `0 <= j <= 15`
Equivalent to `[i+j] 0 REVERSE` `[i] BLKDROP` `[j] 0 REVERSE`.
**Category:** Stack Complex (stack\_complex)
```fift Fift [i] [j] BLKDROP2 ``` #### `6D` NULL [#6d-null] Pushes the only value of type *Null*.
**Category:** Tuple (tuple)
```fift Fift NULL PUSHNULL ``` **Aliases**: * `NEWDICT`
Returns a new empty dictionary.
It is an alternative mnemonics for `PUSHNULL`. #### `6E` ISNULL [#6e-isnull] Checks whether `x` is a *Null*, and returns `-1` or `0` accordingly.
**Category:** Tuple (tuple)
```fift Fift ISNULL ``` **Aliases**: * `DICTEMPTY`
Checks whether dictionary `D` is empty, and returns `-1` or `0` accordingly.
It is an alternative mnemonics for `ISNULL`. #### `6F0n` TUPLE [#6f0n-tuple] Creates a new *Tuple* `t=(x_1, ... ,x_n)` containing `n` values `x_1`,..., `x_n`.
`0 <= n <= 15`
**Category:** Tuple (tuple)
```fift Fift [n] TUPLE ``` **Aliases**: * `NIL`
Pushes the only *Tuple* `t=()` of length zero. * `SINGLE`
Creates a singleton `t:=(x)`, i.e., a *Tuple* of length one. * `PAIR`
Creates pair `t:=(x,y)`. * `TRIPLE`
Creates triple `t:=(x,y,z)`. #### `6F1k` INDEX [#6f1k-index] Returns the `k`-th element of a *Tuple* `t`.
`0 <= k <= 15`.
**Category:** Tuple (tuple)
```fift Fift [k] INDEX ``` **Aliases**: * `FIRST`
Returns the first element of a *Tuple*. * `SECOND`
Returns the second element of a *Tuple*. * `THIRD`
Returns the third element of a *Tuple*. #### `6F2n` UNTUPLE [#6f2n-untuple] Unpacks a *Tuple* `t=(x_1,...,x_n)` of length equal to `0 <= n <= 15`.
If `t` is not a *Tuple*, or if `|t| != n`, a type check exception is thrown.
**Category:** Tuple (tuple)
```fift Fift [n] UNTUPLE ``` **Aliases**: * `UNSINGLE`
Unpacks a singleton `t=(x)`. * `UNPAIR`
Unpacks a pair `t=(x,y)`. * `UNTRIPLE`
Unpacks a triple `t=(x,y,z)`. #### `6F3k` UNPACKFIRST [#6f3k-unpackfirst] Unpacks first `0 <= k <= 15` elements of a *Tuple* `t`.
If `|t| **Category:** Tuple (tuple)
```fift Fift [k] UNPACKFIRST ``` **Aliases**: * `CHKTUPLE`
Checks whether `t` is a *Tuple*. If not, throws a type check exception. #### `6F4n` EXPLODE [#6f4n-explode] Unpacks a *Tuple* `t=(x_1,...,x_m)` and returns its length `m`, but only if `m <= n <= 15`. Otherwise throws a type check exception.
**Category:** Tuple (tuple)
```fift Fift [n] EXPLODE ``` #### `6F5k` SETINDEX [#6f5k-setindex] Computes *Tuple* `t'` that differs from `t` only at position `t'_{k+1}`, which is set to `x`.
`0 <= k <= 15`
If `k >= |t|`, throws a range check exception.
**Category:** Tuple (tuple)
```fift Fift [k] SETINDEX ``` **Aliases**: * `SETFIRST`
Sets the first component of *Tuple* `t` to `x` and returns the resulting *Tuple* `t'`. * `SETSECOND`
Sets the second component of *Tuple* `t` to `x` and returns the resulting *Tuple* `t'`. * `SETTHIRD`
Sets the third component of *Tuple* `t` to `x` and returns the resulting *Tuple* `t'`. #### `6F6k` INDEXQ [#6f6k-indexq] Returns the `k`-th element of a *Tuple* `t`, where `0 <= k <= 15`. In other words, returns `x_{k+1}` if `t=(x_1,...,x_n)`. If `k>=n`, or if `t` is *Null*, returns a *Null* instead of `x`.
**Category:** Tuple (tuple)
```fift Fift [k] INDEXQ ``` **Aliases**: * `FIRSTQ`
Returns the first element of a *Tuple*. * `SECONDQ`
Returns the second element of a *Tuple*. * `THIRDQ`
Returns the third element of a *Tuple*. #### `6F7k` SETINDEXQ [#6f7k-setindexq] Sets the `k`-th component of *Tuple* `t` to `x`, where `0 <= k < 16`, and returns the resulting *Tuple* `t'`.
If `|t| <= k`, first extends the original *Tuple* to length `n'=k+1` by setting all new components to *Null*. If the original value of `t` is *Null*, treats it as an empty *Tuple*. If `t` is not *Null* or *Tuple*, throws an exception. If `x` is *Null* and either `|t| <= k` or `t` is *Null*, then always returns `t'=t` (and does not consume tuple creation gas).
**Category:** Tuple (tuple)
```fift Fift [k] SETINDEXQ ``` **Aliases**: * `SETFIRSTQ`
Sets the first component of *Tuple* `t` to `x` and returns the resulting *Tuple* `t'`. * `SETSECONDQ`
Sets the second component of *Tuple* `t` to `x` and returns the resulting *Tuple* `t'`. * `SETTHIRDQ`
Sets the third component of *Tuple* `t` to `x` and returns the resulting *Tuple* `t'`. #### `6F80` TUPLEVAR [#6f80-tuplevar] Creates a new *Tuple* `t` of length `n` similarly to `TUPLE`, but with `0 <= n <= 255` taken from the stack.
**Category:** Tuple (tuple)
```fift Fift TUPLEVAR ``` #### `6F81` INDEXVAR [#6f81-indexvar] Similar to `k INDEX`, but with `0 <= k <= 254` taken from the stack.
**Category:** Tuple (tuple)
```fift Fift INDEXVAR ``` #### `6F82` UNTUPLEVAR [#6f82-untuplevar] Similar to `n UNTUPLE`, but with `0 <= n <= 255` taken from the stack.
**Category:** Tuple (tuple)
```fift Fift UNTUPLEVAR ``` #### `6F83` UNPACKFIRSTVAR [#6f83-unpackfirstvar] Similar to `n UNPACKFIRST`, but with `0 <= n <= 255` taken from the stack.
**Category:** Tuple (tuple)
```fift Fift UNPACKFIRSTVAR ``` #### `6F84` EXPLODEVAR [#6f84-explodevar] Similar to `n EXPLODE`, but with `0 <= n <= 255` taken from the stack.
**Category:** Tuple (tuple)
```fift Fift EXPLODEVAR ``` #### `6F85` SETINDEXVAR [#6f85-setindexvar] Similar to `k SETINDEX`, but with `0 <= k <= 254` taken from the stack.
**Category:** Tuple (tuple)
```fift Fift SETINDEXVAR ``` #### `6F86` INDEXVARQ [#6f86-indexvarq] Similar to `n INDEXQ`, but with `0 <= k <= 254` taken from the stack.
**Category:** Tuple (tuple)
```fift Fift INDEXVARQ ``` #### `6F87` SETINDEXVARQ [#6f87-setindexvarq] Similar to `k SETINDEXQ`, but with `0 <= k <= 254` taken from the stack.
**Category:** Tuple (tuple)
```fift Fift SETINDEXVARQ ``` #### `6F88` TLEN [#6f88-tlen] Returns the length of a *Tuple*.
**Category:** Tuple (tuple)
```fift Fift TLEN ``` #### `6F89` QTLEN [#6f89-qtlen] Similar to `TLEN`, but returns `-1` if `t` is not a *Tuple*.
**Category:** Tuple (tuple)
```fift Fift QTLEN ``` #### `6F8A` ISTUPLE [#6f8a-istuple] Returns `-1` or `0` depending on whether `t` is a *Tuple*.
**Category:** Tuple (tuple)
```fift Fift ISTUPLE ``` #### `6F8B` LAST [#6f8b-last] Returns the last element of a non-empty *Tuple* `t`.
**Category:** Tuple (tuple)
```fift Fift LAST ``` #### `6F8C` TPUSH [#6f8c-tpush] Appends a value `x` to a *Tuple* `t=(x_1,...,x_n)`, but only if the resulting *Tuple* `t'=(x_1,...,x_n,x)` is of length at most 255. Otherwise throws a type check exception.
**Category:** Tuple (tuple)
```fift Fift TPUSH COMMA ``` #### `6F8D` TPOP [#6f8d-tpop] Detaches the last element `x=x_n` from a non-empty *Tuple* `t=(x_1,...,x_n)`, and returns both the resulting *Tuple* `t'=(x_1,...,x_{n-1})` and the original last element `x`.
**Category:** Tuple (tuple)
```fift Fift TPOP ``` #### `6FA0` NULLSWAPIF [#6fa0-nullswapif] Pushes a *Null* under the topmost *Integer* `x`, but only if `x!=0`.
**Category:** Tuple (tuple)
```fift Fift NULLSWAPIF ``` #### `6FA1` NULLSWAPIFNOT [#6fa1-nullswapifnot] Pushes a *Null* under the topmost *Integer* `x`, but only if `x=0`. May be used for stack alignment after quiet primitives such as `PLDUXQ`.
**Category:** Tuple (tuple)
```fift Fift NULLSWAPIFNOT ``` #### `6FA2` NULLROTRIF [#6fa2-nullrotrif] Pushes a *Null* under the second stack entry from the top, but only if the topmost *Integer* `y` is non-zero.
**Category:** Tuple (tuple)
```fift Fift NULLROTRIF ``` #### `6FA3` NULLROTRIFNOT [#6fa3-nullrotrifnot] Pushes a *Null* under the second stack entry from the top, but only if the topmost *Integer* `y` is zero. May be used for stack alignment after quiet primitives such as `LDUXQ`.
**Category:** Tuple (tuple)
```fift Fift NULLROTRIFNOT ``` #### `6FA4` NULLSWAPIF2 [#6fa4-nullswapif2] Pushes two nulls under the topmost *Integer* `x`, but only if `x!=0`.
Equivalent to `NULLSWAPIF` `NULLSWAPIF`.
**Category:** Tuple (tuple)
```fift Fift NULLSWAPIF2 ``` #### `6FA5` NULLSWAPIFNOT2 [#6fa5-nullswapifnot2] Pushes two nulls under the topmost *Integer* `x`, but only if `x=0`.
Equivalent to `NULLSWAPIFNOT` `NULLSWAPIFNOT`.
**Category:** Tuple (tuple)
```fift Fift NULLSWAPIFNOT2 ``` #### `6FA6` NULLROTRIF2 [#6fa6-nullrotrif2] Pushes two nulls under the second stack entry from the top, but only if the topmost *Integer* `y` is non-zero.
Equivalent to `NULLROTRIF` `NULLROTRIF`.
**Category:** Tuple (tuple)
```fift Fift NULLROTRIF2 ``` #### `6FA7` NULLROTRIFNOT2 [#6fa7-nullrotrifnot2] Pushes two nulls under the second stack entry from the top, but only if the topmost *Integer* `y` is zero.
Equivalent to `NULLROTRIFNOT` `NULLROTRIFNOT`.
**Category:** Tuple (tuple)
```fift Fift NULLROTRIFNOT2 ``` #### `6FBij` INDEX2 [#6fbij-index2] Recovers `x=(t_{i+1})_{j+1}` for `0 <= i,j <= 3`.
Equivalent to `[i] INDEX` `[j] INDEX`.
**Category:** Tuple (tuple)
```fift Fift [i] [j] INDEX2 ``` **Aliases**: * `CADR`
Recovers `x=(t_2)_1`. * `CDDR`
Recovers `x=(t_2)_2`. #### `6FE_ijk` INDEX3 [#6fe_ijk-index3] Recovers `x=t_{i+1}_{j+1}_{k+1}`.
`0 <= i,j,k <= 3`
Equivalent to `[i] [j] INDEX2` `[k] INDEX`.
**Category:** Tuple (tuple)
```fift Fift [i] [j] [k] INDEX3 ``` **Aliases**: * `CADDR`
Recovers `x=t_2_2_1`. * `CDDDR`
Recovers `x=t_2_2_2`. #### `7i` PUSHINT\_4 [#7i-pushint_4] Pushes integer `x` into the stack. `-5 <= x <= 10`.
Here `i` equals four lower-order bits of `x` (`i=x mod 16`).
**Category:** Const Int (const\_int)
```fift Fift [x] PUSHINT [x] INT ``` **Aliases**: * `ZERO`
* `ONE`
* `TWO`
* `TEN`
* `TRUE`
#### `80xx` PUSHINT\_8 [#80xx-pushint_8] Pushes integer `xx`. `-128 <= xx <= 127`.
**Category:** Const Int (const\_int)
```fift Fift [xx] PUSHINT [xx] INT ``` #### `81xxxx` PUSHINT\_16 [#81xxxx-pushint_16] Pushes integer `xxxx`. `-2^15 <= xx < 2^15`.
**Category:** Const Int (const\_int)
```fift Fift [xxxx] PUSHINT [xxxx] INT ``` #### `82lxxx` PUSHINT\_LONG [#82lxxx-pushint_long] Pushes integer `xxx`.
*Details:* 5-bit `0 <= l <= 30` determines the length `n=8l+19` of signed big-endian integer `xxx`.
The total length of this instruction is `l+4` bytes or `n+13=8l+32` bits.
**Category:** Const Int (const\_int)
```fift Fift [xxx] PUSHINT [xxx] INT ``` #### `83xx` PUSHPOW2 [#83xx-pushpow2] (Quietly) pushes `2^(xx+1)` for `0 <= xx <= 255`.
`2^256` is a `NaN`.
**Category:** Const Int (const\_int)
```fift Fift [xx+1] PUSHPOW2 ``` #### `83FF` PUSHNAN [#83ff-pushnan] Pushes a `NaN`.
**Category:** Const Int (const\_int)
```fift Fift PUSHNAN ``` #### `84xx` PUSHPOW2DEC [#84xx-pushpow2dec] Pushes `2^(xx+1)-1` for `0 <= xx <= 255`.
**Category:** Const Int (const\_int)
```fift Fift [xx+1] PUSHPOW2DEC ``` #### `85xx` PUSHNEGPOW2 [#85xx-pushnegpow2] Pushes `-2^(xx+1)` for `0 <= xx <= 255`.
**Category:** Const Int (const\_int)
```fift Fift [xx+1] PUSHNEGPOW2 ``` #### `88` PUSHREF [#88-pushref] Pushes the reference `ref` into the stack.
*Details:* Pushes the first reference of `cc.code` into the stack as a *Cell* (and removes this reference from the current continuation).
**Category:** Const Data (const\_data)
```fift Fift [ref] PUSHREF ``` #### `89` PUSHREFSLICE [#89-pushrefslice] Similar to `PUSHREF`, but converts the cell into a *Slice*.
**Category:** Const Data (const\_data)
```fift Fift [ref] PUSHREFSLICE ``` #### `8A` PUSHREFCONT [#8a-pushrefcont] Similar to `PUSHREFSLICE`, but makes a simple ordinary *Continuation* out of the cell.
**Category:** Const Data (const\_data)
```fift Fift [ref] PUSHREFCONT ``` #### `8Bxsss` PUSHSLICE [#8bxsss-pushslice] Pushes the slice `slice` into the stack.
*Details:* Pushes the (prefix) subslice of `cc.code` consisting of its first `8x+4` bits and no references (i.e., essentially a bitstring), where `0 <= x <= 15`.
A completion tag is assumed, meaning that all trailing zeroes and the last binary one (if present) are removed from this bitstring.
If the original bitstring consists only of zeroes, an empty slice will be pushed.
**Category:** Const Data (const\_data)
```fift Fift [slice] PUSHSLICE [slice] SLICE ``` #### `8Crxxssss` PUSHSLICE\_REFS [#8crxxssss-pushslice_refs] Pushes the slice `slice` into the stack.
*Details:* Pushes the (prefix) subslice of `cc.code` consisting of its first `1 <= r+1 <= 4` references and up to first `8xx+1` bits of data, with `0 <= xx <= 31`.
A completion tag is also assumed.
**Category:** Const Data (const\_data)
```fift Fift [slice] PUSHSLICE [slice] SLICE ``` #### `8Drxxsssss` PUSHSLICE\_LONG [#8drxxsssss-pushslice_long] Pushes the slice `slice` into the stack.
*Details:* Pushes the subslice of `cc.code` consisting of `0 <= r <= 4` references and up to `8xx+6` bits of data, with `0 <= xx <= 127`.
A completion tag is assumed.
**Category:** Const Data (const\_data)
```fift Fift [slice] PUSHSLICE [slice] SLICE ``` #### `8F_rxxcccc` PUSHCONT [#8f_rxxcccc-pushcont] Pushes a continuation made from `builder`.
*Details:* Pushes the simple ordinary continuation `cccc` made from the first `0 <= r <= 3` references and the first `0 <= xx <= 127` bytes of `cc.code`.
**Category:** Const Data (const\_data)
```fift Fift [builder] PUSHCONT [builder] CONT ``` #### `9xccc` PUSHCONT\_SHORT [#9xccc-pushcont_short] Pushes a continuation made from `builder`.
*Details:* Pushes an `x`-byte continuation for `0 <= x <= 15`.
**Category:** Const Data (const\_data)
```fift Fift [builder] PUSHCONT [builder] CONT ``` #### `A0` ADD [#a0-add]
**Category:** Arithm Basic (arithm\_basic)
```fift Fift ADD ``` #### `A1` SUB [#a1-sub]
**Category:** Arithm Basic (arithm\_basic)
```fift Fift SUB ``` #### `A2` SUBR [#a2-subr] Equivalent to `SWAP` `SUB`.
**Category:** Arithm Basic (arithm\_basic)
```fift Fift SUBR ``` #### `A3` NEGATE [#a3-negate] Equivalent to `-1 MULCONST` or to `ZERO SUBR`.
Notice that it triggers an integer overflow exception if `x=-2^256`.
**Category:** Arithm Basic (arithm\_basic)
```fift Fift NEGATE ``` #### `A4` INC [#a4-inc] Equivalent to `1 ADDCONST`.
**Category:** Arithm Basic (arithm\_basic)
```fift Fift INC ``` #### `A5` DEC [#a5-dec] Equivalent to `-1 ADDCONST`.
**Category:** Arithm Basic (arithm\_basic)
```fift Fift DEC ``` #### `A6cc` ADDCONST [#a6cc-addconst] `-128 <= cc <= 127`.
**Category:** Arithm Basic (arithm\_basic)
```fift Fift [cc] ADDCONST [cc] ADDINT [-cc] SUBCONST [-cc] SUBINT ``` #### `A7cc` MULCONST [#a7cc-mulconst] `-128 <= cc <= 127`.
**Category:** Arithm Basic (arithm\_basic)
```fift Fift [cc] MULCONST [cc] MULINT ``` #### `A8` MUL [#a8-mul]
**Category:** Arithm Basic (arithm\_basic)
```fift Fift MUL ``` #### `A900` ADDDIVMOD [#a900-adddivmod]
**Category:** Arithm Div (arithm\_div)
```fift Fift ADDDIVMOD ``` #### `A901` ADDDIVMODR [#a901-adddivmodr]
**Category:** Arithm Div (arithm\_div)
```fift Fift ADDDIVMODR ``` #### `A902` ADDDIVMODC [#a902-adddivmodc]
**Category:** Arithm Div (arithm\_div)
```fift Fift ADDDIVMODC ``` #### `A904` DIV [#a904-div] `q=floor(x/y)`, `r=x-y*q`
**Category:** Arithm Div (arithm\_div)
```fift Fift DIV ``` #### `A905` DIVR [#a905-divr] `q'=round(x/y)`, `r'=x-y*q'`
**Category:** Arithm Div (arithm\_div)
```fift Fift DIVR ``` #### `A906` DIVC [#a906-divc] `q''=ceil(x/y)`, `r''=x-y*q''`
**Category:** Arithm Div (arithm\_div)
```fift Fift DIVC ``` #### `A908` MOD [#a908-mod]
**Category:** Arithm Div (arithm\_div)
```fift Fift MOD ``` #### `A909` MODR [#a909-modr]
**Category:** Arithm Div (arithm\_div)
```fift Fift MODR ``` #### `A90A` MODC [#a90a-modc]
**Category:** Arithm Div (arithm\_div)
```fift Fift MODC ``` #### `A90C` DIVMOD [#a90c-divmod]
**Category:** Arithm Div (arithm\_div)
```fift Fift DIVMOD ``` #### `A90D` DIVMODR [#a90d-divmodr]
**Category:** Arithm Div (arithm\_div)
```fift Fift DIVMODR ``` #### `A90E` DIVMODC [#a90e-divmodc]
**Category:** Arithm Div (arithm\_div)
```fift Fift DIVMODC ``` #### `A920` ADDRSHIFTMOD\_VAR [#a920-addrshiftmod_var]
**Category:** Arithm Div (arithm\_div)
```fift Fift ADDRSHIFTMOD ``` #### `A921` ADDRSHIFTMODR [#a921-addrshiftmodr]
**Category:** Arithm Div (arithm\_div)
```fift Fift ADDRSHIFTMODR ``` #### `A922` ADDRSHIFTMODC [#a922-addrshiftmodc]
**Category:** Arithm Div (arithm\_div)
```fift Fift ADDRSHIFTMODC ``` #### `A925` RSHIFTR\_VAR [#a925-rshiftr_var]
**Category:** Arithm Div (arithm\_div)
```fift Fift RSHIFTR ``` #### `A926` RSHIFTC\_VAR [#a926-rshiftc_var]
**Category:** Arithm Div (arithm\_div)
```fift Fift RSHIFTC ``` #### `A928` MODPOW2\_VAR [#a928-modpow2_var]
**Category:** Arithm Div (arithm\_div)
```fift Fift MODPOW2 ``` #### `A929` MODPOW2R\_VAR [#a929-modpow2r_var]
**Category:** Arithm Div (arithm\_div)
```fift Fift MODPOW2R ``` #### `A92A` MODPOW2C\_VAR [#a92a-modpow2c_var]
**Category:** Arithm Div (arithm\_div)
```fift Fift MODPOW2C ``` #### `A92C` RSHIFTMOD\_VAR [#a92c-rshiftmod_var]
**Category:** Arithm Div (arithm\_div)
```fift Fift RSHIFTMOD ``` #### `A92D` RSHIFTMODR\_VAR [#a92d-rshiftmodr_var]
**Category:** Arithm Div (arithm\_div)
```fift Fift RSHIFTMODR ``` #### `A92E` RSHIFTMODC\_VAR [#a92e-rshiftmodc_var]
**Category:** Arithm Div (arithm\_div)
```fift Fift RSHIFTMODC ``` #### `A930tt` ADDRSHIFTMOD [#a930tt-addrshiftmod]
**Category:** Arithm Div (arithm\_div)
```fift Fift [tt+1] ADDRSHIFT#MOD ``` #### `A931tt` ADDRSHIFTRMOD [#a931tt-addrshiftrmod]
**Category:** Arithm Div (arithm\_div)
```fift Fift [tt+1] ADDRSHIFTR#MOD ``` #### `A932tt` ADDRSHIFTCMOD [#a932tt-addrshiftcmod]
**Category:** Arithm Div (arithm\_div)
```fift Fift [tt+1] ADDRSHIFTC#MOD ``` #### `A935tt` RSHIFTR [#a935tt-rshiftr]
**Category:** Arithm Div (arithm\_div)
```fift Fift [tt+1] RSHIFTR# ``` #### `A936tt` RSHIFTC [#a936tt-rshiftc]
**Category:** Arithm Div (arithm\_div)
```fift Fift [tt+1] RSHIFTC# ``` #### `A938tt` MODPOW2 [#a938tt-modpow2]
**Category:** Arithm Div (arithm\_div)
```fift Fift [tt+1] MODPOW2# ``` #### `A939tt` MODPOW2R [#a939tt-modpow2r]
**Category:** Arithm Div (arithm\_div)
```fift Fift [tt+1] MODPOW2R# ``` #### `A93Att` MODPOW2C [#a93att-modpow2c]
**Category:** Arithm Div (arithm\_div)
```fift Fift [tt+1] MODPOW2C# ``` #### `A93Ctt` RSHIFTMOD [#a93ctt-rshiftmod]
**Category:** Arithm Div (arithm\_div)
```fift Fift [tt+1] RSHIFT#MOD ``` #### `A93Dtt` RSHIFTRMOD [#a93dtt-rshiftrmod]
**Category:** Arithm Div (arithm\_div)
```fift Fift [tt+1] RSHIFTR#MOD ``` #### `A93Ett` RSHIFTCMOD [#a93ett-rshiftcmod]
**Category:** Arithm Div (arithm\_div)
```fift Fift [tt+1] RSHIFTC#MOD ``` #### `A980` MULADDDIVMOD [#a980-muladddivmod]
**Category:** Arithm Div (arithm\_div)
```fift Fift MULADDDIVMOD ``` #### `A981` MULADDDIVMODR [#a981-muladddivmodr]
**Category:** Arithm Div (arithm\_div)
```fift Fift MULADDDIVMODR ``` #### `A982` MULADDDIVMODC [#a982-muladddivmodc]
**Category:** Arithm Div (arithm\_div)
```fift Fift MULADDDIVMODC ``` #### `A984` MULDIV [#a984-muldiv] `q=floor(x*y/z)`
**Category:** Arithm Div (arithm\_div)
```fift Fift MULDIV ``` #### `A985` MULDIVR [#a985-muldivr] `q'=round(x*y/z)`
**Category:** Arithm Div (arithm\_div)
```fift Fift MULDIVR ``` #### `A986` MULDIVC [#a986-muldivc] `q'=ceil(x*y/z)`
**Category:** Arithm Div (arithm\_div)
```fift Fift MULDIVC ``` #### `A988` MULMOD [#a988-mulmod]
**Category:** Arithm Div (arithm\_div)
```fift Fift MULMOD ``` #### `A989` MULMODR [#a989-mulmodr]
**Category:** Arithm Div (arithm\_div)
```fift Fift MULMODR ``` #### `A98A` MULMODC [#a98a-mulmodc]
**Category:** Arithm Div (arithm\_div)
```fift Fift MULMODC ``` #### `A98C` MULDIVMOD [#a98c-muldivmod] `q=floor(x*y/z)`, `r=x*y-z*q`
**Category:** Arithm Div (arithm\_div)
```fift Fift MULDIVMOD ``` #### `A98D` MULDIVMODR [#a98d-muldivmodr] `q=round(x*y/z)`, `r=x*y-z*q`
**Category:** Arithm Div (arithm\_div)
```fift Fift MULDIVMODR ``` #### `A98E` MULDIVMODC [#a98e-muldivmodc] `q=ceil(x*y/z)`, `r=x*y-z*q`
**Category:** Arithm Div (arithm\_div)
```fift Fift MULDIVMODC ``` #### `A9A0` MULADDRSHIFTMOD\_VAR [#a9a0-muladdrshiftmod_var]
**Category:** Arithm Div (arithm\_div)
```fift Fift MULADDRSHIFTMOD ``` #### `A9A1` MULADDRSHIFTRMOD\_VAR [#a9a1-muladdrshiftrmod_var]
**Category:** Arithm Div (arithm\_div)
```fift Fift MULADDRSHIFTRMOD ``` #### `A9A2` MULADDRSHIFTCMOD\_VAR [#a9a2-muladdrshiftcmod_var]
**Category:** Arithm Div (arithm\_div)
```fift Fift MULADDRSHIFTCMOD ``` #### `A9A4` MULRSHIFT\_VAR [#a9a4-mulrshift_var] `0 <= z <= 256`
**Category:** Arithm Div (arithm\_div)
```fift Fift MULRSHIFT ``` #### `A9A5` MULRSHIFTR\_VAR [#a9a5-mulrshiftr_var] `0 <= z <= 256`
**Category:** Arithm Div (arithm\_div)
```fift Fift MULRSHIFTR ``` #### `A9A6` MULRSHIFTC\_VAR [#a9a6-mulrshiftc_var] `0 <= z <= 256`
**Category:** Arithm Div (arithm\_div)
```fift Fift MULRSHIFTC ``` #### `A9A8` MULMODPOW2\_VAR [#a9a8-mulmodpow2_var]
**Category:** Arithm Div (arithm\_div)
```fift Fift MULMODPOW2_VAR ``` #### `A9A9` MULMODPOW2R\_VAR [#a9a9-mulmodpow2r_var]
**Category:** Arithm Div (arithm\_div)
```fift Fift MULMODPOW2R_VAR ``` #### `A9AA` MULMODPOW2C\_VAR [#a9aa-mulmodpow2c_var]
**Category:** Arithm Div (arithm\_div)
```fift Fift MULMODPOW2C_VAR ``` #### `A9AC` MULRSHIFTMOD\_VAR [#a9ac-mulrshiftmod_var]
**Category:** Arithm Div (arithm\_div)
```fift Fift MULRSHIFTMOD_VAR ``` #### `A9AD` MULRSHIFTRMOD\_VAR [#a9ad-mulrshiftrmod_var]
**Category:** Arithm Div (arithm\_div)
```fift Fift MULRSHIFTRMOD_VAR ``` #### `A9AE` MULRSHIFTCMOD\_VAR [#a9ae-mulrshiftcmod_var]
**Category:** Arithm Div (arithm\_div)
```fift Fift MULRSHIFTCMOD_VAR ``` #### `A9B0tt` MULADDRSHIFTMOD [#a9b0tt-muladdrshiftmod]
**Category:** Arithm Div (arithm\_div)
```fift Fift [tt+1] MULADDRSHIFT#MOD ``` #### `A9B1tt` MULADDRSHIFTRMOD [#a9b1tt-muladdrshiftrmod]
**Category:** Arithm Div (arithm\_div)
```fift Fift [tt+1] MULADDRSHIFTR#MOD ``` #### `A9B2tt` MULADDRSHIFTCMOD [#a9b2tt-muladdrshiftcmod]
**Category:** Arithm Div (arithm\_div)
```fift Fift [tt+1] MULADDRSHIFTC#MOD ``` #### `A9B4tt` MULRSHIFT [#a9b4tt-mulrshift]
**Category:** Arithm Div (arithm\_div)
```fift Fift [tt+1] MULRSHIFT# ``` #### `A9B5tt` MULRSHIFTR [#a9b5tt-mulrshiftr]
**Category:** Arithm Div (arithm\_div)
```fift Fift [tt+1] MULRSHIFTR# ``` #### `A9B6tt` MULRSHIFTC [#a9b6tt-mulrshiftc]
**Category:** Arithm Div (arithm\_div)
```fift Fift [tt+1] MULRSHIFTC# ``` #### `A9B8tt` MULMODPOW2 [#a9b8tt-mulmodpow2]
**Category:** Arithm Div (arithm\_div)
```fift Fift [tt+1] MULMODPOW2# ``` #### `A9B9tt` MULMODPOW2R [#a9b9tt-mulmodpow2r]
**Category:** Arithm Div (arithm\_div)
```fift Fift [tt+1] MULMODPOW2R# ``` #### `A9BAtt` MULMODPOW2C [#a9batt-mulmodpow2c]
**Category:** Arithm Div (arithm\_div)
```fift Fift [tt+1] MULMODPOW2C# ``` #### `A9BC` MULRSHIFTMOD [#a9bc-mulrshiftmod]
**Category:** Arithm Div (arithm\_div)
```fift Fift MULRSHIFT#MOD ``` #### `A9BD` MULRSHIFTRMOD [#a9bd-mulrshiftrmod]
**Category:** Arithm Div (arithm\_div)
```fift Fift MULRSHIFTR#MOD ``` #### `A9BE` MULRSHIFTCMOD [#a9be-mulrshiftcmod]
**Category:** Arithm Div (arithm\_div)
```fift Fift MULRSHIFTC#MOD ``` #### `A9C0` LSHIFTADDDIVMOD\_VAR [#a9c0-lshiftadddivmod_var]
**Category:** Arithm Div (arithm\_div)
```fift Fift LSHIFTADDDIVMOD ``` #### `A9C1` LSHIFTADDDIVMODR\_VAR [#a9c1-lshiftadddivmodr_var]
**Category:** Arithm Div (arithm\_div)
```fift Fift LSHIFTADDDIVMODR ``` #### `A9C2` LSHIFTADDDIVMODC\_VAR [#a9c2-lshiftadddivmodc_var]
**Category:** Arithm Div (arithm\_div)
```fift Fift LSHIFTADDDIVMODC ``` #### `A9C4` LSHIFTDIV\_VAR [#a9c4-lshiftdiv_var] `0 <= z <= 256`
**Category:** Arithm Div (arithm\_div)
```fift Fift LSHIFTDIV ``` #### `A9C5` LSHIFTDIVR\_VAR [#a9c5-lshiftdivr_var] `0 <= z <= 256`
**Category:** Arithm Div (arithm\_div)
```fift Fift LSHIFTDIVR ``` #### `A9C6` LSHIFTDIVC\_VAR [#a9c6-lshiftdivc_var] `0 <= z <= 256`
**Category:** Arithm Div (arithm\_div)
```fift Fift LSHIFTDIVC ``` #### `A9C8` LSHIFTMOD\_VAR [#a9c8-lshiftmod_var]
**Category:** Arithm Div (arithm\_div)
```fift Fift LSHIFTMOD ``` #### `A9C9` LSHIFTMODR\_VAR [#a9c9-lshiftmodr_var]
**Category:** Arithm Div (arithm\_div)
```fift Fift LSHIFTMODR ``` #### `A9CA` LSHIFTMODC\_VAR [#a9ca-lshiftmodc_var]
**Category:** Arithm Div (arithm\_div)
```fift Fift LSHIFTMODC ``` #### `A9CC` LSHIFTDIVMOD\_VAR [#a9cc-lshiftdivmod_var]
**Category:** Arithm Div (arithm\_div)
```fift Fift LSHIFTDIVMOD ``` #### `A9CD` LSHIFTDIVMODR\_VAR [#a9cd-lshiftdivmodr_var]
**Category:** Arithm Div (arithm\_div)
```fift Fift LSHIFTDIVMODR ``` #### `A9CE` LSHIFTDIVMODC\_VAR [#a9ce-lshiftdivmodc_var]
**Category:** Arithm Div (arithm\_div)
```fift Fift LSHIFTDIVMODC ``` #### `A9D0tt` LSHIFTADDDIVMOD [#a9d0tt-lshiftadddivmod]
**Category:** Arithm Div (arithm\_div)
```fift Fift [tt+1] LSHIFT#ADDDIVMOD ``` #### `A9D1tt` LSHIFTADDDIVMODR [#a9d1tt-lshiftadddivmodr]
**Category:** Arithm Div (arithm\_div)
```fift Fift [tt+1] LSHIFT#ADDDIVMODR ``` #### `A9D2tt` LSHIFTADDDIVMODC [#a9d2tt-lshiftadddivmodc]
**Category:** Arithm Div (arithm\_div)
```fift Fift [tt+1] LSHIFT#ADDDIVMODC ``` #### `A9D4tt` LSHIFTDIV [#a9d4tt-lshiftdiv]
**Category:** Arithm Div (arithm\_div)
```fift Fift [tt+1] LSHIFT#DIV ``` #### `A9D5tt` LSHIFTDIVR [#a9d5tt-lshiftdivr]
**Category:** Arithm Div (arithm\_div)
```fift Fift [tt+1] LSHIFT#DIVR ``` #### `A9D6tt` LSHIFTDIVC [#a9d6tt-lshiftdivc]
**Category:** Arithm Div (arithm\_div)
```fift Fift [tt+1] LSHIFT#DIVC ``` #### `A9D8tt` LSHIFTMOD [#a9d8tt-lshiftmod]
**Category:** Arithm Div (arithm\_div)
```fift Fift [tt+1] LSHIFT#MOD ``` #### `A9D9tt` LSHIFTMODR [#a9d9tt-lshiftmodr]
**Category:** Arithm Div (arithm\_div)
```fift Fift [tt+1] LSHIFT#MODR ``` #### `A9DAtt` LSHIFTMODC [#a9datt-lshiftmodc]
**Category:** Arithm Div (arithm\_div)
```fift Fift [tt+1] LSHIFT#MODC ``` #### `A9DCtt` LSHIFTDIVMOD [#a9dctt-lshiftdivmod]
**Category:** Arithm Div (arithm\_div)
```fift Fift [tt+1] LSHIFT#DIVMOD ``` #### `A9DDtt` LSHIFTDIVMODR [#a9ddtt-lshiftdivmodr]
**Category:** Arithm Div (arithm\_div)
```fift Fift [tt+1] LSHIFT#DIVMODR ``` #### `A9DEtt` LSHIFTDIVMODC [#a9dett-lshiftdivmodc]
**Category:** Arithm Div (arithm\_div)
```fift Fift [tt+1] LSHIFT#DIVMODC ``` #### `AAcc` LSHIFT [#aacc-lshift] `0 <= cc <= 255`
**Category:** Arithm Logical (arithm\_logical)
```fift Fift [cc+1] LSHIFT# ``` #### `ABcc` RSHIFT [#abcc-rshift] `0 <= cc <= 255`
**Category:** Arithm Logical (arithm\_logical)
```fift Fift [cc+1] RSHIFT# ``` #### `AC` LSHIFT\_VAR [#ac-lshift_var] `0 <= y <= 1023`
**Category:** Arithm Logical (arithm\_logical)
```fift Fift LSHIFT ``` #### `AD` RSHIFT\_VAR [#ad-rshift_var] `0 <= y <= 1023`
**Category:** Arithm Logical (arithm\_logical)
```fift Fift RSHIFT ``` #### `AE` POW2 [#ae-pow2] `0 <= y <= 1023`
Equivalent to `ONE` `SWAP` `LSHIFT`.
**Category:** Arithm Logical (arithm\_logical)
```fift Fift POW2 ``` #### `B0` AND [#b0-and] Bitwise and of two signed integers `x` and `y`, sign-extended to infinity.
**Category:** Arithm Logical (arithm\_logical)
```fift Fift AND ``` #### `B1` OR [#b1-or] Bitwise or of two integers.
**Category:** Arithm Logical (arithm\_logical)
```fift Fift OR ``` #### `B2` XOR [#b2-xor] Bitwise xor of two integers.
**Category:** Arithm Logical (arithm\_logical)
```fift Fift XOR ``` #### `B3` NOT [#b3-not] Bitwise not of an integer.
**Category:** Arithm Logical (arithm\_logical)
```fift Fift NOT ``` #### `B4cc` FITS [#b4cc-fits] Checks whether `x` is a `cc+1`-bit signed integer for `0 <= cc <= 255` (i.e., whether `-2^cc <= x < 2^cc`).
If not, either triggers an integer overflow exception, or replaces `x` with a `NaN` (quiet version).
**Category:** Arithm Logical (arithm\_logical)
```fift Fift [cc+1] FITS ``` **Aliases**: * `CHKBOOL`
Checks whether `x` is a ''boolean value'' (i.e., either 0 or -1). #### `B5cc` UFITS [#b5cc-ufits] Checks whether `x` is a `cc+1`-bit unsigned integer for `0 <= cc <= 255` (i.e., whether `0 <= x < 2^(cc+1)`).
**Category:** Arithm Logical (arithm\_logical)
```fift Fift [cc+1] UFITS ``` **Aliases**: * `CHKBIT`
Checks whether `x` is a binary digit (i.e., zero or one). #### `B600` FITSX [#b600-fitsx] Checks whether `x` is a `c`-bit signed integer for `0 <= c <= 1023`.
**Category:** Arithm Logical (arithm\_logical)
```fift Fift FITSX ``` #### `B601` UFITSX [#b601-ufitsx] Checks whether `x` is a `c`-bit unsigned integer for `0 <= c <= 1023`.
**Category:** Arithm Logical (arithm\_logical)
```fift Fift UFITSX ``` #### `B602` BITSIZE [#b602-bitsize] Computes smallest `c >= 0` such that `x` fits into a `c`-bit signed integer (`-2^(c-1) <= c < 2^(c-1)`).
**Category:** Arithm Logical (arithm\_logical)
```fift Fift BITSIZE ``` #### `B603` UBITSIZE [#b603-ubitsize] Computes smallest `c >= 0` such that `x` fits into a `c`-bit unsigned integer (`0 <= x < 2^c`), or throws a range check exception.
**Category:** Arithm Logical (arithm\_logical)
```fift Fift UBITSIZE ``` #### `B608` MIN [#b608-min] Computes the minimum of two integers `x` and `y`.
**Category:** Arithm Logical (arithm\_logical)
```fift Fift MIN ``` #### `B609` MAX [#b609-max] Computes the maximum of two integers `x` and `y`.
**Category:** Arithm Logical (arithm\_logical)
```fift Fift MAX ``` #### `B60A` MINMAX [#b60a-minmax] Sorts two integers. Quiet version of this operation returns two `NaN`s if any of the arguments are `NaN`s.
**Category:** Arithm Logical (arithm\_logical)
```fift Fift MINMAX INTSORT2 ``` #### `B60B` ABS [#b60b-abs] Computes the absolute value of an integer `x`.
**Category:** Arithm Logical (arithm\_logical)
```fift Fift ABS ``` #### `B7A0` QADD [#b7a0-qadd]
**Category:** Arithm Quiet (arithm\_quiet)
```fift Fift QADD ``` #### `B7A1` QSUB [#b7a1-qsub]
**Category:** Arithm Quiet (arithm\_quiet)
```fift Fift QSUB ``` #### `B7A2` QSUBR [#b7a2-qsubr]
**Category:** Arithm Quiet (arithm\_quiet)
```fift Fift QSUBR ``` #### `B7A3` QNEGATE [#b7a3-qnegate]
**Category:** Arithm Quiet (arithm\_quiet)
```fift Fift QNEGATE ``` #### `B7A4` QINC [#b7a4-qinc]
**Category:** Arithm Quiet (arithm\_quiet)
```fift Fift QINC ``` #### `B7A5` QDEC [#b7a5-qdec]
**Category:** Arithm Quiet (arithm\_quiet)
```fift Fift QDEC ``` #### `B7A8` QMUL [#b7a8-qmul]
**Category:** Arithm Quiet (arithm\_quiet)
```fift Fift QMUL ``` #### `B7A900` QADDDIVMOD [#b7a900-qadddivmod]
**Category:** Arithm Quiet (arithm\_quiet)
```fift Fift QADDDIVMOD ``` #### `B7A901` QADDDIVMODR [#b7a901-qadddivmodr]
**Category:** Arithm Quiet (arithm\_quiet)
```fift Fift QADDDIVMODR ``` #### `B7A902` QADDDIVMODC [#b7a902-qadddivmodc]
**Category:** Arithm Quiet (arithm\_quiet)
```fift Fift QADDDIVMODC ``` #### `B7A904` QDIV [#b7a904-qdiv] Division returns `NaN` if `y=0`.
**Category:** Arithm Quiet (arithm\_quiet)
```fift Fift QDIV ``` #### `B7A905` QDIVR [#b7a905-qdivr]
**Category:** Arithm Quiet (arithm\_quiet)
```fift Fift QDIVR ``` #### `B7A906` QDIVC [#b7a906-qdivc]
**Category:** Arithm Quiet (arithm\_quiet)
```fift Fift QDIVC ``` #### `B7A908` QMOD [#b7a908-qmod]
**Category:** Arithm Quiet (arithm\_quiet)
```fift Fift QMOD ``` #### `B7A909` QMODR [#b7a909-qmodr]
**Category:** Arithm Quiet (arithm\_quiet)
```fift Fift QMODR ``` #### `B7A90A` QMODC [#b7a90a-qmodc]
**Category:** Arithm Quiet (arithm\_quiet)
```fift Fift QMODC ``` #### `B7A90C` QDIVMOD [#b7a90c-qdivmod]
**Category:** Arithm Quiet (arithm\_quiet)
```fift Fift QDIVMOD ``` #### `B7A90D` QDIVMODR [#b7a90d-qdivmodr]
**Category:** Arithm Quiet (arithm\_quiet)
```fift Fift QDIVMODR ``` #### `B7A90E` QDIVMODC [#b7a90e-qdivmodc]
**Category:** Arithm Quiet (arithm\_quiet)
```fift Fift QDIVMODC ``` #### `B7A920` QADDRSHIFTMOD [#b7a920-qaddrshiftmod]
**Category:** Arithm Quiet (arithm\_quiet)
```fift Fift QADDRSHIFTMOD ``` #### `B7A921` QADDRSHIFTMODR [#b7a921-qaddrshiftmodr]
**Category:** Arithm Quiet (arithm\_quiet)
```fift Fift QADDRSHIFTMODR ``` #### `B7A922` QADDRSHIFTMODC [#b7a922-qaddrshiftmodc]
**Category:** Arithm Quiet (arithm\_quiet)
```fift Fift QADDRSHIFTMODC ``` #### `B7A925` QRSHIFTR\_VAR [#b7a925-qrshiftr_var]
**Category:** Arithm Quiet (arithm\_quiet)
```fift Fift QRSHIFTR ``` #### `B7A926` QRSHIFTC\_VAR [#b7a926-qrshiftc_var]
**Category:** Arithm Quiet (arithm\_quiet)
```fift Fift QRSHIFTC ``` #### `B7A928` QMODPOW2\_VAR [#b7a928-qmodpow2_var]
**Category:** Arithm Quiet (arithm\_quiet)
```fift Fift QMODPOW2 ``` #### `B7A929` QMODPOW2R\_VAR [#b7a929-qmodpow2r_var]
**Category:** Arithm Quiet (arithm\_quiet)
```fift Fift QMODPOW2R ``` #### `B7A92A` QMODPOW2C\_VAR [#b7a92a-qmodpow2c_var]
**Category:** Arithm Quiet (arithm\_quiet)
```fift Fift QMODPOW2C ``` #### `B7A92C` QRSHIFTMOD\_VAR [#b7a92c-qrshiftmod_var]
**Category:** Arithm Quiet (arithm\_quiet)
```fift Fift QRSHIFTMOD ``` #### `B7A92D` QRSHIFTMODR\_VAR [#b7a92d-qrshiftmodr_var]
**Category:** Arithm Quiet (arithm\_quiet)
```fift Fift QRSHIFTMODR ``` #### `B7A92E` QRSHIFTMODC\_VAR [#b7a92e-qrshiftmodc_var]
**Category:** Arithm Quiet (arithm\_quiet)
```fift Fift QRSHIFTMODC ``` #### `B7A930tt` QADDRSHIFTMOD [#b7a930tt-qaddrshiftmod]
**Category:** Arithm Quiet (arithm\_quiet)
```fift Fift [tt+1] QADDRSHIFT#MOD ``` #### `B7A931tt` QADDRSHIFTRMOD [#b7a931tt-qaddrshiftrmod]
**Category:** Arithm Quiet (arithm\_quiet)
```fift Fift [tt+1] QADDRSHIFTR#MOD ``` #### `B7A932tt` QADDRSHIFTCMOD [#b7a932tt-qaddrshiftcmod]
**Category:** Arithm Quiet (arithm\_quiet)
```fift Fift [tt+1] QADDRSHIFTC#MOD ``` #### `B7A935tt` QRSHIFTR [#b7a935tt-qrshiftr]
**Category:** Arithm Quiet (arithm\_quiet)
```fift Fift [tt+1] QRSHIFTR# ``` #### `B7A936tt` QRSHIFTC [#b7a936tt-qrshiftc]
**Category:** Arithm Quiet (arithm\_quiet)
```fift Fift [tt+1] QRSHIFTC# ``` #### `B7A938tt` QMODPOW2 [#b7a938tt-qmodpow2]
**Category:** Arithm Quiet (arithm\_quiet)
```fift Fift [tt+1] QMODPOW2# ``` #### `B7A939tt` QMODPOW2R [#b7a939tt-qmodpow2r]
**Category:** Arithm Quiet (arithm\_quiet)
```fift Fift [tt+1] QMODPOW2R# ``` #### `B7A93Att` QMODPOW2C [#b7a93att-qmodpow2c]
**Category:** Arithm Quiet (arithm\_quiet)
```fift Fift [tt+1] QMODPOW2C# ``` #### `B7A93Ctt` QRSHIFTMOD [#b7a93ctt-qrshiftmod]
**Category:** Arithm Quiet (arithm\_quiet)
```fift Fift [tt+1] QRSHIFT#MOD ``` #### `B7A93Dtt` QRSHIFTRMOD [#b7a93dtt-qrshiftrmod]
**Category:** Arithm Quiet (arithm\_quiet)
```fift Fift [tt+1] QRSHIFTR#MOD ``` #### `B7A93Ett` QRSHIFTCMOD [#b7a93ett-qrshiftcmod]
**Category:** Arithm Quiet (arithm\_quiet)
```fift Fift [tt+1] QRSHIFTC#MOD ``` #### `B7A980` QMULADDDIVMOD [#b7a980-qmuladddivmod]
**Category:** Arithm Quiet (arithm\_quiet)
```fift Fift QMULADDDIVMOD ``` #### `B7A981` QMULADDDIVMODR [#b7a981-qmuladddivmodr]
**Category:** Arithm Quiet (arithm\_quiet)
```fift Fift QMULADDDIVMODR ``` #### `B7A982` QMULADDDIVMODC [#b7a982-qmuladddivmodc]
**Category:** Arithm Quiet (arithm\_quiet)
```fift Fift QMULADDDIVMODC ``` #### `B7A984` QMULDIV [#b7a984-qmuldiv] `q=floor(x*y/z)`
**Category:** Arithm Quiet (arithm\_quiet)
```fift Fift QMULDIV ``` #### `B7A985` QMULDIVR [#b7a985-qmuldivr]
**Category:** Arithm Quiet (arithm\_quiet)
```fift Fift QMULDIVR ``` #### `B7A986` QMULDIVC [#b7a986-qmuldivc] `q'=ceil(x*y/z)`
**Category:** Arithm Quiet (arithm\_quiet)
```fift Fift QMULDIVC ``` #### `B7A988` QMULMOD [#b7a988-qmulmod]
**Category:** Arithm Quiet (arithm\_quiet)
```fift Fift QMULMOD ``` #### `B7A989` QMULMODR [#b7a989-qmulmodr]
**Category:** Arithm Quiet (arithm\_quiet)
```fift Fift QMULMODR ``` #### `B7A98A` QMULMODC [#b7a98a-qmulmodc]
**Category:** Arithm Quiet (arithm\_quiet)
```fift Fift QMULMODC ``` #### `B7A98C` QMULDIVMOD [#b7a98c-qmuldivmod]
**Category:** Arithm Quiet (arithm\_quiet)
```fift Fift QMULDIVMOD ``` #### `B7A98D` QMULDIVMODR [#b7a98d-qmuldivmodr] `q=round(x*y/z)`, `r=x*y-z*q`
**Category:** Arithm Quiet (arithm\_quiet)
```fift Fift QMULDIVMODR ``` #### `B7A98E` QMULDIVMODC [#b7a98e-qmuldivmodc] `q=ceil(x*y/z)`, `r=x*y-z*q`
**Category:** Arithm Quiet (arithm\_quiet)
```fift Fift QMULDIVMODC ``` #### `B7A9A0` QMULADDRSHIFTMOD\_VAR [#b7a9a0-qmuladdrshiftmod_var]
**Category:** Arithm Quiet (arithm\_quiet)
```fift Fift QMULADDRSHIFTMOD ``` #### `B7A9A1` QMULADDRSHIFTRMOD\_VAR [#b7a9a1-qmuladdrshiftrmod_var]
**Category:** Arithm Quiet (arithm\_quiet)
```fift Fift QMULADDRSHIFTRMOD ``` #### `B7A9A2` QMULADDRSHIFTCMOD\_VAR [#b7a9a2-qmuladdrshiftcmod_var]
**Category:** Arithm Quiet (arithm\_quiet)
```fift Fift QMULADDRSHIFTCMOD ``` #### `B7A9A4` QMULRSHIFT\_VAR [#b7a9a4-qmulrshift_var] `0 <= z <= 256`
**Category:** Arithm Quiet (arithm\_quiet)
```fift Fift QMULRSHIFT ``` #### `B7A9A5` QMULRSHIFTR\_VAR [#b7a9a5-qmulrshiftr_var] `0 <= z <= 256`
**Category:** Arithm Quiet (arithm\_quiet)
```fift Fift QMULRSHIFTR ``` #### `B7A9A6` QMULRSHIFTC\_VAR [#b7a9a6-qmulrshiftc_var] `0 <= z <= 256`
**Category:** Arithm Quiet (arithm\_quiet)
```fift Fift QMULRSHIFTC ``` #### `B7A9A8` QMULMODPOW2\_VAR [#b7a9a8-qmulmodpow2_var]
**Category:** Arithm Quiet (arithm\_quiet)
```fift Fift QMULMODPOW2_VAR ``` #### `B7A9A9` QMULMODPOW2R\_VAR [#b7a9a9-qmulmodpow2r_var]
**Category:** Arithm Quiet (arithm\_quiet)
```fift Fift QMULMODPOW2R_VAR ``` #### `B7A9AA` QMULMODPOW2C\_VAR [#b7a9aa-qmulmodpow2c_var]
**Category:** Arithm Quiet (arithm\_quiet)
```fift Fift QMULMODPOW2C_VAR ``` #### `B7A9AC` QMULRSHIFTMOD\_VAR [#b7a9ac-qmulrshiftmod_var]
**Category:** Arithm Quiet (arithm\_quiet)
```fift Fift QMULRSHIFTMOD_VAR ``` #### `B7A9AD` QMULRSHIFTRMOD\_VAR [#b7a9ad-qmulrshiftrmod_var]
**Category:** Arithm Quiet (arithm\_quiet)
```fift Fift QMULRSHIFTRMOD_VAR ``` #### `B7A9AE` QMULRSHIFTCMOD\_VAR [#b7a9ae-qmulrshiftcmod_var]
**Category:** Arithm Quiet (arithm\_quiet)
```fift Fift QMULRSHIFTCMOD_VAR ``` #### `B7A9B0tt` QMULADDRSHIFTMOD [#b7a9b0tt-qmuladdrshiftmod]
**Category:** Arithm Quiet (arithm\_quiet)
```fift Fift [tt+1] QMULADDRSHIFT#MOD ``` #### `B7A9B1tt` QMULADDRSHIFTRMOD [#b7a9b1tt-qmuladdrshiftrmod]
**Category:** Arithm Quiet (arithm\_quiet)
```fift Fift [tt+1] QMULADDRSHIFTR#MOD ``` #### `B7A9B2tt` QMULADDRSHIFTCMOD [#b7a9b2tt-qmuladdrshiftcmod]
**Category:** Arithm Quiet (arithm\_quiet)
```fift Fift [tt+1] QMULADDRSHIFTC#MOD ``` #### `B7A9B4tt` QMULRSHIFT [#b7a9b4tt-qmulrshift]
**Category:** Arithm Quiet (arithm\_quiet)
```fift Fift [tt+1] QMULRSHIFT# ``` #### `B7A9B5tt` QMULRSHIFTR [#b7a9b5tt-qmulrshiftr]
**Category:** Arithm Quiet (arithm\_quiet)
```fift Fift [tt+1] QMULRSHIFTR# ``` #### `B7A9B6tt` QMULRSHIFTC [#b7a9b6tt-qmulrshiftc]
**Category:** Arithm Quiet (arithm\_quiet)
```fift Fift [tt+1] QMULRSHIFTC# ``` #### `B7A9B8tt` QMULMODPOW2 [#b7a9b8tt-qmulmodpow2]
**Category:** Arithm Quiet (arithm\_quiet)
```fift Fift [tt+1] QMULMODPOW2# ``` #### `B7A9B9tt` QMULMODPOW2R [#b7a9b9tt-qmulmodpow2r]
**Category:** Arithm Quiet (arithm\_quiet)
```fift Fift [tt+1] QMULMODPOW2R# ``` #### `B7A9BAtt` QMULMODPOW2C [#b7a9batt-qmulmodpow2c]
**Category:** Arithm Quiet (arithm\_quiet)
```fift Fift [tt+1] QMULMODPOW2C# ``` #### `B7A9BC` QMULRSHIFTMOD [#b7a9bc-qmulrshiftmod]
**Category:** Arithm Quiet (arithm\_quiet)
```fift Fift QMULRSHIFT#MOD ``` #### `B7A9BD` QMULRSHIFTRMOD [#b7a9bd-qmulrshiftrmod]
**Category:** Arithm Quiet (arithm\_quiet)
```fift Fift QMULRSHIFTR#MOD ``` #### `B7A9BE` QMULRSHIFTCMOD [#b7a9be-qmulrshiftcmod]
**Category:** Arithm Quiet (arithm\_quiet)
```fift Fift QMULRSHIFTC#MOD ``` #### `B7A9C0` QLSHIFTADDDIVMOD\_VAR [#b7a9c0-qlshiftadddivmod_var]
**Category:** Arithm Quiet (arithm\_quiet)
```fift Fift QLSHIFTADDDIVMOD ``` #### `B7A9C1` QLSHIFTADDDIVMODR\_VAR [#b7a9c1-qlshiftadddivmodr_var]
**Category:** Arithm Quiet (arithm\_quiet)
```fift Fift QLSHIFTADDDIVMODR ``` #### `B7A9C2` QLSHIFTADDDIVMODC\_VAR [#b7a9c2-qlshiftadddivmodc_var]
**Category:** Arithm Quiet (arithm\_quiet)
```fift Fift QLSHIFTADDDIVMODC ``` #### `B7A9C4` QLSHIFTDIV\_VAR [#b7a9c4-qlshiftdiv_var] `0 <= z <= 256`
**Category:** Arithm Quiet (arithm\_quiet)
```fift Fift QLSHIFTDIV ``` #### `B7A9C5` QLSHIFTDIVR\_VAR [#b7a9c5-qlshiftdivr_var] `0 <= z <= 256`
**Category:** Arithm Quiet (arithm\_quiet)
```fift Fift QLSHIFTDIVR ``` #### `B7A9C6` QLSHIFTDIVC\_VAR [#b7a9c6-qlshiftdivc_var] `0 <= z <= 256`
**Category:** Arithm Quiet (arithm\_quiet)
```fift Fift QLSHIFTDIVC ``` #### `B7A9C8` QLSHIFTMOD\_VAR [#b7a9c8-qlshiftmod_var]
**Category:** Arithm Quiet (arithm\_quiet)
```fift Fift QLSHIFTMOD ``` #### `B7A9C9` QLSHIFTMODR\_VAR [#b7a9c9-qlshiftmodr_var]
**Category:** Arithm Quiet (arithm\_quiet)
```fift Fift QLSHIFTMODR ``` #### `B7A9CA` QLSHIFTMODC\_VAR [#b7a9ca-qlshiftmodc_var]
**Category:** Arithm Quiet (arithm\_quiet)
```fift Fift QLSHIFTMODC ``` #### `B7A9CC` QLSHIFTDIVMOD\_VAR [#b7a9cc-qlshiftdivmod_var]
**Category:** Arithm Quiet (arithm\_quiet)
```fift Fift QLSHIFTDIVMOD ``` #### `B7A9CD` QLSHIFTDIVMODR\_VAR [#b7a9cd-qlshiftdivmodr_var]
**Category:** Arithm Quiet (arithm\_quiet)
```fift Fift QLSHIFTDIVMODR ``` #### `B7A9CE` QLSHIFTDIVMODC\_VAR [#b7a9ce-qlshiftdivmodc_var]
**Category:** Arithm Quiet (arithm\_quiet)
```fift Fift QLSHIFTDIVMODC ``` #### `B7A9D0tt` QLSHIFTADDDIVMOD [#b7a9d0tt-qlshiftadddivmod]
**Category:** Arithm Quiet (arithm\_quiet)
```fift Fift [tt+1] QLSHIFT#ADDDIVMOD ``` #### `B7A9D1tt` QLSHIFTADDDIVMODR [#b7a9d1tt-qlshiftadddivmodr]
**Category:** Arithm Quiet (arithm\_quiet)
```fift Fift [tt+1] QLSHIFT#ADDDIVMODR ``` #### `B7A9D2tt` QLSHIFTADDDIVMODC [#b7a9d2tt-qlshiftadddivmodc]
**Category:** Arithm Quiet (arithm\_quiet)
```fift Fift [tt+1] QLSHIFT#ADDDIVMODC ``` #### `B7A9D4tt` QLSHIFTDIV [#b7a9d4tt-qlshiftdiv]
**Category:** Arithm Quiet (arithm\_quiet)
```fift Fift [tt+1] QLSHIFT#DIV ``` #### `B7A9D5tt` QLSHIFTDIVR [#b7a9d5tt-qlshiftdivr]
**Category:** Arithm Quiet (arithm\_quiet)
```fift Fift [tt+1] QLSHIFT#DIVR ``` #### `B7A9D6tt` QLSHIFTDIVC [#b7a9d6tt-qlshiftdivc]
**Category:** Arithm Quiet (arithm\_quiet)
```fift Fift [tt+1] QLSHIFT#DIVC ``` #### `B7A9D8tt` QLSHIFTMOD [#b7a9d8tt-qlshiftmod]
**Category:** Arithm Quiet (arithm\_quiet)
```fift Fift [tt+1] QLSHIFT#MOD ``` #### `B7A9D9tt` QLSHIFTMODR [#b7a9d9tt-qlshiftmodr]
**Category:** Arithm Quiet (arithm\_quiet)
```fift Fift [tt+1] QLSHIFT#MODR ``` #### `B7A9DAtt` QLSHIFTMODC [#b7a9datt-qlshiftmodc]
**Category:** Arithm Quiet (arithm\_quiet)
```fift Fift [tt+1] QLSHIFT#MODC ``` #### `B7A9DCtt` QLSHIFTDIVMOD [#b7a9dctt-qlshiftdivmod]
**Category:** Arithm Quiet (arithm\_quiet)
```fift Fift [tt+1] QLSHIFT#DIVMOD ``` #### `B7A9DDtt` QLSHIFTDIVMODR [#b7a9ddtt-qlshiftdivmodr]
**Category:** Arithm Quiet (arithm\_quiet)
```fift Fift [tt+1] QLSHIFT#DIVMODR ``` #### `B7A9DEtt` QLSHIFTDIVMODC [#b7a9dett-qlshiftdivmodc]
**Category:** Arithm Quiet (arithm\_quiet)
```fift Fift [tt+1] QLSHIFT#DIVMODC ``` #### `B7AAcc` QLSHIFT [#b7aacc-qlshift] `0 <= cc <= 255`
**Category:** Arithm Quiet (arithm\_quiet)
```fift Fift [cc+1] QLSHIFT# ``` #### `B7ABcc` QRSHIFT [#b7abcc-qrshift] `0 <= cc <= 255`
**Category:** Arithm Quiet (arithm\_quiet)
```fift Fift [cc+1] QRSHIFT# ``` #### `B7AC` QLSHIFT\_VAR [#b7ac-qlshift_var]
**Category:** Arithm Quiet (arithm\_quiet)
```fift Fift QLSHIFT ``` #### `B7AD` QRSHIFT\_VAR [#b7ad-qrshift_var]
**Category:** Arithm Quiet (arithm\_quiet)
```fift Fift QRSHIFT ``` #### `B7AE` QPOW2 [#b7ae-qpow2]
**Category:** Arithm Quiet (arithm\_quiet)
```fift Fift QPOW2 ``` #### `B7B0` QAND [#b7b0-qand]
**Category:** Arithm Quiet (arithm\_quiet)
```fift Fift QAND ``` #### `B7B1` QOR [#b7b1-qor]
**Category:** Arithm Quiet (arithm\_quiet)
```fift Fift QOR ``` #### `B7B2` QXOR [#b7b2-qxor]
**Category:** Arithm Quiet (arithm\_quiet)
```fift Fift QXOR ``` #### `B7B3` QNOT [#b7b3-qnot]
**Category:** Arithm Quiet (arithm\_quiet)
```fift Fift QNOT ``` #### `B7B4cc` QFITS [#b7b4cc-qfits] Replaces `x` with a `NaN` if x is not a `cc+1`-bit signed integer, leaves it intact otherwise.
**Category:** Arithm Quiet (arithm\_quiet)
```fift Fift [cc+1] QFITS ``` #### `B7B5cc` QUFITS [#b7b5cc-qufits] Replaces `x` with a `NaN` if x is not a `cc+1`-bit unsigned integer, leaves it intact otherwise.
**Category:** Arithm Quiet (arithm\_quiet)
```fift Fift [cc+1] QUFITS ``` #### `B7B600` QFITSX [#b7b600-qfitsx] Replaces `x` with a `NaN` if x is not a c-bit signed integer, leaves it intact otherwise.
**Category:** Arithm Quiet (arithm\_quiet)
```fift Fift QFITSX ``` #### `B7B601` QUFITSX [#b7b601-qufitsx] Replaces `x` with a `NaN` if x is not a c-bit unsigned integer, leaves it intact otherwise.
**Category:** Arithm Quiet (arithm\_quiet)
```fift Fift QUFITSX ``` #### `B8` SGN [#b8-sgn] Computes the sign of an integer `x`:
`-1` if `x<0`, `0` if `x=0`, `1` if `x>0`.
**Category:** Compare Int (compare\_int)
```fift Fift SGN ``` #### `B9` LESS [#b9-less] Returns `-1` if `x **Category:** Compare Int (compare\_int)
```fift Fift LESS ``` #### `BA` EQUAL [#ba-equal] Returns `-1` if `x=y`, `0` otherwise.
**Category:** Compare Int (compare\_int)
```fift Fift EQUAL ``` #### `BB` LEQ [#bb-leq]
**Category:** Compare Int (compare\_int)
```fift Fift LEQ ``` #### `BC` GREATER [#bc-greater]
**Category:** Compare Int (compare\_int)
```fift Fift GREATER ``` #### `BD` NEQ [#bd-neq] Equivalent to `EQUAL` `NOT`.
**Category:** Compare Int (compare\_int)
```fift Fift NEQ ``` #### `BE` GEQ [#be-geq] Equivalent to `LESS` `NOT`.
**Category:** Compare Int (compare\_int)
```fift Fift GEQ ``` #### `BF` CMP [#bf-cmp] Computes the sign of `x-y`:
`-1` if `xy`.
No integer overflow can occur here unless `x` or `y` is a `NaN`.
**Category:** Compare Int (compare\_int)
```fift Fift CMP ``` #### `C0yy` EQINT [#c0yy-eqint] Returns `-1` if `x=yy`, `0` otherwise.
`-2^7 <= yy < 2^7`.
**Category:** Compare Int (compare\_int)
```fift Fift [yy] EQINT ``` **Aliases**: * `ISZERO`
Checks whether an integer is zero. Corresponds to Forth's `0=`. #### `C1yy` LESSINT [#c1yy-lessint] Returns `-1` if `x`-2^7 <= yy < 2^7`.
**Category:** Compare Int (compare\_int)
```fift Fift [yy] LESSINT [yy-1] LEQINT ``` **Aliases**: * `ISNEG`
Checks whether an integer is negative. Corresponds to Forth's `0<`. * `ISNPOS`
Checks whether an integer is non-positive. #### `C2yy` GTINT [#c2yy-gtint] Returns `-1` if `x>yy`, `0` otherwise.
`-2^7 <= yy < 2^7`.
**Category:** Compare Int (compare\_int)
```fift Fift [yy] GTINT [yy+1] GEQINT ``` **Aliases**: * `ISPOS`
Checks whether an integer is positive. Corresponds to Forth's `0>`. * `ISNNEG`
Checks whether an integer is non-negative. #### `C3yy` NEQINT [#c3yy-neqint] Returns `-1` if `x!=yy`, `0` otherwise.
`-2^7 <= yy < 2^7`.
**Category:** Compare Int (compare\_int)
```fift Fift [yy] NEQINT ``` #### `C4` ISNAN [#c4-isnan] Checks whether `x` is a `NaN`.
**Category:** Compare Int (compare\_int)
```fift Fift ISNAN ``` #### `C5` CHKNAN [#c5-chknan] Throws an arithmetic overflow exception if `x` is a `NaN`.
**Category:** Compare Int (compare\_int)
```fift Fift CHKNAN ``` #### `C700` SEMPTY [#c700-sempty] Checks whether a *Slice* `s` is empty (i.e., contains no bits of data and no cell references).
**Category:** Compare Other (compare\_other)
```fift Fift SEMPTY ``` #### `C701` SDEMPTY [#c701-sdempty] Checks whether *Slice* `s` has no bits of data.
**Category:** Compare Other (compare\_other)
```fift Fift SDEMPTY ``` #### `C702` SREMPTY [#c702-srempty] Checks whether *Slice* `s` has no references.
**Category:** Compare Other (compare\_other)
```fift Fift SREMPTY ``` #### `C703` SDFIRST [#c703-sdfirst] Checks whether the first bit of *Slice* `s` is a one.
**Category:** Compare Other (compare\_other)
```fift Fift SDFIRST ``` #### `C704` SDLEXCMP [#c704-sdlexcmp] Compares the data of `s` lexicographically with the data of `s'`, returning `-1`, 0, or 1 depending on the result.
**Category:** Compare Other (compare\_other)
```fift Fift SDLEXCMP ``` #### `C705` SDEQ [#c705-sdeq] Checks whether the data parts of `s` and `s'` coincide, equivalent to `SDLEXCMP` `ISZERO`.
**Category:** Compare Other (compare\_other)
```fift Fift SDEQ ``` #### `C708` SDPFX [#c708-sdpfx] Checks whether `s` is a prefix of `s'`.
**Category:** Compare Other (compare\_other)
```fift Fift SDPFX ``` #### `C709` SDPFXREV [#c709-sdpfxrev] Checks whether `s'` is a prefix of `s`, equivalent to `SWAP` `SDPFX`.
**Category:** Compare Other (compare\_other)
```fift Fift SDPFXREV ``` #### `C70A` SDPPFX [#c70a-sdppfx] Checks whether `s` is a proper prefix of `s'` (i.e., a prefix distinct from `s'`).
**Category:** Compare Other (compare\_other)
```fift Fift SDPPFX ``` #### `C70B` SDPPFXREV [#c70b-sdppfxrev] Checks whether `s'` is a proper prefix of `s`.
**Category:** Compare Other (compare\_other)
```fift Fift SDPPFXREV ``` #### `C70C` SDSFX [#c70c-sdsfx] Checks whether `s` is a suffix of `s'`.
**Category:** Compare Other (compare\_other)
```fift Fift SDSFX ``` #### `C70D` SDSFXREV [#c70d-sdsfxrev] Checks whether `s'` is a suffix of `s`.
**Category:** Compare Other (compare\_other)
```fift Fift SDSFXREV ``` #### `C70E` SDPSFX [#c70e-sdpsfx] Checks whether `s` is a proper suffix of `s'`.
**Category:** Compare Other (compare\_other)
```fift Fift SDPSFX ``` #### `C70F` SDPSFXREV [#c70f-sdpsfxrev] Checks whether `s'` is a proper suffix of `s`.
**Category:** Compare Other (compare\_other)
```fift Fift SDPSFXREV ``` #### `C710` SDCNTLEAD0 [#c710-sdcntlead0] Returns the number of leading zeroes in `s`.
**Category:** Compare Other (compare\_other)
```fift Fift SDCNTLEAD0 ``` #### `C711` SDCNTLEAD1 [#c711-sdcntlead1] Returns the number of leading ones in `s`.
**Category:** Compare Other (compare\_other)
```fift Fift SDCNTLEAD1 ``` #### `C712` SDCNTTRAIL0 [#c712-sdcnttrail0] Returns the number of trailing zeroes in `s`.
**Category:** Compare Other (compare\_other)
```fift Fift SDCNTTRAIL0 ``` #### `C713` SDCNTTRAIL1 [#c713-sdcnttrail1] Returns the number of trailing ones in `s`.
**Category:** Compare Other (compare\_other)
```fift Fift SDCNTTRAIL1 ``` #### `C8` NEWC [#c8-newc] Creates a new empty *Builder*.
**Category:** Cell Build (cell\_build)
```fift Fift NEWC ``` #### `C9` ENDC [#c9-endc] Converts a *Builder* into an ordinary *Cell*.
**Category:** Cell Build (cell\_build)
```fift Fift ENDC ``` #### `CAcc` STI [#cacc-sti] Stores a signed `cc+1`-bit integer `x` into *Builder* `b` for `0 <= cc <= 255`, throws a range check exception if `x` does not fit into `cc+1` bits.
**Category:** Cell Build (cell\_build)
```fift Fift [cc+1] STI ``` #### `CBcc` STU [#cbcc-stu] Stores an unsigned `cc+1`-bit integer `x` into *Builder* `b`. In all other respects it is similar to `STI`.
**Category:** Cell Build (cell\_build)
```fift Fift [cc+1] STU ``` #### `CC` STREF [#cc-stref] Stores a reference to *Cell* `c` into *Builder* `b`.
**Category:** Cell Build (cell\_build)
```fift Fift STREF ``` #### `CD` STBREFR [#cd-stbrefr] Equivalent to `ENDC` `SWAP` `STREF`.
**Category:** Cell Build (cell\_build)
```fift Fift STBREFR ENDCST ``` #### `CE` STSLICE [#ce-stslice] Stores *Slice* `s` into *Builder* `b`.
**Category:** Cell Build (cell\_build)
```fift Fift STSLICE ``` **Aliases**: * `STDICTS`
Stores a *Slice*-represented dictionary `s` into *Builder* `b`.
It is actually a synonym for `STSLICE`. #### `CF00` STIX [#cf00-stix] Stores a signed `l`-bit integer `x` into `b` for `0 <= l <= 257`.
**Category:** Cell Build (cell\_build)
```fift Fift STIX ``` #### `CF01` STUX [#cf01-stux] Stores an unsigned `l`-bit integer `x` into `b` for `0 <= l <= 256`.
**Category:** Cell Build (cell\_build)
```fift Fift STUX ``` #### `CF02` STIXR [#cf02-stixr] Similar to `STIX`, but with arguments in a different order.
**Category:** Cell Build (cell\_build)
```fift Fift STIXR ``` #### `CF03` STUXR [#cf03-stuxr] Similar to `STUX`, but with arguments in a different order.
**Category:** Cell Build (cell\_build)
```fift Fift STUXR ``` #### `CF04` STIXQ [#cf04-stixq] A quiet version of `STIX`. If there is no space in `b`, sets `b'=b` and `f=-1`.
If `x` does not fit into `l` bits, sets `b'=b` and `f=1`.
If the operation succeeds, `b'` is the new *Builder* and `f=0`.
However, `0 <= l <= 257`, with a range check exception if this is not so.
**Category:** Cell Build (cell\_build)
```fift Fift STIXQ ``` #### `CF05` STUXQ [#cf05-stuxq] A quiet version of `STUX`.
**Category:** Cell Build (cell\_build)
```fift Fift STUXQ ``` #### `CF06` STIXRQ [#cf06-stixrq] A quiet version of `STIXR`.
**Category:** Cell Build (cell\_build)
```fift Fift STIXRQ ``` #### `CF07` STUXRQ [#cf07-stuxrq] A quiet version of `STUXR`.
**Category:** Cell Build (cell\_build)
```fift Fift STUXRQ ``` #### `CF08cc` STI\_ALT [#cf08cc-sti_alt] A longer version of `[cc+1] STI`.
**Category:** Cell Build (cell\_build)
```fift Fift [cc+1] STI_l ``` #### `CF09cc` STU\_ALT [#cf09cc-stu_alt] A longer version of `[cc+1] STU`.
**Category:** Cell Build (cell\_build)
```fift Fift [cc+1] STU_l ``` #### `CF0Acc` STIR [#cf0acc-stir] Equivalent to `SWAP` `[cc+1] STI`.
**Category:** Cell Build (cell\_build)
```fift Fift [cc+1] STIR ``` #### `CF0Bcc` STUR [#cf0bcc-stur] Equivalent to `SWAP` `[cc+1] STU`.
**Category:** Cell Build (cell\_build)
```fift Fift [cc+1] STUR ``` #### `CF0Ccc` STIQ [#cf0ccc-stiq] A quiet version of `STI`.
**Category:** Cell Build (cell\_build)
```fift Fift [cc+1] STIQ ``` #### `CF0Dcc` STUQ [#cf0dcc-stuq] A quiet version of `STU`.
**Category:** Cell Build (cell\_build)
```fift Fift [cc+1] STUQ ``` #### `CF0Ecc` STIRQ [#cf0ecc-stirq] A quiet version of `STIR`.
**Category:** Cell Build (cell\_build)
```fift Fift [cc+1] STIRQ ``` #### `CF0Fcc` STURQ [#cf0fcc-sturq] A quiet version of `STUR`.
**Category:** Cell Build (cell\_build)
```fift Fift [cc+1] STURQ ``` #### `CF10` STREF\_ALT [#cf10-stref_alt] A longer version of `STREF`.
**Category:** Cell Build (cell\_build)
```fift Fift STREF_l ``` #### `CF11` STBREF [#cf11-stbref] Equivalent to `SWAP` `STBREFR`.
**Category:** Cell Build (cell\_build)
```fift Fift STBREF ``` #### `CF12` STSLICE\_ALT [#cf12-stslice_alt] A longer version of `STSLICE`.
**Category:** Cell Build (cell\_build)
```fift Fift STSLICE_l ``` #### `CF13` STB [#cf13-stb] Appends all data from *Builder* `b'` to *Builder* `b`.
**Category:** Cell Build (cell\_build)
```fift Fift STB ``` #### `CF14` STREFR [#cf14-strefr] Equivalent to `SWAP` `STREF`.
**Category:** Cell Build (cell\_build)
```fift Fift STREFR ``` #### `CF15` STBREFR\_ALT [#cf15-stbrefr_alt] A longer encoding of `STBREFR`.
**Category:** Cell Build (cell\_build)
```fift Fift STBREFR_l ``` #### `CF16` STSLICER [#cf16-stslicer] Equivalent to `SWAP` `STSLICE`.
**Category:** Cell Build (cell\_build)
```fift Fift STSLICER ``` #### `CF17` STBR [#cf17-stbr] Concatenates two builders.
Equivalent to `SWAP` `STB`.
**Category:** Cell Build (cell\_build)
```fift Fift STBR BCONCAT ``` #### `CF18` STREFQ [#cf18-strefq] Quiet version of `STREF`.
**Category:** Cell Build (cell\_build)
```fift Fift STREFQ ``` #### `CF19` STBREFQ [#cf19-stbrefq] Quiet version of `STBREF`.
**Category:** Cell Build (cell\_build)
```fift Fift STBREFQ ``` #### `CF1A` STSLICEQ [#cf1a-stsliceq] Quiet version of `STSLICE`.
**Category:** Cell Build (cell\_build)
```fift Fift STSLICEQ ``` #### `CF1B` STBQ [#cf1b-stbq] Quiet version of `STB`.
**Category:** Cell Build (cell\_build)
```fift Fift STBQ ``` #### `CF1C` STREFRQ [#cf1c-strefrq] Quiet version of `STREFR`.
**Category:** Cell Build (cell\_build)
```fift Fift STREFRQ ``` #### `CF1D` STBREFRQ [#cf1d-stbrefrq] Quiet version of `STBREFR`.
**Category:** Cell Build (cell\_build)
```fift Fift STBREFRQ ``` #### `CF1E` STSLICERQ [#cf1e-stslicerq] Quiet version of `STSLICER`.
**Category:** Cell Build (cell\_build)
```fift Fift STSLICERQ ``` #### `CF1F` STBRQ [#cf1f-stbrq] Quiet version of `STBR`.
**Category:** Cell Build (cell\_build)
```fift Fift STBRQ BCONCATQ ``` #### `CF20` STREFCONST [#cf20-strefconst] Equivalent to `PUSHREF` `STREFR`.
**Category:** Cell Build (cell\_build)
```fift Fift [ref] STREFCONST ``` #### `CF21` STREF2CONST [#cf21-stref2const] Equivalent to `STREFCONST` `STREFCONST`.
**Category:** Cell Build (cell\_build)
```fift Fift [ref] [ref] STREF2CONST ``` #### `CF23` ENDXC [#cf23-endxc] If `x!=0`, creates a *special* or *exotic* cell from *Builder* `b`.
The type of the exotic cell must be stored in the first 8 bits of `b`.
If `x=0`, it is equivalent to `ENDC`. Otherwise some validity checks on the data and references of `b` are performed before creating the exotic cell.
**Category:** Cell Build (cell\_build)
```fift Fift ENDXC ``` #### `CF28` STILE4 [#cf28-stile4] Stores a little-endian signed 32-bit integer.
**Category:** Cell Build (cell\_build)
```fift Fift STILE4 ``` #### `CF29` STULE4 [#cf29-stule4] Stores a little-endian unsigned 32-bit integer.
**Category:** Cell Build (cell\_build)
```fift Fift STULE4 ``` #### `CF2A` STILE8 [#cf2a-stile8] Stores a little-endian signed 64-bit integer.
**Category:** Cell Build (cell\_build)
```fift Fift STILE8 ``` #### `CF2B` STULE8 [#cf2b-stule8] Stores a little-endian unsigned 64-bit integer.
**Category:** Cell Build (cell\_build)
```fift Fift STULE8 ``` #### `CF30` BDEPTH [#cf30-bdepth] Returns the depth of *Builder* `b`. If no cell references are stored in `b`, then `x=0`; otherwise `x` is one plus the maximum of depths of cells referred to from `b`.
**Category:** Cell Build (cell\_build)
```fift Fift BDEPTH ``` #### `CF31` BBITS [#cf31-bbits] Returns the number of data bits already stored in *Builder* `b`.
**Category:** Cell Build (cell\_build)
```fift Fift BBITS ``` #### `CF32` BREFS [#cf32-brefs] Returns the number of cell references already stored in `b`.
**Category:** Cell Build (cell\_build)
```fift Fift BREFS ``` #### `CF33` BBITREFS [#cf33-bbitrefs] Returns the numbers of both data bits and cell references in `b`.
**Category:** Cell Build (cell\_build)
```fift Fift BBITREFS ``` #### `CF35` BREMBITS [#cf35-brembits] Returns the number of data bits that can still be stored in `b`.
**Category:** Cell Build (cell\_build)
```fift Fift BREMBITS ``` #### `CF36` BREMREFS [#cf36-bremrefs] Returns the number of references that can still be stored in `b`.
**Category:** Cell Build (cell\_build)
```fift Fift BREMREFS ``` #### `CF37` BREMBITREFS [#cf37-brembitrefs] Returns the numbers of both data bits and references that can still be stored in `b`.
**Category:** Cell Build (cell\_build)
```fift Fift BREMBITREFS ``` #### `CF38cc` BCHKBITS [#cf38cc-bchkbits] Checks whether `cc+1` bits can be stored into `b`, where `0 <= cc <= 255`.
**Category:** Cell Build (cell\_build)
```fift Fift [cc+1] BCHKBITS# ``` #### `CF39` BCHKBITS\_VAR [#cf39-bchkbits_var] Checks whether `x` bits can be stored into `b`, `0 <= x <= 1023`. If there is no space for `x` more bits in `b`, or if `x` is not within the range `0...1023`, throws an exception.
**Category:** Cell Build (cell\_build)
```fift Fift BCHKBITS ``` #### `CF3A` BCHKREFS [#cf3a-bchkrefs] Checks whether `y` references can be stored into `b`, `0 <= y <= 7`.
**Category:** Cell Build (cell\_build)
```fift Fift BCHKREFS ``` #### `CF3B` BCHKBITREFS [#cf3b-bchkbitrefs] Checks whether `x` bits and `y` references can be stored into `b`, `0 <= x <= 1023`, `0 <= y <= 7`.
**Category:** Cell Build (cell\_build)
```fift Fift BCHKBITREFS ``` #### `CF3Ccc` BCHKBITSQ [#cf3ccc-bchkbitsq] Checks whether `cc+1` bits can be stored into `b`, where `0 <= cc <= 255`.
**Category:** Cell Build (cell\_build)
```fift Fift [cc+1] BCHKBITSQ# ``` #### `CF3D` BCHKBITSQ\_VAR [#cf3d-bchkbitsq_var] Checks whether `x` bits can be stored into `b`, `0 <= x <= 1023`.
**Category:** Cell Build (cell\_build)
```fift Fift BCHKBITSQ ``` #### `CF3E` BCHKREFSQ [#cf3e-bchkrefsq] Checks whether `y` references can be stored into `b`, `0 <= y <= 7`.
**Category:** Cell Build (cell\_build)
```fift Fift BCHKREFSQ ``` #### `CF3F` BCHKBITREFSQ [#cf3f-bchkbitrefsq] Checks whether `x` bits and `y` references can be stored into `b`, `0 <= x <= 1023`, `0 <= y <= 7`.
**Category:** Cell Build (cell\_build)
```fift Fift BCHKBITREFSQ ``` #### `CF40` STZEROES [#cf40-stzeroes] Stores `n` binary zeroes into *Builder* `b`.
**Category:** Cell Build (cell\_build)
```fift Fift STZEROES ``` #### `CF41` STONES [#cf41-stones] Stores `n` binary ones into *Builder* `b`.
**Category:** Cell Build (cell\_build)
```fift Fift STONES ``` #### `CF42` STSAME [#cf42-stsame] Stores `n` binary `x`es (`0 <= x <= 1`) into *Builder* `b`.
**Category:** Cell Build (cell\_build)
```fift Fift STSAME ``` #### `CF50` BTOS [#cf50-btos] Same as `ENDC CTOS`, but without gas cost for cell creation and loading.
**Category:** Cell Build (cell\_build)
```fift Fift BTOS ``` #### `CFC_xysss` STSLICECONST [#cfc_xysss-stsliceconst] Stores a constant subslice `sss`.
*Details:* `sss` consists of `0 <= x <= 3` references and up to `8y+2` data bits, with `0 <= y <= 7`. Completion bit is assumed.
Note that the assembler can replace `STSLICECONST` with `PUSHSLICE` `STSLICER` if the slice is too big.
**Category:** Cell Build (cell\_build)
```fift Fift [slice] STSLICECONST ``` **Aliases**: * `STZERO`
Stores one binary zero. * `STONE`
Stores one binary one. #### `D0` CTOS [#d0-ctos] Converts a *Cell* into a *Slice*. Notice that `c` must be either an ordinary cell, or an exotic cell which is automatically *loaded* to yield an ordinary cell `c'`, converted into a *Slice* afterwards.
**Category:** Cell Parse (cell\_parse)
```fift Fift CTOS ``` #### `D1` ENDS [#d1-ends] Removes a *Slice* `s` from the stack, and throws an exception if it is not empty.
**Category:** Cell Parse (cell\_parse)
```fift Fift ENDS ``` #### `D2cc` LDI [#d2cc-ldi] Loads (i.e., parses) a signed `cc+1`-bit integer `x` from *Slice* `s`, and returns the remainder of `s` as `s'`.
**Category:** Cell Parse (cell\_parse)
```fift Fift [cc+1] LDI ``` #### `D3cc` LDU [#d3cc-ldu] Loads an unsigned `cc+1`-bit integer `x` from *Slice* `s`.
**Category:** Cell Parse (cell\_parse)
```fift Fift [cc+1] LDU ``` #### `D4` LDREF [#d4-ldref] Loads a cell reference `c` from `s`.
**Category:** Cell Parse (cell\_parse)
```fift Fift LDREF ``` #### `D5` LDREFRTOS [#d5-ldrefrtos] Equivalent to `LDREF` `SWAP` `CTOS`.
**Category:** Cell Parse (cell\_parse)
```fift Fift LDREFRTOS ``` #### `D6cc` LDSLICE [#d6cc-ldslice] Cuts the next `cc+1` bits of `s` into a separate *Slice* `s''`.
**Category:** Cell Parse (cell\_parse)
```fift Fift [cc+1] LDSLICE ``` #### `D700` LDIX [#d700-ldix] Loads a signed `l`-bit (`0 <= l <= 257`) integer `x` from *Slice* `s`, and returns the remainder of `s` as `s'`.
**Category:** Cell Parse (cell\_parse)
```fift Fift LDIX ``` #### `D701` LDUX [#d701-ldux] Loads an unsigned `l`-bit integer `x` from (the first `l` bits of) `s`, with `0 <= l <= 256`.
**Category:** Cell Parse (cell\_parse)
```fift Fift LDUX ``` #### `D702` PLDIX [#d702-pldix] Preloads a signed `l`-bit integer from *Slice* `s`, for `0 <= l <= 257`.
**Category:** Cell Parse (cell\_parse)
```fift Fift PLDIX ``` #### `D703` PLDUX [#d703-pldux] Preloads an unsigned `l`-bit integer from `s`, for `0 <= l <= 256`.
**Category:** Cell Parse (cell\_parse)
```fift Fift PLDUX ``` #### `D704` LDIXQ [#d704-ldixq] Quiet version of `LDIX`: loads a signed `l`-bit integer from `s` similarly to `LDIX`, but returns a success flag, equal to `-1` on success or to `0` on failure (if `s` does not have `l` bits), instead of throwing a cell underflow exception.
**Category:** Cell Parse (cell\_parse)
```fift Fift LDIXQ ``` #### `D705` LDUXQ [#d705-lduxq] Quiet version of `LDUX`.
**Category:** Cell Parse (cell\_parse)
```fift Fift LDUXQ ``` #### `D706` PLDIXQ [#d706-pldixq] Quiet version of `PLDIX`.
**Category:** Cell Parse (cell\_parse)
```fift Fift PLDIXQ ``` #### `D707` PLDUXQ [#d707-plduxq] Quiet version of `PLDUX`.
**Category:** Cell Parse (cell\_parse)
```fift Fift PLDUXQ ``` #### `D708cc` LDI\_ALT [#d708cc-ldi_alt] A longer encoding for `LDI`.
**Category:** Cell Parse (cell\_parse)
```fift Fift [cc+1] LDI_l ``` #### `D709cc` LDU\_ALT [#d709cc-ldu_alt] A longer encoding for `LDU`.
**Category:** Cell Parse (cell\_parse)
```fift Fift [cc+1] LDU_l ``` #### `D70Acc` PLDI [#d70acc-pldi] Preloads a signed `cc+1`-bit integer from *Slice* `s`.
**Category:** Cell Parse (cell\_parse)
```fift Fift [cc+1] PLDI ``` #### `D70Bcc` PLDU [#d70bcc-pldu] Preloads an unsigned `cc+1`-bit integer from `s`.
**Category:** Cell Parse (cell\_parse)
```fift Fift [cc+1] PLDU ``` #### `D70Ccc` LDIQ [#d70ccc-ldiq] A quiet version of `LDI`.
**Category:** Cell Parse (cell\_parse)
```fift Fift [cc+1] LDIQ ``` #### `D70Dcc` LDUQ [#d70dcc-lduq] A quiet version of `LDU`.
**Category:** Cell Parse (cell\_parse)
```fift Fift [cc+1] LDUQ ``` #### `D70Ecc` PLDIQ [#d70ecc-pldiq] A quiet version of `PLDI`.
**Category:** Cell Parse (cell\_parse)
```fift Fift [cc+1] PLDIQ ``` #### `D70Fcc` PLDUQ [#d70fcc-plduq] A quiet version of `PLDU`.
**Category:** Cell Parse (cell\_parse)
```fift Fift [cc+1] PLDUQ ``` #### `D714_c` PLDUZ [#d714_c-plduz] Preloads the first `32(c+1)` bits of *Slice* `s` into an unsigned integer `x`, for `0 <= c <= 7`. If `s` is shorter than necessary, missing bits are assumed to be zero. This operation is intended to be used along with `IFBITJMP` and similar instructions.
**Category:** Cell Parse (cell\_parse)
```fift Fift [32(c+1)] PLDUZ ``` #### `D718` LDSLICEX [#d718-ldslicex] Loads the first `0 <= l <= 1023` bits from *Slice* `s` into a separate *Slice* `s''`, returning the remainder of `s` as `s'`.
**Category:** Cell Parse (cell\_parse)
```fift Fift LDSLICEX ``` #### `D719` PLDSLICEX [#d719-pldslicex] Returns the first `0 <= l <= 1023` bits of `s` as `s''`.
**Category:** Cell Parse (cell\_parse)
```fift Fift PLDSLICEX ``` #### `D71A` LDSLICEXQ [#d71a-ldslicexq] A quiet version of `LDSLICEX`.
**Category:** Cell Parse (cell\_parse)
```fift Fift LDSLICEXQ ``` #### `D71B` PLDSLICEXQ [#d71b-pldslicexq] A quiet version of `LDSLICEXQ`.
**Category:** Cell Parse (cell\_parse)
```fift Fift PLDSLICEXQ ``` #### `D71Ccc` LDSLICE\_ALT [#d71ccc-ldslice_alt] A longer encoding for `LDSLICE`.
**Category:** Cell Parse (cell\_parse)
```fift Fift [cc+1] LDSLICE_l ``` #### `D71Dcc` PLDSLICE [#d71dcc-pldslice] Returns the first `0 < cc+1 <= 256` bits of `s` as `s''`.
**Category:** Cell Parse (cell\_parse)
```fift Fift [cc+1] PLDSLICE ``` #### `D71Ecc` LDSLICEQ [#d71ecc-ldsliceq] A quiet version of `LDSLICE`.
**Category:** Cell Parse (cell\_parse)
```fift Fift [cc+1] LDSLICEQ ``` #### `D71Fcc` PLDSLICEQ [#d71fcc-pldsliceq] A quiet version of `PLDSLICE`.
**Category:** Cell Parse (cell\_parse)
```fift Fift [cc+1] PLDSLICEQ ``` #### `D720` SDCUTFIRST [#d720-sdcutfirst] Returns the first `0 <= l <= 1023` bits of `s`. It is equivalent to `PLDSLICEX`.
**Category:** Cell Parse (cell\_parse)
```fift Fift SDCUTFIRST ``` #### `D721` SDSKIPFIRST [#d721-sdskipfirst] Returns all but the first `0 <= l <= 1023` bits of `s`. It is equivalent to `LDSLICEX` `NIP`.
**Category:** Cell Parse (cell\_parse)
```fift Fift SDSKIPFIRST ``` #### `D722` SDCUTLAST [#d722-sdcutlast] Returns the last `0 <= l <= 1023` bits of `s`.
**Category:** Cell Parse (cell\_parse)
```fift Fift SDCUTLAST ``` #### `D723` SDSKIPLAST [#d723-sdskiplast] Returns all but the last `0 <= l <= 1023` bits of `s`.
**Category:** Cell Parse (cell\_parse)
```fift Fift SDSKIPLAST ``` #### `D724` SDSUBSTR [#d724-sdsubstr] Returns `0 <= l' <= 1023` bits of `s` starting from offset `0 <= l <= 1023`, thus extracting a bit substring out of the data of `s`.
**Category:** Cell Parse (cell\_parse)
```fift Fift SDSUBSTR ``` #### `D726` SDBEGINSX [#d726-sdbeginsx] Checks whether `s` begins with (the data bits of) `s'`, and removes `s'` from `s` on success. On failure throws a cell deserialization exception. Primitive `SDPFXREV` can be considered a quiet version of `SDBEGINSX`.
**Category:** Cell Parse (cell\_parse)
```fift Fift SDBEGINSX ``` #### `D727` SDBEGINSXQ [#d727-sdbeginsxq] A quiet version of `SDBEGINSX`.
**Category:** Cell Parse (cell\_parse)
```fift Fift SDBEGINSXQ ``` #### `D72A_xsss` SDBEGINS [#d72a_xsss-sdbegins] Checks whether `s` begins with constant bitstring `sss` of length `8x+3` (with continuation bit assumed), where `0 <= x <= 127`, and removes `sss` from `s` on success.
**Category:** Cell Parse (cell\_parse)
```fift Fift [slice] SDBEGINS ``` #### `D72E_xsss` SDBEGINSQ [#d72e_xsss-sdbeginsq] A quiet version of `SDBEGINS`.
**Category:** Cell Parse (cell\_parse)
```fift Fift [slice] SDBEGINSQ ``` #### `D730` SCUTFIRST [#d730-scutfirst] Returns the first `0 <= l <= 1023` bits and first `0 <= r <= 4` references of `s`.
**Category:** Cell Parse (cell\_parse)
```fift Fift SCUTFIRST ``` #### `D731` SSKIPFIRST [#d731-sskipfirst] Returns all but the first `l` bits of `s` and `r` references of `s`.
**Category:** Cell Parse (cell\_parse)
```fift Fift SSKIPFIRST ``` #### `D732` SCUTLAST [#d732-scutlast] Returns the last `0 <= l <= 1023` data bits and last `0 <= r <= 4` references of `s`.
**Category:** Cell Parse (cell\_parse)
```fift Fift SCUTLAST ``` #### `D733` SSKIPLAST [#d733-sskiplast] Returns all but the last `l` bits of `s` and `r` references of `s`.
**Category:** Cell Parse (cell\_parse)
```fift Fift SSKIPLAST ``` #### `D734` SUBSLICE [#d734-subslice] Returns `0 <= l' <= 1023` bits and `0 <= r' <= 4` references from *Slice* `s`, after skipping the first `0 <= l <= 1023` bits and first `0 <= r <= 4` references.
**Category:** Cell Parse (cell\_parse)
```fift Fift SUBSLICE ``` #### `D736` SPLIT [#d736-split] Splits the first `0 <= l <= 1023` data bits and first `0 <= r <= 4` references from `s` into `s'`, returning the remainder of `s` as `s''`.
**Category:** Cell Parse (cell\_parse)
```fift Fift SPLIT ``` #### `D737` SPLITQ [#d737-splitq] A quiet version of `SPLIT`.
**Category:** Cell Parse (cell\_parse)
```fift Fift SPLITQ ``` #### `D739` XCTOS [#d739-xctos] Transforms an ordinary or exotic cell into a *Slice*, as if it were an ordinary cell. A flag is returned indicating whether `c` is exotic. If that be the case, its type can later be deserialized from the first eight bits of `s`.
**Category:** Cell Parse (cell\_parse)
```fift Fift XCTOS ``` #### `D73A` XLOAD [#d73a-xload] Loads an exotic cell `c` and returns an ordinary cell `c'`. If `c` is already ordinary, does nothing. If `c` cannot be loaded, throws an exception.
**Category:** Cell Parse (cell\_parse)
```fift Fift XLOAD ``` #### `D73B` XLOADQ [#d73b-xloadq] Loads an exotic cell `c` and returns an ordinary cell `c'`. If `c` is already ordinary, does nothing. If `c` cannot be loaded, returns 0.
**Category:** Cell Parse (cell\_parse)
```fift Fift XLOADQ ``` #### `D741` SCHKBITS [#d741-schkbits] Checks whether there are at least `l` data bits in *Slice* `s`. If this is not the case, throws a cell deserialisation (i.e., cell underflow) exception.
**Category:** Cell Parse (cell\_parse)
```fift Fift SCHKBITS ``` #### `D742` SCHKREFS [#d742-schkrefs] Checks whether there are at least `r` references in *Slice* `s`.
**Category:** Cell Parse (cell\_parse)
```fift Fift SCHKREFS ``` #### `D743` SCHKBITREFS [#d743-schkbitrefs] Checks whether there are at least `l` data bits and `r` references in *Slice* `s`.
**Category:** Cell Parse (cell\_parse)
```fift Fift SCHKBITREFS ``` #### `D745` SCHKBITSQ [#d745-schkbitsq] Checks whether there are at least `l` data bits in *Slice* `s`.
**Category:** Cell Parse (cell\_parse)
```fift Fift SCHKBITSQ ``` #### `D746` SCHKREFSQ [#d746-schkrefsq] Checks whether there are at least `r` references in *Slice* `s`.
**Category:** Cell Parse (cell\_parse)
```fift Fift SCHKREFSQ ``` #### `D747` SCHKBITREFSQ [#d747-schkbitrefsq] Checks whether there are at least `l` data bits and `r` references in *Slice* `s`.
**Category:** Cell Parse (cell\_parse)
```fift Fift SCHKBITREFSQ ``` #### `D748` PLDREFVAR [#d748-pldrefvar] Returns the `n`-th cell reference of *Slice* `s` for `0 <= n <= 3`.
**Category:** Cell Parse (cell\_parse)
```fift Fift PLDREFVAR ``` #### `D749` SBITS [#d749-sbits] Returns the number of data bits in *Slice* `s`.
**Category:** Cell Parse (cell\_parse)
```fift Fift SBITS ``` #### `D74A` SREFS [#d74a-srefs] Returns the number of references in *Slice* `s`.
**Category:** Cell Parse (cell\_parse)
```fift Fift SREFS ``` #### `D74B` SBITREFS [#d74b-sbitrefs] Returns both the number of data bits and the number of references in `s`.
**Category:** Cell Parse (cell\_parse)
```fift Fift SBITREFS ``` #### `D74E_n` PLDREFIDX [#d74e_n-pldrefidx] Returns the `n`-th cell reference of *Slice* `s`, where `0 <= n <= 3`.
**Category:** Cell Parse (cell\_parse)
```fift Fift [n] PLDREFIDX ``` **Aliases**: * `PLDREF`
Preloads the first cell reference of a *Slice*. #### `D750` LDILE4 [#d750-ldile4] Loads a little-endian signed 32-bit integer.
**Category:** Cell Parse (cell\_parse)
```fift Fift LDILE4 ``` #### `D751` LDULE4 [#d751-ldule4] Loads a little-endian unsigned 32-bit integer.
**Category:** Cell Parse (cell\_parse)
```fift Fift LDULE4 ``` #### `D752` LDILE8 [#d752-ldile8] Loads a little-endian signed 64-bit integer.
**Category:** Cell Parse (cell\_parse)
```fift Fift LDILE8 ``` #### `D753` LDULE8 [#d753-ldule8] Loads a little-endian unsigned 64-bit integer.
**Category:** Cell Parse (cell\_parse)
```fift Fift LDULE8 ``` #### `D754` PLDILE4 [#d754-pldile4] Preloads a little-endian signed 32-bit integer.
**Category:** Cell Parse (cell\_parse)
```fift Fift PLDILE4 ``` #### `D755` PLDULE4 [#d755-pldule4] Preloads a little-endian unsigned 32-bit integer.
**Category:** Cell Parse (cell\_parse)
```fift Fift PLDULE4 ``` #### `D756` PLDILE8 [#d756-pldile8] Preloads a little-endian signed 64-bit integer.
**Category:** Cell Parse (cell\_parse)
```fift Fift PLDILE8 ``` #### `D757` PLDULE8 [#d757-pldule8] Preloads a little-endian unsigned 64-bit integer.
**Category:** Cell Parse (cell\_parse)
```fift Fift PLDULE8 ``` #### `D758` LDILE4Q [#d758-ldile4q] Quietly loads a little-endian signed 32-bit integer.
**Category:** Cell Parse (cell\_parse)
```fift Fift LDILE4Q ``` #### `D759` LDULE4Q [#d759-ldule4q] Quietly loads a little-endian unsigned 32-bit integer.
**Category:** Cell Parse (cell\_parse)
```fift Fift LDULE4Q ``` #### `D75A` LDILE8Q [#d75a-ldile8q] Quietly loads a little-endian signed 64-bit integer.
**Category:** Cell Parse (cell\_parse)
```fift Fift LDILE8Q ``` #### `D75B` LDULE8Q [#d75b-ldule8q] Quietly loads a little-endian unsigned 64-bit integer.
**Category:** Cell Parse (cell\_parse)
```fift Fift LDULE8Q ``` #### `D75C` PLDILE4Q [#d75c-pldile4q] Quietly preloads a little-endian signed 32-bit integer.
**Category:** Cell Parse (cell\_parse)
```fift Fift PLDILE4Q ``` #### `D75D` PLDULE4Q [#d75d-pldule4q] Quietly preloads a little-endian unsigned 32-bit integer.
**Category:** Cell Parse (cell\_parse)
```fift Fift PLDULE4Q ``` #### `D75E` PLDILE8Q [#d75e-pldile8q] Quietly preloads a little-endian signed 64-bit integer.
**Category:** Cell Parse (cell\_parse)
```fift Fift PLDILE8Q ``` #### `D75F` PLDULE8Q [#d75f-pldule8q] Quietly preloads a little-endian unsigned 64-bit integer.
**Category:** Cell Parse (cell\_parse)
```fift Fift PLDULE8Q ``` #### `D760` LDZEROES [#d760-ldzeroes] Returns the count `n` of leading zero bits in `s`, and removes these bits from `s`.
**Category:** Cell Parse (cell\_parse)
```fift Fift LDZEROES ``` #### `D761` LDONES [#d761-ldones] Returns the count `n` of leading one bits in `s`, and removes these bits from `s`.
**Category:** Cell Parse (cell\_parse)
```fift Fift LDONES ``` #### `D762` LDSAME [#d762-ldsame] Returns the count `n` of leading bits equal to `0 <= x <= 1` in `s`, and removes these bits from `s`.
**Category:** Cell Parse (cell\_parse)
```fift Fift LDSAME ``` #### `D764` SDEPTH [#d764-sdepth] Returns the depth of *Slice* `s`. If `s` has no references, then `x=0`; otherwise `x` is one plus the maximum of depths of cells referred to from `s`.
**Category:** Cell Parse (cell\_parse)
```fift Fift SDEPTH ``` #### `D765` CDEPTH [#d765-cdepth] Returns the depth of *Cell* `c`. If `c` has no references, then `x=0`; otherwise `x` is one plus the maximum of depths of cells referred to from `c`. If `c` is a *Null* instead of a *Cell*, returns zero.
**Category:** Cell Parse (cell\_parse)
```fift Fift CDEPTH ``` #### `D766` CLEVEL [#d766-clevel] Returns level of the cell.
**Category:** Cell Parse (cell\_parse)
```fift Fift CLEVEL ``` #### `D767` CLEVELMASK [#d767-clevelmask] Returns level mask of the cell.
**Category:** Cell Parse (cell\_parse)
```fift Fift CLEVELMASK ``` #### `D76A_` CHASHI [#d76a_-chashi] Returns `i`th hash of the cell.
**Category:** Cell Parse (cell\_parse)
```fift Fift [i] CHASHI ``` #### `D76E_` CDEPTHI [#d76e_-cdepthi] Returns `i`th depth of the cell.
**Category:** Cell Parse (cell\_parse)
```fift Fift [i] CDEPTHI ``` #### `D770` CHASHIX [#d770-chashix] Returns `i`th hash of the cell.
**Category:** Cell Parse (cell\_parse)
```fift Fift CHASHIX ``` #### `D771` CDEPTHIX [#d771-cdepthix] Returns `i`th depth of the cell.
**Category:** Cell Parse (cell\_parse)
```fift Fift CDEPTHIX ``` #### `D8` EXECUTE [#d8-execute] *Calls*, or *executes*, continuation `c`.
**Category:** Cont Basic (cont\_basic)
```fift Fift EXECUTE CALLX ``` #### `D9` JMPX [#d9-jmpx] *Jumps*, or transfers control, to continuation `c`.
The remainder of the previous current continuation `cc` is discarded.
**Category:** Cont Basic (cont\_basic)
```fift Fift JMPX ``` #### `DApr` CALLXARGS [#dapr-callxargs] *Calls* continuation `c` with `p` parameters and expecting `r` return values
`0 <= p <= 15`, `0 <= r <= 15`
**Category:** Cont Basic (cont\_basic)
```fift Fift [p] [r] CALLXARGS ``` #### `DB0p` CALLXARGS\_VAR [#db0p-callxargs_var] *Calls* continuation `c` with `0 <= p <= 15` parameters, expecting an arbitrary number of return values.
**Category:** Cont Basic (cont\_basic)
```fift Fift [p] -1 CALLXARGS ``` #### `DB1p` JMPXARGS [#db1p-jmpxargs] *Jumps* to continuation `c`, passing only the top `0 <= p <= 15` values from the current stack to it (the remainder of the current stack is discarded).
**Category:** Cont Basic (cont\_basic)
```fift Fift [p] JMPXARGS ``` #### `DB2r` RETARGS [#db2r-retargs] *Returns* to `c0`, with `0 <= r <= 15` return values taken from the current stack.
**Category:** Cont Basic (cont\_basic)
```fift Fift [r] RETARGS ``` #### `DB30` RET [#db30-ret] *Returns* to the continuation at `c0`. The remainder of the current continuation `cc` is discarded.
Approximately equivalent to `c0 PUSHCTR` `JMPX`.
**Category:** Cont Basic (cont\_basic)
```fift Fift RET RETTRUE ``` #### `DB31` RETALT [#db31-retalt] *Returns* to the continuation at `c1`.
Approximately equivalent to `c1 PUSHCTR` `JMPX`.
**Category:** Cont Basic (cont\_basic)
```fift Fift RETALT RETFALSE ``` #### `DB32` BRANCH [#db32-branch] Performs `RETTRUE` if integer `f!=0`, or `RETFALSE` if `f=0`.
**Category:** Cont Basic (cont\_basic)
```fift Fift BRANCH RETBOOL ``` #### `DB34` CALLCC [#db34-callcc] *Call with current continuation*, transfers control to `c`, pushing the old value of `cc` into `c`'s stack (instead of discarding it or writing it into new `c0`).
**Category:** Cont Basic (cont\_basic)
```fift Fift CALLCC ``` #### `DB35` JMPXDATA [#db35-jmpxdata] Similar to `CALLCC`, but the remainder of the current continuation (the old value of `cc`) is converted into a *Slice* before pushing it into the stack of `c`.
**Category:** Cont Basic (cont\_basic)
```fift Fift JMPXDATA ``` #### `DB36pr` CALLCCARGS [#db36pr-callccargs] Similar to `CALLXARGS`, but pushes the old value of `cc` (along with the top `0 <= p <= 15` values from the original stack) into the stack of newly-invoked continuation `c`, setting `cc.nargs` to `-1 <= r <= 14`.
**Category:** Cont Basic (cont\_basic)
```fift Fift [p] [r] CALLCCARGS ``` #### `DB38` CALLXVARARGS [#db38-callxvarargs] Similar to `CALLXARGS`, but takes `-1 <= p,r <= 254` from the stack. The next three operations also take `p` and `r` from the stack, both in the range `-1...254`.
**Category:** Cont Basic (cont\_basic)
```fift Fift CALLXVARARGS ``` #### `DB39` RETVARARGS [#db39-retvarargs] Similar to `RETARGS`.
**Category:** Cont Basic (cont\_basic)
```fift Fift RETVARARGS ``` #### `DB3A` JMPXVARARGS [#db3a-jmpxvarargs] Similar to `JMPXARGS`.
**Category:** Cont Basic (cont\_basic)
```fift Fift JMPXVARARGS ``` #### `DB3B` CALLCCVARARGS [#db3b-callccvarargs] Similar to `CALLCCARGS`.
**Category:** Cont Basic (cont\_basic)
```fift Fift CALLCCVARARGS ``` #### `DB3C` CALLREF [#db3c-callref] Equivalent to `PUSHREFCONT` `CALLX`.
**Category:** Cont Basic (cont\_basic)
```fift Fift [ref] CALLREF ``` #### `DB3D` JMPREF [#db3d-jmpref] Equivalent to `PUSHREFCONT` `JMPX`.
**Category:** Cont Basic (cont\_basic)
```fift Fift [ref] JMPREF ``` #### `DB3E` JMPREFDATA [#db3e-jmprefdata] Equivalent to `PUSHREFCONT` `JMPXDATA`.
**Category:** Cont Basic (cont\_basic)
```fift Fift [ref] JMPREFDATA ``` #### `DB3F` RETDATA [#db3f-retdata] Equivalent to `c0 PUSHCTR` `JMPXDATA`. In this way, the remainder of the current continuation is converted into a *Slice* and returned to the caller.
**Category:** Cont Basic (cont\_basic)
```fift Fift RETDATA ``` #### `DB4fff` RUNVM [#db4fff-runvm] Runs child VM with code `code` and stack `x_1...x_n`. Returns the resulting stack `x'_1...x'_m` and exitcode. Other arguments and return values are enabled by flags.

Flags operate similarly to `RUNVMX` in Fift:
- `+1`: sets `c3` to code.
- `+2`: pushes an implicit `0` before executing the code.
- `+4`: takes persistent data `c4` from the stack and returns its final value.
- `+8`: takes the gas limit `g_l` from the stack and returns the consumed gas `g_c`.
- `+16`: takes `c7` (smart contract context) from the stack.
- `+32`: returns the final value of `c5` (actions).
- `+64`: pops the hard gas limit `g_m` enabled by `ACCEPT` from the stack.
- `+128`: enables "isolated gas consumption", meaning the child VM maintains a separate set of visited cells and a `chksgn` counter.
- `+256`: pops an integer `r` and ensures exactly `r` values are returned from the top of the stack:
- If `RUNVM` call succeeds and `r` is set, it returns `r` elements. If `r` is not set, it returns all available elements.
- If `RUNVM` is successful but lacks elements on the stack, meaning the stack depth is less than `r`, it is treated as an exception in the child VM. The `exit_code` is set to `-3`, and `exit_arg` is set to `0`, so `0` is returned as the only stack element.
- If `RUNVM` fails with an exception, only one element is returned, `exit_arg`, which should not be confused with `exit_code`.
- In the case of running out of gas, `exit_code` is set to `-14`, and `exit_arg` contains the amount of gas.

Gas cost:
- 66 gas;
- 1 gas for each stack element passed to the child VM (the first 32 elements are free);
- 1 gas for each stack element returned from the child VM (the first 32 elements are free).
**Category:** Cont Basic (cont\_basic)
```fift Fift flags RUNVM ``` #### `DB50` RUNVMX [#db50-runvmx] Runs child VM with code `code` and stack `x_1...x_n`. Returns the resulting stack `x'_1...x'_m` and exitcode. Other arguments and return values are enabled by flags.

Flags operate similarly to `RUNVMX` in Fift:
- `+1`: sets `c3` to code.
- `+2`: pushes an implicit `0` before executing the code.
- `+4`: takes persistent data `c4` from the stack and returns its final value.
- `+8`: takes the gas limit `g_l` from the stack and returns the consumed gas `g_c`.
- `+16`: takes `c7` (smart contract context) from the stack.
- `+32`: returns the final value of `c5` (actions).
- `+64`: pops the hard gas limit `g_m` enabled by `ACCEPT` from the stack.
- `+128`: enables "isolated gas consumption", meaning the child VM maintains a separate set of visited cells and a `chksgn` counter.
- `+256`: pops an integer `r` and ensures exactly `r` values are returned from the top of the stack:
- If `RUNVM` call succeeds and `r` is set, it returns `r` elements. If `r` is not set, it returns all available elements.
- If `RUNVM` is successful but lacks elements on the stack, meaning the stack depth is less than `r`, it is treated as an exception in the child VM. The `exit_code` is set to `-3`, and `exit_arg` is set to `0`, so `0` is returned as the only stack element.
- If `RUNVM` fails with an exception, only one element is returned, `exit_arg`, which should not be confused with `exit_code`.
- In the case of running out of gas, `exit_code` is set to `-14`, and `exit_arg` contains the amount of gas.

Gas cost:
- 66 gas;
- 1 gas for each stack element passed to the child VM (the first 32 elements are free);
- 1 gas for each stack element returned from the child VM (the first 32 elements are free).
**Category:** Cont Basic (cont\_basic)
```fift Fift RUNVMX ``` #### `DC` IFRET [#dc-ifret] Performs a `RET`, but only if integer `f` is non-zero. If `f` is a `NaN`, throws an integer overflow exception.
**Category:** Cont Conditional (cont\_conditional)
```fift Fift IFRET IFNOT: ``` #### `DD` IFNOTRET [#dd-ifnotret] Performs a `RET`, but only if integer `f` is zero.
**Category:** Cont Conditional (cont\_conditional)
```fift Fift IFNOTRET IF: ``` #### `DE` IF [#de-if] Performs `EXECUTE` for `c` (i.e., *executes* `c`), but only if integer `f` is non-zero. Otherwise simply discards both values.
**Category:** Cont Conditional (cont\_conditional)
```fift Fift IF ``` #### `DF` IFNOT [#df-ifnot] Executes continuation `c`, but only if integer `f` is zero. Otherwise simply discards both values.
**Category:** Cont Conditional (cont\_conditional)
```fift Fift IFNOT ``` #### `E0` IFJMP [#e0-ifjmp] Jumps to `c` (similarly to `JMPX`), but only if `f` is non-zero.
**Category:** Cont Conditional (cont\_conditional)
```fift Fift IFJMP ``` #### `E1` IFNOTJMP [#e1-ifnotjmp] Jumps to `c` (similarly to `JMPX`), but only if `f` is zero.
**Category:** Cont Conditional (cont\_conditional)
```fift Fift IFNOTJMP ``` #### `E2` IFELSE [#e2-ifelse] If integer `f` is non-zero, executes `c`, otherwise executes `c'`. Equivalent to `CONDSELCHK` `EXECUTE`.
**Category:** Cont Conditional (cont\_conditional)
```fift Fift IFELSE ``` #### `E300` IFREF [#e300-ifref] Equivalent to `PUSHREFCONT` `IF`, with the optimization that the cell reference is not actually loaded into a *Slice* and then converted into an ordinary *Continuation* if `f=0`.
Gas consumption of this primitive depends on whether `f=0` and whether the reference was loaded before.
Similar remarks apply other primitives that accept a continuation as a reference.
**Category:** Cont Conditional (cont\_conditional)
```fift Fift [ref] IFREF ``` #### `E301` IFNOTREF [#e301-ifnotref] Equivalent to `PUSHREFCONT` `IFNOT`.
**Category:** Cont Conditional (cont\_conditional)
```fift Fift [ref] IFNOTREF ``` #### `E302` IFJMPREF [#e302-ifjmpref] Equivalent to `PUSHREFCONT` `IFJMP`.
**Category:** Cont Conditional (cont\_conditional)
```fift Fift [ref] IFJMPREF ``` #### `E303` IFNOTJMPREF [#e303-ifnotjmpref] Equivalent to `PUSHREFCONT` `IFNOTJMP`.
**Category:** Cont Conditional (cont\_conditional)
```fift Fift [ref] IFNOTJMPREF ``` #### `E304` CONDSEL [#e304-condsel] If integer `f` is non-zero, returns `x`, otherwise returns `y`. Notice that no type checks are performed on `x` and `y`; as such, it is more like a conditional stack operation. Roughly equivalent to `ROT` `ISZERO` `INC` `ROLLX` `NIP`.
**Category:** Cont Conditional (cont\_conditional)
```fift Fift CONDSEL ``` #### `E305` CONDSELCHK [#e305-condselchk] Same as `CONDSEL`, but first checks whether `x` and `y` have the same type.
**Category:** Cont Conditional (cont\_conditional)
```fift Fift CONDSELCHK ``` #### `E308` IFRETALT [#e308-ifretalt] Performs `RETALT` if integer `f!=0`.
**Category:** Cont Conditional (cont\_conditional)
```fift Fift IFRETALT ``` #### `E309` IFNOTRETALT [#e309-ifnotretalt] Performs `RETALT` if integer `f=0`.
**Category:** Cont Conditional (cont\_conditional)
```fift Fift IFNOTRETALT ``` #### `E30D` IFREFELSE [#e30d-ifrefelse] Equivalent to `PUSHREFCONT` `SWAP` `IFELSE`, with the optimization that the cell reference is not actually loaded into a *Slice* and then converted into an ordinary *Continuation* if `f=0`. Similar remarks apply to the next two primitives: cells are converted into continuations only when necessary.
**Category:** Cont Conditional (cont\_conditional)
```fift Fift [ref] IFREFELSE ``` #### `E30E` IFELSEREF [#e30e-ifelseref] Equivalent to `PUSHREFCONT` `IFELSE`.
**Category:** Cont Conditional (cont\_conditional)
```fift Fift [ref] IFELSEREF ``` #### `E30F` IFREFELSEREF [#e30f-ifrefelseref] Equivalent to `PUSHREFCONT` `PUSHREFCONT` `IFELSE`.
**Category:** Cont Conditional (cont\_conditional)
```fift Fift [ref] [ref] IFREFELSEREF ``` #### `E39_n` IFBITJMP [#e39_n-ifbitjmp] Checks whether bit `0 <= n <= 31` is set in integer `x`, and if so, performs `JMPX` to continuation `c`. Value `x` is left in the stack.
**Category:** Cont Conditional (cont\_conditional)
```fift Fift [n] IFBITJMP ``` #### `E3B_n` IFNBITJMP [#e3b_n-ifnbitjmp] Jumps to `c` if bit `0 <= n <= 31` is not set in integer `x`.
**Category:** Cont Conditional (cont\_conditional)
```fift Fift [n] IFNBITJMP ``` #### `E3D_n` IFBITJMPREF [#e3d_n-ifbitjmpref] Performs a `JMPREF` if bit `0 <= n <= 31` is set in integer `x`.
**Category:** Cont Conditional (cont\_conditional)
```fift Fift [ref] [n] IFBITJMPREF ``` #### `E3F_n` IFNBITJMPREF [#e3f_n-ifnbitjmpref] Performs a `JMPREF` if bit `0 <= n <= 31` is not set in integer `x`.
**Category:** Cont Conditional (cont\_conditional)
```fift Fift [ref] [n] IFNBITJMPREF ``` #### `E4` REPEAT [#e4-repeat] Executes continuation `c` `n` times, if integer `n` is non-negative. If `n>=2^31` or `n<-2^31`, generates a range check exception.
Notice that a `RET` inside the code of `c` works as a `continue`, not as a `break`. One should use either alternative (experimental) loops or alternative `RETALT` (along with a `SETEXITALT` before the loop) to `break` out of a loop.
**Category:** Cont Loops (cont\_loops)
```fift Fift REPEAT ``` #### `E5` REPEATEND [#e5-repeatend] Similar to `REPEAT`, but it is applied to the current continuation `cc`.
**Category:** Cont Loops (cont\_loops)
```fift Fift REPEATEND REPEAT: ``` #### `E6` UNTIL [#e6-until] Executes continuation `c`, then pops an integer `x` from the resulting stack. If `x` is zero, performs another iteration of this loop. The actual implementation of this primitive involves an extraordinary continuation `ec_until` with its arguments set to the body of the loop (continuation `c`) and the original current continuation `cc`. This extraordinary continuation is then saved into the savelist of `c` as `c.c0` and the modified `c` is then executed. The other loop primitives are implemented similarly with the aid of suitable extraordinary continuations.
**Category:** Cont Loops (cont\_loops)
```fift Fift UNTIL ``` #### `E7` UNTILEND [#e7-untilend] Similar to `UNTIL`, but executes the current continuation `cc` in a loop. When the loop exit condition is satisfied, performs a `RET`.
**Category:** Cont Loops (cont\_loops)
```fift Fift UNTILEND UNTIL: ``` #### `E8` WHILE [#e8-while] Executes `c'` and pops an integer `x` from the resulting stack. If `x` is zero, exists the loop and transfers control to the original `cc`. If `x` is non-zero, executes `c`, and then begins a new iteration.
**Category:** Cont Loops (cont\_loops)
```fift Fift WHILE ``` #### `E9` WHILEEND [#e9-whileend] Similar to `WHILE`, but uses the current continuation `cc` as the loop body.
**Category:** Cont Loops (cont\_loops)
```fift Fift WHILEEND ``` #### `EA` AGAIN [#ea-again] Similar to `REPEAT`, but executes `c` infinitely many times. A `RET` only begins a new iteration of the infinite loop, which can be exited only by an exception, or a `RETALT` (or an explicit `JMPX`).
**Category:** Cont Loops (cont\_loops)
```fift Fift AGAIN ``` #### `EB` AGAINEND [#eb-againend] Similar to `AGAIN`, but performed with respect to the current continuation `cc`.
**Category:** Cont Loops (cont\_loops)
```fift Fift AGAINEND AGAIN: ``` #### `E314` REPEATBRK [#e314-repeatbrk] Similar to `REPEAT`, but also sets `c1` to the original `cc` after saving the old value of `c1` into the savelist of the original `cc`. In this way `RETALT` could be used to break out of the loop body.
**Category:** Cont Loops (cont\_loops)
```fift Fift REPEATBRK ``` #### `E315` REPEATENDBRK [#e315-repeatendbrk] Similar to `REPEATEND`, but also sets `c1` to the original `c0` after saving the old value of `c1` into the savelist of the original `c0`. Equivalent to `SAMEALTSAVE` `REPEATEND`.
**Category:** Cont Loops (cont\_loops)
```fift Fift REPEATENDBRK ``` #### `E316` UNTILBRK [#e316-untilbrk] Similar to `UNTIL`, but also modifies `c1` in the same way as `REPEATBRK`.
**Category:** Cont Loops (cont\_loops)
```fift Fift UNTILBRK ``` #### `E317` UNTILENDBRK [#e317-untilendbrk] Equivalent to `SAMEALTSAVE` `UNTILEND`.
**Category:** Cont Loops (cont\_loops)
```fift Fift UNTILENDBRK UNTILBRK: ``` #### `E318` WHILEBRK [#e318-whilebrk] Similar to `WHILE`, but also modifies `c1` in the same way as `REPEATBRK`.
**Category:** Cont Loops (cont\_loops)
```fift Fift WHILEBRK ``` #### `E319` WHILEENDBRK [#e319-whileendbrk] Equivalent to `SAMEALTSAVE` `WHILEEND`.
**Category:** Cont Loops (cont\_loops)
```fift Fift WHILEENDBRK ``` #### `E31A` AGAINBRK [#e31a-againbrk] Similar to `AGAIN`, but also modifies `c1` in the same way as `REPEATBRK`.
**Category:** Cont Loops (cont\_loops)
```fift Fift AGAINBRK ``` #### `E31B` AGAINENDBRK [#e31b-againendbrk] Equivalent to `SAMEALTSAVE` `AGAINEND`.
**Category:** Cont Loops (cont\_loops)
```fift Fift AGAINENDBRK AGAINBRK: ``` #### `ECrn` SETCONTARGS\_N [#ecrn-setcontargs_n] Pushes `0 <= r <= 15` values `x_1...x_r` into the stack of (a copy of) the continuation `c`, starting with `x_1`. When `n` is 15 (-1 in Fift notation), does nothing with `c.nargs`. For `0 <= n <= 14`, sets `c.nargs` to the final size of the stack of `c'` plus `n`. In other words, transforms `c` into a *closure* or a *partially applied function*, with `0 <= n <= 14` arguments missing.
**Category:** Cont Stack (cont\_stack)
```fift Fift [r] [n] SETCONTARGS ``` **Aliases**: * `SETNUMARGS`
Sets `c.nargs` to `n` plus the current depth of `c`'s stack, where `0 <= n <= 14`. If `c.nargs` is already set to a non-negative value, does nothing. * `SETCONTARGS`
Pushes `0 <= r <= 15` values `x_1...x_r` into the stack of (a copy of) the continuation `c`, starting with `x_1`. If the final depth of `c`'s stack turns out to be greater than `c.nargs`, a stack overflow exception is generated. #### `ED0p` RETURNARGS [#ed0p-returnargs] Leaves only the top `0 <= p <= 15` values in the current stack (somewhat similarly to `ONLYTOPX`), with all the unused bottom values not discarded, but saved into continuation `c0` in the same way as `SETCONTARGS` does.
**Category:** Cont Stack (cont\_stack)
```fift Fift [p] RETURNARGS ``` #### `ED10` RETURNVARARGS [#ed10-returnvarargs] Similar to `RETURNARGS`, but with Integer `0 <= p <= 255` taken from the stack.
**Category:** Cont Stack (cont\_stack)
```fift Fift RETURNVARARGS ``` #### `ED11` SETCONTVARARGS [#ed11-setcontvarargs] Similar to `SETCONTARGS`, but with `0 <= r <= 255` and `-1 <= n <= 255` taken from the stack.
**Category:** Cont Stack (cont\_stack)
```fift Fift SETCONTVARARGS ``` #### `ED12` SETNUMVARARGS [#ed12-setnumvarargs] `-1 <= n <= 255`
If `n=-1`, this operation does nothing (`c'=c`).
Otherwise its action is similar to `[n] SETNUMARGS`, but with `n` taken from the stack.
**Category:** Cont Stack (cont\_stack)
```fift Fift SETNUMVARARGS ``` #### `ED1E` BLESS [#ed1e-bless] Transforms a *Slice* `s` into a simple ordinary continuation `c`, with `c.code=s` and an empty stack and savelist.
**Category:** Cont Create (cont\_create)
```fift Fift BLESS ``` #### `ED1F` BLESSVARARGS [#ed1f-blessvarargs] Equivalent to `ROT` `BLESS` `ROTREV` `SETCONTVARARGS`.
**Category:** Cont Create (cont\_create)
```fift Fift BLESSVARARGS ``` #### `EErn` BLESSARGS [#eern-blessargs] `0 <= r <= 15`, `-1 <= n <= 14`
Equivalent to `BLESS` `[r] [n] SETCONTARGS`.
The value of `n` is represented inside the instruction by the 4-bit integer `n mod 16`.
**Category:** Cont Create (cont\_create)
```fift Fift [r] [n] BLESSARGS ``` **Aliases**: * `BLESSNUMARGS`
Also transforms a *Slice* `s` into a *Continuation* `c`, but sets `c.nargs` to `0 <= n <= 14`. #### `ED4i` PUSHCTR [#ed4i-pushctr] Pushes the current value of control register `c(i)`. If the control register is not supported in the current codepage, or if it does not have a value, an exception is triggered.
**Category:** Cont Registers (cont\_registers)
```fift Fift c[i] PUSHCTR c[i] PUSH ``` **Aliases**: * `PUSHROOT`
Pushes the ''global data root'' cell reference, thus enabling access to persistent smart-contract data. #### `ED5i` POPCTR [#ed5i-popctr] Pops a value `x` from the stack and stores it into control register `c(i)`, if supported in the current codepage. Notice that if a control register accepts only values of a specific type, a type-checking exception may occur.
**Category:** Cont Registers (cont\_registers)
```fift Fift c[i] POPCTR c[i] POP ``` **Aliases**: * `POPROOT`
Sets the ''global data root'' cell reference, thus allowing modification of persistent smart-contract data. #### `ED6i` SETCONTCTR [#ed6i-setcontctr] Stores `x` into the savelist of continuation `c` as `c(i)`, and returns the resulting continuation `c'`. Almost all operations with continuations may be expressed in terms of `SETCONTCTR`, `POPCTR`, and `PUSHCTR`.
**Category:** Cont Registers (cont\_registers)
```fift Fift c[i] SETCONT c[i] SETCONTCTR ``` #### `ED7i` SETRETCTR [#ed7i-setretctr] Equivalent to `c0 PUSHCTR` `c[i] SETCONTCTR` `c0 POPCTR`.
**Category:** Cont Registers (cont\_registers)
```fift Fift c[i] SETRETCTR ``` #### `ED8i` SETALTCTR [#ed8i-setaltctr] Equivalent to `c1 PUSHCTR` `c[i] SETCONTCTR` `c1 POPCTR`.
**Category:** Cont Registers (cont\_registers)
```fift Fift c[i] SETALTCTR ``` #### `ED9i` POPSAVE [#ed9i-popsave] Similar to `c[i] POPCTR`, but also saves the old value of `c[i]` into continuation `c0`.
Equivalent (up to exceptions) to `c[i] SAVECTR` `c[i] POPCTR`.
**Category:** Cont Registers (cont\_registers)
```fift Fift c[i] POPSAVE c[i] POPCTRSAVE ``` #### `EDAi` SAVE [#edai-save] Saves the current value of `c(i)` into the savelist of continuation `c0`. If an entry for `c[i]` is already present in the savelist of `c0`, nothing is done. Equivalent to `c[i] PUSHCTR` `c[i] SETRETCTR`.
**Category:** Cont Registers (cont\_registers)
```fift Fift c[i] SAVE c[i] SAVECTR ``` #### `EDBi` SAVEALT [#edbi-savealt] Similar to `c[i] SAVE`, but saves the current value of `c[i]` into the savelist of `c1`, not `c0`.
**Category:** Cont Registers (cont\_registers)
```fift Fift c[i] SAVEALT c[i] SAVEALTCTR ``` #### `EDCi` SAVEBOTH [#edci-saveboth] Equivalent to `c[i] SAVE` `c[i] SAVEALT`.
**Category:** Cont Registers (cont\_registers)
```fift Fift c[i] SAVEBOTH c[i] SAVEBOTHCTR ``` #### `EDE0` PUSHCTRX [#ede0-pushctrx] Similar to `c[i] PUSHCTR`, but with `i`, `0 <= i <= 255`, taken from the stack.
Notice that this primitive is one of the few ''exotic'' primitives, which are not polymorphic like stack manipulation primitives, and at the same time do not have well-defined types of parameters and return values, because the type of `x` depends on `i`.
**Category:** Cont Registers (cont\_registers)
```fift Fift PUSHCTRX ``` #### `EDE1` POPCTRX [#ede1-popctrx] Similar to `c[i] POPCTR`, but with `0 <= i <= 255` from the stack.
**Category:** Cont Registers (cont\_registers)
```fift Fift POPCTRX ``` #### `EDE2` SETCONTCTRX [#ede2-setcontctrx] Similar to `c[i] SETCONTCTR`, but with `0 <= i <= 255` from the stack.
**Category:** Cont Registers (cont\_registers)
```fift Fift SETCONTCTRX ``` #### `EDE3mm` SETCONTCTRMANY [#ede3mm-setcontctrmany] Takes continuation, performs the equivalent of `c[i] PUSHCTR SWAP c[i] SETCONTCNR` for each `i` that is set in `mask` (mask is in `0..255`).
**Category:** Cont Registers (cont\_registers)
```fift Fift SETCONTCTRMANY SETCONTMANY ``` #### `EDE4` SETCONTCTRMANYX [#ede4-setcontctrmanyx] Takes continuation, performs the equivalent of `c[i] PUSHCTR SWAP c[i] SETCONTCNR` for each `i` that is set in `mask` (mask is in `0..255`).
**Category:** Cont Registers (cont\_registers)
```fift Fift SETCONTCTRMANYX SETCONTMANYX ``` #### `EDF0` COMPOS [#edf0-compos] Computes the composition `compose0(c, c')`, which has the meaning of ''perform `c`, and, if successful, perform `c'`'' (if `c` is a boolean circuit) or simply ''perform `c`, then `c'`''. Equivalent to `SWAP` `c0 SETCONT`.
**Category:** Cont Registers (cont\_registers)
```fift Fift COMPOS BOOLAND ``` #### `EDF1` COMPOSALT [#edf1-composalt] Computes the alternative composition `compose1(c, c')`, which has the meaning of ''perform `c`, and, if not successful, perform `c'`'' (if `c` is a boolean circuit). Equivalent to `SWAP` `c1 SETCONT`.
**Category:** Cont Registers (cont\_registers)
```fift Fift COMPOSALT BOOLOR ``` #### `EDF2` COMPOSBOTH [#edf2-composboth] Computes composition `compose1(compose0(c, c'), c')`, which has the meaning of ''compute boolean circuit `c`, then compute `c'`, regardless of the result of `c`''.
**Category:** Cont Registers (cont\_registers)
```fift Fift COMPOSBOTH ``` #### `EDF3` ATEXIT [#edf3-atexit] Sets `c0` to `compose0(c, c0)`. In other words, `c` will be executed before exiting current subroutine.
**Category:** Cont Registers (cont\_registers)
```fift Fift ATEXIT ``` #### `EDF4` ATEXITALT [#edf4-atexitalt] Sets `c1` to `compose1(c, c1)`. In other words, `c` will be executed before exiting current subroutine by its alternative return path.
**Category:** Cont Registers (cont\_registers)
```fift Fift ATEXITALT ``` #### `EDF5` SETEXITALT [#edf5-setexitalt] Sets `c1` to `compose1(compose0(c, c0), c1)`,
In this way, a subsequent `RETALT` will first execute `c`, then transfer control to the original `c0`. This can be used, for instance, to exit from nested loops.
**Category:** Cont Registers (cont\_registers)
```fift Fift SETEXITALT ``` #### `EDF6` THENRET [#edf6-thenret] Computes `compose0(c, c0)`.
**Category:** Cont Registers (cont\_registers)
```fift Fift THENRET ``` #### `EDF7` THENRETALT [#edf7-thenretalt] Computes `compose0(c, c1)`
**Category:** Cont Registers (cont\_registers)
```fift Fift THENRETALT ``` #### `EDF8` INVERT [#edf8-invert] Interchanges `c0` and `c1`.
**Category:** Cont Registers (cont\_registers)
```fift Fift INVERT ``` #### `EDF9` BOOLEVAL [#edf9-booleval] Performs `cc:=compose1(compose0(c, compose0(-1 PUSHINT, cc)), compose0(0 PUSHINT, cc))`. If `c` represents a boolean circuit, the net effect is to evaluate it and push either `-1` or `0` into the stack before continuing.
**Category:** Cont Registers (cont\_registers)
```fift Fift BOOLEVAL ``` #### `EDFA` SAMEALT [#edfa-samealt] Sets `c1` to `c0`. Equivalent to `c0 PUSHCTR` `c1 POPCTR`.
**Category:** Cont Registers (cont\_registers)
```fift Fift SAMEALT ``` #### `EDFB` SAMEALTSAVE [#edfb-samealtsave] Sets `c1` to `c0`, but first saves the old value of `c1` into the savelist of `c0`.
Equivalent to `c1 SAVE` `SAMEALT`.
**Category:** Cont Registers (cont\_registers)
```fift Fift SAMEALTSAVE ``` #### `F0nn` CALLDICT [#f0nn-calldict] Calls the continuation in `c3`, pushing integer `0 <= nn <= 255` into its stack as an argument.
Approximately equivalent to `[nn] PUSHINT` `c3 PUSHCTR` `EXECUTE`.
**Category:** Cont Dict (cont\_dict)
```fift Fift [nn] CALL [nn] CALLDICT ``` #### `F12_n` CALLDICT\_LONG [#f12_n-calldict_long] For `0 <= n < 2^14`, an encoding of `[n] CALL` for larger values of `n`.
**Category:** Cont Dict (cont\_dict)
```fift Fift [n] CALL [n] CALLDICT ``` #### `F16_n` JMPDICT [#f16_n-jmpdict] Jumps to the continuation in `c3`, pushing integer `0 <= n < 2^14` as its argument.
Approximately equivalent to `n PUSHINT` `c3 PUSHCTR` `JMPX`.
**Category:** Cont Dict (cont\_dict)
```fift Fift [n] JMP ``` #### `F1A_n` PREPAREDICT [#f1a_n-preparedict] Equivalent to `n PUSHINT` `c3 PUSHCTR`, for `0 <= n < 2^14`.
In this way, `[n] CALL` is approximately equivalent to `[n] PREPARE` `EXECUTE`, and `[n] JMP` is approximately equivalent to `[n] PREPARE` `JMPX`.
One might use, for instance, `CALLXARGS` or `CALLCC` instead of `EXECUTE` here.
**Category:** Cont Dict (cont\_dict)
```fift Fift [n] PREPARE [n] PREPAREDICT ``` #### `F22_n` THROW\_SHORT [#f22_n-throw_short] Throws exception `0 <= n <= 63` with parameter zero.
In other words, it transfers control to the continuation in `c2`, pushing `0` and `n` into its stack, and discarding the old stack altogether.
**Category:** Exceptions (exceptions)
```fift Fift [n] THROW ``` #### `F26_n` THROWIF\_SHORT [#f26_n-throwif_short] Throws exception `0 <= n <= 63` with parameter zero only if integer `f!=0`.
**Category:** Exceptions (exceptions)
```fift Fift [n] THROWIF ``` #### `F2A_n` THROWIFNOT\_SHORT [#f2a_n-throwifnot_short] Throws exception `0 <= n <= 63` with parameter zero only if integer `f=0`.
**Category:** Exceptions (exceptions)
```fift Fift [n] THROWIFNOT ``` #### `F2C4_n` THROW [#f2c4_n-throw] For `0 <= n < 2^11`, an encoding of `[n] THROW` for larger values of `n`.
**Category:** Exceptions (exceptions)
```fift Fift [n] THROW ``` #### `F2CC_n` THROWARG [#f2cc_n-throwarg] Throws exception `0 <= n < 2^11` with parameter `x`, by copying `x` and `n` into the stack of `c2` and transferring control to `c2`.
**Category:** Exceptions (exceptions)
```fift Fift [n] THROWARG ``` #### `F2D4_n` THROWIF [#f2d4_n-throwif] For `0 <= n < 2^11`, an encoding of `[n] THROWIF` for larger values of `n`.
**Category:** Exceptions (exceptions)
```fift Fift [n] THROWIF ``` #### `F2DC_n` THROWARGIF [#f2dc_n-throwargif] Throws exception `0 <= nn < 2^11` with parameter `x` only if integer `f!=0`.
**Category:** Exceptions (exceptions)
```fift Fift [n] THROWARGIF ``` #### `F2E4_n` THROWIFNOT [#f2e4_n-throwifnot] For `0 <= n < 2^11`, an encoding of `[n] THROWIFNOT` for larger values of `n`.
**Category:** Exceptions (exceptions)
```fift Fift [n] THROWIFNOT ``` #### `F2EC_n` THROWARGIFNOT [#f2ec_n-throwargifnot] Throws exception `0 <= n < 2^11` with parameter `x` only if integer `f=0`.
**Category:** Exceptions (exceptions)
```fift Fift [n] THROWARGIFNOT ``` #### `F2F0` THROWANY [#f2f0-throwany] Throws exception `0 <= n < 2^16` with parameter zero.
Approximately equivalent to `ZERO` `SWAP` `THROWARGANY`.
**Category:** Exceptions (exceptions)
```fift Fift THROWANY ``` #### `F2F1` THROWARGANY [#f2f1-throwargany] Throws exception `0 <= n < 2^16` with parameter `x`, transferring control to the continuation in `c2`.
Approximately equivalent to `c2 PUSHCTR` `2 JMPXARGS`.
**Category:** Exceptions (exceptions)
```fift Fift THROWARGANY ``` #### `F2F2` THROWANYIF [#f2f2-throwanyif] Throws exception `0 <= n < 2^16` with parameter zero only if `f!=0`.
**Category:** Exceptions (exceptions)
```fift Fift THROWANYIF ``` #### `F2F3` THROWARGANYIF [#f2f3-throwarganyif] Throws exception `0 <= n<2^16` with parameter `x` only if `f!=0`.
**Category:** Exceptions (exceptions)
```fift Fift THROWARGANYIF ``` #### `F2F4` THROWANYIFNOT [#f2f4-throwanyifnot] Throws exception `0 <= n<2^16` with parameter zero only if `f=0`.
**Category:** Exceptions (exceptions)
```fift Fift THROWANYIFNOT ``` #### `F2F5` THROWARGANYIFNOT [#f2f5-throwarganyifnot] Throws exception `0 <= n<2^16` with parameter `x` only if `f=0`.
**Category:** Exceptions (exceptions)
```fift Fift THROWARGANYIFNOT ``` #### `F2FF` TRY [#f2ff-try] Sets `c2` to `c'`, first saving the old value of `c2` both into the savelist of `c'` and into the savelist of the current continuation, which is stored into `c.c0` and `c'.c0`. Then runs `c` similarly to `EXECUTE`. If `c` does not throw any exceptions, the original value of `c2` is automatically restored on return from `c`. If an exception occurs, the execution is transferred to `c'`, but the original value of `c2` is restored in the process, so that `c'` can re-throw the exception by `THROWANY` if it cannot handle it by itself.
**Category:** Exceptions (exceptions)
```fift Fift TRY ``` #### `F3pr` TRYARGS [#f3pr-tryargs] Similar to `TRY`, but with `[p] [r] CALLXARGS` internally used instead of `EXECUTE`.
In this way, all but the top `0 <= p <= 15` stack elements will be saved into current continuation's stack, and then restored upon return from either `c` or `c'`, with the top `0 <= r <= 15` values of the resulting stack of `c` or `c'` copied as return values.
**Category:** Exceptions (exceptions)
```fift Fift [p] [r] TRYARGS ``` #### `F400` STDICT [#f400-stdict] Stores dictionary `D` into *Builder* `b`, returning the resulting *Builder* `b'`.
In other words, if `D` is a cell, performs `STONE` and `STREF`; if `D` is *Null*, performs `NIP` and `STZERO`; otherwise throws a type checking exception.
**Category:** Dict Serial (dict\_serial)
```fift Fift STDICT STOPTREF ``` #### `F401` SKIPDICT [#f401-skipdict] Equivalent to `LDDICT` `NIP`.
**Category:** Dict Serial (dict\_serial)
```fift Fift SKIPDICT SKIPOPTREF ``` #### `F402` LDDICTS [#f402-lddicts] Loads (parses) a (*Slice*-represented) dictionary `s'` from *Slice* `s`, and returns the remainder of `s` as `s''`.
This is a ''split function'' for all `HashmapE(n,X)` dictionary types.
**Category:** Dict Serial (dict\_serial)
```fift Fift LDDICTS ``` #### `F403` PLDDICTS [#f403-plddicts] Preloads a (*Slice*-represented) dictionary `s'` from *Slice* `s`.
Approximately equivalent to `LDDICTS` `DROP`.
**Category:** Dict Serial (dict\_serial)
```fift Fift PLDDICTS ``` #### `F404` LDDICT [#f404-lddict] Loads (parses) a dictionary `D` from *Slice* `s`, and returns the remainder of `s` as `s'`. May be applied to dictionaries or to values of arbitrary `(^Y)?` types.
**Category:** Dict Serial (dict\_serial)
```fift Fift LDDICT LDOPTREF ``` #### `F405` PLDDICT [#f405-plddict] Preloads a dictionary `D` from *Slice* `s`.
Approximately equivalent to `LDDICT` `DROP`.
**Category:** Dict Serial (dict\_serial)
```fift Fift PLDDICT PLDOPTREF ``` #### `F406` LDDICTQ [#f406-lddictq] A quiet version of `LDDICT`.
**Category:** Dict Serial (dict\_serial)
```fift Fift LDDICTQ ``` #### `F407` PLDDICTQ [#f407-plddictq] A quiet version of `PLDDICT`.
**Category:** Dict Serial (dict\_serial)
```fift Fift PLDDICTQ ``` #### `F40A` DICTGET [#f40a-dictget] Looks up key `k` (represented by a *Slice*, the first `0 <= n <= 1023` data bits of which are used as a key) in dictionary `D` of type `HashmapE(n,X)` with `n`-bit keys.
On success, returns the value found as a *Slice* `x`.
**Category:** Dict Get (dict\_get)
```fift Fift DICTGET ``` #### `F40B` DICTGETREF [#f40b-dictgetref] Similar to `DICTGET`, but with a `LDREF` `ENDS` applied to `x` on success.
This operation is useful for dictionaries of type `HashmapE(n,^Y)`.
**Category:** Dict Get (dict\_get)
```fift Fift DICTGETREF ``` #### `F40C` DICTIGET [#f40c-dictiget] Similar to `DICTGET`, but with a signed (big-endian) `n`-bit *Integer* `i` as a key. If `i` does not fit into `n` bits, returns `0`. If `i` is a `NaN`, throws an integer overflow exception.
**Category:** Dict Get (dict\_get)
```fift Fift DICTIGET ``` #### `F40D` DICTIGETREF [#f40d-dictigetref] Combines `DICTIGET` with `DICTGETREF`: it uses signed `n`-bit *Integer* `i` as a key and returns a *Cell* instead of a *Slice* on success.
**Category:** Dict Get (dict\_get)
```fift Fift DICTIGETREF ``` #### `F40E` DICTUGET [#f40e-dictuget] Similar to `DICTIGET`, but with *unsigned* (big-endian) `n`-bit *Integer* `i` used as a key.
**Category:** Dict Get (dict\_get)
```fift Fift DICTUGET ``` #### `F40F` DICTUGETREF [#f40f-dictugetref] Similar to `DICTIGETREF`, but with an unsigned `n`-bit *Integer* key `i`.
**Category:** Dict Get (dict\_get)
```fift Fift DICTUGETREF ``` #### `F412` DICTSET [#f412-dictset] Sets the value associated with `n`-bit key `k` (represented by a *Slice* as in `DICTGET`) in dictionary `D` (also represented by a *Slice*) to value `x` (again a *Slice*), and returns the resulting dictionary as `D'`.
**Category:** Dict Set (dict\_set)
```fift Fift DICTSET ``` #### `F413` DICTSETREF [#f413-dictsetref] Similar to `DICTSET`, but with the value set to a reference to *Cell* `c`.
**Category:** Dict Set (dict\_set)
```fift Fift DICTSETREF ``` #### `F414` DICTISET [#f414-dictiset] Similar to `DICTSET`, but with the key represented by a (big-endian) signed `n`-bit integer `i`. If `i` does not fit into `n` bits, a range check exception is generated.
**Category:** Dict Set (dict\_set)
```fift Fift DICTISET ``` #### `F415` DICTISETREF [#f415-dictisetref] Similar to `DICTSETREF`, but with the key a signed `n`-bit integer as in `DICTISET`.
**Category:** Dict Set (dict\_set)
```fift Fift DICTISETREF ``` #### `F416` DICTUSET [#f416-dictuset] Similar to `DICTISET`, but with `i` an *unsigned* `n`-bit integer.
**Category:** Dict Set (dict\_set)
```fift Fift DICTUSET ``` #### `F417` DICTUSETREF [#f417-dictusetref] Similar to `DICTISETREF`, but with `i` unsigned.
**Category:** Dict Set (dict\_set)
```fift Fift DICTUSETREF ``` #### `F41A` DICTSETGET [#f41a-dictsetget] Combines `DICTSET` with `DICTGET`: it sets the value corresponding to key `k` to `x`, but also returns the old value `y` associated with the key in question, if present.
**Category:** Dict Set (dict\_set)
```fift Fift DICTSETGET ``` #### `F41B` DICTSETGETREF [#f41b-dictsetgetref] Combines `DICTSETREF` with `DICTGETREF` similarly to `DICTSETGET`.
**Category:** Dict Set (dict\_set)
```fift Fift DICTSETGETREF ``` #### `F41C` DICTISETGET [#f41c-dictisetget] `DICTISETGET`, but with `i` a signed `n`-bit integer.
**Category:** Dict Set (dict\_set)
```fift Fift DICTISETGET ``` #### `F41D` DICTISETGETREF [#f41d-dictisetgetref] `DICTISETGETREF`, but with `i` a signed `n`-bit integer.
**Category:** Dict Set (dict\_set)
```fift Fift DICTISETGETREF ``` #### `F41E` DICTUSETGET [#f41e-dictusetget] `DICTISETGET`, but with `i` an unsigned `n`-bit integer.
**Category:** Dict Set (dict\_set)
```fift Fift DICTUSETGET ``` #### `F41F` DICTUSETGETREF [#f41f-dictusetgetref] `DICTISETGETREF`, but with `i` an unsigned `n`-bit integer.
**Category:** Dict Set (dict\_set)
```fift Fift DICTUSETGETREF ``` #### `F422` DICTREPLACE [#f422-dictreplace] A *Replace* operation, which is similar to `DICTSET`, but sets the value of key `k` in dictionary `D` to `x` only if the key `k` was already present in `D`.
**Category:** Dict Set (dict\_set)
```fift Fift DICTREPLACE ``` #### `F423` DICTREPLACEREF [#f423-dictreplaceref] A *Replace* counterpart of `DICTSETREF`.
**Category:** Dict Set (dict\_set)
```fift Fift DICTREPLACEREF ``` #### `F424` DICTIREPLACE [#f424-dictireplace] `DICTREPLACE`, but with `i` a signed `n`-bit integer.
**Category:** Dict Set (dict\_set)
```fift Fift DICTIREPLACE ``` #### `F425` DICTIREPLACEREF [#f425-dictireplaceref] `DICTREPLACEREF`, but with `i` a signed `n`-bit integer.
**Category:** Dict Set (dict\_set)
```fift Fift DICTIREPLACEREF ``` #### `F426` DICTUREPLACE [#f426-dictureplace] `DICTREPLACE`, but with `i` an unsigned `n`-bit integer.
**Category:** Dict Set (dict\_set)
```fift Fift DICTUREPLACE ``` #### `F427` DICTUREPLACEREF [#f427-dictureplaceref] `DICTREPLACEREF`, but with `i` an unsigned `n`-bit integer.
**Category:** Dict Set (dict\_set)
```fift Fift DICTUREPLACEREF ``` #### `F42A` DICTREPLACEGET [#f42a-dictreplaceget] A *Replace* counterpart of `DICTSETGET`: on success, also returns the old value associated with the key in question.
**Category:** Dict Set (dict\_set)
```fift Fift DICTREPLACEGET ``` #### `F42B` DICTREPLACEGETREF [#f42b-dictreplacegetref] A *Replace* counterpart of `DICTSETGETREF`.
**Category:** Dict Set (dict\_set)
```fift Fift DICTREPLACEGETREF ``` #### `F42C` DICTIREPLACEGET [#f42c-dictireplaceget] `DICTREPLACEGET`, but with `i` a signed `n`-bit integer.
**Category:** Dict Set (dict\_set)
```fift Fift DICTIREPLACEGET ``` #### `F42D` DICTIREPLACEGETREF [#f42d-dictireplacegetref] `DICTREPLACEGETREF`, but with `i` a signed `n`-bit integer.
**Category:** Dict Set (dict\_set)
```fift Fift DICTIREPLACEGETREF ``` #### `F42E` DICTUREPLACEGET [#f42e-dictureplaceget] `DICTREPLACEGET`, but with `i` an unsigned `n`-bit integer.
**Category:** Dict Set (dict\_set)
```fift Fift DICTUREPLACEGET ``` #### `F42F` DICTUREPLACEGETREF [#f42f-dictureplacegetref] `DICTREPLACEGETREF`, but with `i` an unsigned `n`-bit integer.
**Category:** Dict Set (dict\_set)
```fift Fift DICTUREPLACEGETREF ``` #### `F432` DICTADD [#f432-dictadd] An *Add* counterpart of `DICTSET`: sets the value associated with key `k` in dictionary `D` to `x`, but only if it is not already present in `D`.
**Category:** Dict Set (dict\_set)
```fift Fift DICTADD ``` #### `F433` DICTADDREF [#f433-dictaddref] An *Add* counterpart of `DICTSETREF`.
**Category:** Dict Set (dict\_set)
```fift Fift DICTADDREF ``` #### `F434` DICTIADD [#f434-dictiadd] `DICTADD`, but with `i` a signed `n`-bit integer.
**Category:** Dict Set (dict\_set)
```fift Fift DICTIADD ``` #### `F435` DICTIADDREF [#f435-dictiaddref] `DICTADDREF`, but with `i` a signed `n`-bit integer.
**Category:** Dict Set (dict\_set)
```fift Fift DICTIADDREF ``` #### `F436` DICTUADD [#f436-dictuadd] `DICTADD`, but with `i` an unsigned `n`-bit integer.
**Category:** Dict Set (dict\_set)
```fift Fift DICTUADD ``` #### `F437` DICTUADDREF [#f437-dictuaddref] `DICTADDREF`, but with `i` an unsigned `n`-bit integer.
**Category:** Dict Set (dict\_set)
```fift Fift DICTUADDREF ``` #### `F43A` DICTADDGET [#f43a-dictaddget] An *Add* counterpart of `DICTSETGET`: sets the value associated with key `k` in dictionary `D` to `x`, but only if key `k` is not already present in `D`. Otherwise, just returns the old value `y` without changing the dictionary.
**Category:** Dict Set (dict\_set)
```fift Fift DICTADDGET ``` #### `F43B` DICTADDGETREF [#f43b-dictaddgetref] An *Add* counterpart of `DICTSETGETREF`.
**Category:** Dict Set (dict\_set)
```fift Fift DICTADDGETREF ``` #### `F43C` DICTIADDGET [#f43c-dictiaddget] `DICTADDGET`, but with `i` a signed `n`-bit integer.
**Category:** Dict Set (dict\_set)
```fift Fift DICTIADDGET ``` #### `F43D` DICTIADDGETREF [#f43d-dictiaddgetref] `DICTADDGETREF`, but with `i` a signed `n`-bit integer.
**Category:** Dict Set (dict\_set)
```fift Fift DICTIADDGETREF ``` #### `F43E` DICTUADDGET [#f43e-dictuaddget] `DICTADDGET`, but with `i` an unsigned `n`-bit integer.
**Category:** Dict Set (dict\_set)
```fift Fift DICTUADDGET ``` #### `F43F` DICTUADDGETREF [#f43f-dictuaddgetref] `DICTADDGETREF`, but with `i` an unsigned `n`-bit integer.
**Category:** Dict Set (dict\_set)
```fift Fift DICTUADDGETREF ``` #### `F441` DICTSETB [#f441-dictsetb]
**Category:** Dict Set Builder (dict\_set\_builder)
```fift Fift DICTSETB ``` #### `F442` DICTISETB [#f442-dictisetb]
**Category:** Dict Set Builder (dict\_set\_builder)
```fift Fift DICTISETB ``` #### `F443` DICTUSETB [#f443-dictusetb]
**Category:** Dict Set Builder (dict\_set\_builder)
```fift Fift DICTUSETB ``` #### `F445` DICTSETGETB [#f445-dictsetgetb]
**Category:** Dict Set Builder (dict\_set\_builder)
```fift Fift DICTSETGETB ``` #### `F446` DICTISETGETB [#f446-dictisetgetb]
**Category:** Dict Set Builder (dict\_set\_builder)
```fift Fift DICTISETGETB ``` #### `F447` DICTUSETGETB [#f447-dictusetgetb]
**Category:** Dict Set Builder (dict\_set\_builder)
```fift Fift DICTUSETGETB ``` #### `F449` DICTREPLACEB [#f449-dictreplaceb]
**Category:** Dict Set Builder (dict\_set\_builder)
```fift Fift DICTREPLACEB ``` #### `F44A` DICTIREPLACEB [#f44a-dictireplaceb]
**Category:** Dict Set Builder (dict\_set\_builder)
```fift Fift DICTIREPLACEB ``` #### `F44B` DICTUREPLACEB [#f44b-dictureplaceb]
**Category:** Dict Set Builder (dict\_set\_builder)
```fift Fift DICTUREPLACEB ``` #### `F44D` DICTREPLACEGETB [#f44d-dictreplacegetb]
**Category:** Dict Set Builder (dict\_set\_builder)
```fift Fift DICTREPLACEGETB ``` #### `F44E` DICTIREPLACEGETB [#f44e-dictireplacegetb]
**Category:** Dict Set Builder (dict\_set\_builder)
```fift Fift DICTIREPLACEGETB ``` #### `F44F` DICTUREPLACEGETB [#f44f-dictureplacegetb]
**Category:** Dict Set Builder (dict\_set\_builder)
```fift Fift DICTUREPLACEGETB ``` #### `F451` DICTADDB [#f451-dictaddb]
**Category:** Dict Set Builder (dict\_set\_builder)
```fift Fift DICTADDB ``` #### `F452` DICTIADDB [#f452-dictiaddb]
**Category:** Dict Set Builder (dict\_set\_builder)
```fift Fift DICTIADDB ``` #### `F453` DICTUADDB [#f453-dictuaddb]
**Category:** Dict Set Builder (dict\_set\_builder)
```fift Fift DICTUADDB ``` #### `F455` DICTADDGETB [#f455-dictaddgetb]
**Category:** Dict Set Builder (dict\_set\_builder)
```fift Fift DICTADDGETB ``` #### `F456` DICTIADDGETB [#f456-dictiaddgetb]
**Category:** Dict Set Builder (dict\_set\_builder)
```fift Fift DICTIADDGETB ``` #### `F457` DICTUADDGETB [#f457-dictuaddgetb]
**Category:** Dict Set Builder (dict\_set\_builder)
```fift Fift DICTUADDGETB ``` #### `F459` DICTDEL [#f459-dictdel] Deletes `n`-bit key, represented by a *Slice* `k`, from dictionary `D`. If the key is present, returns the modified dictionary `D'` and the success flag `-1`. Otherwise, returns the original dictionary `D` and `0`.
**Category:** Dict Delete (dict\_delete)
```fift Fift DICTDEL ``` #### `F45A` DICTIDEL [#f45a-dictidel] A version of `DICTDEL` with the key represented by a signed `n`-bit *Integer* `i`. If `i` does not fit into `n` bits, simply returns `D` `0` (''key not found, dictionary unmodified'').
**Category:** Dict Delete (dict\_delete)
```fift Fift DICTIDEL ``` #### `F45B` DICTUDEL [#f45b-dictudel] Similar to `DICTIDEL`, but with `i` an unsigned `n`-bit integer.
**Category:** Dict Delete (dict\_delete)
```fift Fift DICTUDEL ``` #### `F462` DICTDELGET [#f462-dictdelget] Deletes `n`-bit key, represented by a *Slice* `k`, from dictionary `D`. If the key is present, returns the modified dictionary `D'`, the original value `x` associated with the key `k` (represented by a *Slice*), and the success flag `-1`. Otherwise, returns the original dictionary `D` and `0`.
**Category:** Dict Delete (dict\_delete)
```fift Fift DICTDELGET ``` #### `F463` DICTDELGETREF [#f463-dictdelgetref] Similar to `DICTDELGET`, but with `LDREF` `ENDS` applied to `x` on success, so that the value returned `c` is a *Cell*.
**Category:** Dict Delete (dict\_delete)
```fift Fift DICTDELGETREF ``` #### `F464` DICTIDELGET [#f464-dictidelget] `DICTDELGET`, but with `i` a signed `n`-bit integer.
**Category:** Dict Delete (dict\_delete)
```fift Fift DICTIDELGET ``` #### `F465` DICTIDELGETREF [#f465-dictidelgetref] `DICTDELGETREF`, but with `i` a signed `n`-bit integer.
**Category:** Dict Delete (dict\_delete)
```fift Fift DICTIDELGETREF ``` #### `F466` DICTUDELGET [#f466-dictudelget] `DICTDELGET`, but with `i` an unsigned `n`-bit integer.
**Category:** Dict Delete (dict\_delete)
```fift Fift DICTUDELGET ``` #### `F467` DICTUDELGETREF [#f467-dictudelgetref] `DICTDELGETREF`, but with `i` an unsigned `n`-bit integer.
**Category:** Dict Delete (dict\_delete)
```fift Fift DICTUDELGETREF ``` #### `F469` DICTGETOPTREF [#f469-dictgetoptref] A variant of `DICTGETREF` that returns *Null* instead of the value `c^?` if the key `k` is absent from dictionary `D`.
**Category:** Dict Mayberef (dict\_mayberef)
```fift Fift DICTGETOPTREF ``` #### `F46A` DICTIGETOPTREF [#f46a-dictigetoptref] `DICTGETOPTREF`, but with `i` a signed `n`-bit integer. If the key `i` is out of range, also returns *Null*.
**Category:** Dict Mayberef (dict\_mayberef)
```fift Fift DICTIGETOPTREF ``` #### `F46B` DICTUGETOPTREF [#f46b-dictugetoptref] `DICTGETOPTREF`, but with `i` an unsigned `n`-bit integer. If the key `i` is out of range, also returns *Null*.
**Category:** Dict Mayberef (dict\_mayberef)
```fift Fift DICTUGETOPTREF ``` #### `F46D` DICTSETGETOPTREF [#f46d-dictsetgetoptref] A variant of both `DICTGETOPTREF` and `DICTSETGETREF` that sets the value corresponding to key `k` in dictionary `D` to `c^?` (if `c^?` is *Null*, then the key is deleted instead), and returns the old value `~c^?` (if the key `k` was absent before, returns *Null* instead).
**Category:** Dict Mayberef (dict\_mayberef)
```fift Fift DICTSETGETOPTREF ``` #### `F46E` DICTISETGETOPTREF [#f46e-dictisetgetoptref] Similar to primitive `DICTSETGETOPTREF`, but using signed `n`-bit *Integer* `i` as a key. If `i` does not fit into `n` bits, throws a range checking exception.
**Category:** Dict Mayberef (dict\_mayberef)
```fift Fift DICTISETGETOPTREF ``` #### `F46F` DICTUSETGETOPTREF [#f46f-dictusetgetoptref] Similar to primitive `DICTSETGETOPTREF`, but using unsigned `n`-bit *Integer* `i` as a key.
**Category:** Dict Mayberef (dict\_mayberef)
```fift Fift DICTUSETGETOPTREF ``` #### `F470` PFXDICTSET [#f470-pfxdictset]
**Category:** Dict Prefix (dict\_prefix)
```fift Fift PFXDICTSET ``` #### `F471` PFXDICTREPLACE [#f471-pfxdictreplace]
**Category:** Dict Prefix (dict\_prefix)
```fift Fift PFXDICTREPLACE ``` #### `F472` PFXDICTADD [#f472-pfxdictadd]
**Category:** Dict Prefix (dict\_prefix)
```fift Fift PFXDICTADD ``` #### `F473` PFXDICTDEL [#f473-pfxdictdel]
**Category:** Dict Prefix (dict\_prefix)
```fift Fift PFXDICTDEL ``` #### `F474` DICTGETNEXT [#f474-dictgetnext] Computes the minimal key `k'` in dictionary `D` that is lexicographically greater than `k`, and returns `k'` (represented by a *Slice*) along with associated value `x'` (also represented by a *Slice*).
**Category:** Dict Next (dict\_next)
```fift Fift DICTGETNEXT ``` #### `F475` DICTGETNEXTEQ [#f475-dictgetnexteq] Similar to `DICTGETNEXT`, but computes the minimal key `k'` that is lexicographically greater than or equal to `k`.
**Category:** Dict Next (dict\_next)
```fift Fift DICTGETNEXTEQ ``` #### `F476` DICTGETPREV [#f476-dictgetprev] Similar to `DICTGETNEXT`, but computes the maximal key `k'` lexicographically smaller than `k`.
**Category:** Dict Next (dict\_next)
```fift Fift DICTGETPREV ``` #### `F477` DICTGETPREVEQ [#f477-dictgetpreveq] Similar to `DICTGETPREV`, but computes the maximal key `k'` lexicographically smaller than or equal to `k`.
**Category:** Dict Next (dict\_next)
```fift Fift DICTGETPREVEQ ``` #### `F478` DICTIGETNEXT [#f478-dictigetnext] Similar to `DICTGETNEXT`, but interprets all keys in dictionary `D` as big-endian signed `n`-bit integers, and computes the minimal key `i'` that is larger than *Integer* `i` (which does not necessarily fit into `n` bits).
**Category:** Dict Next (dict\_next)
```fift Fift DICTIGETNEXT ``` #### `F479` DICTIGETNEXTEQ [#f479-dictigetnexteq] Similar to `DICTGETNEXTEQ`, but interprets keys as signed `n`-bit integers.
**Category:** Dict Next (dict\_next)
```fift Fift DICTIGETNEXTEQ ``` #### `F47A` DICTIGETPREV [#f47a-dictigetprev] Similar to `DICTGETPREV`, but interprets keys as signed `n`-bit integers.
**Category:** Dict Next (dict\_next)
```fift Fift DICTIGETPREV ``` #### `F47B` DICTIGETPREVEQ [#f47b-dictigetpreveq] Similar to `DICTGETPREVEQ`, but interprets keys as signed `n`-bit integers.
**Category:** Dict Next (dict\_next)
```fift Fift DICTIGETPREVEQ ``` #### `F47C` DICTUGETNEXT [#f47c-dictugetnext] Similar to `DICTGETNEXT`, but interprets all keys in dictionary `D` as big-endian unsigned `n`-bit integers, and computes the minimal key `i'` that is larger than *Integer* `i` (which does not necessarily fit into `n` bits, and is not necessarily non-negative).
**Category:** Dict Next (dict\_next)
```fift Fift DICTUGETNEXT ``` #### `F47D` DICTUGETNEXTEQ [#f47d-dictugetnexteq] Similar to `DICTGETNEXTEQ`, but interprets keys as unsigned `n`-bit integers.
**Category:** Dict Next (dict\_next)
```fift Fift DICTUGETNEXTEQ ``` #### `F47E` DICTUGETPREV [#f47e-dictugetprev] Similar to `DICTGETPREV`, but interprets keys as unsigned `n`-bit integers.
**Category:** Dict Next (dict\_next)
```fift Fift DICTUGETPREV ``` #### `F47F` DICTUGETPREVEQ [#f47f-dictugetpreveq] Similar to `DICTGETPREVEQ`, but interprets keys a unsigned `n`-bit integers.
**Category:** Dict Next (dict\_next)
```fift Fift DICTUGETPREVEQ ``` #### `F482` DICTMIN [#f482-dictmin] Computes the minimal key `k` (represented by a *Slice* with `n` data bits) in dictionary `D`, and returns `k` along with the associated value `x`.
**Category:** Dict Min (dict\_min)
```fift Fift DICTMIN ``` #### `F483` DICTMINREF [#f483-dictminref] Similar to `DICTMIN`, but returns the only reference in the value as a *Cell* `c`.
**Category:** Dict Min (dict\_min)
```fift Fift DICTMINREF ``` #### `F484` DICTIMIN [#f484-dictimin] Similar to `DICTMIN`, but computes the minimal key `i` under the assumption that all keys are big-endian signed `n`-bit integers. Notice that the key and value returned may differ from those computed by `DICTMIN` and `DICTUMIN`.
**Category:** Dict Min (dict\_min)
```fift Fift DICTIMIN ``` #### `F485` DICTIMINREF [#f485-dictiminref] Similar to `DICTIMIN`, but returns the only reference in the value.
**Category:** Dict Min (dict\_min)
```fift Fift DICTIMINREF ``` #### `F486` DICTUMIN [#f486-dictumin] Similar to `DICTMIN`, but returns the key as an unsigned `n`-bit *Integer* `i`.
**Category:** Dict Min (dict\_min)
```fift Fift DICTUMIN ``` #### `F487` DICTUMINREF [#f487-dictuminref] Similar to `DICTUMIN`, but returns the only reference in the value.
**Category:** Dict Min (dict\_min)
```fift Fift DICTUMINREF ``` #### `F48A` DICTMAX [#f48a-dictmax] Computes the maximal key `k` (represented by a *Slice* with `n` data bits) in dictionary `D`, and returns `k` along with the associated value `x`.
**Category:** Dict Min (dict\_min)
```fift Fift DICTMAX ``` #### `F48B` DICTMAXREF [#f48b-dictmaxref] Similar to `DICTMAX`, but returns the only reference in the value.
**Category:** Dict Min (dict\_min)
```fift Fift DICTMAXREF ``` #### `F48C` DICTIMAX [#f48c-dictimax] Similar to `DICTMAX`, but computes the maximal key `i` under the assumption that all keys are big-endian signed `n`-bit integers. Notice that the key and value returned may differ from those computed by `DICTMAX` and `DICTUMAX`.
**Category:** Dict Min (dict\_min)
```fift Fift DICTIMAX ``` #### `F48D` DICTIMAXREF [#f48d-dictimaxref] Similar to `DICTIMAX`, but returns the only reference in the value.
**Category:** Dict Min (dict\_min)
```fift Fift DICTIMAXREF ``` #### `F48E` DICTUMAX [#f48e-dictumax] Similar to `DICTMAX`, but returns the key as an unsigned `n`-bit *Integer* `i`.
**Category:** Dict Min (dict\_min)
```fift Fift DICTUMAX ``` #### `F48F` DICTUMAXREF [#f48f-dictumaxref] Similar to `DICTUMAX`, but returns the only reference in the value.
**Category:** Dict Min (dict\_min)
```fift Fift DICTUMAXREF ``` #### `F492` DICTREMMIN [#f492-dictremmin] Computes the minimal key `k` (represented by a *Slice* with `n` data bits) in dictionary `D`, removes `k` from the dictionary, and returns `k` along with the associated value `x` and the modified dictionary `D'`.
**Category:** Dict Min (dict\_min)
```fift Fift DICTREMMIN ``` #### `F493` DICTREMMINREF [#f493-dictremminref] Similar to `DICTREMMIN`, but returns the only reference in the value as a *Cell* `c`.
**Category:** Dict Min (dict\_min)
```fift Fift DICTREMMINREF ``` #### `F494` DICTIREMMIN [#f494-dictiremmin] Similar to `DICTREMMIN`, but computes the minimal key `i` under the assumption that all keys are big-endian signed `n`-bit integers. Notice that the key and value returned may differ from those computed by `DICTREMMIN` and `DICTUREMMIN`.
**Category:** Dict Min (dict\_min)
```fift Fift DICTIREMMIN ``` #### `F495` DICTIREMMINREF [#f495-dictiremminref] Similar to `DICTIREMMIN`, but returns the only reference in the value.
**Category:** Dict Min (dict\_min)
```fift Fift DICTIREMMINREF ``` #### `F496` DICTUREMMIN [#f496-dicturemmin] Similar to `DICTREMMIN`, but returns the key as an unsigned `n`-bit *Integer* `i`.
**Category:** Dict Min (dict\_min)
```fift Fift DICTUREMMIN ``` #### `F497` DICTUREMMINREF [#f497-dicturemminref] Similar to `DICTUREMMIN`, but returns the only reference in the value.
**Category:** Dict Min (dict\_min)
```fift Fift DICTUREMMINREF ``` #### `F49A` DICTREMMAX [#f49a-dictremmax] Computes the maximal key `k` (represented by a *Slice* with `n` data bits) in dictionary `D`, removes `k` from the dictionary, and returns `k` along with the associated value `x` and the modified dictionary `D'`.
**Category:** Dict Min (dict\_min)
```fift Fift DICTREMMAX ``` #### `F49B` DICTREMMAXREF [#f49b-dictremmaxref] Similar to `DICTREMMAX`, but returns the only reference in the value as a *Cell* `c`.
**Category:** Dict Min (dict\_min)
```fift Fift DICTREMMAXREF ``` #### `F49C` DICTIREMMAX [#f49c-dictiremmax] Similar to `DICTREMMAX`, but computes the minimal key `i` under the assumption that all keys are big-endian signed `n`-bit integers. Notice that the key and value returned may differ from those computed by `DICTREMMAX` and `DICTUREMMAX`.
**Category:** Dict Min (dict\_min)
```fift Fift DICTIREMMAX ``` #### `F49D` DICTIREMMAXREF [#f49d-dictiremmaxref] Similar to `DICTIREMMAX`, but returns the only reference in the value.
**Category:** Dict Min (dict\_min)
```fift Fift DICTIREMMAXREF ``` #### `F49E` DICTUREMMAX [#f49e-dicturemmax] Similar to `DICTREMMAX`, but returns the key as an unsigned `n`-bit *Integer* `i`.
**Category:** Dict Min (dict\_min)
```fift Fift DICTUREMMAX ``` #### `F49F` DICTUREMMAXREF [#f49f-dicturemmaxref] Similar to `DICTUREMMAX`, but returns the only reference in the value.
**Category:** Dict Min (dict\_min)
```fift Fift DICTUREMMAXREF ``` #### `F4A0` DICTIGETJMP [#f4a0-dictigetjmp] Similar to `DICTIGET`, but with `x` `BLESS`ed into a continuation with a subsequent `JMPX` to it on success. On failure, does nothing. This is useful for implementing `switch`/`case` constructions.
**Category:** Dict Special (dict\_special)
```fift Fift DICTIGETJMP ``` #### `F4A1` DICTUGETJMP [#f4a1-dictugetjmp] Similar to `DICTIGETJMP`, but performs `DICTUGET` instead of `DICTIGET`.
**Category:** Dict Special (dict\_special)
```fift Fift DICTUGETJMP ``` #### `F4A2` DICTIGETEXEC [#f4a2-dictigetexec] Similar to `DICTIGETJMP`, but with `EXECUTE` instead of `JMPX`.
**Category:** Dict Special (dict\_special)
```fift Fift DICTIGETEXEC ``` #### `F4A3` DICTUGETEXEC [#f4a3-dictugetexec] Similar to `DICTUGETJMP`, but with `EXECUTE` instead of `JMPX`.
**Category:** Dict Special (dict\_special)
```fift Fift DICTUGETEXEC ``` #### `F4A6_n` DICTPUSHCONST [#f4a6_n-dictpushconst] Pushes a non-empty constant dictionary `D` (as a `Cell^?`) along with its key length `0 <= n <= 1023`, stored as a part of the instruction. The dictionary itself is created from the first of remaining references of the current continuation. In this way, the complete `DICTPUSHCONST` instruction can be obtained by first serializing `xF4A4_`, then the non-empty dictionary itself (one `1` bit and a cell reference), and then the unsigned 10-bit integer `n` (as if by a `STU 10` instruction). An empty dictionary can be pushed by a `NEWDICT` primitive instead.
**Category:** Dict Special (dict\_special)
```fift Fift [ref] [n] DICTPUSHCONST ``` #### `F4A8` PFXDICTGETQ [#f4a8-pfxdictgetq] Looks up the unique prefix of *Slice* `s` present in the prefix code dictionary represented by `Cell^?` `D` and `0 <= n <= 1023`. If found, the prefix of `s` is returned as `s'`, and the corresponding value (also a *Slice*) as `x`. The remainder of `s` is returned as a *Slice* `s''`. If no prefix of `s` is a key in prefix code dictionary `D`, returns the unchanged `s` and a zero flag to indicate failure.
**Category:** Dict Special (dict\_special)
```fift Fift PFXDICTGETQ ``` #### `F4A9` PFXDICTGET [#f4a9-pfxdictget] Similar to `PFXDICTGET`, but throws a cell deserialization failure exception on failure.
**Category:** Dict Special (dict\_special)
```fift Fift PFXDICTGET ``` #### `F4AA` PFXDICTGETJMP [#f4aa-pfxdictgetjmp] Similar to `PFXDICTGETQ`, but on success `BLESS`es the value `x` into a *Continuation* and transfers control to it as if by a `JMPX`. On failure, returns `s` unchanged and continues execution.
**Category:** Dict Special (dict\_special)
```fift Fift PFXDICTGETJMP ``` #### `F4AB` PFXDICTGETEXEC [#f4ab-pfxdictgetexec] Similar to `PFXDICTGETJMP`, but `EXEC`utes the continuation found instead of jumping to it. On failure, throws a cell deserialization exception.
**Category:** Dict Special (dict\_special)
```fift Fift PFXDICTGETEXEC ``` #### `F4AE_n` PFXDICTCONSTGETJMP [#f4ae_n-pfxdictconstgetjmp] Combines `[n] DICTPUSHCONST` for `0 <= n <= 1023` with `PFXDICTGETJMP`.
**Category:** Dict Special (dict\_special)
```fift Fift [ref] [n] PFXDICTCONSTGETJMP [ref] [n] PFXDICTSWITCH ``` #### `F4BC` DICTIGETJMPZ [#f4bc-dictigetjmpz] A variant of `DICTIGETJMP` that returns index `i` on failure.
**Category:** Dict Special (dict\_special)
```fift Fift DICTIGETJMPZ ``` #### `F4BD` DICTUGETJMPZ [#f4bd-dictugetjmpz] A variant of `DICTUGETJMP` that returns index `i` on failure.
**Category:** Dict Special (dict\_special)
```fift Fift DICTUGETJMPZ ``` #### `F4BE` DICTIGETEXECZ [#f4be-dictigetexecz] A variant of `DICTIGETEXEC` that returns index `i` on failure.
**Category:** Dict Special (dict\_special)
```fift Fift DICTIGETEXECZ ``` #### `F4BF` DICTUGETEXECZ [#f4bf-dictugetexecz] A variant of `DICTUGETEXEC` that returns index `i` on failure.
**Category:** Dict Special (dict\_special)
```fift Fift DICTUGETEXECZ ``` #### `F4B1` SUBDICTGET [#f4b1-subdictget] Constructs a subdictionary consisting of all keys beginning with prefix `k` (represented by a *Slice*, the first `0 <= l <= n <= 1023` data bits of which are used as a key) of length `l` in dictionary `D` of type `HashmapE(n,X)` with `n`-bit keys. On success, returns the new subdictionary of the same type `HashmapE(n,X)` as a *Slice* `D'`.
**Category:** Dict Sub (dict\_sub)
```fift Fift SUBDICTGET ``` #### `F4B2` SUBDICTIGET [#f4b2-subdictiget] Variant of `SUBDICTGET` with the prefix represented by a signed big-endian `l`-bit *Integer* `x`, where necessarily `l <= 257`.
**Category:** Dict Sub (dict\_sub)
```fift Fift SUBDICTIGET ``` #### `F4B3` SUBDICTUGET [#f4b3-subdictuget] Variant of `SUBDICTGET` with the prefix represented by an unsigned big-endian `l`-bit *Integer* `x`, where necessarily `l <= 256`.
**Category:** Dict Sub (dict\_sub)
```fift Fift SUBDICTUGET ``` #### `F4B5` SUBDICTRPGET [#f4b5-subdictrpget] Similar to `SUBDICTGET`, but removes the common prefix `k` from all keys of the new dictionary `D'`, which becomes of type `HashmapE(n-l,X)`.
**Category:** Dict Sub (dict\_sub)
```fift Fift SUBDICTRPGET ``` #### `F4B6` SUBDICTIRPGET [#f4b6-subdictirpget] Variant of `SUBDICTRPGET` with the prefix represented by a signed big-endian `l`-bit *Integer* `x`, where necessarily `l <= 257`.
**Category:** Dict Sub (dict\_sub)
```fift Fift SUBDICTIRPGET ``` #### `F4B7` SUBDICTURPGET [#f4b7-subdicturpget] Variant of `SUBDICTRPGET` with the prefix represented by an unsigned big-endian `l`-bit *Integer* `x`, where necessarily `l <= 256`.
**Category:** Dict Sub (dict\_sub)
```fift Fift SUBDICTURPGET ``` #### `F800` ACCEPT [#f800-accept] Sets current gas limit `g_l` to its maximal allowed value `g_m`, and resets the gas credit `g_c` to zero, decreasing the value of `g_r` by `g_c` in the process.
In other words, the current smart contract agrees to buy some gas to finish the current transaction. This action is required to process external messages, which bring no value (hence no gas) with themselves.
**Category:** App Gas (app\_gas)
```fift Fift ACCEPT ``` #### `F801` SETGASLIMIT [#f801-setgaslimit] Sets current gas limit `g_l` to the minimum of `g` and `g_m`, and resets the gas credit `g_c` to zero. If the gas consumed so far (including the present instruction) exceeds the resulting value of `g_l`, an (unhandled) out of gas exception is thrown before setting new gas limits. Notice that `SETGASLIMIT` with an argument `g >= 2^63-1` is equivalent to `ACCEPT`.
**Category:** App Gas (app\_gas)
```fift Fift SETGASLIMIT ``` #### `F807` GASCONSUMED [#f807-gasconsumed] Returns gas consumed by VM so far (including this instruction).
**Category:** App Gas (app\_gas)
```fift Fift GASCONSUMED ``` #### `F80F` COMMIT [#f80f-commit] Commits the current state of registers `c4` (''persistent data'') and `c5` (''actions'') so that the current execution is considered ''successful'' with the saved values even if an exception is thrown later.
**Category:** App Gas (app\_gas)
```fift Fift COMMIT ``` #### `F810` RANDU256 [#f810-randu256] Generates a new pseudo-random unsigned 256-bit *Integer* `x`. The algorithm is as follows: if `r` is the old value of the random seed, considered as a 32-byte array (by constructing the big-endian representation of an unsigned 256-bit integer), then its `sha512(r)` is computed; the first 32 bytes of this hash are stored as the new value `r'` of the random seed, and the remaining 32 bytes are returned as the next random value `x`.
**Category:** App Rnd (app\_rnd)
```fift Fift RANDU256 ``` #### `F811` RAND [#f811-rand] Generates a new pseudo-random integer `z` in the range `0...y-1` (or `y...-1`, if `y<0`). More precisely, an unsigned random value `x` is generated as in `RAND256U`; then `z:=floor(x*y/2^256)` is computed.
Equivalent to `RANDU256` `256 MULRSHIFT`.
**Category:** App Rnd (app\_rnd)
```fift Fift RAND ``` #### `F814` SETRAND [#f814-setrand] Sets the random seed to unsigned 256-bit *Integer* `x`.
**Category:** App Rnd (app\_rnd)
```fift Fift SETRAND ``` #### `F815` ADDRAND [#f815-addrand] Mixes unsigned 256-bit *Integer* `x` into the random seed `r` by setting the random seed to `Sha` of the concatenation of two 32-byte strings: the first with the big-endian representation of the old seed `r`, and the second with the big-endian representation of `x`.
**Category:** App Rnd (app\_rnd)
```fift Fift ADDRAND RANDOMIZE ``` #### `F82i` GETPARAM [#f82i-getparam] Returns the `i`-th parameter from the *Tuple* provided at `c7` for `0 <= i <= 15`. Equivalent to `c7 PUSHCTR` `FIRST` `[i] INDEX`.
If one of these internal operations fails, throws an appropriate type checking or range checking exception.
**Category:** App Config (app\_config)
```fift Fift [i] GETPARAM ``` **Aliases**: * `NOW`
Returns the current Unix time as an *Integer*. If it is impossible to recover the requested value starting from `c7`, throws a type checking or range checking exception as appropriate.
Equivalent to `3 GETPARAM`. * `BLOCKLT`
Returns the starting logical time of the current block.
Equivalent to `4 GETPARAM`. * `LTIME`
Returns the logical time of the current transaction.
Equivalent to `5 GETPARAM`. * `RANDSEED`
Returns the current random seed as an unsigned 256-bit *Integer*.
Equivalent to `6 GETPARAM`. * `BALANCE`
Returns the remaining balance of the smart contract as a *Tuple* consisting of an *Integer* (the remaining Gram balance in nanograms) and a *Maybe Cell* (a dictionary with 32-bit keys representing the balance of ''extra currencies'').
Equivalent to `7 GETPARAM`.
Note that `RAW` primitives such as `SENDRAWMSG` do not update this field. * `MYADDR`
Returns the internal address of the current smart contract as a *Slice* with a `MsgAddressInt`. If necessary, it can be parsed further using primitives such as `PARSEMSGADDR` or `REWRITESTDADDR`.
Equivalent to `8 GETPARAM`. * `CONFIGROOT`
Returns the *Maybe Cell* `D` with the current global configuration dictionary. Equivalent to `9 GETPARAM `. * `MYCODE`
Retrieves code of smart-contract from c7. Equivalent to `10 GETPARAM `. * `INCOMINGVALUE`
Retrieves value of incoming message from c7. Equivalent to `11 GETPARAM `. * `STORAGEFEES`
Retrieves value of storage phase fees from c7. Equivalent to `12 GETPARAM `. * `PREVBLOCKSINFOTUPLE`
Retrives PrevBlocksInfo: `[last_mc_blocks, prev_key_block]` from c7. Equivalent to `13 GETPARAM `. * `UNPACKEDCONFIGTUPLE`
Retrives tuple that contains some config parameters as cell slices. If the parameter is absent from the config, the value is null. Values:
\* **0**: `StoragePrices` from `ConfigParam 18`. Not the whole dict, but only the one StoragePrices entry (one which corresponds to the current time).
\* **1**: `ConfigParam 19` (global id).
\* **2**: `ConfigParam 20` (mc gas prices).
\* **3**: `ConfigParam 21` (gas prices).
\* **4**: `ConfigParam 24` (mc fwd fees).
\* **5**: `ConfigParam 25` (fwd fees).
\* **6**: `ConfigParam 43` (size limits). * `DUEPAYMENT`
Retrives current debt for storage fee (nanotons). #### `F830` CONFIGDICT [#f830-configdict] Returns the global configuration dictionary along with its key length (32).
Equivalent to `CONFIGROOT` `32 PUSHINT`.
**Category:** App Config (app\_config)
```fift Fift CONFIGDICT ``` #### `F832` CONFIGPARAM [#f832-configparam] Returns the value of the global configuration parameter with integer index `i` as a *Cell* `c`, and a flag to indicate success.
Equivalent to `CONFIGDICT` `DICTIGETREF`.
**Category:** App Config (app\_config)
```fift Fift CONFIGPARAM ``` #### `F833` CONFIGOPTPARAM [#f833-configoptparam] Returns the value of the global configuration parameter with integer index `i` as a *Maybe Cell* `c^?`.
Equivalent to `CONFIGDICT` `DICTIGETOPTREF`.
**Category:** App Config (app\_config)
```fift Fift CONFIGOPTPARAM ``` #### `F83400` PREVMCBLOCKS [#f83400-prevmcblocks] Retrives `last_mc_blocks` part of PrevBlocksInfo from c7 (parameter 13).
**Category:** App Config (app\_config)
```fift Fift PREVMCBLOCKS ``` #### `F83401` PREVKEYBLOCK [#f83401-prevkeyblock] Retrives `prev_key_block` part of PrevBlocksInfo from c7 (parameter 13).
**Category:** App Config (app\_config)
```fift Fift PREVKEYBLOCK ``` #### `F83402` PREVMCBLOCKS\_100 [#f83402-prevmcblocks_100] Retrives `last_mc_blocks_divisible_by_100` part of PrevBlocksInfo from c7 (parameter 13).
**Category:** App Config (app\_config)
```fift Fift PREVMCBLOCKS_100 ``` #### `F835` GLOBALID [#f835-globalid] Retrieves `global_id` from 19 network config.
**Category:** App Config (app\_config)
```fift Fift GLOBALID ``` #### `F836` GETGASFEE [#f836-getgasfee] Calculates gas fee
**Category:** App Config (app\_config)
```fift Fift GETGASFEE ``` #### `F837` GETSTORAGEFEE [#f837-getstoragefee] Calculates storage fees (only current StoragePrices entry is used).
**Category:** App Config (app\_config)
```fift Fift GETSTORAGEFEE ``` #### `F838` GETFORWARDFEE [#f838-getforwardfee] Calculates forward fee.
**Category:** App Config (app\_config)
```fift Fift GETFORWARDFEE ``` #### `F839` GETPRECOMPILEDGAS [#f839-getprecompiledgas] Returns gas usage for the current contract if it is precompiled, `null` otherwise.
**Category:** App Config (app\_config)
```fift Fift GETPRECOMPILEDGAS ``` #### `F83A` GETORIGINALFWDFEE [#f83a-getoriginalfwdfee] Calculate `(fwd_fee * 2^16) / (2^16 - first_frac)`. Can be used to get the original `fwd_fee` of the message.
**Category:** App Config (app\_config)
```fift Fift GETORIGINALFWDFEE ``` #### `F83B` GETGASFEESIMPLE [#f83b-getgasfeesimple] Same as `GETGASFEE`, but without flat price (just `(gas_used * price) / 2^16)`.
**Category:** App Config (app\_config)
```fift Fift GETGASFEESIMPLE ``` #### `F83C` GETFORWARDFEESIMPLE [#f83c-getforwardfeesimple] Same as `GETFORWARDFEE`, but without lump price (just (`bits*bit_price + cells*cell_price) / 2^16`).
**Category:** App Config (app\_config)
```fift Fift GETFORWARDFEESIMPLE ``` #### `F840` GETGLOBVAR [#f840-getglobvar] Returns the `k`-th global variable for `0 <= k < 255`.
Equivalent to `c7 PUSHCTR` `SWAP` `INDEXVARQ`.
**Category:** App Global (app\_global)
```fift Fift GETGLOBVAR ``` #### `F85_k` GETGLOB [#f85_k-getglob] Returns the `k`-th global variable for `1 <= k <= 31`.
Equivalent to `c7 PUSHCTR` `[k] INDEXQ`.
**Category:** App Global (app\_global)
```fift Fift [k] GETGLOB ``` #### `F860` SETGLOBVAR [#f860-setglobvar] Assigns `x` to the `k`-th global variable for `0 <= k < 255`.
Equivalent to `c7 PUSHCTR` `ROTREV` `SETINDEXVARQ` `c7 POPCTR`.
**Category:** App Global (app\_global)
```fift Fift SETGLOBVAR ``` #### `F87_k` SETGLOB [#f87_k-setglob] Assigns `x` to the `k`-th global variable for `1 <= k <= 31`.
Equivalent to `c7 PUSHCTR` `SWAP` `k SETINDEXQ` `c7 POPCTR`.
**Category:** App Global (app\_global)
```fift Fift [k] SETGLOB ``` #### `F880` GETEXTRABALANCE [#f880-getextrabalance] Takes id of the extra currency (integer in range `0..2^32-1`), returns the amount of this extra currency on the account balance. The first `5` executions of `GETEXTRABALANCE` consume at most `26 + 200` gas each. The subsequent executions incur the full gas cost of `26` (normal instruction cost) plus gas for loading cells (up to `3300` if the dictionary has maximum depth).
**Category:** App Global (app\_global)
```fift Fift GETEXTRABALANCE ``` #### `F881ii` GETPARAMLONG [#f881ii-getparamlong] Returns the `i`-th parameter from the *Tuple* provided at `c7` for `0 <= i <= 255`. Equivalent to `c7 PUSHCTR` `FIRST` `[i] INDEX`.
If one of these internal operations fails, throws an appropriate type checking or range checking exception.
**Category:** App Config (app\_config)
```fift Fift [i] GETPARAMLONG ``` #### `F89i` INMSGPARAM [#f89i-inmsgparam] Equivalent to `INMSGPARAMS` `i INDEX`
**Category:** App Config (app\_config)
```fift Fift [i] INMSGPARAM ``` **Aliases**: * `INMSG_BOUNCE`
Retrives `bounce` flag of incoming message. * `INMSG_BOUNCED`
Retrives `bounced` flag of incoming message. * `INMSG_SRC`
Retrives `src` flag of incoming message. * `INMSG_FWDFEE`
Retrives `fwd_fee` field of incoming message. * `INMSG_LT`
Retrives `lt` field of incoming message. * `INMSG_UTIME`
Retrives `utime` field of incoming message. * `INMSG_ORIGVALUE`
Retrives original value of the message. This is sometimes different from the value in `INCOMINGVALUE` and TVM stack because of storage fees. * `INMSG_VALUE`
Retrives value of the message after deducting storage fees. This is same as in `INCOMINGVALUE` and TVM stack. * `INMSG_VALUEEXTRA`
Same as in `INCOMINGVALUE`. * `INMSG_STATEINIT`
Retrieves `init` field of the incoming message. #### `F900` HASHCU [#f900-hashcu] Computes the representation hash of a *Cell* `c` and returns it as a 256-bit unsigned integer `x`. Useful for signing and checking signatures of arbitrary entities represented by a tree of cells.
**Category:** App Crypto (app\_crypto)
```fift Fift HASHCU ``` #### `F901` HASHSU [#f901-hashsu] Computes the hash of a *Slice* `s` and returns it as a 256-bit unsigned integer `x`. The result is the same as if an ordinary cell containing only data and references from `s` had been created and its hash computed by `HASHCU`.
**Category:** App Crypto (app\_crypto)
```fift Fift HASHSU ``` #### `F902` SHA256U [#f902-sha256u] Computes `Sha` of the data bits of *Slice* `s`. If the bit length of `s` is not divisible by eight, throws a cell underflow exception. The hash value is returned as a 256-bit unsigned integer `x`.
**Category:** App Crypto (app\_crypto)
```fift Fift SHA256U ``` #### `F90400` HASHEXT\_SHA256 [#f90400-hashext_sha256] Calculates and returns hash of the concatenation of slices (or builders) `s_1...s_n`.
**Category:** App Crypto (app\_crypto)
```fift Fift HASHEXT_SHA256 ``` #### `F90401` HASHEXT\_SHA512 [#f90401-hashext_sha512] Calculates and returns hash of the concatenation of slices (or builders) `s_1...s_n`.
**Category:** App Crypto (app\_crypto)
```fift Fift HASHEXT_SHA512 ``` #### `F90402` HASHEXT\_BLAKE2B [#f90402-hashext_blake2b] Calculates and returns hash of the concatenation of slices (or builders) `s_1...s_n`.
**Category:** App Crypto (app\_crypto)
```fift Fift HASHEXT_BLAKE2B ``` #### `F90403` HASHEXT\_KECCAK256 [#f90403-hashext_keccak256] Calculates and returns hash of the concatenation of slices (or builders) `s_1...s_n`.
**Category:** App Crypto (app\_crypto)
```fift Fift HASHEXT_KECCAK256 ``` #### `F90404` HASHEXT\_KECCAK512 [#f90404-hashext_keccak512] Calculates and returns hash of the concatenation of slices (or builders) `s_1...s_n`.
**Category:** App Crypto (app\_crypto)
```fift Fift HASHEXT_KECCAK512 ``` #### `F90500` HASHEXTR\_SHA256 [#f90500-hashextr_sha256] Calculates and returns hash of the concatenation of slices (or builders) `s_1...s_n`.
**Category:** App Crypto (app\_crypto)
```fift Fift HASHEXTR_SHA256 ``` #### `F90501` HASHEXTR\_SHA512 [#f90501-hashextr_sha512] Calculates and returns hash of the concatenation of slices (or builders) `s_1...s_n`.
**Category:** App Crypto (app\_crypto)
```fift Fift HASHEXTR_SHA512 ``` #### `F90502` HASHEXTR\_BLAKE2B [#f90502-hashextr_blake2b] Calculates and returns hash of the concatenation of slices (or builders) `s_1...s_n`.
**Category:** App Crypto (app\_crypto)
```fift Fift HASHEXTR_BLAKE2B ``` #### `F90503` HASHEXTR\_KECCAK256 [#f90503-hashextr_keccak256] Calculates and returns hash of the concatenation of slices (or builders) `s_1...s_n`.
**Category:** App Crypto (app\_crypto)
```fift Fift HASHEXTR_KECCAK256 ``` #### `F90504` HASHEXTR\_KECCAK512 [#f90504-hashextr_keccak512] Calculates and returns hash of the concatenation of slices (or builders) `s_1...s_n`.
**Category:** App Crypto (app\_crypto)
```fift Fift HASHEXTR_KECCAK512 ``` #### `F90600` HASHEXTA\_SHA256 [#f90600-hashexta_sha256] Calculates hash of the concatenation of slices (or builders) `s_1...s_n`. Appends the resulting hash to a builder `b`.
**Category:** App Crypto (app\_crypto)
```fift Fift HASHEXTA_SHA256 ``` #### `F90601` HASHEXTA\_SHA512 [#f90601-hashexta_sha512] Calculates hash of the concatenation of slices (or builders) `s_1...s_n`. Appends the resulting hash to a builder `b`.
**Category:** App Crypto (app\_crypto)
```fift Fift HASHEXTA_SHA512 ``` #### `F90602` HASHEXTA\_BLAKE2B [#f90602-hashexta_blake2b] Calculates hash of the concatenation of slices (or builders) `s_1...s_n`. Appends the resulting hash to a builder `b`.
**Category:** App Crypto (app\_crypto)
```fift Fift HASHEXTA_BLAKE2B ``` #### `F90603` HASHEXTA\_KECCAK256 [#f90603-hashexta_keccak256] Calculates hash of the concatenation of slices (or builders) `s_1...s_n`. Appends the resulting hash to a builder `b`.
**Category:** App Crypto (app\_crypto)
```fift Fift HASHEXTA_KECCAK256 ``` #### `F90604` HASHEXTA\_KECCAK512 [#f90604-hashexta_keccak512] Calculates hash of the concatenation of slices (or builders) `s_1...s_n`. Appends the resulting hash to a builder `b`.
**Category:** App Crypto (app\_crypto)
```fift Fift HASHEXTA_KECCAK512 ``` #### `F90700` HASHEXTAR\_SHA256 [#f90700-hashextar_sha256] Calculates hash of the concatenation of slices (or builders) `s_1...s_n`. Appends the resulting hash to a builder `b`.
**Category:** App Crypto (app\_crypto)
```fift Fift HASHEXTAR_SHA256 ``` #### `F90701` HASHEXTAR\_SHA512 [#f90701-hashextar_sha512] Calculates hash of the concatenation of slices (or builders) `s_1...s_n`. Appends the resulting hash to a builder `b`.
**Category:** App Crypto (app\_crypto)
```fift Fift HASHEXTAR_SHA512 ``` #### `F90702` HASHEXTAR\_BLAKE2B [#f90702-hashextar_blake2b] Calculates hash of the concatenation of slices (or builders) `s_1...s_n`. Appends the resulting hash to a builder `b`.
**Category:** App Crypto (app\_crypto)
```fift Fift HASHEXTAR_BLAKE2B ``` #### `F90703` HASHEXTAR\_KECCAK256 [#f90703-hashextar_keccak256] Calculates hash of the concatenation of slices (or builders) `s_1...s_n`. Appends the resulting hash to a builder `b`.
**Category:** App Crypto (app\_crypto)
```fift Fift HASHEXTAR_KECCAK256 ``` #### `F90704` HASHEXTAR\_KECCAK512 [#f90704-hashextar_keccak512] Calculates hash of the concatenation of slices (or builders) `s_1...s_n`. Appends the resulting hash to a builder `b`.
**Category:** App Crypto (app\_crypto)
```fift Fift HASHEXTAR_KECCAK512 ``` #### `F910` CHKSIGNU [#f910-chksignu] Checks the Ed25519-signature `s` of a hash `h` (a 256-bit unsigned integer, usually computed as the hash of some data) using public key `k` (also represented by a 256-bit unsigned integer).
The signature `s` must be a *Slice* containing at least 512 data bits; only the first 512 bits are used. The result is `-1` if the signature is valid, `0` otherwise.
Notice that `CHKSIGNU` is equivalent to `ROT` `NEWC` `256 STU` `ENDC` `ROTREV` `CHKSIGNS`, i.e., to `CHKSIGNS` with the first argument `d` set to 256-bit *Slice* containing `h`. Therefore, if `h` is computed as the hash of some data, these data are hashed *twice*, the second hashing occurring inside `CHKSIGNS`.
**Category:** App Crypto (app\_crypto)
```fift Fift CHKSIGNU ``` #### `F911` CHKSIGNS [#f911-chksigns] Checks whether `s` is a valid Ed25519-signature of the data portion of *Slice* `d` using public key `k`, similarly to `CHKSIGNU`. If the bit length of *Slice* `d` is not divisible by eight, throws a cell underflow exception. The verification of Ed25519 signatures is the standard one, with `Sha` used to reduce `d` to the 256-bit number that is actually signed.
**Category:** App Crypto (app\_crypto)
```fift Fift CHKSIGNS ``` #### `F912` ECRECOVER [#f912-ecrecover] Recovers the public key from a secp256k1 signature, identical to Bitcoin/Ethereum operations. Takes a 32-byte hash as `uint256 hash` and a 65-byte signature as `uint8 v`, `uint256 r`, and `uint256 s`. In TON, the `v` value is strictly 0 or 1; no extra flags or extended values are supported. If the public key cannot be recovered, the instruction returns `0`. On success, it returns the recovered 65-byte public key as `uint8 h`, `uint256 x1`, and `uint256 x2`, followed by `-1`.
**Category:** App Crypto (app\_crypto)
```fift Fift ECRECOVER ``` #### `F913` SECP256K1\_XONLY\_PUBKEY\_TWEAK\_ADD [#f913-secp256k1_xonly_pubkey_tweak_add] performs [`secp256k1_xonly_pubkey_tweak_add`](https://github.com/bitcoin-core/secp256k1/blob/master/include/secp256k1_extrakeys.h#L120). `key` and `tweak` are 256-bit unsigned integers. 65-byte public key is returned as `uint8 f`, `uint256 x, y` (as in `ECRECOVER`).
**Category:** App Crypto (app\_crypto)
```fift Fift SECP256K1_XONLY_PUBKEY_TWEAK_ADD ``` #### `F914` P256\_CHKSIGNU [#f914-p256_chksignu] Checks seck256r1-signature `sig` of a number `h` (a 256-bit unsigned integer, usually computed as the hash of some data) and public key `k`. Returns -1 on success, 0 on failure. Public key is a 33-byte slice (encoded according to Sec. 2.3.4 point 2 of [SECG SEC 1](https://www.secg.org/sec1-v2.pdf)). Signature `sig` is a 64-byte slice (two 256-bit unsigned integers `r` and `s`).
**Category:** App Crypto (app\_crypto)
```fift Fift P256_CHKSIGNU ``` #### `F915` P256\_CHKSIGNS [#f915-p256_chksigns] Checks seck256r1-signature `sig` of data portion of slice `d` and public key `k`. Returns -1 on success, 0 on failure. Public key is a 33-byte slice (encoded according to Sec. 2.3.4 point 2 of [SECG SEC 1](https://www.secg.org/sec1-v2.pdf)). Signature `sig` is a 64-byte slice (two 256-bit unsigned integers `r` and `s`).
**Category:** App Crypto (app\_crypto)
```fift Fift P256_CHKSIGNS ``` #### `F916` HASHBU [#f916-hashbu] Same as `ENDC HASHCU`, but without gas cost for cell creation.
**Category:** App Crypto (app\_crypto)
```fift Fift HASHBU ``` #### `F920` RIST255\_FROMHASH [#f920-rist255_fromhash] Deterministically generates a valid point `x` from a 512-bit hash (given as two 256-bit integers).
**Category:** App Crypto (app\_crypto)
```fift Fift RIST255_FROMHASH ``` #### `F921` RIST255\_VALIDATE [#f921-rist255_validate] Checks that integer `x` is a valid representation of some curve point. Throws range\_chk on error.
**Category:** App Crypto (app\_crypto)
```fift Fift RIST255_VALIDATE ``` #### `F922` RIST255\_ADD [#f922-rist255_add] Addition of two points on a curve.
**Category:** App Crypto (app\_crypto)
```fift Fift RIST255_ADD ``` #### `F923` RIST255\_SUB [#f923-rist255_sub] Subtraction of two points on curve.
**Category:** App Crypto (app\_crypto)
```fift Fift RIST255_SUB ``` #### `F924` RIST255\_MUL [#f924-rist255_mul] Multiplies point `x` by a scalar `n`. Any `n` is valid, including negative.
**Category:** App Crypto (app\_crypto)
```fift Fift RIST255_MUL ``` #### `F925` RIST255\_MULBASE [#f925-rist255_mulbase] Multiplies the generator point `g` by a scalar `n`. Any `n` is valid, including negative.
**Category:** App Crypto (app\_crypto)
```fift Fift RIST255_MULBASE ``` #### `F926` RIST255\_PUSHL [#f926-rist255_pushl] Pushes integer l=2^252+27742317777372353535851937790883648493, which is the order of the group.
**Category:** App Crypto (app\_crypto)
```fift Fift RIST255_PUSHL ``` #### `B7F921` RIST255\_QVALIDATE [#b7f921-rist255_qvalidate] Checks that integer `x` is a valid representation of some curve point. Returns -1 on success and 0 on failure.
**Category:** App Crypto (app\_crypto)
```fift Fift RIST255_QVALIDATE ``` #### `B7F922` RIST255\_QADD [#b7f922-rist255_qadd] Addition of two points on a curve. Returns -1 on success and 0 on failure.
**Category:** App Crypto (app\_crypto)
```fift Fift RIST255_QADD ``` #### `B7F923` RIST255\_QSUB [#b7f923-rist255_qsub] Subtraction of two points on curve. Returns -1 on success and 0 on failure.
**Category:** App Crypto (app\_crypto)
```fift Fift RIST255_QSUB ``` #### `B7F924` RIST255\_QMUL [#b7f924-rist255_qmul] Multiplies point `x` by a scalar `n`. Any `n` is valid, including negative. Returns -1 on success and 0 on failure.
**Category:** App Crypto (app\_crypto)
```fift Fift RIST255_QMUL ``` #### `B7F925` RIST255\_QMULBASE [#b7f925-rist255_qmulbase] Multiplies the generator point `g` by a scalar `n`. Any `n` is valid, including negative.
**Category:** App Crypto (app\_crypto)
```fift Fift RIST255_QMULBASE ``` #### `F93000` BLS\_VERIFY [#f93000-bls_verify] Checks BLS signature, return true on success, false otherwise.
**Category:** App Crypto (app\_crypto)
```fift Fift BLS_VERIFY ``` #### `F93001` BLS\_AGGREGATE [#f93001-bls_aggregate] Aggregates signatures. `n>0`. Throw exception if `n=0` or if some `sig_i` is not a valid signature.
**Category:** App Crypto (app\_crypto)
```fift Fift BLS_AGGREGATE ``` #### `F93002` BLS\_FASTAGGREGATEVERIFY [#f93002-bls_fastaggregateverify] Checks aggregated BLS signature for keys `pk_1...pk_n` and message `msg`. Return true on success, false otherwise. Return false if `n=0`.
**Category:** App Crypto (app\_crypto)
```fift Fift BLS_FASTAGGREGATEVERIFY ``` #### `F93003` BLS\_AGGREGATEVERIFY [#f93003-bls_aggregateverify] Checks aggregated BLS signature for key-message pairs `pk_1 msg_1...pk_n msg_n`. Return true on success, false otherwise. Return false if `n=0`.
**Category:** App Crypto (app\_crypto)
```fift Fift BLS_AGGREGATEVERIFY ``` #### `F93010` BLS\_G1\_ADD [#f93010-bls_g1_add] Addition on G1.
**Category:** App Crypto (app\_crypto)
```fift Fift BLS_G1_ADD ``` #### `F93011` BLS\_G1\_SUB [#f93011-bls_g1_sub] Subtraction on G1.
**Category:** App Crypto (app\_crypto)
```fift Fift BLS_G1_SUB ``` #### `F93012` BLS\_G1\_NEG [#f93012-bls_g1_neg] Negation on G1.
**Category:** App Crypto (app\_crypto)
```fift Fift BLS_G1_NEG ``` #### `F93013` BLS\_G1\_MUL [#f93013-bls_g1_mul] Multiplies G1 point `x` by scalar `s`. Any `s` is valid, including negative.
**Category:** App Crypto (app\_crypto)
```fift Fift BLS_G1_MUL ``` #### `F93014` BLS\_G1\_MULTIEXP [#f93014-bls_g1_multiexp] Calculates `x_1*s_1+...+x_n*s_n` for G1 points `x_i` and scalars `s_i`. Returns zero point if `n=0`. Any `s_i` is valid, including negative.
**Category:** App Crypto (app\_crypto)
```fift Fift BLS_G1_MULTIEXP ``` #### `F93015` BLS\_G1\_ZERO [#f93015-bls_g1_zero] Pushes zero point in G1.
**Category:** App Crypto (app\_crypto)
```fift Fift BLS_G1_ZERO ``` #### `F93016` BLS\_MAP\_TO\_G1 [#f93016-bls_map_to_g1] Converts FP element `f` to a G1 point.
**Category:** App Crypto (app\_crypto)
```fift Fift BLS_MAP_TO_G1 ``` #### `F93017` BLS\_G1\_INGROUP [#f93017-bls_g1_ingroup] Checks that slice `x` represents a valid element of G1.
**Category:** App Crypto (app\_crypto)
```fift Fift BLS_G1_INGROUP ``` #### `F93018` BLS\_G1\_ISZERO [#f93018-bls_g1_iszero] Checks that G1 point `x` is equal to zero.
**Category:** App Crypto (app\_crypto)
```fift Fift BLS_G1_ISZERO ``` #### `F93020` BLS\_G2\_ADD [#f93020-bls_g2_add] Addition on G2.
**Category:** App Crypto (app\_crypto)
```fift Fift BLS_G2_ADD ``` #### `F93021` BLS\_G2\_SUB [#f93021-bls_g2_sub] Subtraction on G2.
**Category:** App Crypto (app\_crypto)
```fift Fift BLS_G2_SUB ``` #### `F93022` BLS\_G2\_NEG [#f93022-bls_g2_neg] Negation on G2.
**Category:** App Crypto (app\_crypto)
```fift Fift BLS_G2_NEG ``` #### `F93023` BLS\_G2\_MUL [#f93023-bls_g2_mul] Multiplies G2 point `x` by scalar `s`. Any `s` is valid, including negative.
**Category:** App Crypto (app\_crypto)
```fift Fift BLS_G2_MUL ``` #### `F93024` BLS\_G2\_MULTIEXP [#f93024-bls_g2_multiexp] Calculates `x_1*s_1+...+x_n*s_n` for G2 points `x_i` and scalars `s_i`. Returns zero point if `n=0`. Any `s_i` is valid, including negative.
**Category:** App Crypto (app\_crypto)
```fift Fift BLS_G2_MULTIEXP ``` #### `F93025` BLS\_G2\_ZERO [#f93025-bls_g2_zero] Pushes zero point in G2.
**Category:** App Crypto (app\_crypto)
```fift Fift BLS_G2_ZERO ``` #### `F93026` BLS\_MAP\_TO\_G2 [#f93026-bls_map_to_g2] Converts FP2 element `f` to a G2 point.
**Category:** App Crypto (app\_crypto)
```fift Fift BLS_MAP_TO_G2 ``` #### `F93027` BLS\_G2\_INGROUP [#f93027-bls_g2_ingroup] Checks that slice `x` represents a valid element of G2.
**Category:** App Crypto (app\_crypto)
```fift Fift BLS_G2_INGROUP ``` #### `F93028` BLS\_G2\_ISZERO [#f93028-bls_g2_iszero] Checks that G2 point `x` is equal to zero.
**Category:** App Crypto (app\_crypto)
```fift Fift BLS_G2_ISZERO ``` #### `F93030` BLS\_PAIRING [#f93030-bls_pairing] Given G1 points `x_i` and G2 points `y_i`, calculates and multiply pairings of `x_i,y_i`. Returns true if the result is the multiplicative identity in FP12, false otherwise. Returns false if `n=0`.
**Category:** App Crypto (app\_crypto)
```fift Fift BLS_PAIRING ``` #### `F93031` BLS\_PUSHR [#f93031-bls_pushr] Pushes the order of G1 and G2 (approx. `2^255`).
**Category:** App Crypto (app\_crypto)
```fift Fift BLS_PUSHR ``` #### `F940` CDATASIZEQ [#f940-cdatasizeq] Recursively computes the count of distinct cells `x`, data bits `y`, and cell references `z` in the dag rooted at *Cell* `c`, effectively returning the total storage used by this dag taking into account the identification of equal cells. The values of `x`, `y`, and `z` are computed by a depth-first traversal of this dag, with a hash table of visited cell hashes used to prevent visits of already-visited cells. The total count of visited cells `x` cannot exceed non-negative *Integer* `n`; otherwise the computation is aborted before visiting the `(n+1)`-st cell and a zero is returned to indicate failure. If `c` is *Null*, returns `x=y=z=0`.
**Category:** App Misc (app\_misc)
```fift Fift CDATASIZEQ ``` #### `F941` CDATASIZE [#f941-cdatasize] A non-quiet version of `CDATASIZEQ` that throws a cell overflow exception (8) on failure.
**Category:** App Misc (app\_misc)
```fift Fift CDATASIZE ``` #### `F942` SDATASIZEQ [#f942-sdatasizeq] Similar to `CDATASIZEQ`, but accepting a *Slice* `s` instead of a *Cell*. The returned value of `x` does not take into account the cell that contains the slice `s` itself; however, the data bits and the cell references of `s` are accounted for in `y` and `z`.
**Category:** App Misc (app\_misc)
```fift Fift SDATASIZEQ ``` #### `F943` SDATASIZE [#f943-sdatasize] A non-quiet version of `SDATASIZEQ` that throws a cell overflow exception (8) on failure.
**Category:** App Misc (app\_misc)
```fift Fift SDATASIZE ``` #### `FA00` LDGRAMS [#fa00-ldgrams] Loads (deserializes) a `Gram` or `VarUInteger 16` amount from *Slice* `s`, and returns the amount as *Integer* `x` along with the remainder `s'` of `s`. The expected serialization of `x` consists of a 4-bit unsigned big-endian integer `l`, followed by an `8l`-bit unsigned big-endian representation of `x`.
The net effect is approximately equivalent to `4 LDU` `SWAP` `3 LSHIFT#` `LDUX`.
**Category:** App Currency (app\_currency)
```fift Fift LDGRAMS LDVARUINT16 ``` #### `FA01` LDVARINT16 [#fa01-ldvarint16] Similar to `LDVARUINT16`, but loads a *signed* *Integer* `x`.
Approximately equivalent to `4 LDU` `SWAP` `3 LSHIFT#` `LDIX`.
**Category:** App Currency (app\_currency)
```fift Fift LDVARINT16 ``` #### `FA02` STGRAMS [#fa02-stgrams] Stores (serializes) an *Integer* `x` in the range `0...2^120-1` into *Builder* `b`, and returns the resulting *Builder* `b'`. The serialization of `x` consists of a 4-bit unsigned big-endian integer `l`, which is the smallest integer `l>=0`, such that `x<2^(8l)`, followed by an `8l`-bit unsigned big-endian representation of `x`. If `x` does not belong to the supported range, a range check exception is thrown.
**Category:** App Currency (app\_currency)
```fift Fift STGRAMS STVARUINT16 ``` #### `FA03` STVARINT16 [#fa03-stvarint16] Similar to `STVARUINT16`, but serializes a *signed* *Integer* `x` in the range `-2^119...2^119-1`.
**Category:** App Currency (app\_currency)
```fift Fift STVARINT16 ``` #### `FA04` LDVARUINT32 [#fa04-ldvaruint32] Loads (deserializes) a `VarUInteger 32` amount from *Slice* `s`, and returns the amount as *Integer* `x` along with the remainder `s'` of `s`. The expected serialization of `x` consists of a 5-bit unsigned big-endian integer `l`, followed by an `8l`-bit unsigned big-endian representation of `x`.
The net effect is approximately equivalent to `4 LDU` `SWAP` `3 LSHIFT#` `LDUX`.
**Category:** App Currency (app\_currency)
```fift Fift LDVARUINT32 ``` #### `FA05` LDVARINT32 [#fa05-ldvarint32] Similar to `LDVARUINT32`, but loads a *signed* *Integer* `x`.
Approximately equivalent to `5 LDU` `SWAP` `3 LSHIFT#` `LDIX`.
**Category:** App Currency (app\_currency)
```fift Fift LDVARINT32 ``` #### `FA06` STVARUINT32 [#fa06-stvaruint32] Stores (serializes) an *Integer* `x` in the range `0...2^248-1` into *Builder* `b`, and returns the resulting *Builder* `b'`. The serialization of `x` consists of a 5-bit unsigned big-endian integer `l`, which is the smallest integer `l>=0`, such that `x<2^(8l)`, followed by an `8l`-bit unsigned big-endian representation of `x`. If `x` does not belong to the supported range, a range check exception is thrown.
**Category:** App Currency (app\_currency)
```fift Fift STVARUINT32 ``` #### `FA07` STVARINT32 [#fa07-stvarint32] Similar to `STVARUINT32`, but serializes a *signed* *Integer* `x` in the range `-2^247...2^247-1`.
**Category:** App Currency (app\_currency)
```fift Fift STVARINT32 ``` #### `FA40` LDMSGADDR [#fa40-ldmsgaddr] Loads from *Slice* `s` the only prefix that is a valid `MsgAddress`, and returns both this prefix `s'` and the remainder `s''` of `s` as slices.
**Category:** App Addr (app\_addr)
```fift Fift LDMSGADDR ``` #### `FA41` LDMSGADDRQ [#fa41-ldmsgaddrq] A quiet version of `LDMSGADDR`: on success, pushes an extra `-1`; on failure, pushes the original `s` and a zero.
**Category:** App Addr (app\_addr)
```fift Fift LDMSGADDRQ ``` #### `FA42` PARSEMSGADDR [#fa42-parsemsgaddr] Decomposes *Slice* `s` containing a valid `MsgAddress` into a *Tuple* `t` with separate fields of this `MsgAddress`. If `s` is not a valid `MsgAddress`, a cell deserialization exception is thrown.
**Category:** App Addr (app\_addr)
```fift Fift PARSEMSGADDR ``` #### `FA43` PARSEMSGADDRQ [#fa43-parsemsgaddrq] A quiet version of `PARSEMSGADDR`: returns a zero on error instead of throwing an exception.
**Category:** App Addr (app\_addr)
```fift Fift PARSEMSGADDRQ ``` #### `FA44` REWRITESTDADDR [#fa44-rewritestdaddr] Parses *Slice* `s` containing a valid `MsgAddressInt` (usually a `msg_addr_std`), applies rewriting from the `anycast` (if present) to the same-length prefix of the address, and returns both the workchain `x` and the 256-bit address `y` as integers. If the address is not 256-bit, or if `s` is not a valid serialization of `MsgAddressInt`, throws a cell deserialization exception.
**Category:** App Addr (app\_addr)
```fift Fift REWRITESTDADDR ``` #### `FA45` REWRITESTDADDRQ [#fa45-rewritestdaddrq] A quiet version of primitive `REWRITESTDADDR`.
**Category:** App Addr (app\_addr)
```fift Fift REWRITESTDADDRQ ``` #### `FA46` REWRITEVARADDR [#fa46-rewritevaraddr] `msg_addr_var` not allowed since TVM v10, so it behaves like `REWRITESTDADDR`, but returns account id in `Slice`, not `Integer`: parses address `s` into workchain `x` and account id `s`.
**Category:** App Addr (app\_addr)
```fift Fift REWRITEVARADDR ``` #### `FA47` REWRITEVARADDRQ [#fa47-rewritevaraddrq] A quiet version of primitive `REWRITEVARADDR`.
**Category:** App Addr (app\_addr)
```fift Fift REWRITEVARADDRQ ``` #### `FA48` LDSTDADDR [#fa48-ldstdaddr] Loads `addr_std$10`, if address is not `addr_std`, throws an error 9 (`cannot load a MsgAddressInt`).
**Category:** App Addr (app\_addr)
```fift Fift LDSTDADDR ``` #### `FA49` LDSTDADDRQ [#fa49-ldstdaddrq] A quiet version of primitive `LDSTDADDR`.
**Category:** App Addr (app\_addr)
```fift Fift LDSTDADDRQ ``` #### `FA50` LDOPTSTDADDR [#fa50-ldoptstdaddr] Loads `addr_std$10` or `addr_none$00`, if address is `addr_none$00` pushes a Null, if address is not `addr_std` or `addr_none`, throws an error 9 (`cannot load a MsgAddressInt`).
**Category:** App Addr (app\_addr)
```fift Fift LDOPTSTDADDR ``` #### `FA51` LDOPTSTDADDRQ [#fa51-ldoptstdaddrq] A quiet version of primitive `LDOPTSTDADDR`.
**Category:** App Addr (app\_addr)
```fift Fift LDOPTSTDADDRQ ``` #### `FA52` STSTDADDR [#fa52-ststdaddr] Stores `addr_std$10`, if address is not `addr_std`, throws an error 9 (`cannot load a MsgAddressInt`).
**Category:** App Addr (app\_addr)
```fift Fift STSTDADDR ``` #### `FA53` STSTDADDRQ [#fa53-ststdaddrq] A quiet version of primitive `STSTDADDR`.
**Category:** App Addr (app\_addr)
```fift Fift STSTDADDRQ ``` #### `FA54` STOPTSTDADDR [#fa54-stoptstdaddr] stores `addr_std$10` or Null. Null is stored as `addr_none$00`, if address is not `addr_std`, throws an error 9 (`cannot load a MsgAddressInt`).
**Category:** App Addr (app\_addr)
```fift Fift STOPTSTDADDR ``` #### `FA55` STOPTSTDADDRQ [#fa55-stoptstdaddrq] A quiet version of primitive `STOPTSTDADDR`.
**Category:** App Addr (app\_addr)
```fift Fift STOPTSTDADDRQ ``` #### `FB00` SENDRAWMSG [#fb00-sendrawmsg] Sends a raw message contained in *Cell `c`*, which should contain a correctly serialized object `Message X`, with the only exception that the source address is allowed to have dummy value `addr_none` (to be automatically replaced with the current smart-contract address), and `ihr_fee`, `fwd_fee`, `created_lt` and `created_at` fields can have arbitrary values (to be rewritten with correct values during the action phase of the current transaction). Integer parameter `x` contains the flags. Currently `x=0` is used for ordinary messages; `x=128` is used for messages that are to carry all the remaining balance of the current smart contract (instead of the value originally indicated in the message); `x=64` is used for messages that carry all the remaining value of the inbound message in addition to the value initially indicated in the new message (if bit 0 is not set, the gas fees are deducted from this amount); `x'=x+1` means that the sender wants to pay transfer fees separately; `x'=x+2` means that any errors arising while processing this message during the action phase should be ignored. Finally, `x'=x+32` means that the current account must be destroyed if its resulting balance is zero. This flag is usually employed together with `+128`.
**Category:** App Actions (app\_actions)
```fift Fift SENDRAWMSG ``` #### `FB02` RAWRESERVE [#fb02-rawreserve] Creates an output action which would reserve exactly `x` nanograms (if `y=0`), at most `x` nanograms (if `y=2`), or all but `x` nanograms (if `y=1` or `y=3`), from the remaining balance of the account. It is roughly equivalent to creating an outbound message carrying `x` nanograms (or `b-x` nanograms, where `b` is the remaining balance) to oneself, so that the subsequent output actions would not be able to spend more money than the remainder. Bit `+2` in `y` means that the external action does not fail if the specified amount cannot be reserved; instead, all remaining balance is reserved. Bit `+8` in `y` means `x:=-x` before performing any further actions. Bit `+4` in `y` means that `x` is increased by the original balance of the current account (before the compute phase), including all extra currencies, before performing any other checks and actions. Currently `x` must be a non-negative integer, and `y` must be in the range `0...15`.
**Category:** App Actions (app\_actions)
```fift Fift RAWRESERVE ``` #### `FB03` RAWRESERVEX [#fb03-rawreservex] Similar to `RAWRESERVE`, but also accepts a dictionary `D` (represented by a *Cell* or *Null*) with extra currencies. In this way currencies other than Grams can be reserved.
**Category:** App Actions (app\_actions)
```fift Fift RAWRESERVEX ``` #### `FB04` SETCODE [#fb04-setcode] Creates an output action that would change this smart contract code to that given by *Cell* `c`. Notice that this change will take effect only after the successful termination of the current run of the smart contract.
**Category:** App Actions (app\_actions)
```fift Fift SETCODE ``` #### `FB06` SETLIBCODE [#fb06-setlibcode] Creates an output action that would modify the collection of this smart contract libraries by adding or removing library with code given in *Cell* `c`. If `x=0`, the library is actually removed if it was previously present in the collection (if not, this action does nothing). If `x=1`, the library is added as a private library, and if `x=2`, the library is added as a public library (and becomes available to all smart contracts if the current smart contract resides in the masterchain); if the library was present in the collection before, its public/private status is changed according to `x`. Values of `x` other than `0...2` are invalid.
**Category:** App Actions (app\_actions)
```fift Fift SETLIBCODE ``` #### `FB07` CHANGELIB [#fb07-changelib] Creates an output action similarly to `SETLIBCODE`, but instead of the library code accepts its hash as an unsigned 256-bit integer `h`. If `x!=0` and the library with hash `h` is absent from the library collection of this smart contract, this output action will fail.
**Category:** App Actions (app\_actions)
```fift Fift CHANGELIB ``` #### `FB08` SENDMSG [#fb08-sendmsg] Creates an output action and returns a fee for creating a message. Mode has the same effect as in the case of `SENDRAWMSG`. Additionally `+1024` means - do not create an action, only estimate fee. Other modes affect the fee calculation as follows: `+64` substitutes the entire balance of the incoming message as an outcoming value (slightly inaccurate, gas expenses that cannot be estimated before the computation is completed are not taken into account), `+128` substitutes the value of the entire balance of the contract before the start of the computation phase (slightly inaccurate, since gas expenses that cannot be estimated before the completion of the computation phase are not taken into account).
**Category:** App Actions (app\_actions)
```fift Fift SENDMSG ``` #### `FEij` DEBUG [#feij-debug]
**Category:** Debug (debug)
```fift Fift {i*16+j} DEBUG ``` **Aliases**: * `DUMPSTK`
Dumps the stack (at most the top 255 values) and shows the total stack depth. Does nothing on production versions of TVM. * `STRDUMP`
Dumps slice with length divisible by 8 from top of stack as a string. Does nothing on production versions of TVM. * `DUMP`
Dumps slice with length divisible by 8 from top of stack as a string. Does nothing on production versions of TVM. #### `FEFnssss` DEBUGSTR [#fefnssss-debugstr] `0 <= n < 16`. Length of `ssss` is `n+1` bytes.
`{string}` is a [string literal](https://github.com/Piterden/TON-docs/blob/master/Fift.%20A%20Brief%20Introduction.md#user-content-29-string-literals).
`DEBUGSTR`: `ssss` is the given string.
`DEBUGSTRI`: `ssss` is one-byte integer `0 <= x <= 255` followed by the given string.
**Category:** Debug (debug)
```fift Fift {string} DEBUGSTR {string} {x} DEBUGSTRI ``` #### `FFnn` SETCP [#ffnn-setcp] Selects TVM codepage `0 <= nn < 240`. If the codepage is not supported, throws an invalid opcode exception.
**Category:** Codepage (codepage)
```fift Fift [nn] SETCP ``` **Aliases**: * `SETCP0`
Selects TVM (test) codepage zero as described in this document. #### `FFFz` SETCP\_SPECIAL [#fffz-setcp_special] Selects TVM codepage `z-16` for `1 <= z <= 15`. Negative codepages `-13...-1` are reserved for restricted versions of TVM needed to validate runs of TVM in other codepages. Negative codepage `-14` is reserved for experimental codepages, not necessarily compatible between different TVM implementations, and should be disabled in the production versions of TVM.
**Category:** Codepage (codepage)
```fift Fift [z-16] SETCP ``` #### `FFF0` SETCPX [#fff0-setcpx] Selects codepage `c` with `-2^15 <= c < 2^15` passed in the top of the stack.
**Category:** Codepage (codepage)
```fift Fift SETCPX ```
{/* STATIC_END tvm_instructions */} # TVM overview (/blockchain-basics/tvm/overview) TON Virtual Machine (TVM) is a [stack-based](https://en.wikipedia.org/wiki/Stack_machine) virtual machine which executes smart contracts on TON blockchain. TVM is invoked when a message is sent to an account that has deployed contract code, when a get method is called on an account, and in some [more rare cases](/blockchain-basics/tvm/initialization#stack). Executing code on same inputs and prior state deterministically produces same outputs, so that validators can agree on whether code was executed correctly. Every instruction consumes [gas](/blockchain-basics/tvm/gas). Gas exhaustion stops execution. This limit is imposed so that expensive computations (i.e. infinite loops) cannot be used to exhaust validators' computation resources, causing [denial of service](https://en.wikipedia.org/wiki/Denial-of-service_attack). ## Data model [#data-model] * TVM has no [random-access memory](https://en.wikipedia.org/wiki/Random-access_memory). Instead it uses a stack of values as a scratchpad. * There are no memory addresses. Most instructions either store their parameters directly in the code, or take them from the top of the stack. * All values are [immutable](https://en.wikipedia.org/wiki/Immutable_object). Most of the data is stored as immutable tree of [cells](/blockchain-basics/primitives/serialization/cells). * Reading and writing of cells is done with [slices and builders](/blockchain-basics/tvm/builders-and-slices). * There are no function addresses or function pointers. Code is executed from bitcode inside [continuations](/blockchain-basics/tvm/continuations). ## TVM state [#tvm-state] On incoming messages or get method call, a new instance of TVM is started, with a new state. Derivation of the initial state from the message is described in [its own article](/blockchain-basics/tvm/initialization). The total state of TVM consists of the following components: * **Stack**. A regular [stack data structure](https://en.wikipedia.org/wiki/Stack_$abstract_data_type$). The vast majority of instructions `pop()` operands from the top and `push()` results back. * [**Control registers**](/blockchain-basics/tvm/registers). A small fixed set of special registers, denoted as `c0`, `c1`, ..., `c5`, and `c7` (`c6` does not exist). * [**Gas counter**](/blockchain-basics/tvm/gas). Tracks remaining computation budget. Each instruction decrements gas. When counter hits zero/negative value, an exception is raised, and the run aborts. * **Current continuation (`cc`)**. A special register that stores a list of the next instructions to execute. Similar to the instruction pointer in traditional architectures. * **Current codepage (`cp`)**. Determines how to decode the next instruction in `cc`. Different codepages may implement different instruction sets, allowing for adding new features to TVM without affecting old smart contracts. Currently, only codepage `0` (`cp0`) is implemented. Smart contract runs [`SETCP0`](/blockchain-basics/tvm/instructions#ff-setcp) instruction to explicitly use codepage `0`. ## TVM data types [#tvm-data-types] Values on the stack and inside of registers are of one of the following seven types: | Type | Description | | ------------ | --------------------------------------------------------------------------------------------------------------------------- | | Integer | 257-bit signed integer. Has the special `NaN` value representing arithmetic faults. | | Cell | Node of a tree with bit string on it (\<= 1023 bits), and up to 4 arrows (refs). | | Slice | Read cursor over a Cell. | | Builder | Write cursor to construct a new Cell. | | Tuple | List of 0..255 elements of any of seven types. Types of elements can be distinct. | | Continuation | Executable Slice with TVM bitcode. [Continuations](https://en.wikipedia.org/wiki/Continuation) are callable like functions. | | Null | Empty value. | ## Example of a smart contract: counter [#example-of-a-smart-contract-counter] Here is a sample contract, written in [Fift](/blockchain-basics/languages/fift/overview). It implements the following logic: * If an event is not an internal message, stop execution. * Read 32-bit number (`msg_counter`) from internal message's body. * Check that it is equal to the 32-bit number stored in `c4` (persistent account storage). * Increment it. * Save it back to `c4`. When an account with this code gets an internal message, TVM stack [is initialized](/blockchain-basics/tvm/initialization#stack) with these values: 1. `s0` (top of the stack), function selector, is `0`. For other events, e.g., external messages or get method calls, selector will be non-zero. 2. `s1`, message body. The example contract expects exactly 32 bits here. 3. Three more values `s2`, `s3`, `s4` [are pushed](/blockchain-basics/tvm/initialization#external%2Finternal-message) by TVM onto a stack. They won't be used in the example. After execution finishes, they'll still be on the stack, and will be silently ignored. In `Current stack` comments, we represent stack at that moment of execution, keeping its top to the right (e.g., `s2 s1 s0`, where `s0` is the top of the stack). ```fift Fift <{ // Current stack: msg_body selector // Use codepage 0. Picks the only available instruction set. SETCP0 // This instruction does not affect the stack. // Current stack: msg_body selector // Consume `selector` from the top of the stack. // Stop execution if `selector != 0`, // i.e. "is not an internal message". IFRET // Continue execution if we received an internal message. // Current stack: msg_body // Load (LD) unsigned (U) 32-bit integer from a slice. // This instruction pops (consumes) a slice from the stack, // pushes an integer, and then pushes a new slice with // 32 bits cut from it 32 LDU // Current stack: msg_counter msg_body' // msg_body' is a slice whose read cursor was moved by 32 bits // when we loaded a 32-bit integer. // For example, if we had slice x{00000001} on the stack and // then invoked 32 LDU, there will be integer `1` and `x{}` // (empty slice) on the stack // Assert the END of a slice (S). // These instructions consume a slice and check that it is // empty (no more data to read), otherwise it throws an // exception, because there was more data than we expected. ENDS // Current stack: msg_counter // Push c4 (persistent storage) on the stack. // `storage` is a cell c4 PUSH // Current stack: msg_counter storage // Convert Cell to a Slice, i.e. make it readable CTOS // Current stack: msg_counter storage_slice // Read 32-bit unsigned integer from `storage_slice` 32 LDU // Current stack: msg_counter storage_counter storage_slice' // Assert there is no more data in the storage ENDS // Current stack: msg_counter storage_counter // Duplicate s0 (top of stack) under two top values TUCK // Current stack: storage_counter msg_counter storage_counter // Check counters are equal EQUAL // Current stack: storage_counter msg_counter==storage_counter? // Throw an exception with code 33 if it is not equal 33 THROWIFNOT // Current stack: storage_counter // Increase counter INC // Current stack: storage_counter+1 // Create an empty Builder NEWC // Current stack: storage_counter+1 builder // Store (ST) unsigned (U) 32-bit integer `storage_counter+1` to a builder 32 STU // Current stack: builder' // Finalize Builder to a Cell ENDC // Current stack: new_storage // Save `new_storage` to c4 (persistent storage) c4 POP // Current stack: (no values) }> ``` # Registers (/blockchain-basics/tvm/registers) TVM registers hold special values, such as contract storage, list of output actions, or exception handler Only `c4` (new state) and `c5` (final actions) represent durable effects of a successful on‑chain run. Everything else is transient. ## `c0` — return continuation [#c0--return-continuation] **Type**: `Continuation` **Initial value**: `Quit` — extraordinary continuation which terminates TVM with exit code `0`. When [`RET`](/blockchain-basics/tvm/instructions#db30-ret) is called or the current continuation remains no instructions (*implicit ret*), `c0` is invoked. Call-like instructions use it to store the current continuation in order to return to it after executing the inner function. ## `c1` — alternative return continuation [#c1--alternative-return-continuation] **Type**: Continuation **Initial value**: `Quit` — extraordinary continuation which terminates TVM with exit code `1`. Both exit codes `0` and `1` are considered successful terminations of TVM. Same as `c0`, but invoked only in special control flow instructions, such as [`RETALT`](/blockchain-basics/tvm/instructions#db31-retalt), [`IFRETALT`](/blockchain-basics/tvm/instructions#e308-ifretalt), and others. ## `c2` — exception handler [#c2--exception-handler] **Type**: Continuation **Initial value**: `ExcQuit` — extraordinary continuation which terminates TVM with an exception. In this case, the exit code is an exception number. Invoked implicitly on any exception that occurs during TVM execution. Can be invoked explicitly by [`THROW`](/blockchain-basics/tvm/instructions#f2c4_-throw)-like instructions. To set a custom exception handler, use [TRY](/blockchain-basics/tvm/instructions#f2ff-try). ## `c3` — function selector [#c3--function-selector] **Type**: Continuation **Initial value**: Root cell of code currently executing in TVM. Invoked by [`CALLDICT`](/blockchain-basics/tvm/instructions#f0-calldict) instruction with a function ID (integer) passed on the stack. The function selector should jump to a function with that ID. Fift-ASM assembler constructs following function selector ([`Asm.fif`:1624](https://github.com/ton-blockchain/ton/blob/4ebd7412c52248360464c2df5f434c8aaa3edfe1/crypto/fift/lib/Asm.fif#L1624)): ```fift Fift SETCP0 <{ // a dictionary which maps 19-bit function id (integer) => function code (slice) }> DICTPUSHCONST DICTIGETJMPZ // get a function with given id from dictionary and execute it 11 THROWARG // if no function found, throw with exit code 11 and function id as additional argument ``` ## `c4` — persistent account storage [#c4--persistent-account-storage] **Type**: Cell **Initial value**: Root cell of account data. This register helps to store some information between smart contract invocations. When the transaction succeeds, the final value of `c4` is saved as new account data. ## `c5` — outbound actions accumulator [#c5--outbound-actions-accumulator] **Type**: Cell **Initial value**: Empty cell. List of actions to perform in the action phase after TVM execution: send a message, reserve funds, update code, and install libraries. `c5` has an `OutList` structure: ```tlb title="TL-B" out_list_empty$_ = OutList 0; out_list$_ {n:#} prev:^(OutList n) action:OutAction = OutList (n + 1); action_send_msg#0ec3c86d mode:(## 8) out_msg:^(MessageRelaxed Any) = OutAction; action_set_code#ad4de08e new_code:^Cell = OutAction; action_reserve_currency#36e6b809 mode:(## 8) currency:CurrencyCollection = OutAction; libref_hash$0 lib_hash:bits256 = LibRef; libref_ref$1 library:^Cell = LibRef; action_change_library#26fa1dd4 mode:(## 7) libref:LibRef = OutAction; ``` The previous action is always the first reference of the next one. If action itself has a reference, it is stored as the second reference in the list. At the beginning of the list, an empty cell is stored as the first reference of the first action. ## `c7` — environment information and global variables [#c7--environment-information-and-global-variables] **Type**: Tuple **Initial value**: `Tuple[Tuple[0x076ef1ea, 0, 0, ...]]`. The zero element of the `c7` tuple is an environment information (which itself is also a tuple). The remaining 255 slots are used for global variables. [`[i] SETGLOB`](/tvm/instructions#f87_-setglob) modifies `c7`, inserting an element with index `i`, [`[i] GETGLOB`](/tvm/instructions#f85_-getglob) reads `i`-th element from `c7`. ### Structure of environment information tuple [#structure-of-environment-information-tuple]

\# Instruction Field Type Description

0 \- 0x076ef1ea integer tag of the SmartContractInfo TL-B structure

1 \- actions count integer increments when new action is pushed to `c5` .

2 \- messages sent integer increments when new `action_send_msg` is pushed to `c5`

3 NOW unix time integer current time (timestamp of block collation)

4 BLOCKLT current block LT (logical time) integer

5 LTIME current transaction LT integer

6 RANDSEED random seed integer `sha256(block_rand_seed . account_address)`

7 BALANCE smart contract balance tuple tuple of integer (TON balance) and cell or `null` (extra currencies dictionary)

8 MYADDR smart contract address slice

9 CONFIGROOT global blockchain configuration cell or `null` (dictionary)

10 MYCODE smart contract code cell

11 INCOMINGVALUE value of incoming message tuple tuple of integer (TON value) and cell or `null` (extra currencies dictionary)

12 STORAGEFEES fees collected during storage phase integer

13 PREVBLOCKSINFOTUPLE, PREVMCBLOCKS_100 last 16 masterchain blocks, last keyblock, and last 16 masterchain blocks with seqno divisible by 100 tuple tuple has following `PrevBlocksInfo` structure: ```tlb [ wc:Integer shard:Integer seqno:Integer root_hash:Integer file_hash:Integer ] = BlockId; [ last_mc_blocks:BlockId[] prev_key_block:BlockId last_mc_blocks_divisible_by_100:BlockId[] ] = PrevBlocksInfo; ```

14 UNPACKEDCONFIGTUPLE unpacked config values tuple * 0: `StoragePrices` from the `ConfigParam 18` — not the whole dictionary, but only the one `StoragePrices` entry which corresponds to the current time * 1: `ConfigParam 19`, global ID * 2: `ConfigParam 20`, masterchain gas prices * 3: `ConfigParam 21`, non-masterchain gas prices * 4: `ConfigParam 24`, masterchain forward fees * 5: `ConfigParam 25`, non-masterchain forward fees * 6: `ConfigParam 43`, size limits

15 DUEPAYMENT current debt for storage fee in nanotons integer

16 GETPRECOMPILEDGAS gas usage for the current contract if it is precompiled, null otherwise integer or `null` see `ConfigParam 45`

17 INMSGPARAMS inbound message parameters tuple * 0: `bounce: boolean` — can bounce * 1: `bounced: boolean` — did bounce * 2: `src_addr: slice` — sender * 3: `fwd_fee: int` * 4: `created_lt: int` * 5: `created_at: int` * 6: `orig_value: int` — this is sometimes different from the value in `INCOMINGVALUE` and TVM stack because of storage fees * 7: `value: int` — same as in `INCOMINGVALUE` and on the initial TVM stack * 8: `value_extra: cell or null` — same as in `INCOMINGVALUE` * 9: `state_init: cell or null` For external messages, tick-tock transactions and get methods: `bounce`, `bounced`, `fwd_fee`, `created_lt`, `created_at`, `orig_value`, `value` are 0, `value_extra` is null.

For tick-tock transactions and get methods, `src_addr` is `addr_none`.

# Blockchain nodes overview (/blockchain-basics/nodes/overview) A full node is a software that stores the whole blockchain state locally, opposite to lite-clients, which request small pieces of data from liteservers when needed. It does not solve any problem itself, but provides a base for other services requiring a full blockchain state (validator, liteserver, etc). Usually, full nodes keep only the latest part of the blockchain state, which is vital for ensuring client applications' network stability and operation. Full nodes *prune* the state of the TON blockchain they keep. This means the full node automatically removes earlier blocks that become unnecessary for the network to manage its data volume effectively. To allow client applications to look for blocks and transactions and send new transactions into the TON blockchain, full nodes are equipped with the liteserver functionality. ## Full node modes [#full-node-modes] | Role | What it does | When to use it | | ------------------ | ---------------------------------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------- | | Liteserver | Stores the latest shards, tracks the masterchain, and serves data to lite-clients. | Required for custom infrastructure, analytics, or to back your own APIs. | | Archive liteserver | Stores all blockchain data, including old blocks and states. | Required for explorers and other services working with historical data. | | Validator | Signs blocks, participates in elections, and earns rewards. | Needed to run validation with your stake or to operate a nominator pool service. | | Collator | Produces blocks for validators. | Needed to reduce load on your validators by setting up block creation on a separate machine. | | Nominator pool | Accepts funds from stakers and runs a validator with their stake. | Needed when you want to securely accept stakes from multiple parties and share rewards between them. | | Single nominator | Secure way to run a validator without depositing all funds to a hot wallet. | Generally, you should use it each time you want to run a new validator. | | Liquid staking | Same as nominator pool, but exchanges stakers' funds for a synthetic token to be used in DeFi. | Needed to run a liquid staking protocol. | ## Do you need your own node? [#do-you-need-your-own-node] * **Run your own full node** when you need guaranteed uptime or to serve high-volume workloads without third-party rate limits. Validators and staking services need to install a node and activate validator mode. * **Rely on public endpoints** when building prototypes or light integrations. Community liteservers and APIs such as [TON Center](/applications/api/toncenter/introduction) or other [RPC providers](/applications/api/overview) already expose the blockchain for read access and transaction submission. ## Pick your target environment [#pick-your-target-environment] | If you need | Run | | --------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | Validator or nominator capacity | [Setting up a node using MyTonCtrl](/blockchain-basics/nodes/cpp/setup-mytonctrl) with the validator, nominator pool, or single nominator workflows; the wrapper automates validator wallets, overlays, elections, and upgrades. | | Liteserver APIs | [Setting up a node using MyTonCtrl](/blockchain-basics/nodes/cpp/setup-mytonctrl) with liteserver option (and archive mode if needed) to expose API for applications. | | An isolated development network | [Setting up a local blockchain using MyLocalTon](/blockchain-basics/nodes/cpp/setup-mylocalton) to spin up a local shard, explorer, and APIs for rapid iterations with no mainnet impact. | | Kubernetes-native production operations | [Use Rust node chart workflows](/blockchain-basics/nodes/rust/quick-start) and references. | ## Rust node overview [#rust-node-overview] TON Rust node is an alternative implementation of a TON full node written in Rust. It is protocol-compatible with TON and follows an operational model designed for containerized environments rather than single-instance deployments. Rust node operational focus: * container-based architecture; * Kubernetes-native deployment model; * deterministic, version-pinned builds with automated release validation; * node lifecycle management within a cluster environment; * integration with external key management systems such as [HashiCorp Vault](https://www.hashicorp.com/en/products/vault). Rust node is designed for: * node providers operating multiple full nodes, liteservers, or validators; * staking operators managing one or many validators as cluster resources; * operators running node infrastructure that requires external key management integration and structured operational processes. This model targets predictable scaling: infrastructure growth is handled through standardized deployment patterns, centralized control, and safer upgrade workflows. ### Advantages [#advantages] * Multi-node deployment and centralized management: a new node can be launched in minutes, excluding sync time, using standardized Helm workflows. * Fully tested container delivery: release images are version-pinned and validated by more than 10 automated test suites before publication. * Built-in observability: Rust node exposes Prometheus metrics across 8 subsystems and serves `/healthz` and `/readyz` from the same metrics HTTP server. * Grafana-ready workflow: a bundled dashboard and documented Prometheus/Grafana integration are provided for Kubernetes deployments. * Key isolation: validator wallet and ADNL keys are designed for Vault-backed workflows instead of direct in-node private key storage. ### Rust node resource recommendations [#rust-node-resource-recommendations] Recommended Kubernetes requests and limits are: | Role | CPU request | CPU limit | Memory request | Memory limit | | ---------------------- | ----------- | --------- | -------------- | ------------ | | Full node / liteserver | 8 | 16 | 32GiB | 64GiB | | Validator | 16 | 32 | 64GiB | 128GiB | The node can run on fewer resources, but these values provide headroom for load spikes such as elections, heavy traffic, and catch-up after restarts. Source: [TON Rust Node resource recommendations](https://github.com/RSquad/ton-rust-node/blob/e8bd0451b326099146a90a913beedaebd952fa56/helm/ton-rust-node/docs/resources.md). ## Full node [#full-node] **The full node** is a basic node type within the TON blockchain. It serves as the backbone of the TON blockchain by keeping its block history — in other words, its *current state*. Compared to **archive nodes**, full nodes keep only the latest part of the blockchain state, which is vital for ensuring client applications' network stability and operation. Full nodes *prune* the state of the TON blockchain they keep. This means the full node automatically removes earlier blocks that become unnecessary for the network to manage its data volume effectively. To allow client applications to look for blocks and transactions and send new transactions into the TON blockchain, full nodes are equipped with the liteserver functionality. ## Archive node [#archive-node] The archive node is a full node that keeps the entire block history of the TON blockchain. These nodes act as the decentralized point of truth to ensure consistency of the whole blockchain history. They are a backend for blockchain explorers and other applications relying on deep transaction history. Archive nodes do not prune the blockchain state, elevating system requirements, especially in storage. According to the latest estimations, while full and validator nodes require about 1 TB of disk space, archive nodes need about 12 TB to store the complete block history. ## Validator node [#validator-node] **Validator nodes** or **validators** are the TON network participants who propose new blocks and verify transactions according to the TON's *proof-of-stake* mechanism. In this way, validators contribute to the overall blockchain security. Validators get rewards in TON for successful participation in the validation process. To be entitled to propose and validate blocks, other participants elect validators based on the amount of TON they hold — in other words, their *stake*. The more TON a validator stakes, the higher its chances of being elected, validating blocks for the network, and earning rewards. As a rule, validator operators motivate other TON holders to stake with them to get passive income from the resulting rewards. In this way, validators ensure network stability and security and contribute to its growth. ## Interacting with TON nodes [#interacting-with-ton-nodes] TON nodes can run in **liteserver mode**, which allows external applications to interact with the TON blockchain. In this mode, the nodes process client requests, enabling clients to access blockchain data, send transactions, and retrieve information about blocks and transactions. Full and archive nodes typically enable liteserver mode because they store blockchain history and handle external requests. In contrast, validator nodes do not need it, as they focus on efficiently validating new blocks without additional workload from external queries. Use MyTonCtrl to [enable liteserver mode in a full or archive C++ node](/blockchain-basics/nodes/cpp/setup-mytonctrl#liteserver-quickstart). Liteserver mode, or *liteserver* for short, uses the Abstract Datagram Network Layer (ADNL) protocol. Direct connections require either a client called *lite-client* downloaded from the [latest TON release](https://github.com/ton-blockchain/ton/releases/latest), or a library that understands ADNL. In the [SDK table](/applications/sdks), such libraries have a mark in the ADNL column. To connect from a webpage or otherwise interact with TON nodes over HTTP, an HTTP-to-ADNL frontend is required. [TON Center](/applications/api/toncenter/introduction) is an official HTTP API provider, and its API endpoints can be used directly or [self-hosted](/applications/api/overview). In the [SDK table](/applications/sdks), libraries that use these endpoints or other HTTP providers have a mark in the HTTP column. # TMA create CLI (/ecosystem/tma/create-mini-app) `@telegram-apps/create-mini-app` is a CLI tool designed to scaffold your new mini application on the Telegram Mini Apps platform. It generates a project with pre-configured libraries and template files, allowing you to customize the content based on your specific requirements. ## Usage [#usage] To run the tool, use one of the following scripts depending on your package manager. ```bash npm icon="package" npx @telegram-apps/telegram-apps-tools@latest ``` ## Creating a new application [#creating-a-new-application] The above command executes a script that guides you through the creation of your application by sequentially prompting for the following information: ### Project directory name [#project-directory-name] * **Prompt**: Enter the name of the folder where the project files will be located. * **Default**: mini-app The script will create a subfolder with the specified name in the current directory. ### Preferred technologies [#preferred-technologies] #### TMA SDKs [#tma-sdks] * **`tma.js`** [`@telegram-apps/sdk`](https://www.npmjs.com/package/@telegram-apps/sdk) – A TypeScript library for seamless communication with Telegram Mini Apps functionality. * **Telegram SDK** [`@twa-dev/sdk`](https://www.npmjs.com/package/@twa-dev/sdk) – This package allows you to work with the SDK as an npm package. #### Frameworks [#frameworks] * **React.js** [template](https://github.com/Telegram-Mini-Apps/reactjs-template) * **Next.js** [template](https://github.com/Telegram-Mini-Apps/nextjs-template) * **Solid.js** [template](https://github.com/Telegram-Mini-Apps/solidjs-js-template) * **Vue.js** [template](https://github.com/Telegram-Mini-Apps/vuejs-template) ### Git remote repository URL [#git-remote-repository-url] Enter the git remote repository URL. This value will be used to connect the created project with your remote git repository. It should be either an HTTPS link or an SSH connection string. ## Build configuration [#build-configuration] Projects created with `create-mini-app` are configured to use the [Vite](https://vite.dev/) bundler. The project includes a `vite.config.js` file, which you can customize to adjust the build settings according to your needs. # TMA: Telegram Mini Apps overview (/ecosystem/tma/overview) Telegram Mini Apps (TMAs) are web applications that run within the Telegram messenger. They are built using web technologies — HTML, CSS, and JavaScript. UserFriendlyAddress \| Address | Wallet address — pass a [`UserFriendlyAddress`](/applications/appkit/reference/appkit#userfriendlyaddress) string or an `Address` instance from `@ton/core`. | | `parameters.network` | Network | Network to read the balance from. Defaults to the selected wallet's network. If no wallet is selected, falls back to AppKit's default network, or mainnet when none is set. | | `parameters.query` | [`QueryOptionsOverride`](/applications/appkit/reference/appkit#queryoptionsoverride) | TanStack Query options forwarded to `useQuery` (`enabled`, `staleTime`, `refetchInterval`, `select`, …). `queryKey` and `queryFn` are managed by the wrapper. | Returns: UseBalanceReturnType\ — TanStack Query result for the balance read. **Example** ```tsx const { data: balance, isLoading, error } = useBalance(); if (isLoading) { return
Loading...
; } if (error) { return
Error: {error.message}
; } return
Balance: {balance}
; ``` #### useBalanceByAddress [#usebalancebyaddress] React hook reading the Toncoin balance of an arbitrary address through TanStack Query — useful for addresses that aren't tied to the selected wallet (use [`useBalance`](#usebalance) for the selected wallet). | Parameter | Type | Description | | -------------------- | ------------------------------------------------------------------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | `parameters` | [`UseBalanceByAddressParameters`](#usebalancebyaddressparameters) | Target address, optional network override, and TanStack Query overrides. | | `parameters.address` | UserFriendlyAddress \| Address | Wallet address — pass a [`UserFriendlyAddress`](/applications/appkit/reference/appkit#userfriendlyaddress) string or an `Address` instance from `@ton/core`. | | `parameters.network` | Network | Network to read the balance from. Defaults to the selected wallet's network. If no wallet is selected, falls back to AppKit's default network, or mainnet when none is set. | | `parameters.query` | [`QueryOptionsOverride`](/applications/appkit/reference/appkit#queryoptionsoverride) | TanStack Query options forwarded to `useQuery` (`enabled`, `staleTime`, `refetchInterval`, `select`, …). `queryKey` and `queryFn` are managed by the wrapper. | Returns: UseBalanceByAddressReturnType\ — TanStack Query result for the balance read. **Example** ```tsx const { data: balance, isLoading, error, } = useBalanceByAddress({ address: 'EQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAM9c', }); if (isLoading) { return
Loading...
; } if (error) { return
Error: {error.message}
; } return
Balance: {balance}
; ``` #### useWatchBalance [#usewatchbalance] Subscribe to Toncoin balance updates for the currently selected wallet. Updates flow into the TanStack Query cache so [`useBalance`](#usebalance) picks up the new data automatically (use [`useWatchBalanceByAddress`](#usewatchbalancebyaddress) for a fixed address). Requires a streaming provider registered for the network — the hook exits silently with a console warning when none is configured. | Parameter | Type | Description | | --------------------- | -------------------------------------------------------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------- | | `parameters` | [`UseWatchBalanceParameters`](#usewatchbalanceparameters) | Update callback and optional network override. | | `parameters.onChange` | (update: BalanceUpdate) => void | Callback fired on every balance update from the streaming provider. | | `parameters.network` | Network | Network to watch on. Defaults to the selected wallet's network. If no wallet is selected, falls back to AppKit's default network, or mainnet when none is set. | Returns: `void`. **Example** ```tsx const { data: balance } = useBalance(); useWatchBalance(); return
Current balance: {balance}
; ``` #### useWatchBalanceByAddress [#usewatchbalancebyaddress] Subscribe to Toncoin balance updates for an arbitrary address — updates flow into the TanStack Query cache so [`useBalanceByAddress`](#usebalancebyaddress) picks up the new data automatically. Requires a streaming provider registered for the network — the hook exits silently with a console warning when none is configured. | Parameter | Type | Description | | --------------------- | ------------------------------------------------------------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------- | | `parameters`\* | [`UseWatchBalanceByAddressParameters`](#usewatchbalancebyaddressparameters) | Address, update callback and optional network override. | | `parameters.address` | UserFriendlyAddress \| Address | Wallet address — pass a [`UserFriendlyAddress`](/applications/appkit/reference/appkit#userfriendlyaddress) string or an `Address` instance from `@ton/core`. | | `parameters.network` | Network | Network to watch on. Defaults to the selected wallet's network. If no wallet is selected, falls back to AppKit's default network, or mainnet when none is set. | | `parameters.onChange` | (update: BalanceUpdate) => void | Callback fired on every balance update from the streaming provider. | Returns: `void`. **Example** ```tsx const address = 'UQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJKZ'; const network = Network.mainnet(); const { data: balance } = useBalanceByAddress({ address, network }); useWatchBalanceByAddress({ address, network }); return
Current balance: {balance}
; ``` ### Connectors [#connectors] #### useConnectorById [#useconnectorbyid] Look up a connector by its id and stay subscribed to its registration lifecycle — updates when a connector with that id is registered (via AppKit's constructor or [`addConnector`](/applications/appkit/reference/appkit#addconnector)) or unregistered. Returns the matching [`Connector`](/applications/appkit/reference/appkit#connector), or `undefined` when none with that id is currently registered. Use [`useConnectedWallets`](#useconnectedwallets) if you want to react to wallet connect/disconnect events instead. | Parameter | Type | Description | | --------- | -------- | ------------------------------- | | `id`\* | `string` | ID of the connector to look up. | Returns: Connector | undefined — The matching [`Connector`](/applications/appkit/reference/appkit#connector), or `undefined` if none with that id is registered. #### useConnectors [#useconnectors] Read the list of connectors registered on this AppKit instance. Updates when a connector is registered or unregistered (use [`useConnectedWallets`](#useconnectedwallets) to react to wallet connect/disconnect events). Returns: UseConnectorsReturnType — Read-only array of registered [`Connector`](/applications/appkit/reference/appkit#connector)s. ### Crypto Onramp [#crypto-onramp] #### useCreateCryptoOnrampDeposit [#usecreatecryptoonrampdeposit] Create a crypto-onramp deposit from a quote previously obtained via [`useCryptoOnrampQuote`](#usecryptoonrampquote). Call `mutate(options)` where `options` matches [`CreateCryptoOnrampDepositOptions`](/applications/appkit/reference/appkit#createcryptoonrampdepositoptions) (quote, refund address, optional provider override). On success, `data` is the [`CryptoOnrampDeposit`](/applications/appkit/reference/appkit#cryptoonrampdeposit) carrying the address and amount the user must send on the source chain to complete the onramp. Pair with [`useCryptoOnrampStatus`](#usecryptoonrampstatus) to poll the deposit until it settles. | Parameter | Type | Description | | --------------------- | ------------------------------------------------------------------------------------------ | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | `parameters` | [`UseCreateCryptoOnrampDepositParameters`](#usecreatecryptoonrampdepositparameters) | TanStack Query mutation overrides (`parameters.mutation`). | | `parameters.mutation` | [`MutationOptionsOverride`](/applications/appkit/reference/appkit#mutationoptionsoverride) | TanStack Query mutation options forwarded to `useMutation` (`onSuccess`, `onError`, `onMutate`, `retry`, …). `mutationFn`, `mutationKey` and `throwOnError` are managed by the wrapper. | Returns: UseCreateCryptoOnrampDepositReturnType\ — Mutation result for the deposit call. #### useCryptoOnrampContext [#usecryptoonrampcontext] Reads the `CryptoOnrampContext` populated by [`CryptoOnrampWidgetProvider`](#cryptoonrampwidgetprovider) — returns the widget's selection state, quote/deposit data and actions ([`CryptoOnrampContextType`](#cryptoonrampcontexttype)). Returns: CryptoOnrampContextType. #### useCryptoOnrampProvider [#usecryptoonrampprovider] Read a registered crypto-onramp provider by id, or the default provider when no id is given — subscribes to [`watchCryptoOnrampProviders`](/applications/appkit/reference/appkit#watchcryptoonrampproviders) and re-reads via [`getCryptoOnrampProvider`](/applications/appkit/reference/appkit#getcryptoonrampprovider) so the result stays in sync. The read swallows the throw from [`getCryptoOnrampProvider`](/applications/appkit/reference/appkit#getcryptoonrampprovider) (which throws when no provider matches — or when no id is passed and no default has been registered) and yields `undefined` instead. | Parameter | Type | Description | | --------------- | ------------------------------------------------------------------------- | ------------------------------------------------------------------------------ | | `parameters` | [`UseCryptoOnrampProviderParameters`](#usecryptoonrampproviderparameters) | Optional provider id. | | `parameters.id` | `string` | Provider ID to look up. When omitted, returns the registered default provider. | Returns: UseCryptoOnrampProviderReturnType — The matching provider, or `undefined` when none is registered. #### useCryptoOnrampProviders [#usecryptoonrampproviders] List every crypto-onramp provider registered on the AppKit instance (both those passed via [`AppKitConfig`](/applications/appkit/reference/appkit#appkitconfig)'s `providers` and those added later through [`registerProvider`](/applications/appkit/reference/appkit#registerprovider)). Subscribes to [`watchCryptoOnrampProviders`](/applications/appkit/reference/appkit#watchcryptoonrampproviders) and re-reads via [`getCryptoOnrampProviders`](/applications/appkit/reference/appkit#getcryptoonrampproviders) so the array stays in sync. Returns: UseCryptoOnrampProvidersReturnType — Array of registered crypto-onramp providers. #### useCryptoOnrampQuote [#usecryptoonrampquote] Quote a crypto-to-TON onramp — given a source asset/chain and the target TON asset, returns the rate, expected amount and the provider-specific metadata required to feed [`useCreateCryptoOnrampDeposit`](#usecreatecryptoonrampdeposit). `data` is the [`CryptoOnrampQuote`](/applications/appkit/reference/appkit#cryptoonrampquote) payload. | Parameter | Type | Description | | ---------------------------------- | ------------------------------------------------------------------------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | `parameters` | [`UseCryptoOnrampQuoteParameters`](#usecryptoonrampquoteparameters) | Quote inputs and TanStack Query overrides. | | `parameters.amount` | `string` | Amount to onramp (either source or target crypto, depending on isSourceAmount) | | `parameters.sourceCurrencyAddress` | `string` | Source crypto currency address (contract address or 0x0... for native) | | `parameters.sourceChain` | `string` | Source chain identifier in CAIP-2 format (e.g. 'eip155:1' for Ethereum mainnet, 'eip155:42161' for Arbitrum One). Providers map this to their own chain identifiers internally. | | `parameters.targetCurrencyAddress` | `string` | Target crypto currency address on TON (contract address or 0x0... for native) | | `parameters.recipientAddress` | `string` | TON address that will receive the target crypto. | | `parameters.refundAddress` | `string` | Refund address for the source crypto. | | `parameters.isSourceAmount` | `boolean` | If true, `amount` is the source amount to spend. If false, `amount` is the target amount to receive. Defaults to true when omitted. | | `parameters.providerOptions` | `TProviderOptions = unknown` | Provider-specific options. | | `parameters.providerId` | `string` | Provider to quote against. Defaults to the registered default provider. | | `parameters.query` | [`QueryOptionsOverride`](/applications/appkit/reference/appkit#queryoptionsoverride) | TanStack Query options forwarded to `useQuery` (`enabled`, `staleTime`, `refetchInterval`, `select`, …). `queryKey` and `queryFn` are managed by the wrapper. | Returns: UseCryptoOnrampQuoteReturnType\ — TanStack Query result for the quote read. #### useCryptoOnrampStatus [#usecryptoonrampstatus] Read the current status of a crypto-onramp deposit previously created via [`useCreateCryptoOnrampDeposit`](#usecreatecryptoonrampdeposit). Typically polled via `refetchInterval` until `data` reaches a terminal state — `'success'` (delivered to the recipient) or `'failed'` (provider could not complete the deposit). | Parameter | Type | Description | | ----------------------- | ------------------------------------------------------------------------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------- | | `parameters` | [`UseCryptoOnrampStatusParameters`](#usecryptoonrampstatusparameters) | Deposit id, originating provider id and TanStack Query overrides. | | `parameters.depositId` | `string` | Deposit id. | | `parameters.providerId` | `string` | Identifier of the provider that issued this deposit. | | `parameters.query` | [`QueryOptionsOverride`](/applications/appkit/reference/appkit#queryoptionsoverride) | TanStack Query options forwarded to `useQuery` (`enabled`, `staleTime`, `refetchInterval`, `select`, …). `queryKey` and `queryFn` are managed by the wrapper. | Returns: UseCryptoOnrampStatusReturnType\ — TanStack Query result for the status read. ### Jettons [#jettons] #### useJettonBalanceByAddress [#usejettonbalancebyaddress] React hook reading a jetton balance for a given owner through TanStack Query — derives the owner's jetton-wallet address from the master and formats the balance using the supplied decimals. | Parameter | Type | Description | | --------------------------- | -------------------------------------------------------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | `parameters` | [`UseJettonBalanceByAddressParameters`](#usejettonbalancebyaddressparameters) | Jetton master, owner address, decimals, optional network override and TanStack Query overrides. | | `parameters.jettonAddress` | UserFriendlyAddress | Jetton master contract address (the token, not the user's wallet for it). | | `parameters.ownerAddress` | UserFriendlyAddress | Owner of the jetton wallet — typically the connected user's address. | | `parameters.jettonDecimals` | `number` | Decimals declared by the jetton master. Used to format the raw balance into a human-readable string. | | `parameters.network` | Network | Network to read the balance from. Defaults to the selected wallet's network. If no wallet is selected, falls back to AppKit's default network, or mainnet when none is set. | | `parameters.query` | [`QueryOptionsOverride`](/applications/appkit/reference/appkit#queryoptionsoverride) | TanStack Query options forwarded to `useQuery` (`enabled`, `staleTime`, `refetchInterval`, `select`, …). `queryKey` and `queryFn` are managed by the wrapper. | Returns: UseJettonBalanceByAddressReturnType\ — TanStack Query result for the jetton balance read. **Example** ```tsx const { data: balance, isLoading, error, } = useJettonBalanceByAddress({ ownerAddress: 'EQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAM9c', jettonAddress: 'EQCxE6mUtQJKFnGfaROTKOt1lZbDiiXme1Xc56Iwobkzgnjj', }); if (isLoading) { return
Loading...
; } if (error) { return
Error: {error.message}
; } return
Jetton Balance: {balance}
; ``` #### useJettonInfo [#usejettoninfo] React hook reading jetton-master metadata (name, symbol, decimals, image, description) through TanStack Query. | Parameter | Type | Description | | -------------------- | -------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------- | | `parameters` | [`UseJettonInfoParameters`](#usejettoninfoparameters) | Jetton master address, optional network override and TanStack Query overrides. | | `parameters.address` | UserFriendlyAddress | Jetton master contract address whose metadata is being fetched. | | `parameters.network` | Network | Network to query. Defaults to the selected wallet's network. If no wallet is selected, falls back to AppKit's default network, or mainnet when none is set. | | `parameters.query` | [`QueryOptionsOverride`](/applications/appkit/reference/appkit#queryoptionsoverride) | TanStack Query options forwarded to `useQuery` (`enabled`, `staleTime`, `refetchInterval`, `select`, …). `queryKey` and `queryFn` are managed by the wrapper. | Returns: UseJettonInfoReturnType\ — TanStack Query result for the jetton info read. **Example** ```tsx const { data: info, isLoading, error, } = useJettonInfo({ address: 'EQCxE6mUtQJKFnGfaROTKOt1lZbDiiXme1Xc56Iwobkzgnjj', }); if (isLoading) { return
Loading...
; } if (error) { return
Error: {error.message}
; } return (

Jetton Info

Name: {info?.name}

Symbol: {info?.symbol}

Decimals: {info?.decimals}

); ``` #### useJettonWalletAddress [#usejettonwalletaddress] React hook deriving the owner's jetton-wallet address — the per-owner contract that actually holds the jetton balance for a given master — through TanStack Query. | Parameter | Type | Description | | -------------------------- | -------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------- | | `parameters` | [`UseJettonWalletAddressParameters`](#usejettonwalletaddressparameters) | Jetton master, owner address, optional network override and TanStack Query overrides. | | `parameters.jettonAddress` | UserFriendlyAddress | Jetton master contract address. | | `parameters.ownerAddress` | UserFriendlyAddress | Owner whose jetton wallet should be derived. | | `parameters.network` | Network | Network to query. Defaults to the selected wallet's network. If no wallet is selected, falls back to AppKit's default network, or mainnet when none is set. | | `parameters.query` | [`QueryOptionsOverride`](/applications/appkit/reference/appkit#queryoptionsoverride) | TanStack Query options forwarded to `useQuery` (`enabled`, `staleTime`, `refetchInterval`, `select`, …). `queryKey` and `queryFn` are managed by the wrapper. | Returns: `UseQueryReturnType` — TanStack Query result for the jetton-wallet address read. **Example** ```tsx const { data: walletAddress, isLoading, error, } = useJettonWalletAddress({ ownerAddress: 'EQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAM9c', jettonAddress: 'EQCxE6mUtQJKFnGfaROTKOt1lZbDiiXme1Xc56Iwobkzgnjj', }); if (isLoading) { return
Loading...
; } if (error) { return
Error: {error.message}
; } return
Jetton Wallet Address: {walletAddress}
; ``` #### useJettons [#usejettons] React hook listing jettons held by the currently selected wallet through TanStack Query — auto-resolves the wallet address (use [`useJettonsByAddress`](#usejettonsbyaddress) for an arbitrary address). | Parameter | Type | Description | | -------------------- | ------------------------------------------------------------------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | `parameters` | [`UseJettonsParameters`](#usejettonsparameters) | TanStack Query overrides (`select`, `enabled`, `staleTime`, …), pagination and an optional network override. | | `parameters.address` | UserFriendlyAddress \| Address | Owner address — pass a [`UserFriendlyAddress`](/applications/appkit/reference/appkit#userfriendlyaddress) string or an `Address` instance from `@ton/core`. | | `parameters.network` | Network | Network to read the jettons from. Defaults to the selected wallet's network. If no wallet is selected, falls back to AppKit's default network, or mainnet when none is set. | | `parameters.limit` | `number` | Maximum number of jettons to return. | | `parameters.offset` | `number` | Number of jettons to skip before returning results — used for pagination. | | `parameters.query` | [`QueryOptionsOverride`](/applications/appkit/reference/appkit#queryoptionsoverride) | TanStack Query options forwarded to `useQuery` (`enabled`, `staleTime`, `refetchInterval`, `select`, …). `queryKey` and `queryFn` are managed by the wrapper. | Returns: UseJettonsReturnType\ — TanStack Query result for the jettons list. **Example** ```tsx const { data: jettons, isLoading, error } = useJettons(); if (isLoading) { return
Loading...
; } if (error) { return
Error: {error.message}
; } return (

Jettons

{jettons?.jettons.map((jetton) => (
{jetton.info.name}: {jetton.balance}
))}

); ``` #### useJettonsByAddress [#usejettonsbyaddress] React hook listing jettons held by an arbitrary address through TanStack Query — useful for wallets that aren't selected in AppKit (use [`useJettons`](#usejettons) for the selected wallet). | Parameter | Type | Description | | -------------------- | ------------------------------------------------------------------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | `parameters` | [`UseJettonsByAddressParameters`](#usejettonsbyaddressparameters) | Owner address, optional network override, pagination and TanStack Query overrides. | | `parameters.address` | UserFriendlyAddress \| Address | Owner address — pass a [`UserFriendlyAddress`](/applications/appkit/reference/appkit#userfriendlyaddress) string or an `Address` instance from `@ton/core`. | | `parameters.network` | Network | Network to read the jettons from. Defaults to the selected wallet's network. If no wallet is selected, falls back to AppKit's default network, or mainnet when none is set. | | `parameters.limit` | `number` | Maximum number of jettons to return. | | `parameters.offset` | `number` | Number of jettons to skip before returning results — used for pagination. | | `parameters.query` | [`QueryOptionsOverride`](/applications/appkit/reference/appkit#queryoptionsoverride) | TanStack Query options forwarded to `useQuery` (`enabled`, `staleTime`, `refetchInterval`, `select`, …). `queryKey` and `queryFn` are managed by the wrapper. | Returns: UseJettonsByAddressReturnType\ — TanStack Query result for the jettons list. **Example** ```tsx const { data: jettons, isLoading, error, } = useJettonsByAddress({ address: 'EQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAM9c', }); if (isLoading) { return
Loading...
; } if (error) { return
Error: {error.message}
; } return (

Jettons

{jettons?.jettons.map((jetton) => (
{jetton.info.name}: {jetton.balance}
))}

); ``` #### useTransferJetton [#usetransferjetton] Transfer a jetton from the selected wallet in one step — derives the owner's jetton-wallet from the master address, builds the transfer message, signs it through the wallet and broadcasts it. Call `mutate` with the `jettonAddress` (master), the `recipientAddress`, an `amount` (in jetton units as a human-readable decimal — converted into raw smallest units using `jettonDecimals`), the `jettonDecimals` itself and an optional `comment`. On success, `data` carries the BoC and normalized hash of the broadcast transaction. Throws `Error('Wallet not connected')` if no wallet is currently selected — TanStack Query surfaces it via the mutation's `error`. | Parameter | Type | Description | | --------------------- | ------------------------------------------------------------------------------------------ | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | `parameters` | [`UseTransferJettonParameters`](#usetransferjettonparameters) | TanStack Query mutation overrides. | | `parameters.mutation` | [`MutationOptionsOverride`](/applications/appkit/reference/appkit#mutationoptionsoverride) | TanStack Query mutation options forwarded to `useMutation` (`onSuccess`, `onError`, `onMutate`, `retry`, …). `mutationFn`, `mutationKey` and `throwOnError` are managed by the wrapper. | Returns: UseTransferJettonReturnType\ — Mutation result for the jetton transfer call. **Example** ```tsx const { mutate: transfer, isPending, error } = useTransferJetton(); const handleTransfer = () => { transfer({ recipientAddress: 'EQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAM9c', amount: '100', // 100 USDT jettonAddress: 'EQCxE6mUtQJKFnGfaROTKOt1lZbDiiX1kCixRv7Nw2Id_sDs', jettonDecimals: 6, }); }; return (
{error &&
Error: {error.message}
}
); ``` #### useWatchJettons [#usewatchjettons] Subscribe to jetton-balance updates for the currently selected wallet. Updates flow into the TanStack Query cache so [`useJettons`](#usejettons) picks up the new data automatically (use [`useWatchJettonsByAddress`](#usewatchjettonsbyaddress) for a fixed address). Requires a streaming provider registered for the network — the hook exits silently with a console warning when none is configured. | Parameter | Type | Description | | --------------------- | ------------------------------------------------------------------------------------------------------------ | -------------------------------------------------------------------------- | | `parameters` | [`UseWatchJettonsParameters`](#usewatchjettonsparameters) | Update callback and optional network override. | | `parameters.onChange` | (update: JettonUpdate) => void | Callback fired on every jetton-balance update from the streaming provider. | | `parameters.network` | Network | Network to watch on. Defaults to the selected wallet's network. | Returns: `void`. **Example** ```tsx const { data: jettons } = useJettons(); useWatchJettons(); return (

Your Jettons:

{jettons?.jettons.map((j) => (
{j.info.name}: {j.balance}
))}

); ``` #### useWatchJettonsByAddress [#usewatchjettonsbyaddress] Subscribe to jetton-balance updates for an arbitrary owner address. Updates flow into the TanStack Query cache so [`useJettonsByAddress`](#usejettonsbyaddress) and [`useJettonBalanceByAddress`](#usejettonbalancebyaddress) pick up the new data automatically. Requires a streaming provider registered for the network — the hook exits silently with a console warning when none is configured. | Parameter | Type | Description | | --------------------- | ------------------------------------------------------------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------- | | `parameters`\* | [`UseWatchJettonsByAddressParameters`](#usewatchjettonsbyaddressparameters) | Owner address, update callback and optional network override. | | `parameters.address` | UserFriendlyAddress \| Address | Owner address — pass a [`UserFriendlyAddress`](/applications/appkit/reference/appkit#userfriendlyaddress) string or an `Address` instance from `@ton/core`. | | `parameters.onChange` | (update: JettonUpdate) => void | Callback fired on every jetton-balance update from the streaming provider. | | `parameters.network` | Network | Network to watch on. Defaults to the selected wallet's network. If no wallet is selected, falls back to AppKit's default network, or mainnet when none is set. | Returns: `void`. **Example** ```tsx const address = 'UQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJKZ'; const { data: jettons } = useJettonsByAddress({ address }); useWatchJettonsByAddress({ address }); return (

Jettons for {address}:

{jettons?.jettons.map((j) => (
{j.info.name}: {j.balance}
))}

); ``` ### NFTs [#nfts] #### useNft [#usenft] React hook reading metadata and ownership for a single NFT through TanStack Query, keyed by its contract address. `data` is `null` when the indexer has no record. | Parameter | Type | Description | | -------------------- | ------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------ | | `parameters` | [`UseNftParameters`](#usenftparameters) | NFT address, optional network override, and TanStack Query overrides. | | `parameters.address` | UserFriendlyAddress \| Address | NFT contract address — pass a [`UserFriendlyAddress`](/applications/appkit/reference/appkit#userfriendlyaddress) string or an `Address` instance from `@ton/core`. | | `parameters.network` | Network | Network to query. Defaults to the selected wallet's network. If no wallet is selected, falls back to AppKit's default network, or mainnet when none is set. | | `parameters.query` | [`QueryOptionsOverride`](/applications/appkit/reference/appkit#queryoptionsoverride) | TanStack Query options forwarded to `useQuery` (`enabled`, `staleTime`, `refetchInterval`, `select`, …). `queryKey` and `queryFn` are managed by the wrapper. | Returns: UseNftReturnType\ — TanStack Query result for the NFT read. **Example** ```tsx const { data: nft, isLoading, error, } = useNft({ address: 'EQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAM9c', }); if (isLoading) { return
Loading...
; } if (error) { return
Error: {error.message}
; } return (

NFT Details

Name: {nft?.info?.name}

Collection: {nft?.collection?.name}

Owner: {nft?.ownerAddress}

); ``` #### useNfts [#usenfts] React hook that reads NFTs held by the currently selected wallet through TanStack Query — auto-resolves the wallet address (use [`useNftsByAddress`](#usenftsbyaddress) for an arbitrary address). | Parameter | Type | Description | | -------------------- | ------------------------------------------------------------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | `parameters` | [`UseNFTsParameters`](#usenftsparameters) | Optional pagination, network override, and TanStack Query overrides. | | `parameters.address` | UserFriendlyAddress \| Address | Owner address — pass a [`UserFriendlyAddress`](/applications/appkit/reference/appkit#userfriendlyaddress) string or an `Address` instance from `@ton/core`. | | `parameters.network` | Network | Network to read NFTs from. Defaults to the selected wallet's network. If no wallet is selected, falls back to AppKit's default network, or mainnet when none is set. | | `parameters.limit` | `number` | Maximum number of NFTs to return. | | `parameters.offset` | `number` | Number of NFTs to skip before returning results — used for pagination. | | `parameters.query` | [`QueryOptionsOverride`](/applications/appkit/reference/appkit#queryoptionsoverride) | TanStack Query options forwarded to `useQuery` (`enabled`, `staleTime`, `refetchInterval`, `select`, …). `queryKey` and `queryFn` are managed by the wrapper. | Returns: UseNFTsReturnType\ — TanStack Query result for the NFTs read. **Example** ```tsx const { data: nfts, isLoading, error, } = useNfts({ limit: 10, }); if (isLoading) { return
Loading...
; } if (error) { return
Error: {error.message}
; } return (

My NFTs

{nfts?.nfts.map((nft) => (
{nft.info?.name} ({nft.collection?.name})
))}

); ``` #### useNftsByAddress [#usenftsbyaddress] React hook that reads NFTs held by an arbitrary address through TanStack Query — useful for wallets that aren't selected in AppKit (use [`useNfts`](#usenfts) for the selected wallet). | Parameter | Type | Description | | -------------------- | ------------------------------------------------------------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | `parameters` | [`UseNFTsByAddressParameters`](#usenftsbyaddressparameters) | Owner address, optional pagination and network override, plus TanStack Query overrides. | | `parameters.address` | UserFriendlyAddress \| Address | Owner address — pass a [`UserFriendlyAddress`](/applications/appkit/reference/appkit#userfriendlyaddress) string or an `Address` instance from `@ton/core`. | | `parameters.network` | Network | Network to read NFTs from. Defaults to the selected wallet's network. If no wallet is selected, falls back to AppKit's default network, or mainnet when none is set. | | `parameters.limit` | `number` | Maximum number of NFTs to return. | | `parameters.offset` | `number` | Number of NFTs to skip before returning results — used for pagination. | | `parameters.query` | [`QueryOptionsOverride`](/applications/appkit/reference/appkit#queryoptionsoverride) | TanStack Query options forwarded to `useQuery` (`enabled`, `staleTime`, `refetchInterval`, `select`, …). `queryKey` and `queryFn` are managed by the wrapper. | Returns: UseNFTsByAddressReturnType\ — TanStack Query result for the NFTs read. **Example** ```tsx const { data: nfts, isLoading, error, } = useNftsByAddress({ address: 'EQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAM9c', limit: 10, }); if (isLoading) { return
Loading...
; } if (error) { return
Error: {error.message}
; } return (

NFTs

{nfts?.nfts.map((nft) => (
{nft.info?.name} ({nft.collection?.name})
))}

); ``` #### useTransferNft [#usetransfernft] Transfer an NFT from the selected wallet in one step — builds the ownership-transfer message and broadcasts it. Call `mutate` with an `nftAddress`, the `recipientAddress`, an optional `amount` (the TON attached for gas — defaults to AppKit's NFT gas-fee constant when omitted) and an optional `comment`. On success, `data` carries the BoC and normalized hash of the broadcast transaction. Throws `Error('Wallet not connected')` if no wallet is currently selected — TanStack Query surfaces it via the mutation's `error`. | Parameter | Type | Description | | --------------------- | ------------------------------------------------------------------------------------------ | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | `parameters` | [`UseTransferNftParameters`](#usetransfernftparameters) | TanStack Query mutation overrides. | | `parameters.mutation` | [`MutationOptionsOverride`](/applications/appkit/reference/appkit#mutationoptionsoverride) | TanStack Query mutation options forwarded to `useMutation` (`onSuccess`, `onError`, `onMutate`, `retry`, …). `mutationFn`, `mutationKey` and `throwOnError` are managed by the wrapper. | Returns: UseTransferNftReturnType\ — Mutation result for the transfer call. **Example** ```tsx const { mutate: transfer, isPending, error } = useTransferNft(); const handleTransfer = () => { transfer({ nftAddress: 'EQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAM9c', recipientAddress: 'EQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAM9c', comment: 'Gift for you', }); }; return (
{error &&
Error: {error.message}
}
); ``` ### Networks [#networks] #### useBlockNumber [#useblocknumber] React hook reading the latest masterchain seqno through TanStack Query — useful for freshness checks and pagination cursors. | Parameter | Type | Description | | -------------------- | ------------------------------------------------------------------------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------- | | `parameters` | [`UseBlockNumberParameters`](#useblocknumberparameters) | TanStack Query overrides and optional network. | | `parameters.network` | Network | Network to query. Defaults to mainnet when omitted. | | `parameters.query` | [`QueryOptionsOverride`](/applications/appkit/reference/appkit#queryoptionsoverride) | TanStack Query options forwarded to `useQuery` (`enabled`, `staleTime`, `refetchInterval`, `select`, …). `queryKey` and `queryFn` are managed by the wrapper. | Returns: UseBlockNumberReturnType\ — TanStack Query result for the seqno read. #### useDefaultNetwork [#usedefaultnetwork] Read and write AppKit's default network — the network connectors use for new wallet connections. Returns a `useState`-style tuple. The read side updates when the default changes through any source (this hook, [`setDefaultNetwork`](/applications/appkit/reference/appkit#setdefaultnetwork), manager events). Returns: UseDefaultNetworkReturnType — Tuple `[network, setNetwork]`. #### useNetwork [#usenetwork] Read the [`Network`](/applications/appkit/reference/appkit#network) the selected wallet is connected to. Updates when the wallet's network changes (e.g. user switches mainnet/testnet inside the wallet). Returns: UseNetworkReturnType — Selected wallet's network, or `undefined` when no wallet is selected. #### useNetworks [#usenetworks] Read the list of networks configured on AppKit. Updates when [`AppKitNetworkManager`](/applications/appkit/reference/appkit#appkitnetworkmanager) adds, replaces or drops a network. Returns: UseNetworksReturnType — Array of configured [`Network`](/applications/appkit/reference/appkit#network)s. ### Settings [#settings] #### useAppKit [#useappkit] Read the [`AppKit`](/applications/appkit/reference/appkit#appkit) instance hosted by [`AppKitProvider`](#appkitprovider). Throws when the hook is rendered outside the provider tree. Returns: AppKit — The AppKit instance shared with descendant hooks/components. #### useAppKitTheme [#useappkittheme] State hook that mirrors the active appkit-react theme to `document.body[data-ta-theme]` — returns a `[theme, setTheme]` tuple just like `useState`. Returns: `readonly [string, Dispatch>]` — Tuple `[theme, setTheme]` for reading and switching the active theme. #### useI18n [#usei18n] Read the i18n context published by [`I18nProvider`](#i18nprovider) (or the wrapping [`AppKitProvider`](#appkitprovider)). Returns the active locale, translation function and helpers to switch locales or merge dictionaries. Throws when rendered outside the provider tree. Returns: I18nContextType — The i18n context ([`I18nContextType`](#i18ncontexttype)) with `activeLocale`, `t`, `locale` and `addDict`. ### Signing [#signing] #### useSignBinary [#usesignbinary] Ask the selected wallet to sign an opaque binary blob (Base64-encoded), without on-chain structure. Call `mutate` from an event handler with the `bytes` to sign and an optional `network` override. On success, `data` carries the signature plus the signer address, timestamp and dApp domain the wallet bound to the signature. Throws `Error('Wallet not connected')` if no wallet is currently selected — TanStack Query surfaces it via the mutation's `error`. | Parameter | Type | Description | | --------------------- | ------------------------------------------------------------------------------------------ | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | `parameters` | [`UseSignBinaryParameters`](#usesignbinaryparameters) | TanStack Query mutation overrides. | | `parameters.mutation` | [`MutationOptionsOverride`](/applications/appkit/reference/appkit#mutationoptionsoverride) | TanStack Query mutation options forwarded to `useMutation` (`onSuccess`, `onError`, `onMutate`, `retry`, …). `mutationFn`, `mutationKey` and `throwOnError` are managed by the wrapper. | Returns: UseSignBinaryReturnType\ — Mutation result for the signing call. #### useSignCell [#usesigncell] Ask the selected wallet to sign a TON cell — typically so the signature can later be verified on-chain by a contract. Call `mutate` from an event handler with the `cell` content, a TL-B-style `schema` (used by the wallet to render the payload to the user before signing) and an optional `network` override. On success, `data` carries the signature plus the signer address, timestamp and dApp domain. Throws `Error('Wallet not connected')` if no wallet is currently selected — TanStack Query surfaces it via the mutation's `error`. | Parameter | Type | Description | | --------------------- | ------------------------------------------------------------------------------------------ | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | `parameters` | [`UseSignCellParameters`](#usesigncellparameters) | TanStack Query mutation overrides. | | `parameters.mutation` | [`MutationOptionsOverride`](/applications/appkit/reference/appkit#mutationoptionsoverride) | TanStack Query mutation options forwarded to `useMutation` (`onSuccess`, `onError`, `onMutate`, `retry`, …). `mutationFn`, `mutationKey` and `throwOnError` are managed by the wrapper. | Returns: UseSignCellReturnType\ — Mutation result for the signing call. #### useSignText [#usesigntext] Ask the selected wallet to sign a plain-text message — useful for off-chain login proofs and signed challenges. Call `mutate` from an event handler with the `text` to sign and an optional `network` override. On success, `data` carries the signature plus the canonicalized signer address, timestamp and dApp domain the wallet bound to the signature. Throws `Error('Wallet not connected')` if no wallet is currently selected — TanStack Query surfaces it via the mutation's `error`. | Parameter | Type | Description | | --------------------- | ------------------------------------------------------------------------------------------ | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | `parameters` | [`UseSignTextParameters`](#usesigntextparameters) | TanStack Query mutation overrides. | | `parameters.mutation` | [`MutationOptionsOverride`](/applications/appkit/reference/appkit#mutationoptionsoverride) | TanStack Query mutation options forwarded to `useMutation` (`onSuccess`, `onError`, `onMutate`, `retry`, …). `mutationFn`, `mutationKey` and `throwOnError` are managed by the wrapper. | Returns: UseSignTextReturnType\ — Mutation result for the signing call. ### Staking [#staking] #### useBuildStakeTransaction [#usebuildstaketransaction] Build a stake/unstake [`TransactionRequest`](/applications/appkit/reference/appkit#transactionrequest) from a [`StakingQuote`](/applications/appkit/reference/appkit#stakingquote) (obtained via [`useStakingQuote`](#usestakingquote)) without sending it — lets the UI inspect, batch, or pass the request to [`useSendTransaction`](#usesendtransaction) separately. Call `mutate(params)` where `params` matches [`BuildStakeTransactionOptions`](/applications/appkit/reference/appkit#buildstaketransactionoptions) (quote + user address, optional provider override). The resulting `TransactionRequest` is in `data` once the mutation resolves. Returns: UseBuildStakeTransactionReturnType\ — Mutation result for the build call. #### useStakedBalance [#usestakedbalance] React hook reading a user's staked balance from a staking provider through TanStack Query — total staked plus, depending on the provider, any instant-unstake balance available right now. Defaults to the selected wallet's network. If no wallet is selected, falls back to AppKit's default network, or mainnet when none is set. | Parameter | Type | Description | | ------------------------ | -------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------- | | `parameters` | [`UseStakedBalanceParameters`](#usestakedbalanceparameters) | Owner address, optional `providerId`, optional network override, and TanStack Query overrides. | | `parameters.userAddress` | UserFriendlyAddress | Owner whose staked balance should be read. | | `parameters.network` | Network | Network to query. Defaults to the selected wallet's network. If no wallet is selected, falls back to AppKit's default network, or mainnet when none is set. | | `parameters.providerId` | `string` | Provider to query. Defaults to the registered default staking provider. | | `parameters.query` | [`QueryOptionsOverride`](/applications/appkit/reference/appkit#queryoptionsoverride) | TanStack Query options forwarded to `useQuery` (`enabled`, `staleTime`, `refetchInterval`, `select`, …). `queryKey` and `queryFn` are managed by the wrapper. | Returns: UseStakedBalanceReturnType\ — TanStack Query result for the staked-balance read. #### useStakingContext [#usestakingcontext] Reads the [`StakingContextType`](#stakingcontexttype) from the nearest [`StakingWidgetProvider`](#stakingwidgetprovider) (or [`StakingWidget`](#stakingwidget)). Outside a provider, returns the default context (empty inputs, no-op actions) so a custom UI can still mount without crashing. Returns: StakingContextType. #### useStakingProvider [#usestakingprovider] React hook returning a registered staking provider. Subscribes to provider-registry changes via [`watchStakingProviders`](/applications/appkit/reference/appkit#watchstakingproviders) and looks up by `id`, or returns the registered default when no id is given. Returns `undefined` when no provider matches and no default has been registered (where the underlying [`getStakingProvider`](/applications/appkit/reference/appkit#getstakingprovider) action would throw). | Parameter | Type | Description | | --------------- | --------------------------------------------------------------- | -------------------------------------------------------------------------------------- | | `parameters` | [`UseStakingProviderParameters`](#usestakingproviderparameters) | Optional provider id. | | `parameters.id` | `string` | Provider ID to look up. When omitted, returns the registered default staking provider. | Returns: UseStakingProviderReturnType — Matching staking provider instance, or `undefined` when none resolves. #### useStakingProviderInfo [#usestakingproviderinfo] React hook reading live staking-pool info for a provider through TanStack Query — APY, instant-unstake liquidity and (for liquid staking) the current exchange rate. Use [`useStakingProviderMetadata`](#usestakingprovidermetadata) for static metadata (name, stake/receive tokens, supported unstake modes). Defaults to the selected wallet's network. If no wallet is selected, falls back to AppKit's default network, or mainnet when none is set. | Parameter | Type | Description | | ----------------------- | ------------------------------------------------------------------------------------ | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | `parameters` | [`UseStakingProviderInfoParameters`](#usestakingproviderinfoparameters) | Optional `providerId`, network override, and TanStack Query overrides. | | `parameters.network` | Network | Network whose staking pool should be inspected. Defaults to the selected wallet's network. If no wallet is selected, falls back to AppKit's default network, or mainnet when none is set. | | `parameters.providerId` | `string` | Provider to query. Defaults to the registered default staking provider. | | `parameters.query` | [`QueryOptionsOverride`](/applications/appkit/reference/appkit#queryoptionsoverride) | TanStack Query options forwarded to `useQuery` (`enabled`, `staleTime`, `refetchInterval`, `select`, …). `queryKey` and `queryFn` are managed by the wrapper. | Returns: UseStakingProviderInfoReturnType\ — TanStack Query result for the live provider info. #### useStakingProviderMetadata [#usestakingprovidermetadata] Read static metadata for a staking provider — display name, stake/receive tokens, supported unstake modes and contract address. Returns `undefined` when no provider matches and no default is registered. Use [`useStakingProviderInfo`](#usestakingproviderinfo) for live values (APY, instant-unstake liquidity, exchange rate). Defaults to the selected wallet's network. If no wallet is selected, falls back to AppKit's default network, or mainnet when none is set. | Parameter | Type | Description | | ----------------------- | -------------------------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | `parameters` | [`UseStakingProviderMetadataParameters`](#usestakingprovidermetadataparameters) | Optional `providerId` and network override. | | `parameters.network` | Network | Network whose provider metadata should be read. Defaults to the selected wallet's network. If no wallet is selected, falls back to AppKit's default network, or mainnet when none is set. | | `parameters.providerId` | `string` | Provider to query. Defaults to the registered default staking provider. | Returns: StakingProviderMetadata | undefined — Static [`StakingProviderMetadata`](/applications/appkit/reference/appkit#stakingprovidermetadata), or `undefined` when the provider can't be resolved. #### useStakingProviders [#usestakingproviders] React hook returning every staking provider registered on the AppKit instance (both those passed via config and those added later). Subscribes to provider-registry changes via [`watchStakingProviders`](/applications/appkit/reference/appkit#watchstakingproviders). Returns: UseStakingProvidersReturnType — Array of registered staking providers. #### useStakingQuote [#usestakingquote] Quote a stake or unstake — given an amount, direction (`'stake'` / `'unstake'`) and the target asset, returns the rate, expected output and the provider-specific metadata required to feed [`useBuildStakeTransaction`](#usebuildstaketransaction). `data` is the [`StakingQuote`](/applications/appkit/reference/appkit#stakingquote) payload. Defaults to the selected wallet's network. If no wallet is selected, falls back to AppKit's default network, or mainnet when none is set. | Parameter | Type | Description | | ---------------------------- | ------------------------------------------------------------------------------------------------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | | `parameters` | [`UseStakingQuoteParameters`](#usestakingquoteparameters) | Quote parameters, optional `providerId`, optional network override, and TanStack Query overrides. | | `parameters.direction` | StakingQuoteDirection | Direction of the quote (stake or unstake) | | `parameters.amount` | `string` | Amount of tokens to stake or unstake. | | `parameters.userAddress` | UserFriendlyAddress | Address of the user. | | `parameters.network` | Network | Network on which the staking will be executed. | | `parameters.unstakeMode` | UnstakeModes | Unstake-timing mode the quote should target — see [`UnstakeMode`](/applications/appkit/reference/appkit#unstakemode) for the supported flavours (`'INSTANT'`, `'WHEN_AVAILABLE'`, `'ROUND_END'`). Only meaningful when `direction === 'unstake'` and the provider lists the mode in `supportedUnstakeModes`. | | `parameters.isReversed` | `boolean` | If true, for unstake requests the amount is specified in the staking coin (e.g. TON) instead of the Liquid Staking Token (e.g. tsTON). | | `parameters.providerOptions` | `TProviderOptions = unknown` | Provider-specific options. | | `parameters.providerId` | `string` | Provider to quote against. Defaults to the registered default staking provider. | | `parameters.query` | [`QueryOptionsOverride`](/applications/appkit/reference/appkit#queryoptionsoverride) | TanStack Query options forwarded to `useQuery` (`enabled`, `staleTime`, `refetchInterval`, `select`, …). `queryKey` and `queryFn` are managed by the wrapper. | Returns: UseStakingQuoteReturnType\ — TanStack Query result for the quote read. ### Swap [#swap] #### useBuildSwapTransaction [#usebuildswaptransaction] Build a swap [`TransactionRequest`](/applications/appkit/reference/appkit#transactionrequest) from a [`SwapQuote`](/applications/appkit/reference/appkit#swapquote) (obtained via [`useSwapQuote`](#useswapquote)) without sending it — lets the UI inspect, batch, or pass the request to [`useSendTransaction`](#usesendtransaction) separately. Call `mutate(params)` where `params` matches [`BuildSwapTransactionOptions`](/applications/appkit/reference/appkit#buildswaptransactionoptions) (quote, user address, optional slippage/deadline overrides). The resulting `TransactionRequest` is in `data` once the mutation resolves. | Parameter | Type | Description | | --------------------- | ------------------------------------------------------------------------------------------ | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | `parameters` | [`UseBuildSwapTransactionParameters`](#usebuildswaptransactionparameters) | TanStack Query mutation overrides. | | `parameters.mutation` | [`MutationOptionsOverride`](/applications/appkit/reference/appkit#mutationoptionsoverride) | TanStack Query mutation options forwarded to `useMutation` (`onSuccess`, `onError`, `onMutate`, `retry`, …). `mutationFn`, `mutationKey` and `throwOnError` are managed by the wrapper. | Returns: UseBuildSwapTransactionReturnType\ — Mutation result for the build call. #### useSwapContext [#useswapcontext] Reads the [`SwapContextType`](#swapcontexttype) populated by the nearest [`SwapWidgetProvider`](#swapwidgetprovider) (or the [`SwapWidget`](#swapwidget) that mounts one). Outside a provider it returns the no-op default value. Returns: SwapContextType. #### useSwapProvider [#useswapprovider] Read and switch the default swap provider — subscribes to [`watchSwapProviders`](/applications/appkit/reference/appkit#watchswapproviders) and re-reads via [`getSwapProvider`](/applications/appkit/reference/appkit#getswapprovider). Returns a `useState`-style tuple. The read swallows the throw from [`getSwapProvider`](/applications/appkit/reference/appkit#getswapprovider) (which throws when no provider matches — or when no id is passed and no default has been registered) and yields `undefined` instead. Returns: UseSwapProviderReturnType — Tuple `[provider, setProviderId]`. #### useSwapProviders [#useswapproviders] List every swap provider registered on the AppKit instance (both those passed via [`AppKitConfig`](/applications/appkit/reference/appkit#appkitconfig)'s `providers` and those added later through [`registerProvider`](/applications/appkit/reference/appkit#registerprovider)). Subscribes to [`watchSwapProviders`](/applications/appkit/reference/appkit#watchswapproviders) and re-reads via [`getSwapProviders`](/applications/appkit/reference/appkit#getswapproviders) so the array stays in sync. Returns: UseSwapProvidersReturnType — Array of registered swap providers. #### useSwapQuote [#useswapquote] Quote a swap — given source/target tokens and an amount, returns the rate, expected output and the provider-specific metadata required to feed [`useBuildSwapTransaction`](#usebuildswaptransaction). `data` is the [`SwapQuote`](/applications/appkit/reference/appkit#swapquote) payload. The `network` field defaults to the selected wallet's network. If no wallet is selected, falls back to AppKit's default network, or mainnet when none is set. | Parameter | Type | Description | | -------------------------------- | ------------------------------------------------------------------------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------- | | `parameters` | [`UseSwapQuoteParameters`](#useswapquoteparameters) | Source and target tokens, amount, optional network/provider override, and TanStack Query overrides. | | `parameters.amount` | `string` | Amount of tokens to swap (incoming or outgoing depending on isReverseSwap) | | `parameters.from` | SwapToken | Token to swap from. | | `parameters.to` | SwapToken | Token to swap to. | | `parameters.network` | Network | Network on which the swap will be executed. | | `parameters.slippageBps` | `number` | Slippage tolerance in basis points (1 bp = 0.01%) | | `parameters.maxOutgoingMessages` | `number` | Maximum number of outgoing messages | | `parameters.providerOptions` | `TProviderOptions = unknown` | Provider-specific options. | | `parameters.isReverseSwap` | `boolean` | If true, amount is the amount to receive (buy). If false, amount is the amount to spend (sell). | | `parameters.providerId` | `string` | Provider to quote against. Defaults to the registered default swap provider. | | `parameters.query` | [`QueryOptionsOverride`](/applications/appkit/reference/appkit#queryoptionsoverride) | TanStack Query options forwarded to `useQuery` (`enabled`, `staleTime`, `refetchInterval`, `select`, …). `queryKey` and `queryFn` are managed by the wrapper. | Returns: UseSwapQuoteReturnType\ — TanStack Query result for the swap quote. ### Transactions [#transactions] #### useSendTransaction [#usesendtransaction] Hand a pre-built [`TransactionRequest`](/applications/appkit/reference/appkit#transactionrequest) to the selected wallet for signing and broadcast — typically the second step after a `buildX` / `createX` action (e.g. [`useBuildSwapTransaction`](#usebuildswaptransaction), [`useBuildStakeTransaction`](#usebuildstaketransaction)) produces the request. Call `mutate(request)`. On success, `data` carries the BoC and normalized hash of the broadcast transaction. Throws `Error('Wallet not connected')` if no wallet is currently selected — TanStack Query surfaces it via the mutation's `error`. | Parameter | Type | Description | | --------------------- | ------------------------------------------------------------------------------------------ | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | `parameters` | [`UseSendTransactionParameters`](#usesendtransactionparameters) | TanStack Query mutation overrides. | | `parameters.mutation` | [`MutationOptionsOverride`](/applications/appkit/reference/appkit#mutationoptionsoverride) | TanStack Query mutation options forwarded to `useMutation` (`onSuccess`, `onError`, `onMutate`, `retry`, …). `mutationFn`, `mutationKey` and `throwOnError` are managed by the wrapper. | Returns: UseSendTransactionReturnType\ — Mutation result for the send call. #### useTransactionStatus [#usetransactionstatus] Poll the status of a sent transaction by its BoC or normalized hash. In TON a single external message triggers a tree of internal messages, so the transaction is `'completed'` only once the entire trace finishes — pair with `refetchInterval` to keep polling until `data.status` is `'completed'` or `'failed'`. Pass either `boc` or `normalizedHash` (not both). The underlying action throws `Error('Either boc or normalizedHash must be provided')` when neither is supplied — TanStack Query surfaces it via the query's `error`. | Parameter | Type | Description | | -------------- | ------------------------------------------------------------------- | -------------------------------------------------------------------------- | | `parameters`\* | [`UseTransactionStatusParameters`](#usetransactionstatusparameters) | `boc` xor `normalizedHash`, optional network and TanStack Query overrides. | Returns: UseTransactionStatusReturnType\ — TanStack Query result for the status read. #### useTransferTon [#usetransferton] Send TON from the selected wallet in one step — builds the transfer message, hands it to the wallet for signing and broadcasts it. Call `mutate` with a `recipientAddress`, an `amount` (in TON as a human-readable decimal, converted to nano-TON internally) and any of the optional `comment` / `payload` / `stateInit` fields. On success, `data` carries the BoC and normalized hash of the broadcast transaction — pair with [`useTransactionStatus`](#usetransactionstatus) to poll the trace to completion. Throws `Error('Wallet not connected')` if no wallet is currently selected — TanStack Query surfaces it via the mutation's `error`. | Parameter | Type | Description | | --------------------- | ------------------------------------------------------------------------------------------ | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | `parameters` | [`UseTransferTonParameters`](#usetransfertonparameters) | TanStack Query mutation overrides. | | `parameters.mutation` | [`MutationOptionsOverride`](/applications/appkit/reference/appkit#mutationoptionsoverride) | TanStack Query mutation options forwarded to `useMutation` (`onSuccess`, `onError`, `onMutate`, `retry`, …). `mutationFn`, `mutationKey` and `throwOnError` are managed by the wrapper. | Returns: UseTransferTonReturnType\ — Mutation result for the transfer call. #### useWatchTransactions [#usewatchtransactions] Subscribe to incoming-transaction events for the currently selected wallet (use [`useWatchTransactionsByAddress`](#usewatchtransactionsbyaddress) for a fixed address). Auto-rebinds when the user connects, switches or disconnects. Requires a streaming provider registered for the network — the hook exits silently with a console warning when none is configured. | Parameter | Type | Description | | --------------------- | ------------------------------------------------------------------------------------------------------------------------ | ------------------------------------------------------------------------ | | `parameters` | [`UseWatchTransactionsParameters`](#usewatchtransactionsparameters) | Update callback. | | `parameters.onChange` | (update: TransactionsUpdate) => void | Callback fired on every transactions update from the streaming provider. | Returns: `void`. **Example** ```tsx const [lastUpdate, setLastUpdate] = useState(null); useWatchTransactions({ onChange: (update) => { setLastUpdate(update); }, }); return (
{lastUpdate ? (
Last update for: {lastUpdate.address}
Transactions count: {lastUpdate.transactions.length}
) : ( 'Waiting for transactions...' )}
); ``` #### useWatchTransactionsByAddress [#usewatchtransactionsbyaddress] Subscribe to incoming-transaction events for an arbitrary address (use [`useWatchTransactions`](#usewatchtransactions) for the selected wallet). Requires a streaming provider registered for the network — the hook exits silently with a console warning when none is configured. | Parameter | Type | Description | | --------------------- | ------------------------------------------------------------------------------------------------------------------------ | -------------------------------------------------------------------------------------------------------------------------------------------------------------- | | `parameters`\* | [`UseWatchTransactionsByAddressParameters`](#usewatchtransactionsbyaddressparameters) | Address, update callback and optional network override. | | `parameters.address` | UserFriendlyAddress \| Address | Address to watch — pass a [`UserFriendlyAddress`](/applications/appkit/reference/appkit#userfriendlyaddress) string or an `Address` instance from `@ton/core`. | | `parameters.onChange` | (update: TransactionsUpdate) => void | Callback fired on every transactions update from the streaming provider. | | `parameters.network` | Network | Network to watch on. Defaults to the selected wallet's network. If no wallet is selected, falls back to AppKit's default network, or mainnet when none is set. | Returns: `void`. **Example** ```tsx const address = 'UQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJKZ'; const [lastUpdate, setLastUpdate] = useState(null); useWatchTransactionsByAddress({ address, onChange: (update) => { setLastUpdate(update); }, }); return (
{lastUpdate ? (
New transactions for: {lastUpdate.address}
Count: {lastUpdate.transactions.length}
) : ( 'Waiting for transactions...' )}
); ``` ### Wallets [#wallets] #### useAddress [#useaddress] Read the user-friendly address of the currently selected wallet. Updates when the selection changes. Returns: UseAddressReturnType — Selected wallet's address, or `undefined` when none is selected. #### useConnect [#useconnect] Open a registered connector's connection flow (e.g., the TonConnect modal) and await its completion. Call `mutate` from a Connect button with the `connectorId` of the connector to drive. Once the user finishes the flow the new wallet becomes available via [`useSelectedWallet`](#useselectedwallet) / [`useConnectedWallets`](#useconnectedwallets). Throws `Error('Connector with id "" not found')` when no connector with that id is registered — TanStack Query surfaces it via the mutation's `error`. | Parameter | Type | Description | | --------------------- | ------------------------------------------------------------------------------------------ | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | `parameters` | [`UseConnectParameters`](#useconnectparameters) | TanStack Query mutation overrides. | | `parameters.mutation` | [`MutationOptionsOverride`](/applications/appkit/reference/appkit#mutationoptionsoverride) | TanStack Query mutation options forwarded to `useMutation` (`onSuccess`, `onError`, `onMutate`, `retry`, …). `mutationFn`, `mutationKey` and `throwOnError` are managed by the wrapper. | Returns: UseConnectReturnType\ — Mutation result for the connect call. #### useConnectedWallets [#useconnectedwallets] Read the list of currently connected wallets across all registered connectors. Updates when a wallet connects or disconnects. Returns: UseConnectedWalletsReturnType — Read-only array of [`WalletInterface`](/applications/appkit/reference/appkit#walletinterface)s. #### useDisconnect [#usedisconnect] Tear down the session on a registered connector, disconnecting whichever wallet it currently holds. Call `mutate` from a Log out / Disconnect button with the `connectorId` of the connector to tear down. Once it resolves the wallet drops out of [`useSelectedWallet`](#useselectedwallet) / [`useConnectedWallets`](#useconnectedwallets). Throws `Error('Connector with id "" not found')` when no connector with that id is registered — TanStack Query surfaces it via the mutation's `error`. | Parameter | Type | Description | | --------------------- | ------------------------------------------------------------------------------------------ | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | `parameters` | [`UseDisconnectParameters`](#usedisconnectparameters) | TanStack Query mutation overrides. | | `parameters.mutation` | [`MutationOptionsOverride`](/applications/appkit/reference/appkit#mutationoptionsoverride) | TanStack Query mutation options forwarded to `useMutation` (`onSuccess`, `onError`, `onMutate`, `retry`, …). `mutationFn`, `mutationKey` and `throwOnError` are managed by the wrapper. | Returns: UseDisconnectReturnType\ — Mutation result for the disconnect call. #### useSelectedWallet [#useselectedwallet] Read and switch the wallet that AppKit treats as active — most action hooks ([`useBalance`](#usebalance), [`useSignText`](#usesigntext), [`useTransferTon`](#usetransferton)) target this wallet implicitly. Returns a `useState`-style tuple. Returns: UseSelectedWalletReturnType — Tuple `[wallet, setWalletId]`. ## Component [#component] ### Balances [#balances-1] #### SendJettonButton [#sendjettonbutton] Pre-wired button that builds a jetton transfer with [`createTransferJettonTransaction`](/applications/appkit/reference/appkit#createtransferjettontransaction) and dispatches it through the standard `Send` flow on click — disabled until `recipientAddress`, `amount`, `jetton.address` and `jetton.decimals` are all set. Throws inside the click handler when `jetton.address` or `jetton.decimals` is missing. | Prop | Type | Description | | -------------------- | ---------------------------------------------------------------------------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | `recipientAddress`\* | `string` | Recipient address. | | `amount`\* | `string` | Amount in jetton units as a human-readable decimal string. Converted to raw smallest units via `jetton.decimals`. | | `jetton`\* | `{ address: string; symbol: string; decimals: number; }` | Jetton master metadata — `address` (master contract), `symbol` (rendered in the button label) and `decimals` (used to format `amount`). | | `comment` | `string` | Optional human-readable comment attached to the transfer. | | `text` | `ReactNode` | Override the button label. Defaults to "Send". | | `size` | `ButtonSize` | Size class applied to the button. Pass `'unset'` to skip the size class entirely (no padding, no typography) — useful with `variant="unstyled"`. | | `borderRadius` | `ButtonBorderRadius` | Border radius token. Defaults to a size-dependent value (`s` → `2xl`, `m` → `l`, `l` → `xl`). | | `variant` | `ButtonVariant` | Visual variant. Use `'unstyled'` to opt out of all built-in styling — the consumer is fully responsible for visuals via `className`. The Button still provides ref forwarding, `disabled`/`loading` plumbing, and `icon`/`children` rendering. | | `loading` | `boolean` | When true, renders a spinner instead of `icon`/`children` and disables the button. | | `fullWidth` | `boolean` | When true, the button stretches to fill its container width. | | `icon` | `ReactNode` | Optional leading icon rendered before `children` when not loading. | | `children` | `(props: SendRenderProps) => ReactNode` | Custom render function — replaces the default button with the caller's UI. Receives the current send state and click handler via [`SendRenderProps`](#sendrenderprops). | | `onError` | `(error: Error) => void` | Called when the wallet rejects the request or the send fails. Receives the raised `Error`. | | `onSuccess` | (response: SendTransactionReturnType) => void | Called once the transaction is broadcast. Receives the wallet's [`SendTransactionReturnType`](/applications/appkit/reference/appkit#sendtransactionreturntype) (BoC + normalized hash). | **Example** ```tsx return ( console.log('Transaction sent:', result)} onError={(error) => console.error('Transaction failed:', error)} /> ); ``` #### SendTonButton [#sendtonbutton] Pre-wired button that builds a TON transfer with [`createTransferTonTransaction`](/applications/appkit/reference/appkit#createtransfertontransaction) and dispatches it through the standard `Send` flow on click — disabled until both `recipientAddress` and `amount` are set. | Prop | Type | Description | | -------------------- | ---------------------------------------------------------------------------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | `recipientAddress`\* | `string` | Recipient address. | | `amount`\* | `string` | Amount in TON as a human-readable decimal string (e.g., `"1.5"`). Converted to nano-TON internally. | | `comment` | `string` | Optional human-readable comment attached to the transfer. | | `text` | `ReactNode` | Override the button label. Defaults to "Send". | | `size` | `ButtonSize` | Size class applied to the button. Pass `'unset'` to skip the size class entirely (no padding, no typography) — useful with `variant="unstyled"`. | | `borderRadius` | `ButtonBorderRadius` | Border radius token. Defaults to a size-dependent value (`s` → `2xl`, `m` → `l`, `l` → `xl`). | | `variant` | `ButtonVariant` | Visual variant. Use `'unstyled'` to opt out of all built-in styling — the consumer is fully responsible for visuals via `className`. The Button still provides ref forwarding, `disabled`/`loading` plumbing, and `icon`/`children` rendering. | | `loading` | `boolean` | When true, renders a spinner instead of `icon`/`children` and disables the button. | | `fullWidth` | `boolean` | When true, the button stretches to fill its container width. | | `icon` | `ReactNode` | Optional leading icon rendered before `children` when not loading. | | `children` | `(props: SendRenderProps) => ReactNode` | Custom render function — replaces the default button with the caller's UI. Receives the current send state and click handler via [`SendRenderProps`](#sendrenderprops). | | `onError` | `(error: Error) => void` | Called when the wallet rejects the request or the send fails. Receives the raised `Error`. | | `onSuccess` | (response: SendTransactionReturnType) => void | Called once the transaction is broadcast. Receives the wallet's [`SendTransactionReturnType`](/applications/appkit/reference/appkit#sendtransactionreturntype) (BoC + normalized hash). | **Example** ```tsx return ( console.log('Transaction sent:', result)} onError={(error) => console.error('Transaction failed:', error)} /> ); ``` ### Crypto Onramp [#crypto-onramp-1] #### CryptoOnrampWidget [#cryptoonrampwidget] Drop-in widget for buying TON-side tokens with a crypto payment from another chain — wraps [`CryptoOnrampWidgetProvider`](#cryptoonrampwidgetprovider) (which drives token/method selection, quote fetching, deposit creation and status polling) around [`CryptoOnrampWidgetUI`](#cryptoonrampwidgetui). Pass a `children` render function to swap in a fully custom UI while keeping the same provider state. | Prop | Type | Description | | ----------------- | ------------------------------------------------------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | `children` | (props: CryptoOnrampWidgetRenderProps) => ReactNode | Custom render function. When provided, replaces the default [`CryptoOnrampWidgetUI`](#cryptoonrampwidgetui) and is called with the full [`CryptoOnrampWidgetRenderProps`](#cryptoonrampwidgetrenderprops) (context state, actions and forwarded `
` props), so callers can build a fully custom UI on top of the same provider. | | `tokens` | CryptoOnrampToken\[] | Target tokens (what the user buys on TON). Defaults to a built-in list. | | `tokenSections` | CryptoOnrampTokenSectionConfig\[] | Optional section configs grouping `tokens` in the picker. | | `paymentMethods` | CryptoPaymentMethod\[] | Source crypto payment methods (what the user pays with on another chain). Defaults to a built-in list. | | `methodSections` | PaymentMethodSectionConfig\[] | Optional section configs grouping `paymentMethods` in the picker. | | `chains` | Record\ChainInfo> | Custom CAIP-2 → chain display info overrides. Merged on top of the built-in defaults, so consumers only need to provide what they want to override or add — for example, a single entry keyed by `'eip155:42161'` with a `name` of `'Arbitrum'` and a `logo` URL. | | `defaultTokenId` | `string` | ID of the target token pre-selected on mount. | | `defaultMethodId` | `string` | ID of the source payment method pre-selected on mount. | **Example** ```tsx // Uses built-in defaults for tokens, payment methods and chain display info. // Make sure a crypto-onramp provider (Layerswap / swaps.xyz) is registered on AppKit. return ; ``` #### CryptoOnrampWidgetProvider [#cryptoonrampwidgetprovider] Context provider that powers the crypto-to-TON onramp widget — wires together token/method selection state, quote fetching ([`useCryptoOnrampQuote`](#usecryptoonrampquote)), deposit creation ([`useCreateCryptoOnrampDeposit`](#usecreatecryptoonrampdeposit)), deposit status polling ([`useCryptoOnrampStatus`](#usecryptoonrampstatus)), the target-token balance and validation. Consumers read the state via [`useCryptoOnrampContext`](#usecryptoonrampcontext). | Prop | Type | Description | | ----------------- | -------------------------------------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | `tokens` | CryptoOnrampToken\[] | Target tokens (what the user buys on TON). Defaults to a built-in list. | | `tokenSections` | CryptoOnrampTokenSectionConfig\[] | Optional section configs grouping `tokens` in the picker. | | `paymentMethods` | CryptoPaymentMethod\[] | Source crypto payment methods (what the user pays with on another chain). Defaults to a built-in list. | | `methodSections` | PaymentMethodSectionConfig\[] | Optional section configs grouping `paymentMethods` in the picker. | | `chains` | Record\ChainInfo> | Custom CAIP-2 → chain display info overrides. Merged on top of the built-in defaults, so consumers only need to provide what they want to override or add — for example, a single entry keyed by `'eip155:42161'` with a `name` of `'Arbitrum'` and a `logo` URL. | | `defaultTokenId` | `string` | ID of the target token pre-selected on mount. | | `defaultMethodId` | `string` | ID of the source payment method pre-selected on mount. | #### CryptoOnrampWidgetUI [#cryptoonrampwidgetui] Presentational UI for the crypto-to-TON onramp widget — renders the from/to selectors, amount input with presets, continue button, info block (you-get / balance / provider) and the token-pick / method-pick / refund-address / deposit modals. All state and actions come from props ([`CryptoOnrampWidgetRenderProps`](#cryptoonrampwidgetrenderprops)). Typically rendered inside [`CryptoOnrampWidgetProvider`](#cryptoonrampwidgetprovider) via [`CryptoOnrampWidget`](#cryptoonrampwidget). | Prop | Type | Description | | ----------------------------- | ---------------------------------------------------------------------------------------------------------------- | ----------------------------------------------------------------------------------------------- | | `tokens`\* | CryptoOnrampToken\[] | Full list of target tokens the user can buy. | | `tokenSections` | CryptoOnrampTokenSectionConfig\[] | Optional section configs grouping `tokens` in the picker. | | `selectedToken`\* | CryptoOnrampToken \| null | Currently selected target token to buy. `null` until tokens load. | | `setSelectedToken`\* | (token: CryptoOnrampToken) => void | Updates `selectedToken`. | | `paymentMethods`\* | CryptoPaymentMethod\[] | Available source crypto payment methods. | | `methodSections` | PaymentMethodSectionConfig\[] | Optional section configs grouping `paymentMethods` in the picker. | | `selectedMethod`\* | CryptoPaymentMethod | Currently selected source payment method. | | `setSelectedMethod`\* | (method: CryptoPaymentMethod) => void | Updates `selectedMethod`. | | `chains`\* | Record\ChainInfo> | CAIP-2 → chain display info map (built-in defaults merged with consumer overrides). | | `amount`\* | `string` | Current amount input value as a decimal string. | | `setAmount`\* | `(value: string) => void` | Updates `amount`. | | `amountInputMode`\* | CryptoAmountInputMode | Which side `amount` is denominated in — see [`CryptoAmountInputMode`](#cryptoamountinputmode). | | `setAmountInputMode`\* | (mode: CryptoAmountInputMode) => void | Updates `amountInputMode`. | | `convertedAmount`\* | `string` | Other side of `amount` after applying the current quote's rate. | | `presetAmounts`\* | OnrampAmountPreset\[] | Quick-pick amount buttons rendered in the widget. | | `quote`\* | CryptoOnrampQuote \| null | Current quote, or `null` if not yet fetched / invalidated. | | `isLoadingQuote`\* | `boolean` | Whether a quote is in flight (includes the input-debounce window). | | `quoteError`\* | `string \| null` | Quote-side validation/fetch error as an i18n key, or `null`. | | `quoteProviderName`\* | `string \| null` | Display name of the provider behind the current quote, when available. | | `deposit`\* | CryptoOnrampDeposit \| null | Current deposit returned by the provider once `createDeposit` succeeded. | | `isCreatingDeposit`\* | `boolean` | Whether `createDeposit` is in flight. | | `depositError`\* | `string \| null` | Deposit-side error as an i18n key, or `null`. | | `depositAmount`\* | `string` | Formatted deposit amount the user must send on the source chain. | | `createDeposit`\* | `() => void` | Triggers deposit creation from the current quote. | | `depositStatus`\* | CryptoOnrampStatus \| null | Latest deposit status polled via [`useCryptoOnrampStatus`](#usecryptoonrampstatus), or `null`. | | `isRefundAddressRequired`\* | `boolean` | Whether the current quote provider requires a refund address before deposit. | | `isReversedAmountSupported`\* | `boolean` | Whether the current quote provider supports reversed (target-amount) input. | | `refundAddress`\* | `string` | Refund address the user typed, if `isRefundAddressRequired`. | | `setRefundAddress`\* | `(address: string) => void` | Updates `refundAddress`. | | `targetBalance`\* | `string` | Connected wallet's balance of the selected target token (formatted, token units). | | `isLoadingTargetBalance`\* | `boolean` | Whether the target token balance is being fetched. | | `isWalletConnected`\* | `boolean` | Whether a TON wallet is currently connected. | | `canContinue`\* | `boolean` | Whether the user can proceed — valid amount, quote available, and wallet connected. | | `onReset`\* | `() => void` | Invalidates the active quote and clears the deposit, returning the widget to its initial state. | ### NFTs [#nfts-1] #### NftItem [#nftitem] Card-style button rendering an NFT's image, name and collection name with an "On Sale" badge when applicable — falls back to a placeholder icon when the image is missing or fails to load. | Prop | Type | Description | | ------- | ------------------------------------------------------------------------ | ----------------------------------------------------------------------------------------------------- | | `nft`\* | NFT | NFT to render — name, collection name, image and on-sale state are derived via `getFormattedNftInfo`. | **Example** ```tsx return console.log('NFT clicked')} />; ``` ### Providers [#providers] #### AppKitProvider [#appkitprovider] Top-level React provider that wires AppKit, the TonConnect bridge and i18n into the component tree — wrap your app once near the root so descendant hooks ([`useAppKit`](#useappkit), [`useBalance`](#usebalance), …) and components can resolve their context. | Prop | Type | Description | | ---------- | ------------------------------------------------------------------------------ | ------------------------------------------------------------------------------------------------- | | `appKit`\* | AppKit | Runtime instance constructed at app startup. Shared across every appkit-react hook and component. | **Example** ```tsx return (
My App
{/* Your App Content */} ); ``` #### I18nProvider [#i18nprovider] React provider that mounts the i18n context for [`useI18n`](#usei18n) and child components — already wrapped by [`AppKitProvider`](#appkitprovider), so apps usually only render it directly when they need to override the locale or dictionaries. | Prop | Type | Description | | ---------- | ---------------------- | -------------------------------------------------------------------------------------------- | | `locale` | `string` | Initial locale code. Defaults to the i18n library's default when omitted. | | `lngDicts` | `Record` | Translation dictionaries keyed by locale. Loaded into the underlying i18n instance on mount. | **Example** ```tsx // Override the locale. Pass `lngDicts` with your own translations when you need them. return (
My App
); ``` ### Shared [#shared] #### AmountPresets [#amountpresets] Horizontal row of preset amount buttons — typically used next to an amount input to offer quick fills. | Prop | Type | Description | | ------------------ | -------------------------------------------------------- | ---------------------------------------------------------------------------------------- | | `presets`\* | AmountPreset\[] | Preset buttons to render, in order. | | `currencySymbol` | `string` | Optional symbol (e.g., `"$"`) prepended to each preset label. | | `onPresetSelect`\* | `(value: string) => void` | Called with the selected preset's `amount` unless the preset defines its own `onSelect`. | **Example** ```tsx return (
setAmount(e.target.value)} placeholder="Amount" />
); ``` #### CopyButton [#copybutton] Icon-only button that copies `value` to the clipboard on click and flips its icon to a checkmark for a short confirmation window. | Prop | Type | Description | | -------------- | -------- | --------------------------------------------------------- | | `value`\* | `string` | Text written to the clipboard when the button is clicked. | | `aria-label`\* | `string` | Accessible label for screen readers. | **Example** ```tsx return ; ``` #### CurrencyItem [#currencyitem] Compound row used inside currency/token select lists: shows a token logo, name + ticker, optional verified badge, and an optional balance / under-balance on the right. Pass top-level props for the default layout, or pass `children` made of the sub-components for full control. **Members** | Member | Description | | ---------------------------- | ---------------------------------------------------------------------------------------------------------------------- | | `CurrencyItem.Container` | Root ` ); ``` #### CenteredAmountInput [#centeredamountinput] Center-aligned, auto-resizing amount input with optional leading symbol and trailing ticker. Scales the font down to fit the container when the rendered text overflows, and clicking the wrapper focuses the input. | Prop | Type | Description | | ----------------- | ------------------------- | ------------------------------------------------------------- | | `value`\* | `string` | Controlled input value (decimal string). | | `onValueChange`\* | `(value: string) => void` | Called with the new string whenever the user edits the input. | | `ticker` | `string` | Optional trailing ticker label (e.g., `'TON'`). | | `symbol` | `string` | Optional leading currency symbol (e.g., `'$'`). | | `placeholder` | `string` | Placeholder shown when `value` is empty. Defaults to `'0'`. | | `disabled` | `boolean` | When true, the underlying `` is disabled. | **Example** ```tsx return ; ``` #### Collapsible [#collapsible] Animated collapsible container — transitions its height between `0` and the content's natural height when `open` toggles. Sets `aria-hidden` to mirror the open state. | Prop | Type | Description | | -------- | --------- | ------------------------------------------------------------------------------- | | `open`\* | `boolean` | When true, the content is expanded. When false, it is collapsed to zero height. | **Example** ```tsx return (

Hidden details about the transaction.

); ``` #### InfoBlock [#infoblock] Compound component for rendering a stacked list of label/value rows (e.g., transaction details, settings summaries). Sub-components forward extra props to the underlying DOM element so callers can layer custom classes and handlers. **Members** | Member | Description | | ------------------------- | ------------------------------------------------------------------------------------------------------------------------- | | `InfoBlock.Container` | Outer wrapper — vertical container that hosts the rows. | | `InfoBlock.Row` | Horizontal row that pairs a label with a value. | | `InfoBlock.Label` | Label cell — typically the muted descriptor on the left. | | `InfoBlock.Value` | Value cell — typically the emphasized content on the right. | | `InfoBlock.LabelSkeleton` | Skeleton placeholder for a [`InfoBlock.Label`](#infoblock) while data is loading. Defaults to `width=64`, `height='1lh'`. | | `InfoBlock.ValueSkeleton` | Skeleton placeholder for a [`InfoBlock.Value`](#infoblock) while data is loading. Defaults to `width=80`, `height='1lh'`. | **Example** ```ts return ( Rate 1 TON ≈ $5.43 Network fee 0.01 TON ); ``` #### Input [#input] Compound text-input component. Use the default export as the outer wrapper (it is the [`Input.Container`](#input)) and compose sub-components for the header, field, slots, control, and caption. State flags (`disabled`, `error`, `loading`, `resizable`, `size`) live on the container and are read by the inner control via context. **Members** | Member | Description | | ----------------- | ----------------------------------------------------------------------------------------------------------------- | | `Input.Container` | Outer wrapper that provides input context (size, variant, disabled, error, loading, resizable). | | `Input.Header` | Header row above the field — holds the title and optional trailing controls. | | `Input.Title` | Title text shown inside [`Input.Header`](#input). | | `Input.Field` | Horizontal row that holds slots and the input control. | | `Input.Slot` | Side-anchored slot used for adornments such as icons or buttons. | | `Input.Input` | The actual `` control. Respects context flags and reads its size/variant from [`Input.Container`](#input). | | `Input.Caption` | Caption / helper text below the field. Switches to error styling when the container has `error` set. | **Example** ```tsx return ( Recipient setValue(event.target.value)} placeholder="EQ..." /> Paste a TON wallet address. ); ``` #### Logo [#logo] Square logo / avatar primitive — renders an `` when `src` loads successfully, otherwise shows a text fallback (after a brief delay to avoid flicker). Useful for token icons, wallet avatars, and project logos. | Prop | Type | Description | | ---------- | -------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | `size` | `number` | Square size in pixels for the rendered logo. Defaults to `30`. | | `src` | `string` | Image URL to render. While loading or on failure, the fallback is shown. | | `alt` | `string` | Alt text passed to the underlying ``. When `fallback` is not provided, its first character is shown as the fallback. If both are missing, no fallback is rendered. | | `fallback` | `string` | Text shown in place of the image when `src` fails or is missing (defaults to the first character of `alt`). | **Example** ```tsx return ; ``` #### LogoWithNetwork [#logowithnetwork] Token logo with an overlaid network badge — wraps [`Logo`](#logo) and renders a smaller secondary logo as a corner badge to indicate which network the asset belongs to. | Prop | Type | Description | | ------------ | -------- | ---------------------------------------------------------------------------------------------- | | `size` | `number` | Size of the main logo in pixels. Defaults to `30`. The network badge is sized to `size * 0.4`. | | `src` | `string` | Image source for the main logo. | | `alt` | `string` | Alt text for the main logo. | | `fallback` | `string` | Fallback text shown when the main logo image fails or is missing. | | `networkSrc` | `string` | Image source for the network badge overlay. When omitted, the badge is not rendered. | | `networkAlt` | `string` | Alt text for the network badge. | **Example** ```tsx return ( ); ``` #### Modal [#modal] Centered modal dialog with a header (optional title + close button) and a scrollable body. Clicking the overlay closes the modal. Clicks on the content do not bubble through. | Prop | Type | Description | | --------------- | ------------------------- | ------------------------------------------------------------------------------------------------ | | `open` | `boolean` | Controlled open state. | | `onOpenChange` | `(open: boolean) => void` | Called whenever the open state changes (e.g., via the close button, overlay click, or `Escape`). | | `title` | `string` | Optional title rendered in the modal header. | | `children` | `ReactNode` | Modal body content. | | `className` | `string` | Additional class name applied to the content container. | | `bodyClassName` | `string` | Additional class name applied to the body container. | **Example** ```tsx return (

Are you sure you want to proceed?

); ``` #### Select [#select] Compound select / dropdown component with controlled or uncontrolled state. The content is portaled to `document.body` and positioned relative to the trigger. Closes on outside click, `Escape`, or item selection. **Members** | Member | Description | | ---------------- | --------------------------------------------------------------------------------------------------------- | | `Select.Root` | Provider that owns the selected value and open state, controlled or uncontrolled. | | `Select.Trigger` | [`Button`](#button)-based trigger that toggles the popover and exposes `aria-expanded`. | | `Select.Content` | Portaled popover that renders the list of items. Positioned under the trigger with optional `sideOffset`. | | `Select.Item` | Selectable option row. Commits its `value` to the root on click. | **Example** ```ts return ( {value === 'mainnet' ? 'Mainnet' : 'Testnet'} Mainnet Testnet ); ``` #### Skeleton [#skeleton] Animated placeholder block used while data is loading. Supply `width` / `height` to match the dimensions of the eventual content. | Prop | Type | Description | | -------- | ------------------ | -------------------------------------------------------------------------------------------- | | `width` | `string \| number` | Width of the placeholder. Accepts any valid CSS length or a number (interpreted as pixels). | | `height` | `string \| number` | Height of the placeholder. Accepts any valid CSS length or a number (interpreted as pixels). | **Example** ```tsx return ; ``` #### Tabs [#tabs] Root tabs container — owns the active value (controlled or uncontrolled) and shares it with descendant [`TabsList`](#tabslist), [`TabsTrigger`](#tabstrigger), and [`TabsContent`](#tabscontent) via context. | Prop | Type | Description | | --------------- | ------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------- | | `value` | `string` | Controlled active tab value. | | `defaultValue` | `string` | Initial active tab when uncontrolled. Defaults to `''`. | | `onValueChange` | `(value: string) => void` | Called whenever the active tab changes. | | `children`\* | `ReactNode` | Compound sub-components — typically [`TabsList`](#tabslist) (with [`TabsTrigger`](#tabstrigger)s) followed by [`TabsContent`](#tabscontent)s. | **Example** ```tsx return ( Stake Unstake
Stake your TON to earn rewards.

Withdraw your staked TON.
); ``` #### TabsContent [#tabscontent] Tab panel rendered with `role="tabpanel"`. Returns `null` unless its `value` matches the active [`Tabs`](#tabs) value. | Prop | Type | Description | | ------------ | ----------- | ----------------------------------------------------------------------------------------------------- | | `value`\* | `string` | Value this panel is associated with — rendered only when the parent [`Tabs`](#tabs) is on this value. | | `children`\* | `ReactNode` | Panel content. | #### TabsList [#tabslist] Horizontal list of tab triggers with `role="tablist"`. | Prop | Type | Description | | ------------ | ----------- | -------------------------------------------------------------------- | | `children`\* | `ReactNode` | Tab triggers — typically one or more [`TabsTrigger`](#tabstrigger)s. | #### TabsTrigger [#tabstrigger] Tab trigger button with `role="tab"`. Activates its `value` on click and reflects active state via `aria-selected` and `data-state`. | Prop | Type | Description | | ------------ | ----------- | ----------------------------------------------------------------------------- | | `value`\* | `string` | Value committed to the parent [`Tabs`](#tabs) when this trigger is activated. | | `children`\* | `ReactNode` | Trigger label / content. | #### TonIcon [#tonicon] TON brand diamond glyph — solid, inherits color from `currentColor`. | Prop | Type | Description | | ------ | -------- | ----------------------------------------------------------------------------------------- | | `size` | `number` | Square size of the icon in pixels. Defaults to [`DEFAULT_ICON_SIZE`](#default_icon_size). | #### TonIconCircle [#toniconcircle] TON brand glyph rendered inside a filled circle, using the TON brand color token. | Prop | Type | Description | | ------ | -------- | ----------------------------------------------------------------------------------------- | | `size` | `number` | Square size of the icon in pixels. Defaults to [`DEFAULT_ICON_SIZE`](#default_icon_size). | ## Type [#type] ### Balances [#balances-2] #### SendJettonButtonProps [#sendjettonbuttonprops] Props accepted by [`SendJettonButton`](#sendjettonbutton) — extends the base `Send` button props (button text, sizing, callbacks) with the jetton-transfer details. | Field | Type | Description | | -------------------- | ---------------------------------------------------------------------------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | `recipientAddress`\* | `string` | Recipient address. | | `amount`\* | `string` | Amount in jetton units as a human-readable decimal string. Converted to raw smallest units via `jetton.decimals`. | | `jetton`\* | `{ address: string; symbol: string; decimals: number; }` | Jetton master metadata — `address` (master contract), `symbol` (rendered in the button label) and `decimals` (used to format `amount`). | | `comment` | `string` | Optional human-readable comment attached to the transfer. | | `text` | `ReactNode` | Override the button label. Defaults to "Send". | | `size` | `ButtonSize` | Size class applied to the button. Pass `'unset'` to skip the size class entirely (no padding, no typography) — useful with `variant="unstyled"`. | | `borderRadius` | `ButtonBorderRadius` | Border radius token. Defaults to a size-dependent value (`s` → `2xl`, `m` → `l`, `l` → `xl`). | | `variant` | `ButtonVariant` | Visual variant. Use `'unstyled'` to opt out of all built-in styling — the consumer is fully responsible for visuals via `className`. The Button still provides ref forwarding, `disabled`/`loading` plumbing, and `icon`/`children` rendering. | | `loading` | `boolean` | When true, renders a spinner instead of `icon`/`children` and disables the button. | | `fullWidth` | `boolean` | When true, the button stretches to fill its container width. | | `icon` | `ReactNode` | Optional leading icon rendered before `children` when not loading. | | `children` | `(props: SendRenderProps) => ReactNode` | Custom render function — replaces the default button with the caller's UI. Receives the current send state and click handler via [`SendRenderProps`](#sendrenderprops). | | `onError` | `(error: Error) => void` | Called when the wallet rejects the request or the send fails. Receives the raised `Error`. | | `onSuccess` | (response: SendTransactionReturnType) => void | Called once the transaction is broadcast. Receives the wallet's [`SendTransactionReturnType`](/applications/appkit/reference/appkit#sendtransactionreturntype) (BoC + normalized hash). | #### SendTonButtonProps [#sendtonbuttonprops] Props accepted by [`SendTonButton`](#sendtonbutton) — extends the base `Send` button props (button text, sizing, callbacks) with the TON-transfer details. | Field | Type | Description | | -------------------- | ---------------------------------------------------------------------------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | `recipientAddress`\* | `string` | Recipient address. | | `amount`\* | `string` | Amount in TON as a human-readable decimal string (e.g., `"1.5"`). Converted to nano-TON internally. | | `comment` | `string` | Optional human-readable comment attached to the transfer. | | `text` | `ReactNode` | Override the button label. Defaults to "Send". | | `size` | `ButtonSize` | Size class applied to the button. Pass `'unset'` to skip the size class entirely (no padding, no typography) — useful with `variant="unstyled"`. | | `borderRadius` | `ButtonBorderRadius` | Border radius token. Defaults to a size-dependent value (`s` → `2xl`, `m` → `l`, `l` → `xl`). | | `variant` | `ButtonVariant` | Visual variant. Use `'unstyled'` to opt out of all built-in styling — the consumer is fully responsible for visuals via `className`. The Button still provides ref forwarding, `disabled`/`loading` plumbing, and `icon`/`children` rendering. | | `loading` | `boolean` | When true, renders a spinner instead of `icon`/`children` and disables the button. | | `fullWidth` | `boolean` | When true, the button stretches to fill its container width. | | `icon` | `ReactNode` | Optional leading icon rendered before `children` when not loading. | | `children` | `(props: SendRenderProps) => ReactNode` | Custom render function — replaces the default button with the caller's UI. Receives the current send state and click handler via [`SendRenderProps`](#sendrenderprops). | | `onError` | `(error: Error) => void` | Called when the wallet rejects the request or the send fails. Receives the raised `Error`. | | `onSuccess` | (response: SendTransactionReturnType) => void | Called once the transaction is broadcast. Receives the wallet's [`SendTransactionReturnType`](/applications/appkit/reference/appkit#sendtransactionreturntype) (BoC + normalized hash). | #### UseBalanceByAddressParameters [#usebalancebyaddressparameters] Parameters accepted by [`useBalanceByAddress`](#usebalancebyaddress) — TanStack Query options (`select`, `enabled`, `staleTime`, …) plus the target address and optional network override. | Field | Type | Description | | --------- | ------------------------------------------------------------------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | `address` | UserFriendlyAddress \| Address | Wallet address — pass a [`UserFriendlyAddress`](/applications/appkit/reference/appkit#userfriendlyaddress) string or an `Address` instance from `@ton/core`. | | `network` | Network | Network to read the balance from. Defaults to the selected wallet's network. If no wallet is selected, falls back to AppKit's default network, or mainnet when none is set. | | `query` | [`QueryOptionsOverride`](/applications/appkit/reference/appkit#queryoptionsoverride) | TanStack Query options forwarded to `useQuery` (`enabled`, `staleTime`, `refetchInterval`, `select`, …). `queryKey` and `queryFn` are managed by the wrapper. | #### UseBalanceByAddressReturnType [#usebalancebyaddressreturntype] Return type of [`useBalanceByAddress`](#usebalancebyaddress) — TanStack Query result carrying `data`, `isLoading`, `error` and the standard companions. ```ts type UseBalanceByAddressReturnType = UseQueryReturnType< selectData, GetBalanceErrorType >; ``` #### UseBalanceParameters [#usebalanceparameters] Parameters accepted by [`useBalance`](#usebalance) — same shape as [`UseBalanceByAddressParameters`](#usebalancebyaddressparameters). The hook resolves `address` from the selected wallet and overrides any value supplied here. | Field | Type | Description | | --------- | ------------------------------------------------------------------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | `address` | UserFriendlyAddress \| Address | Wallet address — pass a [`UserFriendlyAddress`](/applications/appkit/reference/appkit#userfriendlyaddress) string or an `Address` instance from `@ton/core`. | | `network` | Network | Network to read the balance from. Defaults to the selected wallet's network. If no wallet is selected, falls back to AppKit's default network, or mainnet when none is set. | | `query` | [`QueryOptionsOverride`](/applications/appkit/reference/appkit#queryoptionsoverride) | TanStack Query options forwarded to `useQuery` (`enabled`, `staleTime`, `refetchInterval`, `select`, …). `queryKey` and `queryFn` are managed by the wrapper. | #### UseBalanceReturnType [#usebalancereturntype] Return type of [`useBalance`](#usebalance) — TanStack Query result carrying `data`, `isLoading`, `error` and the standard companions. ```ts type UseBalanceReturnType = UseBalanceByAddressReturnType; ``` #### UseWatchBalanceByAddressParameters [#usewatchbalancebyaddressparameters] Parameters accepted by [`useWatchBalanceByAddress`](#usewatchbalancebyaddress) — same fields as [`WatchBalanceByAddressOptions`](/applications/appkit/reference/appkit#watchbalancebyaddressoptions), all optional so callers can render the hook before the address is known. ```ts type UseWatchBalanceByAddressParameters = Partial; ``` #### UseWatchBalanceParameters [#usewatchbalanceparameters] Parameters accepted by [`useWatchBalance`](#usewatchbalance) — same fields as [`UseWatchBalanceByAddressParameters`](#usewatchbalancebyaddressparameters) minus `address`, which the hook resolves from the selected wallet. ```ts type UseWatchBalanceParameters = Omit; ``` ### Connectors [#connectors-1] #### UseConnectorsReturnType [#useconnectorsreturntype] Return type of [`useConnectors`](#useconnectors) — same shape as [`GetConnectorsReturnType`](/applications/appkit/reference/appkit#getconnectorsreturntype). ```ts type UseConnectorsReturnType = GetConnectorsReturnType; ``` ### Crypto Onramp [#crypto-onramp-2] #### ChainInfo [#chaininfo] Display info for a CAIP-2 chain — used by the crypto onramp widget to render chain names and logos. | Field | Type | Description | | -------- | -------- | ---------------------------------------------------------------- | | `name`\* | `string` | Human-readable chain name (e.g. `"Ethereum"`, `"Arbitrum One"`). | | `logo` | `string` | Optional logo URL for the chain. | #### CryptoAmountInputMode [#cryptoamountinputmode] Which side the amount input is currently denominated in — `token` means the user is entering the target-token amount, `method` means they are entering the source payment-method amount. ```ts type CryptoAmountInputMode = 'token' | 'method'; ``` #### CryptoOnrampContextType [#cryptoonrampcontexttype] Shape of the `CryptoOnrampContext` value — selection state, quote/deposit data and actions exposed by [`CryptoOnrampWidgetProvider`](#cryptoonrampwidgetprovider) to the widget UI (and to custom render callbacks passed to [`CryptoOnrampWidget`](#cryptoonrampwidget)). | Field | Type | Description | | ----------------------------- | ---------------------------------------------------------------------------------------------------------------- | ----------------------------------------------------------------------------------------------- | | `tokens`\* | CryptoOnrampToken\[] | Full list of target tokens the user can buy. | | `tokenSections` | CryptoOnrampTokenSectionConfig\[] | Optional section configs grouping `tokens` in the picker. | | `selectedToken`\* | CryptoOnrampToken \| null | Currently selected target token to buy. `null` until tokens load. | | `setSelectedToken`\* | (token: CryptoOnrampToken) => void | Updates `selectedToken`. | | `paymentMethods`\* | CryptoPaymentMethod\[] | Available source crypto payment methods. | | `methodSections` | PaymentMethodSectionConfig\[] | Optional section configs grouping `paymentMethods` in the picker. | | `selectedMethod`\* | CryptoPaymentMethod | Currently selected source payment method. | | `setSelectedMethod`\* | (method: CryptoPaymentMethod) => void | Updates `selectedMethod`. | | `chains`\* | Record\ChainInfo> | CAIP-2 → chain display info map (built-in defaults merged with consumer overrides). | | `amount`\* | `string` | Current amount input value as a decimal string. | | `setAmount`\* | `(value: string) => void` | Updates `amount`. | | `amountInputMode`\* | CryptoAmountInputMode | Which side `amount` is denominated in — see [`CryptoAmountInputMode`](#cryptoamountinputmode). | | `setAmountInputMode`\* | (mode: CryptoAmountInputMode) => void | Updates `amountInputMode`. | | `convertedAmount`\* | `string` | Other side of `amount` after applying the current quote's rate. | | `presetAmounts`\* | OnrampAmountPreset\[] | Quick-pick amount buttons rendered in the widget. | | `quote`\* | CryptoOnrampQuote \| null | Current quote, or `null` if not yet fetched / invalidated. | | `isLoadingQuote`\* | `boolean` | Whether a quote is in flight (includes the input-debounce window). | | `quoteError`\* | `string \| null` | Quote-side validation/fetch error as an i18n key, or `null`. | | `quoteProviderName`\* | `string \| null` | Display name of the provider behind the current quote, when available. | | `deposit`\* | CryptoOnrampDeposit \| null | Current deposit returned by the provider once `createDeposit` succeeded. | | `isCreatingDeposit`\* | `boolean` | Whether `createDeposit` is in flight. | | `depositError`\* | `string \| null` | Deposit-side error as an i18n key, or `null`. | | `depositAmount`\* | `string` | Formatted deposit amount the user must send on the source chain. | | `createDeposit`\* | `() => void` | Triggers deposit creation from the current quote. | | `depositStatus`\* | CryptoOnrampStatus \| null | Latest deposit status polled via [`useCryptoOnrampStatus`](#usecryptoonrampstatus), or `null`. | | `isRefundAddressRequired`\* | `boolean` | Whether the current quote provider requires a refund address before deposit. | | `isReversedAmountSupported`\* | `boolean` | Whether the current quote provider supports reversed (target-amount) input. | | `refundAddress`\* | `string` | Refund address the user typed, if `isRefundAddressRequired`. | | `setRefundAddress`\* | `(address: string) => void` | Updates `refundAddress`. | | `targetBalance`\* | `string` | Connected wallet's balance of the selected target token (formatted, token units). | | `isLoadingTargetBalance`\* | `boolean` | Whether the target token balance is being fetched. | | `isWalletConnected`\* | `boolean` | Whether a TON wallet is currently connected. | | `canContinue`\* | `boolean` | Whether the user can proceed — valid amount, quote available, and wallet connected. | | `onReset`\* | `() => void` | Invalidates the active quote and clears the deposit, returning the widget to its initial state. | #### CryptoOnrampProviderProps [#cryptoonrampproviderprops] Props for [`CryptoOnrampWidgetProvider`](#cryptoonrampwidgetprovider) — configures the target tokens and payment methods exposed to the widget, plus optional chain display overrides. | Field | Type | Description | | ----------------- | -------------------------------------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | `tokens` | CryptoOnrampToken\[] | Target tokens (what the user buys on TON). Defaults to a built-in list. | | `tokenSections` | CryptoOnrampTokenSectionConfig\[] | Optional section configs grouping `tokens` in the picker. | | `paymentMethods` | CryptoPaymentMethod\[] | Source crypto payment methods (what the user pays with on another chain). Defaults to a built-in list. | | `methodSections` | PaymentMethodSectionConfig\[] | Optional section configs grouping `paymentMethods` in the picker. | | `chains` | Record\ChainInfo> | Custom CAIP-2 → chain display info overrides. Merged on top of the built-in defaults, so consumers only need to provide what they want to override or add — for example, a single entry keyed by `'eip155:42161'` with a `name` of `'Arbitrum'` and a `logo` URL. | | `defaultTokenId` | `string` | ID of the target token pre-selected on mount. | | `defaultMethodId` | `string` | ID of the source payment method pre-selected on mount. | #### CryptoOnrampToken [#cryptoonramptoken] Target token (what the user is buying on TON) in the crypto onramp widget. Kept separate from `AppkitUIToken` because `address` is the raw form expected by the onramp provider (e.g. `"0x0000000000000000000000000000000000000000"` for native TON, `"EQCx..."` for USDT jetton master). | Field | Type | Description | | ------------ | -------- | ------------------------------------------------------------------ | | `id`\* | `string` | Stable identifier used by section configs and pre-selection props. | | `symbol`\* | `string` | Token symbol, e.g. `"TON"`, `"USDT"`. | | `name`\* | `string` | Full token name, e.g. `"Toncoin"`, `"Tether"`. | | `decimals`\* | `number` | Number of decimals for the token. | | `address`\* | `string` | Address as the onramp provider expects it. | | `logo` | `string` | Optional logo URL. | #### CryptoOnrampTokenSectionConfig [#cryptoonramptokensectionconfig] Section configuration grouping [`CryptoOnrampToken`](#cryptoonramptoken) entries by id in a picker. | Field | Type | Description | | --------- | ---------- | ---------------------------------------------------------------------------------------------- | | `title`\* | `string` | Section header (typically already localized by the caller). | | `ids`\* | `string[]` | Ids of [`CryptoOnrampToken`](#cryptoonramptoken) entries to include in this section, in order. | #### CryptoOnrampWidgetProps [#cryptoonrampwidgetprops] Props for [`CryptoOnrampWidget`](#cryptoonrampwidget) — extends [`CryptoOnrampProviderProps`](#cryptoonrampproviderprops) (tokens, payment methods, defaults, chain overrides) plus the native `
` props the widget root forwards. | Field | Type | Description | | ----------------- | ------------------------------------------------------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | `children` | (props: CryptoOnrampWidgetRenderProps) => ReactNode | Custom render function. When provided, replaces the default [`CryptoOnrampWidgetUI`](#cryptoonrampwidgetui) and is called with the full [`CryptoOnrampWidgetRenderProps`](#cryptoonrampwidgetrenderprops) (context state, actions and forwarded `
` props), so callers can build a fully custom UI on top of the same provider. | | `tokens` | CryptoOnrampToken\[] | Target tokens (what the user buys on TON). Defaults to a built-in list. | | `tokenSections` | CryptoOnrampTokenSectionConfig\[] | Optional section configs grouping `tokens` in the picker. | | `paymentMethods` | CryptoPaymentMethod\[] | Source crypto payment methods (what the user pays with on another chain). Defaults to a built-in list. | | `methodSections` | PaymentMethodSectionConfig\[] | Optional section configs grouping `paymentMethods` in the picker. | | `chains` | Record\ChainInfo> | Custom CAIP-2 → chain display info overrides. Merged on top of the built-in defaults, so consumers only need to provide what they want to override or add — for example, a single entry keyed by `'eip155:42161'` with a `name` of `'Arbitrum'` and a `logo` URL. | | `defaultTokenId` | `string` | ID of the target token pre-selected on mount. | | `defaultMethodId` | `string` | ID of the source payment method pre-selected on mount. | #### CryptoOnrampWidgetRenderProps [#cryptoonrampwidgetrenderprops] Props for [`CryptoOnrampWidgetUI`](#cryptoonrampwidgetui) (and for the custom render callback on [`CryptoOnrampWidget`](#cryptoonrampwidget)) — the full [`CryptoOnrampContextType`](#cryptoonrampcontexttype) state and actions, plus the native `
` props the widget root forwards (`className`, `style`, etc.). | Field | Type | Description | | ----------------------------- | ---------------------------------------------------------------------------------------------------------------- | ----------------------------------------------------------------------------------------------- | | `tokens`\* | CryptoOnrampToken\[] | Full list of target tokens the user can buy. | | `tokenSections` | CryptoOnrampTokenSectionConfig\[] | Optional section configs grouping `tokens` in the picker. | | `selectedToken`\* | CryptoOnrampToken \| null | Currently selected target token to buy. `null` until tokens load. | | `setSelectedToken`\* | (token: CryptoOnrampToken) => void | Updates `selectedToken`. | | `paymentMethods`\* | CryptoPaymentMethod\[] | Available source crypto payment methods. | | `methodSections` | PaymentMethodSectionConfig\[] | Optional section configs grouping `paymentMethods` in the picker. | | `selectedMethod`\* | CryptoPaymentMethod | Currently selected source payment method. | | `setSelectedMethod`\* | (method: CryptoPaymentMethod) => void | Updates `selectedMethod`. | | `chains`\* | Record\ChainInfo> | CAIP-2 → chain display info map (built-in defaults merged with consumer overrides). | | `amount`\* | `string` | Current amount input value as a decimal string. | | `setAmount`\* | `(value: string) => void` | Updates `amount`. | | `amountInputMode`\* | CryptoAmountInputMode | Which side `amount` is denominated in — see [`CryptoAmountInputMode`](#cryptoamountinputmode). | | `setAmountInputMode`\* | (mode: CryptoAmountInputMode) => void | Updates `amountInputMode`. | | `convertedAmount`\* | `string` | Other side of `amount` after applying the current quote's rate. | | `presetAmounts`\* | OnrampAmountPreset\[] | Quick-pick amount buttons rendered in the widget. | | `quote`\* | CryptoOnrampQuote \| null | Current quote, or `null` if not yet fetched / invalidated. | | `isLoadingQuote`\* | `boolean` | Whether a quote is in flight (includes the input-debounce window). | | `quoteError`\* | `string \| null` | Quote-side validation/fetch error as an i18n key, or `null`. | | `quoteProviderName`\* | `string \| null` | Display name of the provider behind the current quote, when available. | | `deposit`\* | CryptoOnrampDeposit \| null | Current deposit returned by the provider once `createDeposit` succeeded. | | `isCreatingDeposit`\* | `boolean` | Whether `createDeposit` is in flight. | | `depositError`\* | `string \| null` | Deposit-side error as an i18n key, or `null`. | | `depositAmount`\* | `string` | Formatted deposit amount the user must send on the source chain. | | `createDeposit`\* | `() => void` | Triggers deposit creation from the current quote. | | `depositStatus`\* | CryptoOnrampStatus \| null | Latest deposit status polled via [`useCryptoOnrampStatus`](#usecryptoonrampstatus), or `null`. | | `isRefundAddressRequired`\* | `boolean` | Whether the current quote provider requires a refund address before deposit. | | `isReversedAmountSupported`\* | `boolean` | Whether the current quote provider supports reversed (target-amount) input. | | `refundAddress`\* | `string` | Refund address the user typed, if `isRefundAddressRequired`. | | `setRefundAddress`\* | `(address: string) => void` | Updates `refundAddress`. | | `targetBalance`\* | `string` | Connected wallet's balance of the selected target token (formatted, token units). | | `isLoadingTargetBalance`\* | `boolean` | Whether the target token balance is being fetched. | | `isWalletConnected`\* | `boolean` | Whether a TON wallet is currently connected. | | `canContinue`\* | `boolean` | Whether the user can proceed — valid amount, quote available, and wallet connected. | | `onReset`\* | `() => void` | Invalidates the active quote and clears the deposit, returning the widget to its initial state. | #### CryptoPaymentMethod [#cryptopaymentmethod] Source crypto payment method (what the user pays with on another chain) in the crypto onramp widget. | Field | Type | Description | | ------------ | -------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | `id`\* | `string` | Stable identifier for the method — used for selection state and `methodSections.ids` | | `symbol`\* | `string` | Token symbol, e.g. "USDC", "USDT". | | `name`\* | `string` | Full token name shown in the picker, e.g. "USD Coin", "Tether". | | `chain`\* | `string` | Source chain in CAIP-2 format, e.g. "eip155:8453", "eip155:56" — passed as `sourceChain` to the onramp provider. The widget resolves a display name and logo for it via the `chains` map (see `CryptoOnrampWidgetProvider`). | | `decimals`\* | `number` | Number of decimals for the token (used to convert between display and base units) | | `address`\* | `string` | Token contract address on the source network (empty string / zero address for native) | | `logo` | `string` | Token logo URL shown in the picker and selectors. | #### OnrampAmountPreset [#onrampamountpreset] Quick-pick amount button shown above the crypto-onramp input (carried on [`CryptoOnrampContextType`](#cryptoonrampcontexttype)'s `presetAmounts`). | Field | Type | Description | | ---------- | -------- | ------------------------------------------------------- | | `amount`\* | `string` | Amount value the preset sets on click (decimal string). | | `label`\* | `string` | Button label shown to the user. | #### PaymentMethodSectionConfig [#paymentmethodsectionconfig] Section configuration grouping [`CryptoPaymentMethod`](#cryptopaymentmethod) entries by id in a picker. | Field | Type | Description | | --------- | ---------- | -------------------------------------------------------------------------------------------------- | | `title`\* | `string` | Section header (typically already localized by the caller). | | `ids`\* | `string[]` | Ids of [`CryptoPaymentMethod`](#cryptopaymentmethod) entries to include in this section, in order. | #### UseCreateCryptoOnrampDepositParameters [#usecreatecryptoonrampdepositparameters] Parameters accepted by [`useCreateCryptoOnrampDeposit`](#usecreatecryptoonrampdeposit) — TanStack Query mutation options forwarded via `parameters.mutation`. ```ts type UseCreateCryptoOnrampDepositParameters = CreateCryptoOnrampDepositMutationOptions; ``` #### UseCreateCryptoOnrampDepositReturnType [#usecreatecryptoonrampdepositreturntype] Return type of [`useCreateCryptoOnrampDeposit`](#usecreatecryptoonrampdeposit) — TanStack Query mutation result. ```ts type UseCreateCryptoOnrampDepositReturnType = UseMutationResult< CreateCryptoOnrampDepositData, CreateCryptoOnrampDepositErrorType, CreateCryptoOnrampDepositVariables, context >; ``` #### UseCryptoOnrampProviderParameters [#usecryptoonrampproviderparameters] Parameters accepted by [`useCryptoOnrampProvider`](#usecryptoonrampprovider) — optional provider id forwarded to [`getCryptoOnrampProvider`](/applications/appkit/reference/appkit#getcryptoonrampprovider). ```ts type UseCryptoOnrampProviderParameters = GetCryptoOnrampProviderOptions; ``` #### UseCryptoOnrampProviderReturnType [#usecryptoonrampproviderreturntype] Return type of [`useCryptoOnrampProvider`](#usecryptoonrampprovider) — the matching [`CryptoOnrampProviderInterface`](/applications/appkit/reference/appkit#cryptoonrampproviderinterface), or `undefined` when none is registered (the hook swallows the throw from [`getCryptoOnrampProvider`](/applications/appkit/reference/appkit#getcryptoonrampprovider)). ```ts type UseCryptoOnrampProviderReturnType = GetCryptoOnrampProviderReturnType | undefined; ``` #### UseCryptoOnrampProvidersReturnType [#usecryptoonrampprovidersreturntype] Return type of [`useCryptoOnrampProviders`](#usecryptoonrampproviders) — array of every [`CryptoOnrampProviderInterface`](/applications/appkit/reference/appkit#cryptoonrampproviderinterface) currently registered on the AppKit instance. ```ts type UseCryptoOnrampProvidersReturnType = GetCryptoOnrampProvidersReturnType; ``` #### UseCryptoOnrampQuoteParameters [#usecryptoonrampquoteparameters] Parameters accepted by [`useCryptoOnrampQuote`](#usecryptoonrampquote) — TanStack Query options (`select`, `enabled`, `staleTime`, …) plus the source/target assets, amount and optional provider override forwarded to [`getCryptoOnrampQuote`](/applications/appkit/reference/appkit#getcryptoonrampquote). | Field | Type | Description | | ----------------------- | ------------------------------------------------------------------------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | `amount` | `string` | Amount to onramp (either source or target crypto, depending on isSourceAmount) | | `sourceCurrencyAddress` | `string` | Source crypto currency address (contract address or 0x0... for native) | | `sourceChain` | `string` | Source chain identifier in CAIP-2 format (e.g. 'eip155:1' for Ethereum mainnet, 'eip155:42161' for Arbitrum One). Providers map this to their own chain identifiers internally. | | `targetCurrencyAddress` | `string` | Target crypto currency address on TON (contract address or 0x0... for native) | | `recipientAddress` | `string` | TON address that will receive the target crypto. | | `refundAddress` | `string` | Refund address for the source crypto. | | `isSourceAmount` | `boolean` | If true, `amount` is the source amount to spend. If false, `amount` is the target amount to receive. Defaults to true when omitted. | | `providerOptions` | `TProviderOptions = unknown` | Provider-specific options. | | `providerId` | `string` | Provider to quote against. Defaults to the registered default provider. | | `query` | [`QueryOptionsOverride`](/applications/appkit/reference/appkit#queryoptionsoverride) | TanStack Query options forwarded to `useQuery` (`enabled`, `staleTime`, `refetchInterval`, `select`, …). `queryKey` and `queryFn` are managed by the wrapper. | #### UseCryptoOnrampQuoteReturnType [#usecryptoonrampquotereturntype] Return type of [`useCryptoOnrampQuote`](#usecryptoonrampquote) — TanStack Query result carrying `data`, `isLoading`, `error` and the standard companions. ```ts type UseCryptoOnrampQuoteReturnType = UseQueryReturnType< selectData, GetCryptoOnrampQuoteErrorType >; ``` #### UseCryptoOnrampStatusParameters [#usecryptoonrampstatusparameters] Parameters accepted by [`useCryptoOnrampStatus`](#usecryptoonrampstatus) — TanStack Query options (`select`, `enabled`, `refetchInterval`, …) plus the deposit id, originating provider id and optional provider override forwarded to [`getCryptoOnrampStatus`](/applications/appkit/reference/appkit#getcryptoonrampstatus). | Field | Type | Description | | ------------ | ------------------------------------------------------------------------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------- | | `depositId` | `string` | Deposit id. | | `providerId` | `string` | Identifier of the provider that issued this deposit. | | `query` | [`QueryOptionsOverride`](/applications/appkit/reference/appkit#queryoptionsoverride) | TanStack Query options forwarded to `useQuery` (`enabled`, `staleTime`, `refetchInterval`, `select`, …). `queryKey` and `queryFn` are managed by the wrapper. | #### UseCryptoOnrampStatusReturnType [#usecryptoonrampstatusreturntype] Return type of [`useCryptoOnrampStatus`](#usecryptoonrampstatus) — TanStack Query result carrying `data`, `isLoading`, `error` and the standard companions. ```ts type UseCryptoOnrampStatusReturnType = UseQueryReturnType< selectData, GetCryptoOnrampStatusErrorType >; ``` ### Jettons [#jettons-1] #### UseJettonBalanceByAddressParameters [#usejettonbalancebyaddressparameters] Parameters accepted by [`useJettonBalanceByAddress`](#usejettonbalancebyaddress) — TanStack Query options (`select`, `enabled`, `staleTime`, …) plus the jetton master, owner address, decimals and optional network override. | Field | Type | Description | | ---------------- | -------------------------------------------------------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | `jettonAddress` | UserFriendlyAddress | Jetton master contract address (the token, not the user's wallet for it). | | `ownerAddress` | UserFriendlyAddress | Owner of the jetton wallet — typically the connected user's address. | | `jettonDecimals` | `number` | Decimals declared by the jetton master. Used to format the raw balance into a human-readable string. | | `network` | Network | Network to read the balance from. Defaults to the selected wallet's network. If no wallet is selected, falls back to AppKit's default network, or mainnet when none is set. | | `query` | [`QueryOptionsOverride`](/applications/appkit/reference/appkit#queryoptionsoverride) | TanStack Query options forwarded to `useQuery` (`enabled`, `staleTime`, `refetchInterval`, `select`, …). `queryKey` and `queryFn` are managed by the wrapper. | #### UseJettonBalanceByAddressReturnType [#usejettonbalancebyaddressreturntype] Return type of [`useJettonBalanceByAddress`](#usejettonbalancebyaddress) — TanStack Query result carrying `data`, `isLoading`, `error` and the standard companions. ```ts type UseJettonBalanceByAddressReturnType = UseQueryReturnType< selectData, GetJettonBalanceErrorType >; ``` #### UseJettonInfoParameters [#usejettoninfoparameters] Parameters accepted by [`useJettonInfo`](#usejettoninfo) — TanStack Query options (`select`, `enabled`, `staleTime`, …) plus the jetton master address and optional network override. | Field | Type | Description | | --------- | -------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------- | | `address` | UserFriendlyAddress | Jetton master contract address whose metadata is being fetched. | | `network` | Network | Network to query. Defaults to the selected wallet's network. If no wallet is selected, falls back to AppKit's default network, or mainnet when none is set. | | `query` | [`QueryOptionsOverride`](/applications/appkit/reference/appkit#queryoptionsoverride) | TanStack Query options forwarded to `useQuery` (`enabled`, `staleTime`, `refetchInterval`, `select`, …). `queryKey` and `queryFn` are managed by the wrapper. | #### UseJettonInfoReturnType [#usejettoninforeturntype] Return type of [`useJettonInfo`](#usejettoninfo) — TanStack Query result carrying `data`, `isLoading`, `error` and the standard companions. `data` is `null` when the indexer has no record for that master address. ```ts type UseJettonInfoReturnType = UseQueryReturnType< selectData, GetJettonInfoErrorType >; ``` #### UseJettonWalletAddressParameters [#usejettonwalletaddressparameters] Parameters accepted by [`useJettonWalletAddress`](#usejettonwalletaddress) — TanStack Query options (`select`, `enabled`, `staleTime`, …) plus the jetton master, owner address and optional network override. | Field | Type | Description | | --------------- | -------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------- | | `jettonAddress` | UserFriendlyAddress | Jetton master contract address. | | `ownerAddress` | UserFriendlyAddress | Owner whose jetton wallet should be derived. | | `network` | Network | Network to query. Defaults to the selected wallet's network. If no wallet is selected, falls back to AppKit's default network, or mainnet when none is set. | | `query` | [`QueryOptionsOverride`](/applications/appkit/reference/appkit#queryoptionsoverride) | TanStack Query options forwarded to `useQuery` (`enabled`, `staleTime`, `refetchInterval`, `select`, …). `queryKey` and `queryFn` are managed by the wrapper. | #### UseJettonWalletAddressReturnType [#usejettonwalletaddressreturntype] Return type of [`useJettonWalletAddress`](#usejettonwalletaddress) — TanStack Query result carrying `data`, `isLoading`, `error` and the standard companions. ```ts type UseJettonWalletAddressReturnType = UseQueryReturnType< selectData, GetJettonWalletAddressErrorType >; ``` #### UseJettonsByAddressParameters [#usejettonsbyaddressparameters] Parameters accepted by [`useJettonsByAddress`](#usejettonsbyaddress) — TanStack Query options (`select`, `enabled`, `staleTime`, …) plus the owner address, optional network override and pagination. | Field | Type | Description | | --------- | ------------------------------------------------------------------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | `address` | UserFriendlyAddress \| Address | Owner address — pass a [`UserFriendlyAddress`](/applications/appkit/reference/appkit#userfriendlyaddress) string or an `Address` instance from `@ton/core`. | | `network` | Network | Network to read the jettons from. Defaults to the selected wallet's network. If no wallet is selected, falls back to AppKit's default network, or mainnet when none is set. | | `limit` | `number` | Maximum number of jettons to return. | | `offset` | `number` | Number of jettons to skip before returning results — used for pagination. | | `query` | [`QueryOptionsOverride`](/applications/appkit/reference/appkit#queryoptionsoverride) | TanStack Query options forwarded to `useQuery` (`enabled`, `staleTime`, `refetchInterval`, `select`, …). `queryKey` and `queryFn` are managed by the wrapper. | #### UseJettonsByAddressReturnType [#usejettonsbyaddressreturntype] Return type of [`useJettonsByAddress`](#usejettonsbyaddress) — TanStack Query result carrying `data`, `isLoading`, `error` and the standard companions. ```ts type UseJettonsByAddressReturnType = UseQueryReturnType< selectData, GetJettonsErrorType >; ``` #### UseJettonsParameters [#usejettonsparameters] Parameters accepted by [`useJettons`](#usejettons) — same shape as [`UseJettonsByAddressParameters`](#usejettonsbyaddressparameters). The hook resolves `address` from the selected wallet and overrides any value supplied here. | Field | Type | Description | | --------- | ------------------------------------------------------------------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | `address` | UserFriendlyAddress \| Address | Owner address — pass a [`UserFriendlyAddress`](/applications/appkit/reference/appkit#userfriendlyaddress) string or an `Address` instance from `@ton/core`. | | `network` | Network | Network to read the jettons from. Defaults to the selected wallet's network. If no wallet is selected, falls back to AppKit's default network, or mainnet when none is set. | | `limit` | `number` | Maximum number of jettons to return. | | `offset` | `number` | Number of jettons to skip before returning results — used for pagination. | | `query` | [`QueryOptionsOverride`](/applications/appkit/reference/appkit#queryoptionsoverride) | TanStack Query options forwarded to `useQuery` (`enabled`, `staleTime`, `refetchInterval`, `select`, …). `queryKey` and `queryFn` are managed by the wrapper. | #### UseJettonsReturnType [#usejettonsreturntype] Return type of [`useJettons`](#usejettons) — TanStack Query result carrying `data`, `isLoading`, `error` and the standard companions. ```ts type UseJettonsReturnType = UseJettonsByAddressReturnType; ``` #### UseTransferJettonParameters [#usetransferjettonparameters] Parameters accepted by [`useTransferJetton`](#usetransferjetton) — TanStack Query mutation options. ```ts type UseTransferJettonParameters = TransferJettonOptions; ``` #### UseTransferJettonReturnType [#usetransferjettonreturntype] Return type of [`useTransferJetton`](#usetransferjetton) — TanStack Query mutation result. ```ts type UseTransferJettonReturnType = UseMutationReturnType< TransferJettonData, TransferJettonErrorType, TransferJettonVariables, context, ( variables: TransferJettonVariables, options?: MutateOptions, ) => void, MutateFunction >; ``` #### UseWatchJettonsByAddressParameters [#usewatchjettonsbyaddressparameters] Parameters accepted by [`useWatchJettonsByAddress`](#usewatchjettonsbyaddress) — same fields as [`WatchJettonsByAddressOptions`](/applications/appkit/reference/appkit#watchjettonsbyaddressoptions), all optional so callers can render the hook before the address is known. ```ts type UseWatchJettonsByAddressParameters = Partial; ``` #### UseWatchJettonsParameters [#usewatchjettonsparameters] Parameters accepted by [`useWatchJettons`](#usewatchjettons) — update callback and optional network override. The hook resolves the address from the selected wallet. ```ts type UseWatchJettonsParameters = Partial; ``` ### NFTs [#nfts-2] #### NftItemProps [#nftitemprops] Props accepted by [`NftItem`](#nftitem) — extends the native ` ); } ``` ### `useTonConnectUI()` [#usetonconnectui] Use it to get access to the [`TonConnectUI`](/applications/ton-connect/api-reference/ui#tonconnectui) instance and UI options updating function. The returned tuple is stable across renders. `setOptions` merges into `tonConnectUI.uiOptions`; call it to switch language, theme, return strategy, or other UI preferences at runtime. ```ts function useTonConnectUI(): [TonConnectUI, (options: TonConnectUiOptions) => void]; ``` Returns `[TonConnectUI, (options: TonConnectUiOptions) => void]`. **Throws:** `TonConnectProviderNotSetError` — when called on the client side without a `` ancestor. On the server side the hook returns a no-op tuple instead. **Example:** ```ts function ConnectButton() { const [tonConnectUI, setOptions] = useTonConnectUI(); return ( <> ); } ``` ### `useTonWallet()` [#usetonwallet] Use it to get the user's current TON wallet. Returns `null` when no wallet is connected. Subscribes to `tonConnectUI.onStatusChange` internally, so the component re-renders whenever the user connects, disconnects, or switches accounts. ```ts function useTonWallet(): Wallet | (Wallet & WalletInfoWithOpenMethod) | null; ``` Returns `Wallet | unknown | null`. **Throws:** `TonConnectProviderNotSetError` — when called on the client side without a `` ancestor. **Example:** ```ts function WalletStatus() { const wallet = useTonWallet(); if (!wallet) { return
No wallet connected
; } return
Connected: {wallet.account.address}
; } ``` ## Errors [#errors] Every error from this package extends [`TonConnectUIReactError`](#tonconnectuireacterror), which itself extends [`TonConnectUIError`](/applications/ton-connect/api-reference/ui#tonconnectuierror). Use `err instanceof TonConnectUIReactError` to catch errors from this package; use `err instanceof TonConnectUIError` to catch anything raised by the TonConnect stack. ### `TonConnectUIReactError` [#tonconnectuireacterror] Base class for TonConnectUIReact errors. You can check if the error was triggered by the @tonconnect/ui-react using `err instanceof TonConnectUIReactError`. ```ts class TonConnectUIReactError extends TonConnectUIError { constructor(message?: string, options?: ErrorOptions); } ``` **Constructor:** Construct a [`TonConnectUIReactError`](#tonconnectuireacterror). Subclasses forward arguments through `super(...args)`; consumers normally observe subclass instances rather than constructing [`TonConnectUIReactError`](#tonconnectuireacterror) directly. | Parameter | Type | Description | | --------- | -------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | `message` | `string` | *Optional*. Human-readable message. The resulting `error.message` is prefixed with `[TON_CONNECT_SDK_ERROR]` and the subclass name (inherited from [`TonConnectError`](/applications/ton-connect/api-reference/sdk#tonconnecterror)). | | `options` | `ErrorOptions` | *Optional*. Standard ES `Error` options. | ### Error catalogue [#error-catalogue] | Class | Thrown when | | ------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | `TonConnectProviderNotSetError` | Thrown when a TonConnect UI hook or `` is used outside of ``. Wrap the part of the tree that needs TonConnect access in ``. | ## Related pages [#related-pages] * [`@tonconnect/ui`](/applications/ton-connect/api-reference/ui) — framework-agnostic UI wrapped by these bindings. * [`@tonconnect/sdk`](/applications/ton-connect/api-reference/sdk) — connector core under the UI. * [`@tonconnect/protocol`](/applications/ton-connect/api-reference/protocol) — wire-format types. * [TON Connect spec](https://github.com/ton-blockchain/ton-connect) — normative protocol material. # @tonconnect/ui (/applications/ton-connect/api-reference/ui) `@tonconnect/ui` is the framework-agnostic UI kit on top of [`@tonconnect/sdk`](/applications/ton-connect/api-reference/sdk). It ships a styled connect button, a wallets modal, and notification flows that match the TON Connect protocol so dApps without a framework can integrate without designing their own modals. If you use React, see [`@tonconnect/ui-react`](/applications/ton-connect/api-reference/ui-react). For protocol semantics, see the [TON Connect spec](https://github.com/ton-blockchain/ton-connect). ## Installation [#installation] Install from npm: ```bash npm i @tonconnect/ui ``` Or include the bundle via CDN. The package is exposed on `window.TON_CONNECT_UI`: ```html ``` For a pinned version, replace `@latest` with the desired version. > Generated from `@tonconnect/ui` v2.5.0-alpha.0. ## `TonConnectUI` [#tonconnectui] ### Constructor [#constructor] Creates a new TonConnectUI instance and mounts the widget into the DOM. ```ts new TonConnectUI(options?: TonConnectUiCreateOptions) ``` | Parameter | Type | Description | | --------- | --------------------------- | ----------------------------------------------------------------------------------- | | `options` | `TonConnectUiCreateOptions` | *Optional*. Creation options. Either `manifestUrl` or `connector` must be provided. | **Throws:** * [`TonConnectUIError`](#tonconnectuierror) — when neither `manifestUrl` nor `connector` is specified in `options`. * [`TonConnectUIError`](#tonconnectuierror) — when `options.buttonRootId` is set but the element does not exist in the document (the constructor applies the initial UI options). ### Instance properties [#instance-properties] | Property | Type | Description | | -------------------------- | ------------------------------------------------------------------------ | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | `walletsRequiredFeatures` | `RequiredFeatures \| undefined` | Required features that wallets must support to appear in the wallets list. Wallets not supporting these features are excluded from the UI. | | `walletsPreferredFeatures` | `RequiredFeatures \| undefined` | Preferred features used to sort and rank wallets in the wallets list. Wallets supporting these features appear first in the UI. | | `connector` | [`ITonConnect`](/applications/ton-connect/api-reference/sdk#itonconnect) | TonConnect instance. | | `modal` | `WalletsModal` | Manages the modal window state. | | `connectionRestored` | `Promise` | Promise that resolves after end of the connection restoring process (promise fires after [`onStatusChange`](#onstatuschange), so you can get actual information about wallet and session after when promise resolved). Resolved value `true`/`false` indicates if the session was restored successfully. | | `connected` | `boolean` | Current connection status. | | `account` | `Account \| null` | Current connected account or null. | | `wallet` | `Wallet \| unknown \| null` | Current connected wallet app and its info or null. | | `uiOptions` | `TonConnectUiOptions` | Sets and applies new UI options. Pass a partial options object; it is merged with the current options. *(write-only)* | | `modalState` | `WalletsModalState` | Returns current modal window state. | | `singleWalletModalState` | `SingleWalletModalState` | Returns current single wallet modal window state. | ### `setConnectRequestParameters()` [#setconnectrequestparameters] Use it to customize ConnectRequest and add `tonProof` payload. You can call it multiple times to set updated tonProof payload if previous one is outdated. If `connectRequestParameters.state === 'loading'` a loader appears instead of the qr code in the wallets modal. If `connectRequestParameters.state` was changed to 'ready' or its value has been changed, the QR is re-rendered. ```ts setConnectRequestParameters( connectRequestParameters: Loadable | undefined | null ): void; ``` | Parameter | Type | Description | | -------------------------- | --------------------------------------------------------- | ----------- | | `connectRequestParameters` | `Loadable \| undefined \| null` | — | ### `setConnectionNetwork()` [#setconnectionnetwork] Set desired network for the connection. Can only be set before connecting. If wallet connects with a different chain, the SDK throws an error and aborts connection. ```ts setConnectionNetwork(network?: ChainId): void; ``` | Parameter | Type | Description | | --------- | --------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------- | | `network` | [`ChainId`](/applications/ton-connect/api-reference/protocol#chainid) | *Optional*. Desired network id (e.g., '-239', '-3', or custom). Pass undefined to allow any network. | ### `getWallets()` [#getwallets] Returns available wallets list. ```ts getWallets(): Promise; ``` Returns `Promise`. ### `onStatusChange()` [#onstatuschange] Subscribes to connection status changes. ```ts onStatusChange( callback: (wallet: ConnectedWallet | null) => void, errorsHandler?: (err: TonConnectError) => void ): () => void; ``` | Parameter | Type | Description | | --------------- | ------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------- | | `callback` | `(wallet: ConnectedWallet \| null) => void` | Called with the connected wallet on connect, or `null` on disconnect. | | `errorsHandler` | `(err: TonConnectError) => void` | *Optional*. Optional handler called when a [`TonConnectError`](/applications/ton-connect/api-reference/sdk#tonconnecterror) occurs. | Returns `() => void`. Unsubscribe function — call it to stop receiving status updates. ### `openModal()` [#openmodal] Opens the modal window, returns a promise that resolves after the modal window is opened. ```ts openModal(options?: { traceId?: string }): Promise; ``` | Parameter | Type | Description | | --------- | ---------------------- | ----------- | | `options` | `{ traceId?: string }` | *Optional*. | Returns `Promise`. ### `closeModal()` [#closemodal] Closes the modal window. ```ts closeModal(reason?: WalletsModalCloseReason): void; ``` | Parameter | Type | Description | | --------- | ------------------------- | ----------- | | `reason` | `WalletsModalCloseReason` | *Optional*. | ### `onModalStateChange()` [#onmodalstatechange] Subscribe to the modal window state changes, returns a function which has to be called to unsubscribe. ```ts onModalStateChange(onChange: (state: WalletsModalState) => void): () => void; ``` | Parameter | Type | Description | | ---------- | ------------------------------------ | ----------- | | `onChange` | `(state: WalletsModalState) => void` | — | Returns `() => void`. ### `openSingleWalletModal()` [#opensinglewalletmodal] Opens the single wallet modal window, returns a promise that resolves after the modal window is opened. ```ts openSingleWalletModal(wallet: string): Promise; ``` | Parameter | Type | Description | | --------- | -------- | ----------- | | `wallet` | `string` | — | Returns `Promise`. ### `closeSingleWalletModal()` [#closesinglewalletmodal] Close the single wallet modal window. ```ts closeSingleWalletModal(closeReason?: WalletsModalCloseReason): void; ``` | Parameter | Type | Description | | ------------- | ------------------------- | ----------- | | `closeReason` | `WalletsModalCloseReason` | *Optional*. | ### `onSingleWalletModalStateChange()` [#onsinglewalletmodalstatechange] Subscribe to the single wallet modal window state changes, returns a function which has to be called to unsubscribe. ```ts onSingleWalletModalStateChange(onChange: (state: SingleWalletModalState) => void): () => void; ``` | Parameter | Type | Description | | ---------- | ----------------------------------------- | ----------- | | `onChange` | `(state: SingleWalletModalState) => void` | — | Returns `() => void`. ### `connectWallet()` [#connectwallet] *Deprecated* — Use `tonConnectUI.openModal()` instead. Will be removed in the next major version. Opens the modal window and handles a wallet connection. ```ts connectWallet(options?: { traceId?: string }): Promise; ``` | Parameter | Type | Description | | --------- | ---------------------- | ------------------------------------- | | `options` | `{ traceId?: string }` | *Optional*. Optional tracing options. | Returns `Promise`. Promise that resolves to the connected wallet. **Throws:** [`TonConnectUIError`](#tonconnectuierror) — when the connection is aborted or the user cancels. ### `disconnect()` [#disconnect] Disconnects the wallet and clears stored session data. ```ts disconnect(options?: { traceId?: string }): Promise; ``` | Parameter | Type | Description | | --------- | ---------------------- | ------------------------------------- | | `options` | `{ traceId?: string }` | *Optional*. Optional tracing options. | Returns `Promise`. Promise that resolves when the disconnect is complete. ### `sendTransaction()` [#sendtransaction] Opens the modal window and handles the transaction sending. ```ts sendTransaction( tx: SendTransactionRequest, options?: ActionOptions ): Promise>; ``` | Parameter | Type | Description | | --------- | ---------------------------------------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------- | | `tx` | [`SendTransactionRequest`](/applications/ton-connect/api-reference/sdk#sendtransactionrequest) | Transaction to send. | | `options` | `ActionOptions` | *Optional*. Modal and notifications behaviour settings. Default shows only the 'before' modal and all notifications. | Returns `Promise>`. Promise that resolves to the transaction response. **Throws:** * [`TonConnectUIError`](#tonconnectuierror) — when no wallet is connected and `options.onConnected` is not provided. * [`TonConnectUIError`](#tonconnectuierror) — when the user cancels the transaction in the modal. * [`TonConnectError`](/applications/ton-connect/api-reference/sdk#tonconnecterror) — subclasses raised by the underlying SDK call (e.g. `WalletWrongNetworkError`, `WalletNotSupportFeatureError`, `UserRejectsError`, `BadRequestError`, `UnknownAppError`) are propagated unchanged. ### `signData()` [#signdata] Signs the data and returns the signature. ```ts signData( data: SignDataPayload, options?: ActionOptions ): Promise; ``` | Parameter | Type | Description | | --------- | ------------------------------------------------------------------------------------- | ------------------------------------------------------- | | `data` | [`SignDataPayload`](/applications/ton-connect/api-reference/protocol#signdatapayload) | Data payload to sign. | | `options` | `ActionOptions` | *Optional*. Modal and notifications behaviour settings. | Returns `Promise`. Promise that resolves to the sign-data response including the signature. **Throws:** * [`TonConnectUIError`](#tonconnectuierror) — when no wallet is connected and `options.onConnected` is not provided. * [`TonConnectUIError`](#tonconnectuierror) — when the user cancels the signing in the modal. * [`TonConnectError`](/applications/ton-connect/api-reference/sdk#tonconnecterror) — subclasses raised by the underlying SDK call (e.g. `WalletNotSupportFeatureError`, `UserRejectsError`, `BadRequestError`) are propagated unchanged. ### `signMessage()` [#signmessage] Signs a message built from a transaction request and returns the signed internal message BoC. ```ts signMessage( message: SignMessageRequest, options?: ActionOptions ): Promise>; ``` | Parameter | Type | Description | | --------- | -------------------------------------------------------------------------------------- | ----------------------------------------------------------------- | | `message` | [`SignMessageRequest`](/applications/ton-connect/api-reference/sdk#signmessagerequest) | Transaction-like request describing the internal message to sign. | | `options` | `ActionOptions` | *Optional*. Modal and notifications behaviour settings. | Returns `Promise>`. Promise that resolves to the sign-message response including the signed BoC. **Throws:** * [`TonConnectUIError`](#tonconnectuierror) — when no wallet is connected and `options.onConnected` is not provided. * [`TonConnectUIError`](#tonconnectuierror) — when the user cancels the signing in the modal. * [`TonConnectError`](/applications/ton-connect/api-reference/sdk#tonconnecterror) — subclasses raised by the underlying SDK call are propagated unchanged. ### Static methods [#static-methods] | Method | Description | | --------------------------- | -------------------------------------- | | `TonConnectUI.getWallets()` | Returns the list of available wallets. | ## Types [#types] ### `ActionConfiguration` [#actionconfiguration] ```ts interface ActionConfiguration { modals?: 'all' | ('before' | 'success' | 'error')[]; notifications?: 'all' | ('before' | 'success' | 'error')[]; returnStrategy?: ReturnStrategy; twaReturnUrl?: `${string}://${string}`; skipRedirectToWallet?: 'ios' | 'always' | 'never'; } ``` | Field | Type | Description | | ---------------------- | ----------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | | `modals` | `'all' \| ('before' \| 'success' \| 'error')[]` | *Optional*. Configure action modals behavior. | | `notifications` | `'all' \| ('before' \| 'success' \| 'error')[]` | *Optional*. Configure action notifications behavior. | | `returnStrategy` | `ReturnStrategy` | *Optional*. Specifies return strategy for the deeplink when user signs/declines the request. | | `twaReturnUrl` | `${string}://${string}` | *Optional*. Specifies return url for TWA-TWA connections. This is applied as a return strategy if dApp is opened as a TWA and user selects TWA wallet (overrides `returnStrategy` if set). | | `skipRedirectToWallet` | `'ios' \| 'always' \| 'never'` | *Optional*. | ### `TonConnectUiOptionsWithManifest` [#tonconnectuioptionswithmanifest] ```ts interface TonConnectUiOptionsWithManifest { manifestUrl?: string; restoreConnection?: boolean; widgetRootId?: string; eventDispatcher?: EventDispatcher; uiPreferences?: UIPreferences; buttonRootId?: string | null; language?: Locales; walletsListConfiguration?: WalletsListConfiguration; walletsRequiredFeatures?: RequiredFeatures; walletsPreferredFeatures?: RequiredFeatures; actionsConfiguration?: ActionConfiguration; enableAndroidBackHandler?: boolean; analytics?: AnalyticsSettings; } ``` | Field | Type | Description | | -------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | `manifestUrl` | `string` | *Optional*. URL to the [manifest](https://github.com/ton-connect/docs/blob/main/requests-responses.md#app-manifest) with the dApp metadata that is displayed in the user's wallet. If not passed, the manifest from `${window.location.origin}/tonconnect-manifest.json` is used. | | `restoreConnection` | `boolean` | *Optional*. Try to restore existing session and reconnect to the corresponding wallet. | | `widgetRootId` | `string` | *Optional*. HTML element id to attach the modal window element. If not passed, `div#tc-widget-root` is appended to the end of `` and used. Defaults to `'tc-widget-root'`. | | `eventDispatcher` | `EventDispatcher` | *Optional*. Event dispatcher to track user actions. By default, it uses `window.dispatchEvent` for browser environment. Defaults to `new BrowserEventDispatcher()`. | | `uiPreferences` | `UIPreferences` | *Optional*. UI elements configuration. | | `buttonRootId` | `string \| null` | *Optional*. HTML element id to attach the wallet connect button. If not passed the button does not appear. | | `language` | `Locales` | *Optional*. Language for the phrases in the UI elements. | | `walletsListConfiguration` | `WalletsListConfiguration` | *Optional*. Configuration for the wallets list in the connect wallet modal. | | `walletsRequiredFeatures` | [`RequiredFeatures`](/applications/ton-connect/api-reference/sdk#requiredfeatures) | *Optional*. Required features for wallets. If a wallet doesn't support the required features, it is disabled. | | `walletsPreferredFeatures` | [`RequiredFeatures`](/applications/ton-connect/api-reference/sdk#requiredfeatures) | *Optional*. Preferred features for wallets. If a wallet doesn't support the preferred features, it is moved to the end of the list. | | `actionsConfiguration` | `ActionConfiguration` | *Optional*. Configuration for action-period (e.g. sendTransaction) UI elements: modals and notifications and wallet behaviour (return strategy). | | `enableAndroidBackHandler` | `boolean` | *Optional*. Specifies whether the Android back button should be used to close modals and notifications on Android devices. | | `analytics` | `AnalyticsSettings` | *Optional*. Analytics configuration forwarded to the underlying TonConnect SDK instance. | ### `TonConnectUiOptionsWithConnector` [#tonconnectuioptionswithconnector] ```ts interface TonConnectUiOptionsWithConnector { connector?: ITonConnect; restoreConnection?: boolean; widgetRootId?: string; eventDispatcher?: EventDispatcher; uiPreferences?: UIPreferences; buttonRootId?: string | null; language?: Locales; walletsListConfiguration?: WalletsListConfiguration; walletsRequiredFeatures?: RequiredFeatures; walletsPreferredFeatures?: RequiredFeatures; actionsConfiguration?: ActionConfiguration; enableAndroidBackHandler?: boolean; analytics?: AnalyticsSettings; } ``` | Field | Type | Description | | -------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | `connector` | [`ITonConnect`](/applications/ton-connect/api-reference/sdk#itonconnect) | *Optional*. TonConnect instance. Can be helpful if you use custom ITonConnect implementation, or use both of @tonconnect/sdk and @tonconnect/ui in your app. | | `restoreConnection` | `boolean` | *Optional*. Try to restore existing session and reconnect to the corresponding wallet. | | `widgetRootId` | `string` | *Optional*. HTML element id to attach the modal window element. If not passed, `div#tc-widget-root` is appended to the end of `` and used. Defaults to `'tc-widget-root'`. | | `eventDispatcher` | `EventDispatcher` | *Optional*. Event dispatcher to track user actions. By default, it uses `window.dispatchEvent` for browser environment. Defaults to `new BrowserEventDispatcher()`. | | `uiPreferences` | `UIPreferences` | *Optional*. UI elements configuration. | | `buttonRootId` | `string \| null` | *Optional*. HTML element id to attach the wallet connect button. If not passed the button does not appear. | | `language` | `Locales` | *Optional*. Language for the phrases in the UI elements. | | `walletsListConfiguration` | `WalletsListConfiguration` | *Optional*. Configuration for the wallets list in the connect wallet modal. | | `walletsRequiredFeatures` | [`RequiredFeatures`](/applications/ton-connect/api-reference/sdk#requiredfeatures) | *Optional*. Required features for wallets. If a wallet doesn't support the required features, it is disabled. | | `walletsPreferredFeatures` | [`RequiredFeatures`](/applications/ton-connect/api-reference/sdk#requiredfeatures) | *Optional*. Preferred features for wallets. If a wallet doesn't support the preferred features, it is moved to the end of the list. | | `actionsConfiguration` | `ActionConfiguration` | *Optional*. Configuration for action-period (e.g. sendTransaction) UI elements: modals and notifications and wallet behaviour (return strategy). | | `enableAndroidBackHandler` | `boolean` | *Optional*. Specifies whether the Android back button should be used to close modals and notifications on Android devices. | | `analytics` | `AnalyticsSettings` | *Optional*. Analytics configuration forwarded to the underlying TonConnect SDK instance. | ### `TonConnectUiCreateOptionsBase` [#tonconnectuicreateoptionsbase] ```ts interface TonConnectUiCreateOptionsBase { restoreConnection?: boolean; widgetRootId?: string; eventDispatcher?: EventDispatcher; uiPreferences?: UIPreferences; buttonRootId?: string | null; language?: Locales; walletsListConfiguration?: WalletsListConfiguration; walletsRequiredFeatures?: RequiredFeatures; walletsPreferredFeatures?: RequiredFeatures; actionsConfiguration?: ActionConfiguration; enableAndroidBackHandler?: boolean; analytics?: AnalyticsSettings; } ``` | Field | Type | Description | | -------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | `restoreConnection` | `boolean` | *Optional*. Try to restore existing session and reconnect to the corresponding wallet. | | `widgetRootId` | `string` | *Optional*. HTML element id to attach the modal window element. If not passed, `div#tc-widget-root` is appended to the end of `` and used. Defaults to `'tc-widget-root'`. | | `eventDispatcher` | `EventDispatcher` | *Optional*. Event dispatcher to track user actions. By default, it uses `window.dispatchEvent` for browser environment. Defaults to `new BrowserEventDispatcher()`. | | `uiPreferences` | `UIPreferences` | *Optional*. UI elements configuration. | | `buttonRootId` | `string \| null` | *Optional*. HTML element id to attach the wallet connect button. If not passed the button does not appear. | | `language` | `Locales` | *Optional*. Language for the phrases in the UI elements. | | `walletsListConfiguration` | `WalletsListConfiguration` | *Optional*. Configuration for the wallets list in the connect wallet modal. | | `walletsRequiredFeatures` | [`RequiredFeatures`](/applications/ton-connect/api-reference/sdk#requiredfeatures) | *Optional*. Required features for wallets. If a wallet doesn't support the required features, it is disabled. | | `walletsPreferredFeatures` | [`RequiredFeatures`](/applications/ton-connect/api-reference/sdk#requiredfeatures) | *Optional*. Preferred features for wallets. If a wallet doesn't support the preferred features, it is moved to the end of the list. | | `actionsConfiguration` | `ActionConfiguration` | *Optional*. Configuration for action-period (e.g. sendTransaction) UI elements: modals and notifications and wallet behaviour (return strategy). | | `enableAndroidBackHandler` | `boolean` | *Optional*. Specifies whether the Android back button should be used to close modals and notifications on Android devices. | | `analytics` | `AnalyticsSettings` | *Optional*. Analytics configuration forwarded to the underlying TonConnect SDK instance. | ### `TonConnectUiOptions` [#tonconnectuioptions] ```ts interface TonConnectUiOptions { uiPreferences?: UIPreferences; buttonRootId?: string | null; language?: Locales; walletsListConfiguration?: WalletsListConfiguration; walletsRequiredFeatures?: RequiredFeatures; walletsPreferredFeatures?: RequiredFeatures; actionsConfiguration?: ActionConfiguration; enableAndroidBackHandler?: boolean; analytics?: AnalyticsSettings; } ``` | Field | Type | Description | | -------------------------- | ---------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------ | | `uiPreferences` | `UIPreferences` | *Optional*. UI elements configuration. | | `buttonRootId` | `string \| null` | *Optional*. HTML element id to attach the wallet connect button. If not passed the button does not appear. | | `language` | `Locales` | *Optional*. Language for the phrases in the UI elements. | | `walletsListConfiguration` | `WalletsListConfiguration` | *Optional*. Configuration for the wallets list in the connect wallet modal. | | `walletsRequiredFeatures` | [`RequiredFeatures`](/applications/ton-connect/api-reference/sdk#requiredfeatures) | *Optional*. Required features for wallets. If a wallet doesn't support the required features, it is disabled. | | `walletsPreferredFeatures` | [`RequiredFeatures`](/applications/ton-connect/api-reference/sdk#requiredfeatures) | *Optional*. Preferred features for wallets. If a wallet doesn't support the preferred features, it is moved to the end of the list. | | `actionsConfiguration` | `ActionConfiguration` | *Optional*. Configuration for action-period (e.g. sendTransaction) UI elements: modals and notifications and wallet behaviour (return strategy). | | `enableAndroidBackHandler` | `boolean` | *Optional*. Specifies whether the Android back button should be used to close modals and notifications on Android devices. | | `analytics` | `AnalyticsSettings` | *Optional*. Analytics configuration forwarded to the underlying TonConnect SDK instance. | ### `UIPreferences` [#uipreferences] ```ts interface UIPreferences { theme?: Theme; borderRadius?: BorderRadius; colorsSet?: Partial>; } ``` | Field | Type | Description | | -------------- | ------------------------------------------ | -------------------------------------------------------------------------------------------------------- | | `theme` | `Theme` | *Optional*. Color theme for the UI elements. When set to `'SYSTEM'` the theme follows the OS preference. | | `borderRadius` | `BorderRadius` | *Optional*. Border radius for UI elements. | | `colorsSet` | `Partial>` | *Optional*. Configure colors scheme for different themes. | ### `WalletsModal` [#walletsmodal] ```ts interface WalletsModal { open: (options?: { traceId?: string }) => void; close: (reason?: WalletsModalCloseReason) => void; onStateChange: (callback: (state: WalletsModalState) => void) => () => void; state: WalletsModalState; } ``` | Field | Type | Description | | --------------- | -------------------------------------------------------------- | --------------------------------------------- | | `open` | `(options?: { traceId?: string }) => void` | Open the modal. | | `close` | `(reason?: WalletsModalCloseReason) => void` | Close the modal. | | `onStateChange` | `(callback: (state: WalletsModalState) => void) => () => void` | Subscribe to the modal window status changes. | | `state` | `WalletsModalState` | Current modal window state. | ### `Theme` [#theme] UI colour theme, including automatic system-preference detection. ```ts type Theme = THEME | 'SYSTEM'; ``` ### `BorderRadius` [#borderradius] Corner radius preset for the UI widget. `'m'` is the default rounded style; `'none'` disables rounding. ```ts type BorderRadius = 'm' | 's' | 'none'; ``` ### `ColorsSet` [#colorsset] Complete set of colour tokens used to theme the TonConnectUI widget. ```ts type ColorsSet = { constant: { black: Color; white: Color }; connectButton: { background: Color; foreground: Color }; accent: Color; telegramButton: Color; icon: { primary: Color; secondary: Color; tertiary: Color; success: Color; error: Color }; background: { primary: Color; secondary: Color; segment: Color; tint: Color; qr: Color }; text: { primary: Color; secondary: Color }; }; ``` ### `PartialColorsSet` [#partialcolorsset] Partial colour token override — only the provided tokens are applied; the rest fall back to defaults. ```ts type PartialColorsSet = { constant?: { black?: Color; white?: Color }; connectButton?: { background?: Color; foreground?: Color }; accent?: Color; telegramButton?: Color; icon?: { primary?: Color; secondary?: Color; tertiary?: Color; success?: Color; error?: Color }; background?: { primary?: Color; secondary?: Color; segment?: Color; tint?: Color; qr?: Color }; text?: { primary?: Color; secondary?: Color }; }; ``` ### `WalletOpenMethod` [#walletopenmethod] Method used to open the wallet app from the dApp. ```ts type WalletOpenMethod = 'qrcode' | 'universal-link' | 'custom-deeplink'; ``` ### `WalletInfoWithOpenMethod` [#walletinfowithopenmethod] Wallet info enriched with the open method used to initiate the connection. ```ts type WalletInfoWithOpenMethod = | WalletInfoInjectable | WalletInfoRemoteWithOpenMethod | WalletInfoWalletConnect | (WalletInfoInjectable & WalletInfoRemoteWithOpenMethod); ``` ### `WalletInfoRemoteWithOpenMethod` [#walletinforemotewithopenmethod] Remote wallet info that also carries the [`WalletOpenMethod`](#walletopenmethod) used to connect. ```ts type WalletInfoRemoteWithOpenMethod = WalletInfoRemote & { openMethod?: WalletOpenMethod }; ``` ### `WalletInfoWalletConnect` [#walletinfowalletconnect] Wallet info for wallets connected via the WalletConnect bridge. ```ts type WalletInfoWalletConnect = WalletInfoBase & { type: 'wallet-connect' }; ``` ### `ConnectedWallet` [#connectedwallet] A fully connected wallet: combines session data from [`Wallet`](/applications/ton-connect/api-reference/sdk#wallet) with its UI metadata. ```ts type ConnectedWallet = Wallet & WalletInfoWithOpenMethod; ``` ### `Color` [#color] ```ts type Color = Property.Color; ``` ### `Loadable` [#loadable] A value that is either loading or ready. Used for async state passed into the UI (e.g. [`setConnectRequestParameters`](#setconnectrequestparameters)). ```ts type Loadable = LoadableLoading | LoadableReady; ``` ### `LoadableLoading` [#loadableloading] Indicates that the value is not yet available. ```ts type LoadableLoading = { state: 'loading' }; ``` ### `LoadableReady` [#loadableready] Indicates that the value is available. ```ts type LoadableReady = { state: 'ready'; value: T }; ``` ### `Locales` [#locales] Supported UI locale codes. ```ts type Locales = 'en' | 'ru'; ``` ### `ReturnStrategy` [#returnstrategy] Specifies return strategy for the deeplink when user signs/declines the request. [See details](https://github.com/ton-connect/docs/blob/main/bridge.md#universal-link). ```ts type ReturnStrategy = 'back' | 'none' | `${string}://${string}`; ``` ### `TonConnectUiCreateOptions` [#tonconnectuicreateoptions] ```ts type TonConnectUiCreateOptions = TonConnectUiOptionsWithConnector | TonConnectUiOptionsWithManifest; ``` ### `UIWallet` [#uiwallet] ```ts type UIWallet = Omit | WalletInfoRemote; ``` ### `WalletsListConfiguration` [#walletslistconfiguration] Add corrections to the default wallets list in the modal: add custom wallets and change wallets order. ```ts type WalletsListConfiguration = { includeWallets?: UIWallet[] }; ``` ### `WalletModalOpened` [#walletmodalopened] Opened modal window state. ```ts type WalletModalOpened = { status: 'opened'; closeReason: null; embeddedRequest?: Consumable | null }; ``` ### `WalletModalClosed` [#walletmodalclosed] Closed modal window state. ```ts type WalletModalClosed = { status: 'closed'; closeReason: WalletsModalCloseReason | null }; ``` ### `WalletsModalState` [#walletsmodalstate] Modal window state. ```ts type WalletsModalState = OptionalTraceable; ``` ### `WalletsModalCloseReason` [#walletsmodalclosereason] Modal window close reason. ```ts type WalletsModalCloseReason = 'action-cancelled' | 'wallet-selected'; ``` ### `UserActionEvent` [#useractionevent] User action events. ```ts type UserActionEvent = | VersionEvent | ConnectionEvent | ConnectionRestoringEvent | DisconnectionEvent | TransactionSigningEvent | DataSigningEvent | WalletModalOpenedEvent | SelectedWalletEvent; ``` ### `THEME` [#theme-1] Built-in UI colour themes. ```ts enum THEME { DARK = 'DARK', LIGHT = 'LIGHT', } ``` ## Errors [#errors] Every error from this package extends [`TonConnectUIError`](#tonconnectuierror), which itself extends [`TonConnectError`](/applications/ton-connect/api-reference/sdk#tonconnecterror). Use `err instanceof TonConnectUIError` to catch errors from this package; use `err instanceof TonConnectError` to catch anything raised by the TonConnect stack. ### `TonConnectUIError` [#tonconnectuierror] Base error class for errors thrown by `@tonconnect/ui` itself (modal lifecycle, UI configuration, deeplink helpers, etc.), as opposed to protocol errors surfaced from the SDK. Use `err instanceof TonConnectUIError` to distinguish UI-layer failures from [`TonConnectError`](/applications/ton-connect/api-reference/sdk#tonconnecterror) subclasses raised by `@tonconnect/sdk`. Extends [`TonConnectError`](/applications/ton-connect/api-reference/sdk#tonconnecterror). ```ts class TonConnectUIError extends TonConnectError { constructor(message?: string, options?: ErrorOptions); } ``` **Constructor:** Construct a [`TonConnectUIError`](#tonconnectuierror). Subclasses pass these arguments through via `super(...args)`; consumers normally interact with instances thrown by the package rather than constructing [`TonConnectUIError`](#tonconnectuierror) directly. | Parameter | Type | Description | | --------- | -------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | `message` | `string` | *Optional*. Human-readable message. The resulting `error.message` is prefixed with `[TON_CONNECT_SDK_ERROR]` and the subclass name (inherited from [`TonConnectError`](/applications/ton-connect/api-reference/sdk#tonconnecterror)). | | `options` | `ErrorOptions` | *Optional*. Standard ES `Error` options. | ## Related pages [#related-pages] * [`@tonconnect/sdk`](/applications/ton-connect/api-reference/sdk) — connector core that this UI wraps. * [`@tonconnect/ui-react`](/applications/ton-connect/api-reference/ui-react) — React bindings. * [`@tonconnect/protocol`](/applications/ton-connect/api-reference/protocol) — wire-format types. * [TON Connect spec](https://github.com/ton-blockchain/ton-connect) — normative protocol material. # Connect a wallet (/applications/ton-connect/how-to/connect) Connecting a wallet is the first step in any TON Connect flow. The dApp presents a wallet picker, the user picks a wallet, and the wallet returns the user's account information over the bridge. Optionally, the dApp can also request `ton_proof` — a signature proving the user owns the connected address. ## Connect [#connect] ### Default modal [#default-modal] ```tsx import { TonConnectButton, TonConnectUIProvider } from '@tonconnect/ui-react'; ``` Render `` inside the provider. The button opens the default modal and toggles between "Connect Wallet" and the connected account state automatically. Restyle it with `className` or `style`: ```tsx ``` ### Open the modal manually [#open-the-modal-manually] To open the modal from a different control, call `openModal()` on the connector: ```tsx import { useTonConnectUI } from '@tonconnect/ui-react'; function ConnectButton() { const [tonConnectUi] = useTonConnectUI(); return ; } ``` The vanilla `TonConnectUI` instance exposes the same method. ### Read connection state [#read-connection-state] ```tsx import { useTonAddress, useTonWallet, useIsConnectionRestored } from '@tonconnect/ui-react'; function Status() { const address = useTonAddress(); const wallet = useTonWallet(); const restored = useIsConnectionRestored(); if (!restored) return Restoring…; if (!wallet) return Not connected; return Connected: {address}; } ``` `useIsConnectionRestored` matters: until it returns `true`, `wallet` and `address` are "not yet known", not "not connected". Gate any redirect or auth logic on the restored flag. The vanilla SDK exposes the same state through `tonConnectUi.wallet`, `tonConnectUi.account`, and the `onStatusChange` subscription. ### Customise the modal [#customise-the-modal] ```tsx import { useTonConnectUI, THEME } from '@tonconnect/ui-react'; const [tonConnectUi] = useTonConnectUI(); tonConnectUi.uiOptions = { language: 'ru', uiPreferences: { theme: THEME.DARK }, }; ``` `uiOptions` is a setter, not a plain object. Assigning to it runs the merge, theme switch, and re-render logic. Mutating a nested property (for example `tonConnectUi.uiOptions.uiPreferences.theme = ...`) bypasses the setter and has no effect. Always reassign the whole object. ### Direct universal link (no modal) [#direct-universal-link-no-modal] For flows where the user has already chosen a wallet: ```ts import { TonConnectUI } from '@tonconnect/ui'; const tc = new TonConnectUI({ manifestUrl: '...' }); const universalLink = tc.connector.connect({ universalLink: 'https://app.tonkeeper.com/ton-connect', bridgeUrl: 'https://bridge.tonapi.io/bridge' }); window.location.href = universalLink; ``` ### Restoring a previous connection [#restoring-a-previous-connection] The SDK calls `restoreConnection()` automatically on mount. Use `useIsConnectionRestored` (or the `connector.onStatusChange` callback for vanilla) to know when the restore attempt has settled — only after that should you decide whether the user is connected. ### Trace ID for analytics [#trace-id-for-analytics] The connect call accepts an optional `traceId` (UUIDv7 by default) that the SDK propagates as the `trace_id` query parameter on the connect URL and on the bridge. Tracing-aware wallets echo the same ID on the connect-event reply, so the dApp, bridge, and wallet share one correlation key for the connect operation. Pass it explicitly to align with an upstream tracing system, or let the SDK auto-generate it: ```ts await tonConnectUi.openModal({ traceId: '019a2a92-a884-7cfc-b1bc-caab18644b6f' }); ``` The same option is accepted by `tonConnectUi.disconnect`, `sendTransaction`, `signMessage`, and `signData`. The result of each action exposes `traceId` for logging. ## Authenticate with `ton_proof` [#authenticate-with-ton_proof] `ton_proof` returns a signature that binds the user's wallet, the dApp's domain, a timestamp, and a server-issued nonce. The dApp's backend verifies the signature against the user's public key and issues a session token (JWT or your own). ### Frontend [#frontend] Fetch a backend nonce, then set connect request parameters before opening the modal: ```ts import { useTonConnectUI } from '@tonconnect/ui-react'; const [tonConnectUi] = useTonConnectUI(); tonConnectUi.setConnectRequestParameters({ state: 'loading' }); const nonce = await fetch('/api/tonconnect/nonce').then(r => r.text()); tonConnectUi.setConnectRequestParameters({ state: 'ready', value: { tonProof: nonce }, }); ``` Vanilla (`@tonconnect/ui`) uses the same API: ```ts import { TonConnectUI } from '@tonconnect/ui'; const tonConnectUi = new TonConnectUI({ manifestUrl: 'https://example.com/tonconnect-manifest.json', }); tonConnectUi.setConnectRequestParameters({ state: 'loading' }); const nonce = await fetch('/api/tonconnect/nonce').then(r => r.text()); tonConnectUi.setConnectRequestParameters({ state: 'ready', value: { tonProof: nonce }, }); ``` After the wallet responds, read the proof from the connect event: ```ts tonConnectUi.onStatusChange(async wallet => { if (!wallet) return; const proof = wallet.connectItems?.tonProof; if (proof && 'proof' in proof) { await fetch('/api/tonconnect/verify', { method: 'POST', headers: { 'content-type': 'application/json' }, body: JSON.stringify({ proof: proof.proof, address: wallet.account.address, walletStateInit: wallet.account.walletStateInit, network: wallet.account.chain }), }); } }); ``` ### Backend verification [#backend-verification] The backend reconstructs the signed message bytes and checks the Ed25519 signature against the user's public key. ```text message = "ton-proof-item-v2/" ++ Address ++ AppDomain ++ Timestamp ++ Payload hash = sha256(0xffff ++ "ton-connect" ++ sha256(message)) verify Ed25519(signature, hash, publicKey) ``` Field encodings are defined in the [`ton_proof` signature specification](https://github.com/ton-blockchain/ton-connect/blob/main/spec/connect.md#address-proof-signature-ton_proof). The verifier should: 1. Check that the address derived from `walletStateInit` matches the reported account address — this binds the stateInit to the wallet whose proof you are verifying. 2. Resolve the wallet's public key. First call [`tryExtractPublicKey`](/applications/ton-connect/how-to/sign-data#extracting-the-public-key) from the sign-data guide on the stateInit; if it returns `null` (unknown contract), fall back to the on-chain `get_public_key` getter. The wallet-reported `publicKey` is not trusted — the address-bound stateInit is the authoritative source. 3. Verify the Ed25519 signature over the reconstructed hash. 4. Reject proofs outside your time window (15 minutes is a common default). 5. Reject proofs whose `AppDomain` does not match your dApp domain. 6. Reject proofs whose `Payload` does not match a nonce your backend issued for that session. On success, issue a session token. The token's `sub` is the wallet address; the `aud` is your domain. ### Node.js verifier [#nodejs-verifier] ```ts import { createHash } from 'node:crypto'; import nacl from 'tweetnacl'; import { Address, Cell, contractAddress, loadStateInit } from '@ton/ton'; import { tryExtractPublicKey } from './wallet-public-key'; // from sign-data guide const PROOF_MAX_AGE_SEC = 15 * 60; interface TonProofPayload { timestamp: number; domain: { lengthBytes: number; value: string }; payload: string; // application-defined; treat as opaque here signature: string; // base64 } interface VerifyTonProofInput { address: string; // user-friendly wallet address walletStateInit: string; // base64 BoC from the connect event proof: TonProofPayload; expectedDomain: string; // your dApp host, e.g. "example.com" } function sha256(buf: Buffer): Buffer { return createHash('sha256').update(buf).digest(); } function buildTonProofDigest(address: Address, proof: TonProofPayload): Buffer { const wc = Buffer.alloc(4); wc.writeUInt32BE(address.workChain, 0); const domainBytes = Buffer.from(proof.domain.value, 'utf8'); if (proof.domain.lengthBytes !== domainBytes.length) { throw new Error('domain lengthBytes mismatch'); } const domainLen = Buffer.alloc(4); domainLen.writeUInt32LE(proof.domain.lengthBytes, 0); const ts = Buffer.alloc(8); ts.writeBigUInt64LE(BigInt(proof.timestamp), 0); const msg = Buffer.concat([ Buffer.from('ton-proof-item-v2/', 'utf8'), wc, Buffer.from(address.hash), domainLen, domainBytes, ts, Buffer.from(proof.payload, 'utf8'), ]); const inner = sha256(msg); return sha256(Buffer.concat([ Buffer.from([0xff, 0xff]), Buffer.from('ton-connect', 'utf8'), inner, ])); } export async function verifyTonProof( input: VerifyTonProofInput, getWalletPublicKey: (address: string) => Promise, ): Promise { const { address, walletStateInit, proof, expectedDomain } = input; if (proof.domain.value !== expectedDomain) throw new Error('wrong domain'); const now = Math.floor(Date.now() / 1000); if (Math.abs(now - proof.timestamp) > PROOF_MAX_AGE_SEC) { throw new Error('proof expired'); } const wantedAddress = Address.parse(address); const stateInit = loadStateInit(Cell.fromBase64(walletStateInit).beginParse()); const derivedAddress = contractAddress(wantedAddress.workChain, stateInit); if (!derivedAddress.equals(wantedAddress)) { throw new Error('walletStateInit does not match address'); } const publicKey = tryExtractPublicKey(stateInit) ?? (await getWalletPublicKey(address)); if (!publicKey) throw new Error('could not resolve wallet public key'); const digest = buildTonProofDigest(wantedAddress, proof); const sig = Buffer.from(proof.signature, 'base64'); const ok = nacl.sign.detached.verify( new Uint8Array(digest), new Uint8Array(sig), new Uint8Array(publicKey), ); if (!ok) throw new Error('bad signature'); return true; } ``` ### Domain and timestamp checks [#domain-and-timestamp-checks] Enforce these checks on every proof: * Compare `proof.domain.value` to your backend's expected host exactly. * Reject proofs outside your time window (15 minutes is a common default). * Issue each `proof.payload` (nonce) from your backend per session, and delete it on a successful verify so the same value cannot be reused. For browser calls to a different origin, add a CORS middleware or proxy API routes through the same host as the dApp. ## See also [#see-also] * [Get started](/applications/ton-connect/get-started) — React, Next.js, vanilla JS, and headless SDK quick-starts. * [Sign data § Extracting the public key](/applications/ton-connect/how-to/sign-data#extracting-the-public-key) — the wallet public-key extraction the `ton_proof` verifier depends on. * [`ton_proof` signature specification](https://github.com/ton-blockchain/ton-connect/blob/main/spec/connect.md#address-proof-signature-ton_proof) * [Disconnect a session](/applications/ton-connect/how-to/disconnect) * [Filter wallets by required features](/applications/ton-connect/how-to/filter-wallets) * [TON Connect manifest](/applications/ton-connect/core-concepts#manifest) # Disconnect a session (/applications/ton-connect/how-to/disconnect) A TON Connect session ends from either side — the dApp calls `disconnect()`, or the user revokes the session from inside the wallet. ## dApp-initiated disconnect [#dapp-initiated-disconnect] ```ts await tonConnectUi.disconnect(); ``` `disconnect()` returns a `Promise`. It first clears the wallet info from local storage and sets the connector's `wallet` to `null` (firing every `onStatusChange` subscriber), so the dApp sees the disconnected state immediately. The SDK then sends a `disconnect` RPC request over the bridge so the wallet can clean up its own state. The wallet does not emit a `disconnect` event in response to a dApp-initiated call. If no wallet is connected, `disconnect()` throws `WalletNotConnectedError`. Guard the call with `tonConnectUi.connected`. The call accepts an optional `traceId` (UUIDv7 by default) that the SDK attaches to the bridge request for analytics correlation, mirroring the option on `sendTransaction`, `signData`, and `signMessage`: ```ts await tonConnectUi.disconnect({ traceId: '019a2a92-a884-7cfc-b1bc-caab18644b6f' }); ``` ## Wallet-initiated disconnect [#wallet-initiated-disconnect] The user can revoke the session from inside the wallet — for example, from a "Connected dApps" list. The wallet sends a `disconnect` event over the bridge: ```ts interface DisconnectEvent { event: 'disconnect'; id: number; payload: {}; } ``` The SDK consumes the event in the bridge provider: it closes the gateway, removes the connection from storage, and triggers a status change with `wallet === null`. ## Reacting to disconnects [#reacting-to-disconnects] Both disconnect paths funnel into the same status change. Subscribe to the connector to handle either case: ```ts const unsubscribe = tonConnectUi.onStatusChange(wallet => { if (wallet === null) { // The wallet revoked the session, or the dApp called disconnect(). // Clear UI state, redirect to login, etc. } }); ``` The callback cannot tell which side initiated the disconnect — the SDK does not surface a separate "revoked" signal. If the dApp needs to distinguish them, track whether the dApp itself called `disconnect()` earlier. ## See also [#see-also] * [`disconnect` RPC specification](https://github.com/ton-blockchain/ton-connect/blob/main/spec/rpc.md#disconnect) and the [Bridge specification](https://github.com/ton-blockchain/ton-connect/blob/main/spec/bridge.md) * [Connect a wallet](/applications/ton-connect/how-to/connect) * [Sessions and keypairs](/applications/ton-connect/core-concepts#sessions-and-keypairs) # Connect-and-act in one tap (/applications/ton-connect/how-to/embedded-request) An *embedded request* packs an action — `sendTransaction`, `signMessage` or `signData` — into the wallet's connect URL via the `e` query parameter. A compatible wallet bundles the connect approval and the action into one screen and returns the signed result with the connect response, saving the second round-trip. This optimisation applies to mobile deep links and universal links. Desktop QR scans and the in-wallet JS bridge fall back to the standard two-step flow automatically. ## How it works [#how-it-works] 1. The dApp calls `sendTransaction`, `signMessage` or `signData` with `enableEmbeddedRequest: true`. 2. The SDK opens the wallet selection modal. 3. If the user picks a wallet that advertises the `EmbeddedRequest` feature, the SDK encodes the request as `e=base64url(JSON.stringify(WireEmbeddedRequest))` on that wallet's universal link. 4. The user taps the link. The wallet opens with both the connect request and the embedded action. 5. The wallet returns the signed result inside the connect event. The SDK resolves the action promise with `{ hasResponse: true, response }`. If no embedded result comes back — the wallet ignored `e`, the SDK never attached it or the wallet returned only the connect event — the session is connected but the action did not land. The SDK resolves with `{ hasResponse: false, connectResult: { dispatched } }` so the dApp can decide what to do next. ## The response shape [#the-response-shape] With the flag on, every signing method returns a discriminated envelope instead of the raw response. Branch on `hasResponse`: ```ts type EmbeddedTResponse = | { hasResponse: true; response: TResponse } | { hasResponse: false; connectResult: { dispatched: boolean } }; ``` The envelope is the same shape regardless of whether the wallet was already connected when you called the method. When the wallet is connected, the SDK runs the normal bridge flow and wraps the result in `{ hasResponse: true, response }` — so the dApp keeps one linear code path. ### Behaviour matrix [#behaviour-matrix] | Wallet state at call time | `enableEmbeddedRequest` | Behaviour | Return | | ------------------------------ | ----------------------- | --------------------------------------------------------------------------------- | ---------------------------------------------------------------------- | | Connected | not set | Bridge flow (existing behaviour). | `SendTransactionResponse` / `SignDataResponse` / `SignMessageResponse` | | Connected | `true` | Bridge flow, wrapped in the envelope. | `{ hasResponse: true, response }` | | Not connected | not set | Throws `TonConnectUIError('Connect wallet to …')`. | — | | Not connected, wallet folds it | `true` | Connect URL carries `e=…`; the wallet returns connect and signed result together. | `{ hasResponse: true, response }` | | Not connected, no fold | `true` | Wallet returns connect only; the request may or may not have been delivered. | `{ hasResponse: false, connectResult: { dispatched } }` | ### Meaning of `dispatched` [#meaning-of-dispatched] * `dispatched: false` — the SDK did **not** put the request into the connect URL. The wallet never saw it. * `dispatched: true` — the SDK **did** put the request into the connect URL, but the wallet's connect response carried no signed result. The wallet may have already shown the user the approval prompt and even submitted the transaction. The dApp does not know which. A blind retry can result in a double payment or a second signature for the same payload. ## Retry rules [#retry-rules] > **Warning.** Do not retry inside the same async flow. When `dispatched: true`, the wallet may have already processed the request — verify on-chain or in your backend state before re-prompting. A `hasResponse: false` result is a UI state, not an exception. The dApp must not retry inside the same async flow: * Do not auto-retry inline. The user has no opportunity to veto. * Do not drive the retry from `confirm()`. Users tap through repeated prompts. * Set a piece of state, render a **Retry** button and let the user click it. * When `dispatched: true`, show a warning explaining the duplicate risk. If the dApp has on-chain or backend lookup logic, run it before showing the retry button — or use it to skip the retry entirely when the action already landed. The retry button calls the **same** handler as the original click. With the flag still on and the wallet now connected, the SDK takes the bridge path and wraps the result in `{ hasResponse: true, response }`. No special retry-only method exists. ## Enabling embedded requests [#enabling-embedded-requests] The pattern is the same for `sendTransaction`, `signData` and `signMessage`. Set `enableEmbeddedRequest: true` and branch on `hasResponse`: ```ts const r = await tonConnectUi.sendTransaction(tx, { enableEmbeddedRequest: true }); if (!r.hasResponse) { // store r.connectResult.dispatched in app state, then render a Retry control return; } useResponse(r.response); ``` On the `hasResponse: false` branch, persist `dispatched` somewhere the UI can read it, then surface a **Retry** control: * `dispatched: false` — the message says the wallet did not receive the request. * `dispatched: true` — the message warns that the wallet may have already processed the request and tells the user to check on-chain history before retrying. The retry control calls the same invocation with the flag still on. The wallet is connected by then, so the SDK takes the bridge path and returns `{ hasResponse: true, response }`. ## When the SDK embeds vs falls back [#when-the-sdk-embeds-vs-falls-back] The SDK embeds the request only when all four conditions hold: 1. The wallet is not yet connected. 2. `enableEmbeddedRequest: true` is set on the call. 3. The user picks a wallet whose `DeviceInfo.features` lists `EmbeddedRequest`. 4. The encoded URL fits within the SDK's URL length budget. If any condition fails, the SDK opens the wallet without `e` and either returns `{ hasResponse: false, connectResult: { dispatched: false } }` (when the flag is set) or throws `TonConnectUIError` (when it is not). ## Requiring embedded support [#requiring-embedded-support] To hide wallets that do not advertise `EmbeddedRequest` from the modal, set `walletsRequiredFeatures.embeddedRequest` on the `TonConnectUI` instance. See [Filter wallets by required features](/applications/ton-connect/how-to/filter-wallets) for the full filter shape. ```ts const tonConnectUi = new TonConnectUI({ manifestUrl: 'https://example.com/tonconnect-manifest.json', walletsRequiredFeatures: { embeddedRequest: {} }, }); ``` Without that filter, embedded is a soft capability — the SDK falls back to the bridge flow transparently. ## When not to use embedded requests [#when-not-to-use-embedded-requests] * Long-running flows where the user must review state between connect and action. * Flows where the outbound payload depends on data the dApp only obtains after connecting (custom routing, proofs, contract reads). Ordinary TON, jetton and NFT transfers are not in that bucket — use [structured `items`](/applications/ton-connect/how-to/send-transaction#structured-items) (`ton`, `jetton`, `nft`) so the wallet builds the cells and the encoded link stays under the length budget. ## See also [#see-also] * [Send a transaction](/applications/ton-connect/how-to/send-transaction) * [Sign data](/applications/ton-connect/how-to/sign-data) * [Sign and relay a message (gasless)](/applications/ton-connect/how-to/sign-message-gasless) * [Filter wallets by required features](/applications/ton-connect/how-to/filter-wallets) — declare `EmbeddedRequest` as required * [Embedded requests implementer guide](https://github.com/ton-blockchain/ton-connect/blob/main/guides/embedded-requests.md) * [Bridge specification](https://github.com/ton-blockchain/ton-connect/blob/main/spec/bridge.md) — embedded requests # Filter wallets by required features (/applications/ton-connect/how-to/filter-wallets) `walletsRequiredFeatures` limits the wallet picker to wallets that advertise the capabilities your dApp depends on. The SDK compares each wallet's advertised features against the option and removes any wallet that does not match. For the protocol-level feature catalogue, see [`Feature` specification](https://github.com/ton-blockchain/ton-connect/blob/main/spec/connect.md#feature). ## With `TonConnectUI` [#with-tonconnectui] ```ts import { TonConnectUI } from '@tonconnect/ui'; const tonConnectUi = new TonConnectUI({ manifestUrl: 'https://example.com/tonconnect-manifest.json', walletsRequiredFeatures: { sendTransaction: { minMessages: 1, itemTypes: ['ton', 'jetton'] }, signData: { types: ['text', 'binary', 'cell'] }, signMessage: { minMessages: 1 }, embeddedRequest: {} } }); ``` ## With `TonConnectUIProvider` (React) [#with-tonconnectuiprovider-react] ```tsx import { TonConnectUIProvider } from '@tonconnect/ui-react'; function App() { return ( {/* your app */} ); } ``` ## How matching works [#how-matching-works] A wallet matches when it advertises every requirement listed. Top-level keys combine as a logical AND — declaring `sendTransaction` and `signMessage` requires both. For each filter the SDK compares your declaration to the wallet's [`Feature`](https://github.com/ton-blockchain/ton-connect/blob/main/spec/connect.md#feature) entry: * `minMessages` — the wallet's `maxMessages` must be greater than or equal to this value. * `extraCurrencyRequired: true` — matches only wallets whose feature has `extraCurrencySupported: true`. * `itemTypes` — every requested type must appear in the wallet's `itemTypes`. * `signData.types` — every requested type must appear in the wallet's `types`. * `embeddedRequest` — matches any wallet that exposes the `EmbeddedRequest` feature; the entry takes no parameters. ## How filtered wallets appear in the modal [#how-filtered-wallets-appear-in-the-modal] The main connect screen shows only matching wallets. The full "Wallets" list places matching wallets first and unsupported wallets below a separator. With `walletsRequiredFeatures` set, unsupported entries appear greyed out. Clicking one shows a brief error notification rather than starting the connection. If a wallet's advertised features turn out to be insufficient at connect time, the SDK throws `WalletMissingRequiredFeaturesError` and the modal switches to an unsupported-wallet view. The "View all wallets" screen with no filter, with `walletsRequiredFeatures` and with `walletsPreferredFeatures`:

Show screenshots
| | | | | :---------------------------------------------------------------------------------------------------------------------------: | :------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------: | :------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------: | | *No filter* | *`walletsRequiredFeatures`* | *`walletsPreferredFeatures`* |
## Available filters [#available-filters] ```ts type RequiredFeatures = { sendTransaction?: { minMessages?: number; // wallet's maxMessages must be ≥ this extraCurrencyRequired?: boolean; // wallet must set extraCurrencySupported itemTypes?: ('ton' | 'jetton' | 'nft')[]; }; signData?: { types: ('text' | 'binary' | 'cell')[]; // every requested type must be supported }; signMessage?: { minMessages?: number; extraCurrencyRequired?: boolean; itemTypes?: ('ton' | 'jetton' | 'nft')[]; }; embeddedRequest?: {}; // wallet must expose EmbeddedRequest }; ``` `signData.types` is required when `signData` is present; the other sub-fields are optional. The type is exported as `RequiredFeatures` from `@tonconnect/sdk` and re-exported by `@tonconnect/ui` and `@tonconnect/ui-react`. > **Note.** A sibling option `walletsPreferredFeatures` accepts the same shape and applies a softer policy. The main connect screen still hides unsupported wallets, but in the full "Wallets" list they appear without the disabled style — clicking one attempts a normal connection. Unlike `walletsRequiredFeatures`, the SDK does not enforce the match at connect time, so the dApp is responsible for handling missing features itself. ## See also [#see-also] * [Send a transaction](/applications/ton-connect/how-to/send-transaction) — uses `sendTransaction.itemTypes` * [Sign data](/applications/ton-connect/how-to/sign-data) — uses `signData.types` * [Sign and relay a message (gasless)](/applications/ton-connect/how-to/sign-message-gasless) — uses `signMessage` * [Connect-and-act in one tap (embedded request)](/applications/ton-connect/how-to/embedded-request) — uses `embeddedRequest` * [`Feature` in the Connect specification](https://github.com/ton-blockchain/ton-connect/blob/main/spec/connect.md#feature) # Send a transaction (/applications/ton-connect/how-to/send-transaction) `sendTransaction` asks the wallet to sign and broadcast one or more outgoing messages from the connected account. The request supports two payload shapes — raw `messages` for full control, or structured `items` to let the wallet build the BoC. ## Request shape [#request-shape] ```ts interface SendTransactionRequest { validUntil: number; // unix seconds; reject if older network?: string; // NETWORK_ID; '-239' mainnet, '-3' testnet, any other valid TON global_id allowed from?: string; // optional sender address; restricts which account signs messages?: RawMessage[]; // raw mode (mutually exclusive with `items`) items?: StructuredItem[]; // structured mode (mutually exclusive with `messages`) } ``` `network` should be set explicitly. If the dApp's network and the wallet's network differ, the wallet refuses the request. ## Raw `messages[]` [#raw-messages] Use raw messages when you need full control over the cell — custom op codes, contract calls, or backward compatibility with wallets that do not advertise `itemTypes`. Each message is `{ address, amount, payload?, stateInit?, extraCurrency? }`. `address` must be [TEP-2](https://github.com/ton-blockchain/TEPs/blob/master/text/0002-address.md) user-friendly form (not raw `workchain:hex`). Plain TON transfers omit `payload` or use an empty body. ### TON transfer (with comment) [#ton-transfer-with-comment] Raw `messages` (no payload for a simple transfer): ```ts import { comment } from '@ton/ton' await tonConnectUi.sendTransaction({ validUntil: Math.floor(Date.now() / 1000) + 600, network: '-239', messages: [{ address: 'EQD4oN...wz7A', amount: '5000000', payload: comment('Hello, world!') }], }); ``` ### Jetton transfer [#jetton-transfer] For jettons you send to the **user's jetton wallet** contract with a [TEP-74](https://github.com/ton-blockchain/TEPs/blob/master/text/0074-jettons-standard.md) `transfer#0f8a7ea5` body. ```ts import { Address, beginCell, toNano } from '@ton/core'; import { TonClient } from '@ton/ton'; import { TonConnectUI } from '@tonconnect/ui'; const tonConnectUi = new TonConnectUI({ manifestUrl: 'https://your-dapp.example/tonconnect-manifest.json', }); const JETTON_MASTER = 'EQCxE6mUtQJKFnGfaROTKOt1lZbDiiX1kCixRv7Nw2Id_sDs'; const RECIPIENT = 'Ef8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAU'; const account = tonConnectUi.account; if (!account?.address) { throw new Error('Connect the wallet first'); } const SENDER = account.address; const client = new TonClient({ endpoint: 'https://toncenter.com/api/v2/jsonRPC', }); async function resolveJettonWalletAddress(master: string, owner: string): Promise { const result = await client.runMethod( Address.parse(master), 'get_wallet_address', [{ type: 'slice', cell: beginCell().storeAddress(Address.parse(owner)).endCell() }] ); const walletAddress = result.stack.readAddress(); return walletAddress.toString({ urlSafe: true, bounceable: true }); } const jettonAmount = toNano('1'); const forwardTonAmount = 1n; // 1 nanoTON const userJettonWallet = await resolveJettonWalletAddress(JETTON_MASTER, SENDER); const transferBody = beginCell() .storeUint(0x0f8a7ea5, 32) // transfer op .storeUint(0n, 64) // query_id .storeCoins(jettonAmount) .storeAddress(Address.parse(RECIPIENT)) .storeAddress(Address.parse(SENDER)) // response_destination .storeBit(0) // custom_payload: none .storeCoins(forwardTonAmount) .storeBit(0) // forward_payload: inline empty .endCell() .toBoc() .toString('base64'); await tonConnectUi.sendTransaction({ validUntil: Math.floor(Date.now() / 1000) + 600, network: '-239', messages: [ { address: userJettonWallet, // user-friendly (base64url) format amount: toNano('0.05').toString(), // TON attached for jetton-wallet execution payload: transferBody, }, ], }); ``` ### NFT transfer [#nft-transfer] For NFTs you send to the **NFT item** contract with [TEP-62](https://github.com/ton-blockchain/TEPs/blob/master/text/0062-nft-standard.md) `transfer#5fcc3d14`. Build the body as a base64 BoC and attach it as `payload`: ```ts import { Address, beginCell, toNano } from '@ton/core'; const nftItem = Address.parse('EQAcoW...qD8qM3T'); // NFT item contract, full friendly address const newOwner = Address.parse('EQD4oN...wz7A'); const responseDestination = Address.parse('UQAs9V...g5kX'); // connected wallet, excess return const nftTransferBody = beginCell() .storeUint(0x5fcc3d14, 32) .storeUint(0n, 64) // query_id .storeAddress(newOwner) .storeAddress(responseDestination) .storeBit(0) // no custom_payload .storeCoins(toNano('0.01')) // forward_amount to new owner .storeBit(0) // forward_payload: empty (Either left) .endCell() .toBoc() .toString('base64'); await tonConnectUi.sendTransaction({ validUntil: Math.floor(Date.now() / 1000) + 600, network: '-239', messages: [ { address: nftItem.toString({ urlSafe: true, bounceable: true }), amount: toNano('0.05').toString(), payload: nftTransferBody, }, ], }); ``` ## Structured `items[]` [#structured-items] Structured items describe **what** to do — send TON, transfer a jetton, transfer an NFT. The wallet resolves jetton wallet addresses, builds transfer cells, and estimates gas. Use this path only when you know the target wallet advertises support (see [Choosing items vs messages](#choosing-items-vs-messages) and [Filter wallets by required features](/applications/ton-connect/how-to/filter-wallets)). Three item types: `ton`, `jetton`, `nft`. ### `ton` — transfer TON [#ton--transfer-ton] ```ts interface TonItem { type: 'ton'; address: string; // destination, friendly format amount: string; // nanoTON as decimal string payload?: string; // optional one-cell BoC, base64 stateInit?: string; // optional one-cell BoC, base64 extraCurrency?: { [k: number]: string }; } ``` Same TON-with-comment transfer as the raw version above, expressed as a structured item: ```ts import { comment } from '@ton/ton'; await tonConnectUi.sendTransaction({ validUntil: Math.floor(Date.now() / 1000) + 600, network: '-239', items: [ { type: 'ton', address: 'EQD4oN...wz7A', // recipient, full TEP-2 friendly address amount: '5000000', payload: comment('Hello, world!'), }, ], }); ``` ### `jetton` — transfer fungible tokens [#jetton--transfer-fungible-tokens] ```ts interface JettonItem { type: 'jetton'; master: string; // jetton master contract address destination: string; // recipient address amount: string; // jetton amount in elementary units attachAmount?: string; // TON to attach for fees; wallet estimates if omitted responseDestination?: string; // where to send excess; defaults to sender customPayload?: string; // raw one-cell BoC, base64 forwardAmount?: string; // nanoTON to forward to destination forwardPayload?: string; // raw one-cell BoC, base64 queryId?: string; } ``` ```ts await tonConnectUi.sendTransaction({ validUntil: Math.floor(Date.now() / 1000) + 600, network: '-239', items: [ { type: 'jetton', master: 'EQCxE6...Id_sDs', // jetton master, full friendly address amount: '1000000', destination: 'EQD4oN...wz7A', }, ], }); ``` ### `nft` — transfer an NFT [#nft--transfer-an-nft] ```ts interface NftItem { type: 'nft'; nftAddress: string; newOwner: string; attachAmount?: string; responseDestination?: string; customPayload?: string; forwardAmount?: string; forwardPayload?: string; queryId?: string; } ``` ```ts await tonConnectUi.sendTransaction({ validUntil: Math.floor(Date.now() / 1000) + 600, network: '-239', items: [ { type: 'nft', nftAddress: 'EQAcoW...qD8qM3T', // NFT item contract, full friendly address newOwner: 'EQD4oN...wz7A', }, ], }); ``` ### Mixing types in one transaction [#mixing-types-in-one-transaction] ```ts await tonConnectUi.sendTransaction({ validUntil: Math.floor(Date.now() / 1000) + 600, network: '-239', items: [ { type: 'ton', address: '...', amount: '5000000' }, { type: 'jetton', master: 'EQCxE6mUtQJKFnGfaROTKOt1lZbDiiX1kCixRv7Nw2Id_sDs', amount: '50000', destination: 'Ef8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAU', } ] }); ``` To restrict the picker to wallets that support specific item types, see [Filter wallets by required features](/applications/ton-connect/how-to/filter-wallets). ## Multi-message batches [#multi-message-batches] Wallets accept up to `maxMessages` messages per request (declared in the wallet's [`SendTransaction` feature](https://github.com/ton-blockchain/ton-connect/blob/main/spec/connect.md)). Exceeding the limit throws before the wallet is opened. Submission is grouped, execution is not atomic across recipients: * The wallet signs and broadcasts one external message containing all requested internal messages. * Recipient contracts execute independently; one message can fail or bounce while others succeed. * Recipient execution order and final outcomes can diverge from the input list. Treat batch results as partial by default and verify each target account on-chain. ## Choosing items vs messages [#choosing-items-vs-messages] Prefer **`messages`** today unless you control the wallet list. Many wallets still do not advertise structured `SendTransaction` capabilities (`itemTypes` for `ton` / `jetton` / `nft`), so `items` flows often fail or fall back unpredictably across the full registry. If you build on **`items`** (simpler jetton and NFT flows, no jetton-wallet resolution in the dApp), restrict the connect UI to wallets that declare the features you need. See [Filter wallets by required features](/applications/ton-connect/how-to/filter-wallets). | Prefer `messages` when | Prefer `items` when (with wallet filtering) | | ------------------------------------------- | ----------------------------------------------------------------------------------------------------------- | | Default path for maximum compatibility | The wallet advertises the needed `itemTypes` | | Custom op codes or non-standard payloads | Standard TON / jetton / NFT transfers only | | You already resolve jetton wallet addresses | You want the wallet to build TEP-74 / TEP-62 bodies | | You cannot filter the wallet picker | You filter wallets — [Filter wallets by required features](/applications/ton-connect/how-to/filter-wallets) | ## Response [#response] ```ts interface SendTransactionResponse { boc: string; // base64 BoC of the broadcast external message traceId?: string; // UUID for end-to-end analytics correlation } ``` ```ts const result = await tonConnectUi.sendTransaction(request); console.log(result.boc); // base64 BoC of the broadcast external message ``` Use the returned BoC to look up the transaction on-chain. ## Errors [#errors] | Code | Name | Description | | ---- | ---------------------- | -------------------------- | | 0 | `UNKNOWN_ERROR` | Unknown error. | | 1 | `BAD_REQUEST_ERROR` | Bad request. | | 100 | `UNKNOWN_APP_ERROR` | Unknown app. | | 300 | `USER_REJECTS_ERROR` | User declined the request. | | 400 | `METHOD_NOT_SUPPORTED` | Method not supported. | ## See also [#see-also] * [Sign and relay a message (gasless)](/applications/ton-connect/how-to/sign-message-gasless) — same payload shape, no broadcast * [Connect-and-act in one tap (embedded request)](/applications/ton-connect/how-to/embedded-request) * [Filter wallets by required features](/applications/ton-connect/how-to/filter-wallets) * [Structured items wallet guide](https://github.com/ton-blockchain/ton-connect/blob/main/guides/structured-items.md) * [RPC specification](https://github.com/ton-blockchain/ton-connect/blob/main/spec/rpc.md) # Sign data (/applications/ton-connect/how-to/sign-data) `signData` asks the wallet to sign opaque data the user reviews on the wallet's screen. The signature is bound to the user's wallet address, the dApp's domain, a timestamp, and the payload — so the same bytes signed by a different wallet, or for a different dApp, do not verify. Three payload variants cover three use cases: | Variant | Use it when | | -------- | ---------------------------------------------------------------------------------------------------------- | | `text` | The data is human-readable text. The wallet shows it verbatim, monospace. | | `binary` | The data is opaque bytes. The wallet warns the user the content is unknown. | | `cell` | The signature will be verified on-chain. The wallet may parse a TL-B schema and show a structured preview. | ## Calling `signData` [#calling-signdata] `tonConnectUi.signData(payload)` is the entry point. The wallet must be connected when you call it, or pass `options.enableEmbeddedRequest: true` to defer the request until a wallet is picked from the modal — a compliant wallet then handles connect and sign in one tap. See [Connect-and-act in one tap](/applications/ton-connect/how-to/embedded-request). Without either, the SDK throws. ### Text [#text] Use `text` for anything a person should read and approve — confirmation prompts, off-chain auth challenges, login messages. ```ts const result = await tonConnectUi.signData({ type: 'text', text: 'Confirm new 2fa number:\n+1 234 567 8901', network: '-239', from: tonConnectUi.wallet?.account.address, }); ``` ### Binary [#binary] Use `binary` for opaque bytes — encrypted blobs, hashes, anything the user cannot read. Pass the bytes as base64 (not URL-safe). ```ts const result = await tonConnectUi.signData({ type: 'binary', bytes: 'KGVsZWN0cmljIGJvb2dhbG9vKQ==', network: '-239', from: tonConnectUi.wallet?.account.address, }); ``` ### Cell [#cell] Use `cell` when a smart contract will verify the signature. The wallet hashes a TON cell, not a flat byte string; you also send the [TL-B](https://docs.ton.org/v3/documentation/data-formats/tlb/tl-b-language) schema so the wallet can decode the cell on-screen. ```ts const result = await tonConnectUi.signData({ type: 'cell', schema: 'transfer#0f8a7ea5 query_id:uint64 amount:(VarUInteger 16) destination:MsgAddress response_destination:MsgAddress custom_payload:(Maybe ^Cell) forward_ton_amount:(VarUInteger 16) forward_payload:(Either Cell ^Cell) = InternalMsgBody;', cell: 'te6ccgEBAQEAVwAAqg+KfqVUbeTvKqB4h0AcnDgIAZucsOi6TLrfP6FcuPKEeTI6oB3fF/NBjyqtdov/KtutACCLqvfmyV9kH+Pyo5lcsrJzJDzjBJK6fd+ZnbFQe4+XggI=', network: '-239', from: tonConnectUi.wallet?.account.address, }); ``` If the schema declares several types, the **last** declared type is the root. ### Response [#response] All three variants return the same shape: ```ts interface SignDataResult { signature: string; // base64 Ed25519 signature address: string; // raw wallet address ("0:") timestamp: number; // unix seconds (UTC) at signing time domain: string; // app domain (URL part, not encoded) payload: object; // the payload from the request traceId?: string; // UUID for end-to-end analytics correlation } ``` `payload` is the original request payload, echoed back verbatim. Reuse it when reconstructing the signed bytes for verification — never re-serialise. ```ts const result = await tonConnectUi.signData(payload, { traceId: '019a2a92-a884-7cfc-b1bc-caab18644b6f', // optional; SDK generates a UUIDv7 if omitted }); console.log(result.signature); ``` See [Bridge specification § `trace_id`](https://github.com/ton-blockchain/ton-connect/blob/main/spec/bridge.md#trace_id--analytics-correlation) for the protocol-level details. ## Detecting wallet support [#detecting-wallet-support] The SDK rejects requests whose `type` is not supported by the connected wallet before they reach the bridge — calling `signData({ type: 'cell', ... })` against a wallet that lists only `['text']` throws. To restrict the wallet picker to wallets that support a given type, see [Filter wallets by required features](/applications/ton-connect/how-to/filter-wallets). ## Verifying `text` and `binary` signatures [#verifying-text-and-binary-signatures] The signing scheme for `text` and `binary` payloads is described in the [`signData` RPC specification](https://github.com/ton-blockchain/ton-connect/blob/main/spec/rpc.md#signdata). To verify on the backend: 1. Reconstruct `message` from the response fields. 2. Compute `sha256(message)`. 3. Look up the user's Ed25519 `publicKey` — extract it from `walletStateInit` (see below), then fall back to calling `get_public_key` on-chain. Never trust `publicKey` from the wallet response directly. See [Connect a wallet § backend verification](/applications/ton-connect/how-to/connect#backend-verification). 4. Verify the Ed25519 signature against the digest. 5. Reject if `Timestamp` is older than your tolerance window — 15 minutes is a common bound. 6. Reject if `domain` is not your domain. ### Extracting the public key [#extracting-the-public-key] The wallet response carries the address and the signature; the public key needed for verification has to be resolved from the wallet's `stateInit` (received during connect and stored in the dApp's session) or from the on-chain `get_public_key` getter when the contract is deployed. `tryExtractPublicKey` walks the standard `v1R1`–`v5R1` contract codes and parses the public key out of the data cell when it finds a match. The data layout differs per wallet version, so each version has its own parser: ```ts import { Slice, StateInit, WalletContractV1R1, WalletContractV1R2, WalletContractV1R3, WalletContractV2R1, WalletContractV2R2, WalletContractV3R1, WalletContractV3R2, WalletContractV4 as WalletContractV4R2, WalletContractV5R1, } from '@ton/ton'; import { Buffer } from 'buffer'; function loadV1(cs: Slice) { cs.loadUint(32); return cs.loadBuffer(32); } function loadV2(cs: Slice) { cs.loadUint(32); return cs.loadBuffer(32); } function loadV3(cs: Slice) { cs.loadUint(32); cs.loadUint(32); return cs.loadBuffer(32); } function loadV4(cs: Slice) { cs.loadUint(32); cs.loadUint(32); const k = cs.loadBuffer(32); return k; } function loadV5(cs: Slice) { cs.loadBoolean(); cs.loadUint(32); cs.loadUint(32); return cs.loadBuffer(32); } const knownWallets = [ { contract: WalletContractV1R1, load: loadV1 }, { contract: WalletContractV1R2, load: loadV1 }, { contract: WalletContractV1R3, load: loadV1 }, { contract: WalletContractV2R1, load: loadV2 }, { contract: WalletContractV2R2, load: loadV2 }, { contract: WalletContractV3R1, load: loadV3 }, { contract: WalletContractV3R2, load: loadV3 }, { contract: WalletContractV4R2, load: loadV4 }, { contract: WalletContractV5R1, load: loadV5 }, ].map(({ contract, load }) => ({ code: contract.create({ workchain: 0, publicKey: Buffer.alloc(32) }).init.code, load, })); export function tryExtractPublicKey(stateInit: StateInit): Buffer | null { if (!stateInit.code || !stateInit.data) return null; for (const { code, load } of knownWallets) { try { if (code.equals(stateInit.code)) { return load(stateInit.data.beginParse()); } } catch { /* unknown layout — try next */ } } return null; } ``` ### Node.js verifier [#nodejs-verifier] ```ts import { Address, Cell, loadStateInit } from '@ton/ton'; import { sha256 } from '@ton/crypto'; import { Buffer } from 'node:buffer'; import nacl from 'tweetnacl'; interface SignDataResult { signature: string; address: string; timestamp: number; domain: string; payload: { type: 'text'; text: string } | { type: 'binary'; bytes: string }; } export async function verifyTextOrBinary( res: SignDataResult, walletStateInit: string, // base64 BoC from the connect event expected: { domain: string; maxAgeSeconds: number }, getWalletPublicKey: (address: string) => Promise, ): Promise { if (res.domain !== expected.domain) return false; const now = Math.floor(Date.now() / 1000); if (now - res.timestamp > expected.maxAgeSeconds) return false; const addr = Address.parse(res.address); const stateInit = loadStateInit(Cell.fromBase64(walletStateInit).beginParse()); const publicKey = tryExtractPublicKey(stateInit) ?? (await getWalletPublicKey(res.address)); if (!publicKey) return false; const wc = Buffer.alloc(4); wc.writeInt32BE(addr.workChain); const dom = Buffer.from(res.domain, 'utf8'); const domLen = Buffer.alloc(4); domLen.writeUInt32BE(dom.length); const ts = Buffer.alloc(8); ts.writeBigUInt64BE(BigInt(res.timestamp)); const data = res.payload.type === 'text' ? Buffer.from(res.payload.text, 'utf8') : Buffer.from(res.payload.bytes, 'base64'); const dataLen = Buffer.alloc(4); dataLen.writeUInt32BE(data.length); const prefix = Buffer.from(res.payload.type === 'text' ? 'txt' : 'bin'); const message = Buffer.concat([ Buffer.from([0xff, 0xff]), Buffer.from('ton-connect/sign-data/'), wc, addr.hash, domLen, dom, ts, prefix, dataLen, data, ]); const digest = await sha256(message); return nacl.sign.detached.verify( new Uint8Array(digest), new Uint8Array(Buffer.from(res.signature, 'base64')), new Uint8Array(publicKey), ); } ``` ## Verifying `cell` signatures [#verifying-cell-signatures] For the `cell` variant the wallet hashes a TON cell, not a flat byte string. The cell carries the same five fields as the off-chain construction, plus a magic prefix and a CRC-32 of the schema: ```ts import { beginCell } from '@ton/core'; import crc32 from 'crc-32'; const message = beginCell() .storeUint(0x75569022, 32) // magic prefix .storeUint(crc32.buf(Buffer.from(schema, 'utf8')) >>> 0, 32) // schema hash .storeUint(timestamp, 64) // unix seconds .storeAddress(userWalletAddress) // MsgAddressInt .storeStringRefTail(encodedDomain) // DNS wire format per TEP-81 .storeRef(payloadCell); // the cell the dApp sent const signature = Ed25519Sign(message.hash(), privkey); ``` `encodedDomain` is the app domain in [TEP-81](https://github.com/ton-blockchain/TEPs/blob/master/text/0081-dns-standard.md) DNS wire format — labels reversed, each terminated by `\0`. For example, `ton-connect.github.io` becomes `io\0github\0ton-connect\0`. ### TL-B schema [#tl-b-schema] The TL-B schema for the signed message is: ```tlb message#75569022 schema_hash:uint32 timestamp:uint64 user_address:MsgAddress {n:#} app_domain:^(SnakeData ~n) payload:^Cell = SignedMessage; ``` ### FunC verifier [#func-verifier] A receiver smart contract that accepts a signed cell stores the expected `user_address`, `user_pubkey`, `app_domain`, and the schema hash at compile time, then runs six checks: ```func #include "imports/stdlib.fc"; const int SCHEMA_HASH = 0x047cf718; ;; crc32 of your TL-B schema string const int SIGNATURE_TTL = 360; ;; 6 minutes global slice state::owner_address; global int state::user_pubkey; global slice state::domain; () load_data() impure { slice cs = get_data().begin_parse(); state::owner_address = cs~load_msg_addr(); state::user_pubkey = cs~load_uint(256); state::domain = cs~load_ref().begin_parse(); } int verify_signature(cell signed, slice signature) method_id { load_data(); var cs = signed.begin_parse(); throw_unless(460, check_signature(cs.slice_hash(), signature, state::user_pubkey)); int prefix = cs~load_uint(32); int schema_hash = cs~load_uint(32); int timestamp = cs~load_uint(64); slice addr = cs~load_msg_addr(); slice domain = cs~load_ref().begin_parse(); throw_unless(461, prefix == 0x75569022); throw_unless(462, schema_hash == SCHEMA_HASH); throw_unless(463, now() < timestamp + SIGNATURE_TTL); throw_unless(464, equal_slices_bits(addr, state::owner_address)); throw_unless(465, equal_slices_bits(domain, state::domain)); cell payload = cs~load_ref(); return 1; } ``` The contract must run all six checks: signature, magic prefix, schema hash, freshness, sender, domain. Skipping any one of them lets a different signature pass — the magic prefix alone does not bind the signature to a specific schema, sender, or dApp. The `SCHEMA_HASH` constant is the CRC-32 of the exact UTF-8 schema string the dApp passes in `signData`. Compute it once at deploy time and hard-code it; recomputing it on-chain would burn gas. ## Errors [#errors] | Code | Name | Description | | ---- | ---------------------- | -------------------------- | | 0 | `UNKNOWN_ERROR` | Unknown error. | | 1 | `BAD_REQUEST_ERROR` | Bad request. | | 100 | `UNKNOWN_APP_ERROR` | Unknown app. | | 300 | `USER_REJECTS_ERROR` | User declined the request. | | 400 | `METHOD_NOT_SUPPORTED` | Method not supported. | ## See also [#see-also] * [`signData` RPC specification](https://github.com/ton-blockchain/ton-connect/blob/main/spec/rpc.md#signdata) * [`signData` wallet guide](https://github.com/ton-blockchain/ton-connect/blob/main/guides/sign-data.md) * [Filter wallets by required features](/applications/ton-connect/how-to/filter-wallets) * [Connect a wallet § backend verification](/applications/ton-connect/how-to/connect#backend-verification) — for looking up the user's public key # Sign and relay a message (gasless) (/applications/ton-connect/how-to/sign-message-gasless) `signMessage` asks the wallet to sign an internal message **without broadcasting it**. The dApp receives a signed BoC and submits it through a relayer — typically to pay gas in a jetton instead of TON. This flow is currently supported only for Wallet V5. The request payload has the same shape as `sendTransaction`: it accepts both raw `messages` and structured [`items`](/applications/ton-connect/how-to/send-transaction#structured-items). ## Basic usage [#basic-usage] ```ts import { useTonConnectUI } from '@tonconnect/ui-react'; const [tonConnectUi] = useTonConnectUI(); const result = await tonConnectUi.signMessage({ validUntil: Math.floor(Date.now() / 1000) + 300, network: '-239', // mainnet; use '-3' for testnet messages: [ { address: 'Ef8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAU', amount: '5000000', // in nanoTON (0.005 TON) payload: bodyBoc, // optional, base64 stateInit: initBoc, // optional, base64 } ] }); const signedBoc = result.internalBoc; // base64-encoded signed internal message const traceId = result.traceId; // request correlation ID, useful for logs and analytics ``` The response shape: ```ts type SignMessageResult = { internalBoc: string; // base64 signed internal message BoC traceId?: string; // populated by the SDK to correlate the request across UI events and the bridge }; ``` ## Gasless transactions via TonAPI relayer [#gasless-transactions-via-tonapi-relayer] The most common use is a gasless jetton transfer: the relayer takes its fee in the same jetton, so the user never holds TON. The flow: 1. Resolve the user's jetton wallet address on-chain. 2. Build the jetton transfer cell to pass to the estimator. 3. Call `gaslessEstimate` — the relayer returns the exact messages to sign (main transfer plus the relay fee). 4. Call `signMessage` with those messages — the wallet signs but does not broadcast. 5. Wrap the signed BoC in an external message and submit via `gaslessSend`. REST endpoints are documented in the [TonAPI gasless reference](https://docs.tonconsole.com/tonapi/rest-api/gasless). A parallel [TonAPI cookbook recipe](https://docs.tonconsole.com/tonapi/cookbook/gasless-transfer) shows the same flow. ```ts import { Address, beginCell, Cell, external, internal, loadMessageRelaxed, storeMessage, storeMessageRelaxed, toNano } from '@ton/core'; import { TonApiClient } from '@ton-api/client'; import { TonConnectUI } from '@tonconnect/ui'; const ta = new TonApiClient({ baseUrl: 'https://tonapi.io' }); const JETTON_TRANSFER_OP = 0x0f8a7ea5; const BASE_JETTON_SEND_AMOUNT = toNano('0.05'); // attached TON for the jetton transfer message; pass as string to avoid float rounding export async function sendGaslessJettonTransfer( tonConnectUi: TonConnectUI, jettonMaster: Address, destination: Address, jettonAmount: bigint, ): Promise { if (!tonConnectUi.wallet?.account?.address || !tonConnectUi.wallet?.account?.publicKey) { throw new Error('No wallet connected.'); } const walletAddress = Address.parse(tonConnectUi.wallet.account.address); const walletPublicKey = tonConnectUi.wallet.account.publicKey; // 1. Resolve the user's jetton wallet address. const result = await ta.blockchain.execGetMethodForBlockchainAccount( jettonMaster, 'get_wallet_address', { args: [walletAddress.toRawString()] } ); const jettonWallet = Address.parse(result.decoded.jettonWalletAddress); // 2. Build the jetton transfer cell. const { relayAddress } = await ta.gasless.gaslessConfig(); const transferBody = beginCell() .storeUint(JETTON_TRANSFER_OP, 32) .storeUint(0, 64) // query_id .storeCoins(jettonAmount) .storeAddress(destination) .storeAddress(relayAddress) // response_destination — excess goes to relayer .storeBit(false) // no custom payload .storeCoins(1n) // forward_amount .storeMaybeRef(undefined) // no forward payload .endCell(); const messageToEstimate = beginCell() .storeWritable(storeMessageRelaxed(internal({ to: jettonWallet, bounce: true, value: BASE_JETTON_SEND_AMOUNT, body: transferBody, }))) .endCell(); // 3. Estimate the relay fee — returns the exact list of messages to sign. const params = await ta.gasless.gaslessEstimate(jettonMaster, { walletAddress, walletPublicKey, messages: [{ boc: messageToEstimate }], }); // 4. Sign without broadcasting using the messages returned by the estimator. const { internalBoc } = await tonConnectUi.signMessage({ validUntil: Math.floor(Date.now() / 1000) + 300, messages: params.messages.map(msg => ({ address: msg.address.toString(), amount: msg.amount, payload: msg.payload?.toBoc()?.toString('base64'), stateInit: msg.stateInit?.toBoc()?.toString('base64'), })), }); // 5. Wrap the signed internal message in an external message and submit via gaslessSend. const { info: { dest }, body, init } = loadMessageRelaxed( Cell.fromBase64(internalBoc).beginParse() ); const extMessage = beginCell() .storeWritable(storeMessage(external({ to: dest as Address, init, body }))) .endCell(); // Retry the submission — the relayer can transiently reject while it observes the chain. await retry( () => ta.gasless.gaslessSend({ walletPublicKey, boc: extMessage }), { retries: 5, delayMs: 2000 }, ); } async function retry( fn: () => Promise, { retries, delayMs }: { retries: number; delayMs: number }, ): Promise { let lastError: unknown; for (let attempt = 0; attempt <= retries; attempt++) { try { return await fn(); } catch (e) { lastError = e; if (attempt < retries) await new Promise(r => setTimeout(r, delayMs)); } } throw lastError; } ``` ## Differences from `sendTransaction` [#differences-from-sendtransaction] | | `sendTransaction` | `signMessage` | | ------------------ | -------------------------------- | ------------------------------------------- | | Wallet broadcasts | Yes | No | | Wallet deducts gas | Yes | No | | Result | BoC of the broadcast transaction | `{ internalBoc }` — signed internal message | | Use case | Standard transfer | Gasless / sponsored / custom relayer | ## Preconditions and error handling [#preconditions-and-error-handling] `signMessage` rejects synchronously in several cases before anything reaches the wallet: * **No wallet connected.** `tonConnectUi.signMessage` throws `TonConnectUIError('Connect wallet to sign a message.')`. Either gate the call on `tonConnectUi.connected` (or `tonConnectUi.wallet`), or pass `options.enableEmbeddedRequest: true` to defer the request until a wallet is picked from the modal. When the payload uses structured [`items`](/applications/ton-connect/how-to/send-transaction#structured-items), the SDK can fold it into the connect URL as an [embedded request](/applications/ton-connect/how-to/embedded-request) so a compliant wallet handles connect and sign in one tap. The SDK's [`OneClickPay` demo](https://github.com/ton-connect/sdk/blob/main/apps/demo-dapp-with-react-ui/src/pages/OneClickPay/oneClickGaslessFlow.ts) shows the complete one-tap gasless flow end to end. * **Wallet does not advertise the `SignMessage` feature.** The connector throws `TonConnectError` with `code: METHOD_NOT_SUPPORTED` before serializing the request. * **Request validation fails** (missing fields, malformed payload, mismatched network). The connector throws `TonConnectError` with a validation message. `TonConnectUIError` extends `TonConnectError`, so a single catch covers both: ```ts import { TonConnectUI } from '@tonconnect/ui'; import { TonConnectError, TonConnectUIError } from '@tonconnect/ui'; try { const result = await tonConnectUi.signMessage(request); } catch (e) { if (e instanceof TonConnectUIError) { // UI-layer preconditions, e.g. no wallet connected console.warn('Cannot sign message:', e.message); } else if (e instanceof TonConnectError) { // Validation, unsupported feature, user rejection, bridge error console.error('signMessage rejected:', e.message); } } ``` To filter the wallet picker to only wallets that support `signMessage`, see [Filter wallets by required features](/applications/ton-connect/how-to/filter-wallets). ## Errors [#errors] | Code | Name | Description | | ---- | ---------------------- | -------------------------- | | 0 | `UNKNOWN_ERROR` | Unknown error. | | 1 | `BAD_REQUEST_ERROR` | Bad request. | | 100 | `UNKNOWN_APP_ERROR` | Unknown app. | | 300 | `USER_REJECTS_ERROR` | User declined the request. | | 400 | `METHOD_NOT_SUPPORTED` | Method not supported. | ## See also [#see-also] * [Send a transaction](/applications/ton-connect/how-to/send-transaction) — same payload shape, with broadcast * [Filter wallets by required features](/applications/ton-connect/how-to/filter-wallets) * [`signMessage` wallet guide](https://github.com/ton-blockchain/ton-connect/blob/main/guides/sign-message.md) * [RPC specification](https://github.com/ton-blockchain/ton-connect/blob/main/spec/rpc.md) # Add WalletConnect support (/applications/ton-connect/how-to/walletconnect-support) Adding [WalletConnect](https://walletconnect.network/) as a secondary connection option lets users on custodial wallets such as Fireblocks reach your TON Connect dApp without leaving their existing WalletConnect flow. WalletConnect support ships with `@tonconnect/sdk`. Enabling it adds a `WalletConnect` entry to the standard TON Connect wallet picker. From the dApp's perspective, the same `TonConnect` or `TonConnectUI` instance handles WalletConnect sessions and TON Connect bridge sessions interchangeably. ## When to use it [#when-to-use-it] Add WalletConnect support when an integrator already requires WalletConnect and cannot install a TON Connect-native wallet — typically institutional custody and treasury platforms. For everything else, prefer native TON Connect: see [Build a dApp with React](/applications/ton-connect/get-started#build-a-dapp-with-react). WalletConnect is not available inside Telegram Mini Apps. The wallet picker hides the WalletConnect entry when the dApp runs in TMA, in line with the [Telegram blockchain guidelines](https://core.telegram.org/bots/blockchain-guidelines#ton-connect). Use TON Connect there. ## Limitations vs native TON Connect [#limitations-vs-native-ton-connect] WalletConnect exposes a subset of TON Connect's surface — connect, disconnect, `sendTransaction`, `signData`, and `ton_proof`. Newer or wallet-specific features stay on the native bridge. | Feature | Native TON Connect | WalletConnect | | ------------------------------------- | ------------------ | -------------------------- | | `sendTransaction` | yes | yes (capped at 4 messages) | | `extraCurrency` in messages | yes | no | | `signData` (`text`, `binary`, `cell`) | yes | yes | | Gasless `signMessage` | yes | no | | `ton_proof` | yes | yes | | Embedded requests (`e` parameter) | yes | no | | Wallet picker UX | TON Connect modal | Reown WalletConnect modal | | Telegram Mini Apps | yes | no | ## Setup [#setup] WalletConnect support requires a WalletConnect (Reown) project ID. Register one at [dashboard.reown.com](https://dashboard.reown.com/), then install the universal connector alongside the TON Connect SDK: ```sh npm install @tonconnect/sdk @reown/appkit-universal-connector ``` Call `initializeWalletConnect()` once, before any `TonConnect` or `TonConnectUI` instance is constructed. A second call throws `Wallet Connect already initialized.` ```ts import { initializeWalletConnect } from '@tonconnect/ui-react'; import { UniversalConnector } from '@reown/appkit-universal-connector'; initializeWalletConnect(UniversalConnector, { projectId: '', metadata: { name: 'Demo dApp', description: 'Demo TON dApp', url: 'https://example.com', icons: ['https://example.com/icon.png'] } }); ``` Once initialised, a `WalletConnect` entry appears at the bottom of the All Wallets list in the TON Connect modal. Selecting it hands the connection off to Reown's modal. The connected account is delivered back through the same `onStatusChange` callback used for native TON Connect wallets. ## Sending requests [#sending-requests] After connection, the dApp uses the same `TonConnect` or `TonConnectUI` API regardless of which transport carries the session: * [Send a transaction](/applications/ton-connect/how-to/send-transaction) — maps to WalletConnect's `ton_sendMessage` method. * [Sign data](/applications/ton-connect/how-to/sign-data) — maps to WalletConnect's `ton_signData` method. * [Disconnect](/applications/ton-connect/how-to/disconnect). Methods outside this set fall through to a `Not implemented.` response from the WalletConnect provider. ## When to keep WalletConnect disabled [#when-to-keep-walletconnect-disabled] Keep TON Connect as the primary connection path. Enable WalletConnect support only when a real integrator needs it. Every call to `initializeWalletConnect()` adds a wallet entry that fails in Telegram Mini Apps and silently drops the features in [Limitations vs native TON Connect](#limitations-vs-native-ton-connect). ## See also [#see-also] * [Build a dApp with React](/applications/ton-connect/get-started#build-a-dapp-with-react) * [Reown AppKit documentation](https://docs.reown.com/appkit/overview) # How to send payments using TON Pay React hook (/applications/ton-pay/payment-integration/payments-react) The `useTonPay` hook provides a React interface for creating TON Pay transfers. It integrates with [TON Connect](/applications/ton-connect/overview) to connect a wallet, sign transactions, and surface transfer errors through the hook state. ## How `useTonPay` works [#how-usetonpay-works] The `useTonPay` hook manages the client-side flow for sending a TON Pay transfer. It performs the following steps: 1. Checks whether a wallet is connected and, if not, opens the TON Connect modal and waits for a successful connection. 2. Calls an application-provided factory function that builds the transaction message, either in the client-side or by requesting it from a backend service. 3. Sends the transaction message to the connected wallet for user approval and signing. 4. Returns the transaction result along with tracking identifiers that can be used for reconciliation. ## Integration approaches [#integration-approaches] `useTonPay` can be integrated in two ways, depending on where the transaction message is created. ### Client-side message building [#client-side-message-building] * Message construction happens in the browser. * All transaction fields are provided by the client. ### Server-side message building [#server-side-message-building] * Message construction happens on the backend. * Tracking identifiers are stored on the server before the message is returned to the client for signing. ## Client-side implementation [#client-side-implementation] ### Prerequisites [#prerequisites] The application must be wrapped with the TON Connect UI provider: ```tsx import { TonConnectUIProvider } from "@tonconnect/ui-react"; export function App() { return ( {/* Application components */} ); } ``` [The TON Connect manifest](/ecosystem/ton-connect/manifest) file must be publicly accessible and include valid application metadata. Replace `` with the public HTTPS origin that serves `tonconnect-manifest.json`. ### Basic implementation [#basic-implementation] ```tsx expandable import { useTonPay } from "@ton-pay/ui-react"; import { createTonPayTransfer } from "@ton-pay/api"; export function PaymentButton() { const { pay } = useTonPay(); const handlePayment = async () => { try { const { txResult, message, reference, bodyBase64Hash } = await pay( async (senderAddr: string) => { const result = await createTonPayTransfer( { amount: 3.5, asset: "TON", recipientAddr: "", senderAddr, commentToSender: "Payment for Order #8451", }, { chain: "testnet", // Optional API key can be shown on the client-side, but the secret key never apiKey: "", // optional } ); return { message: result.message, reference: result.reference, bodyBase64Hash: result.bodyBase64Hash, }; } ); console.log("Transaction completed:", txResult.boc); console.log("Reference for tracking:", reference); console.log("Body hash:", bodyBase64Hash); // Store tracking identifiers in the database await savePaymentRecord({ reference, bodyBase64Hash, amount: 3.5, asset: "TON", }); } catch (error) { console.error("Payment failed:", error); // Handle error appropriately } }; return ; } ``` ### Response fields [#response-fields] The `pay` function returns the following fields: Transaction result returned by TON Connect. It contains the signed transaction [bag of cells](/blockchain-basics/primitives/serialization/boc) and additional transaction details. The transaction message that was sent, including the recipient address, amount, and payload. Unique tracking identifier for this transaction. Use it to correlate webhook notifications with orders.
Store the reference after creation. It is required to match incoming webhook notifications to specific orders.
Base64-encoded hash of the transaction body. Can be used for advanced transaction verification. ## Server-side implementation [#server-side-implementation] ### Backend endpoint [#backend-endpoint] Create an API endpoint that builds the transaction message and stores tracking data: ```typescript expandable import { createTonPayTransfer } from "@ton-pay/api"; app.post("/api/create-payment", async (req, res) => { const { amount, senderAddr, orderId } = req.body; try { const { message, reference, bodyBase64Hash } = await createTonPayTransfer( { amount, asset: "TON", recipientAddr: "", senderAddr, commentToSender: `Payment for Order ${orderId}`, commentToRecipient: `Order ${orderId}`, }, { chain: "testnet", apiKey: "yourTonPayApiKey", // optional } ); // Store tracking identifiers in your database await db.createPayment({ orderId, reference, bodyBase64Hash, amount, asset: "TON", status: "pending", senderAddr, }); // Return only the message to the client res.json({ message }); } catch (error) { console.error("Failed to create payment:", error); res.status(500).json({ error: "Failed to create payment" }); } }); ```
Always persist tracking identifiers such as `reference` and `bodyBase64Hash` in the database before returning the message to the client. If the client loses connection or closes the browser, these identifiers are still required to process incoming webhooks.
### Frontend implementation [#frontend-implementation] ```tsx expandable import { useTonPay } from "@ton-pay/ui-react"; export function ServerPaymentButton({ orderId, amount, }: { orderId: string; amount: number; }) { const { pay } = useTonPay(); const handlePayment = async () => { try { const { txResult } = await pay(async (senderAddr: string) => { const response = await fetch("/api/create-payment", { method: "POST", headers: { "Content-Type": "application/json" }, body: JSON.stringify({ amount, senderAddr, orderId }), }); if (!response.ok) { throw new Error("Failed to create payment"); } const { message } = await response.json(); return { message }; }); console.log("Transaction sent:", txResult.boc); // Optionally redirect or show success message window.location.href = `/orders/${orderId}/success`; } catch (error) { console.error("Payment failed:", error); alert("Payment failed. Please try again."); } }; return ; } ``` ## Error handling [#error-handling] The `useTonPay` hook throws errors in the following scenarios: ### Wallet connection errors [#wallet-connection-errors] ```typescript const { pay } = useTonPay(); try { await pay(getMessage); } catch (error) { if (error.message === "Wallet connection modal closed") { // User closed the connection modal without connecting console.log("User cancelled wallet connection"); } else if (error.message === "Wallet connection timeout") { // Connection attempt exceeded 5-minute timeout console.log("Connection timeout - please try again"); } } ``` ### Transaction errors [#transaction-errors] ```typescript try { await pay(getMessage); } catch (error) { // User rejected the transaction in their wallet if (error.message?.includes("rejected")) { console.log("User rejected the transaction"); } // Network or API errors else if (error.message?.includes("Failed to create TON Pay transfer")) { console.log("API error - check your configuration"); } // Other unexpected errors else { console.error("Unexpected error:", error); } } ``` ## Best practices [#best-practices] * Persist tracking identifiers immediately. ```typescript // Good: Store before transaction const { message, reference } = await createTonPayTransfer(...); await db.createPayment({ reference, status: "pending" }); return { message }; // Bad: Only storing after successful transaction const { txResult, reference } = await pay(...); await db.createPayment({ reference }); // Too late if network fails ``` * Always validate or generate amounts server-side to prevent manipulation. Never trust amount values sent from the client. ```typescript // Server-side endpoint app.post('/api/create-payment', async (req, res) => { const { orderId, senderAddr } = req.body; // Fetch the actual amount from your database const order = await db.getOrder(orderId); // Use the verified amount, not req.body.amount const { message } = await createTonPayTransfer({ amount: order.amount, asset: order.currency, recipientAddr: '', senderAddr, }); res.json({ message }); }); ``` * Wrap the payment components with React error boundaries to handle failures. ```tsx class PaymentErrorBoundary extends React.Component { componentDidCatch(error: Error) { console.error('Payment component error:', error); // Log to the error tracking service } render() { return this.props.children; } } ``` * Payment processing can take several seconds. Provide clear feedback to users during wallet connection and transaction signing. ```tsx const [loading, setLoading] = useState(false); const handlePayment = async () => { setLoading(true); try { await pay(getMessage); } finally { setLoading(false); } }; return ( ); ``` * Use environment variables for sensitive data and chain configuration. ```typescript const { message } = await createTonPayTransfer(params, { chain: process.env.TON_CHAIN as 'mainnet' | 'testnet', apiKey: process.env.TONPAY_API_KEY, // optional }); ``` ## Troubleshooting [#troubleshooting] Wrap the application with `TonConnectUIProvider`: ```tsx import { TonConnectUIProvider } from "@tonconnect/ui-react"; function App() { return ( ); } ``` 1. Verify that the TON Connect manifest URL is accessible and valid. 2. Check the browser console for TON Connect initialization errors. 3. Ensure the manifest file is served with correct [CORS](https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CORS) headers. 4. Open the manifest URL directly in the browser to verify it loads. 1. Verify that the recipient address is [a valid TON address](/blockchain-basics/primitives/addresses/formats). 2. Ensure the address format matches the selected chain; mainnet or testnet. 3. Verify that the address includes the full base64 representation with workchain. 1. Check whether the optional API key is missing or invalid for endpoints that require authentication. 2. Verify network connectivity. 3. Validate parameter values. For example, non-negative amounts and valid addresses. 4. Confirm the correct chain configuration; mainnet or testnet. To inspect the underlying API error: ```ts try { await createTonPayTransfer(...); } catch (error) { console.error("API Error:", error.cause); // HTTP status text } ``` 1. Note that TON Connect may not emit an explicit error on rejection. 2. Add timeout handling: ```ts const paymentPromise = pay(getMessage); const timeoutPromise = new Promise((_, reject) => setTimeout(() => reject(new Error("Transaction timeout")), 60000) ); await Promise.race([paymentPromise, timeoutPromise]); ``` ## Optional API key configuration [#optional-api-key-configuration] When using `useTonPay` with server-side message building, the optional API key can be included in the backend endpoint to enable dashboard features and webhooks: ```typescript // Backend endpoint app.post("/api/create-payment", async (req, res) => { const { amount, senderAddr, orderId } = req.body; const { message, reference, bodyBase64Hash } = await createTonPayTransfer( { amount, asset: "TON", recipientAddr: process.env.MERCHANT_WALLET_ADDRESS!, senderAddr, }, { chain: "testnet", apiKey: process.env.TONPAY_API_KEY, // Optional: enables dashboard features } ); await db.createPayment({ orderId, reference, bodyBase64Hash }); res.json({ message }); }); ``` ## Testnet configuration [#testnet-configuration]
Running tests on mainnet can result in irreversible loss of real TON. Always use `chain: "testnet"` and testnet wallet addresses during development. Verify the network before switching to mainnet.
A complete description of testnet configuration, including obtaining testnet TON, testing jetton transfers, verifying transactions, and preparing for mainnet deployment, is available in the [Testnet configuration](/applications/ton-pay/payment-integration/transfer#testnet-configuration) section. ## Next steps [#next-steps] Receive real-time notifications when payments complete. Query payment status using reference or body hash. # How to send payments using TON Connect (/applications/ton-pay/payment-integration/payments-tonconnect) Use TON Connect native `sendTransaction` method when: * The application manages wallet connection UI and transaction flow directly. * TON Connect is already used elsewhere in the application. * Access to TON Connect-specific APIs is required, such as status change listeners or custom wallet adapters. ## Integration overview [#integration-overview] Direct TON Connect integration follows these steps: 1. Configure the TON Connect UI provider with the application manifest. 2. Manage wallet connection state and provide UI for users to connect the wallets. 3. Create a transaction message on the client or backend using `createTonPayTransfer`. 4. Send the transaction using TON Connect's `sendTransaction` method. 5. Observe connection state changes and transaction status updates. ## React implementation [#react-implementation] ### Set up application [#set-up-application] Wrap the application with the TON Connect UI provider: ```tsx import { TonConnectUIProvider } from "@tonconnect/ui-react"; export function Providers({ children }: { children: React.ReactNode }) { return ( {children} ); } ``` The manifest URL must be publicly accessible and served over HTTPS in production. Replace `` with the public HTTPS origin that serves `tonconnect-manifest.json`. [The manifest file](/ecosystem/ton-connect/manifest) provides application metadata required for wallet identification. ### Payment component [#payment-component] ```tsx expandable import { useTonAddress, useTonConnectModal, useTonConnectUI, } from "@tonconnect/ui-react"; import { createTonPayTransfer } from "@ton-pay/api"; import { useState } from "react"; export function PaymentComponent({ orderId, amount }: { orderId: string; amount: number }) { const address = useTonAddress(true); // Get user-friendly address format const { open } = useTonConnectModal(); const [tonConnectUI] = useTonConnectUI(); const [loading, setLoading] = useState(false); const handlePayment = async () => { // Check if wallet is connected if (!address) { open(); return; } setLoading(true); try { // Create the transaction message // Note: For production, consider moving this to a server endpoint const { message, reference, bodyBase64Hash } = await createTonPayTransfer( { amount, asset: "TON", recipientAddr: "", senderAddr: address, commentToSender: `Payment for Order ${orderId}`, commentToRecipient: `Order ${orderId}`, }, { chain: "testnet", // Optional API key can be used client-side apiKey: "", // optional } ); // Store tracking identifiers await fetch("/api/store-payment", { method: "POST", headers: { "Content-Type": "application/json" }, body: JSON.stringify({ reference, bodyBase64Hash, orderId, amount }), }); // Send transaction through TonConnect const result = await tonConnectUI.sendTransaction({ messages: [message], validUntil: Math.floor(Date.now() / 1000) + 300, // 5 minutes from: address, }); console.log("Transaction sent:", result.boc); // Handle success window.location.href = `/orders/${orderId}/success`; } catch (error) { console.error("Payment failed:", error); alert("Payment failed. Please try again."); } finally { setLoading(false); } }; return ( ); } ``` ### Manage connection state [#manage-connection-state] Listen for wallet connection status changes using the TON Connect UI API: ```tsx import { useEffect } from "react"; import { useTonConnectUI } from "@tonconnect/ui-react"; export function WalletStatus() { const [tonConnectUI] = useTonConnectUI(); const [walletInfo, setWalletInfo] = useState(null); useEffect(() => { // Listen for connection status changes const unsubscribe = tonConnectUI.onStatusChange((wallet) => { if (wallet) { console.log("Wallet connected:", wallet.account.address); setWalletInfo({ address: wallet.account.address, chain: wallet.account.chain, walletName: wallet.device.appName, }); } else { console.log("Wallet disconnected"); setWalletInfo(null); } }); return () => { unsubscribe(); }; }, [tonConnectUI]); if (!walletInfo) { return
No wallet connected
; } return (

Connected: {walletInfo.walletName}

Address: {walletInfo.address}

); } ``` ## Server-side message building [#server-side-message-building] For production applications, build transaction messages on the server to centralize tracking and validation. ### Backend endpoint [#backend-endpoint] ```typescript expandable import { createTonPayTransfer } from "@ton-pay/api"; import { validateWalletAddress } from "./utils/validation"; app.post("/api/create-transaction", async (req, res) => { const { orderId, senderAddr } = req.body; try { // Validate inputs if (!validateWalletAddress(senderAddr)) { return res.status(400).json({ error: "Invalid wallet address" }); } // Fetch order details from database const order = await db.orders.findById(orderId); if (!order) { return res.status(404).json({ error: "Order not found" }); } if (order.status !== "pending") { return res.status(400).json({ error: "Order already processed" }); } // Create transaction message const { message, reference, bodyBase64Hash } = await createTonPayTransfer( { amount: order.amount, asset: order.currency || "TON", recipientAddr: "", senderAddr, commentToSender: `Payment for Order ${order.id}`, commentToRecipient: `Order ${order.id} - ${order.description}`, }, { chain: "testnet", apiKey: "TONPAY_API_KEY", // optional } ); // Store tracking identifiers await db.payments.create({ orderId: order.id, reference, bodyBase64Hash, amount: order.amount, asset: order.currency || "TON", senderAddr, status: "pending", createdAt: new Date(), }); // Return message to client res.json({ message }); } catch (error) { console.error("Failed to create transaction:", error); res.status(500).json({ error: "Failed to create transaction" }); } }); ``` ### Frontend implementation [#frontend-implementation] ```tsx expandable export function ServerManagedPayment({ orderId }: { orderId: string }) { const address = useTonAddress(true); const { open } = useTonConnectModal(); const [tonConnectUI] = useTonConnectUI(); const [loading, setLoading] = useState(false); const handlePayment = async () => { if (!address) { open(); return; } setLoading(true); try { // Request transaction message from server const response = await fetch("/api/create-transaction", { method: "POST", headers: { "Content-Type": "application/json" }, body: JSON.stringify({ orderId, senderAddr: address }), }); if (!response.ok) { const error = await response.json(); throw new Error(error.error || "Failed to create transaction"); } const { message } = await response.json(); // Send transaction const result = await tonConnectUI.sendTransaction({ messages: [message], validUntil: Math.floor(Date.now() / 1000) + 300, from: address, }); console.log("Transaction completed:", result.boc); // Navigate to success page window.location.href = `/orders/${orderId}/success`; } catch (error) { console.error("Payment error:", error); alert(error.message || "Payment failed"); } finally { setLoading(false); } }; return ( ); } ``` ## Vanilla JavaScript implementation [#vanilla-javascript-implementation] For non-React applications, use the TON Connect SDK directly: ```javascript expandable import TonConnectUI from "@tonconnect/ui"; import { createTonPayTransfer } from "@ton-pay/api"; const tonConnectUI = new TonConnectUI({ manifestUrl: "https://yourdomain.com/tonconnect-manifest.json", }); // Connect wallet async function connectWallet() { await tonConnectUI.connectWallet(); } // Send payment async function sendPayment(amount, orderId) { const wallet = tonConnectUI.wallet; if (!wallet) { await connectWallet(); return; } try { // Create transaction message const { message, reference, bodyBase64Hash } = await createTonPayTransfer( { amount, asset: "TON", recipientAddr: "", senderAddr: wallet.account.address, commentToSender: `Order ${orderId}`, }, { chain: "testnet" } ); // Store tracking data await fetch("/api/store-payment", { method: "POST", headers: { "Content-Type": "application/json" }, body: JSON.stringify({ reference, bodyBase64Hash, orderId }), }); // Send transaction const result = await tonConnectUI.sendTransaction({ messages: [message], validUntil: Math.floor(Date.now() / 1000) + 300, from: wallet.account.address, }); console.log("Payment successful:", result.boc); } catch (error) { console.error("Payment failed:", error); } } // Listen for connection changes tonConnectUI.onStatusChange((wallet) => { if (wallet) { console.log("Wallet connected:", wallet.account.address); document.getElementById("wallet-address").textContent = wallet.account.address; } else { console.log("Wallet disconnected"); document.getElementById("wallet-address").textContent = "Not connected"; } }); ``` ## Transaction parameters [#transaction-parameters] ### Message structure [#message-structure] The message object passed to `sendTransaction` must include these fields: Recipient wallet address in [user-friendly format](/blockchain-basics/primitives/addresses/formats). Amount to send in nanotons. Base64-encoded message payload containing transfer details and tracking information. ### Transaction options [#transaction-options] Unix timestamp indicating when the transaction expires. Typically is 5 minutes. ```typescript validUntil: Math.floor(Date.now() / 1000) + 300 ``` Sender's wallet address. Must match the connected wallet address. Network identifier. Usually omitted as it is inferred from the connected wallet. ## Error handling [#error-handling] ```typescript async function handleTransaction() { try { const result = await tonConnectUI.sendTransaction({ messages: [message], validUntil: Math.floor(Date.now() / 1000) + 300, from: address, }); return result; } catch (error) { // User rejected the transaction if (error.message?.includes("rejected")) { console.log("User cancelled the transaction"); return null; } // Wallet not connected if (error.message?.includes("Wallet is not connected")) { console.log("Connect the wallet first"); tonConnectUI.connectWallet(); return null; } // Transaction expired if (error.message?.includes("expired")) { console.log("Transaction expired, please try again"); return null; } // Network or other errors console.error("Transaction failed:", error); throw error; } } ``` ## Best practices [#best-practices] * Check wallet connection status before attempting to send transactions. Provide clear UI feedback for connection state. ```typescript const wallet = tonConnectUI.wallet; if (!wallet) { // Show connect button return; } // Proceed with transaction ``` * Use a reasonable `validUntil` value, typically 5 minutes, to prevent stale transactions while allowing enough time for user confirmation. ```typescript const validUntil = Math.floor(Date.now() / 1000) + 300; // 5 minutes ``` * Ensure the sender address from TON Connect matches the format expected by the backend. Use the [user-friendly format](/blockchain-basics/primitives/addresses/formats) consistently. ```typescript const address = useTonAddress(true); // true = user-friendly format ``` * Always persist `reference` and `bodyBase64Hash` before sending the transaction. This allows payment reconciliation through webhooks even if the client flow fails after submission. ```typescript // Good: Store first, then send await storePaymentTracking(reference, bodyBase64Hash); await tonConnectUI.sendTransaction(...); // Bad: Send first, then store await tonConnectUI.sendTransaction(...); await storePaymentTracking(reference, bodyBase64Hash); // Might not execute ``` * Implement connection state listeners to update the UI and handle wallet disconnections. ```typescript useEffect(() => { const unsubscribe = tonConnectUI.onStatusChange((wallet) => { if (wallet) { setConnectedWallet(wallet.account.address); } else { setConnectedWallet(null); } }); return unsubscribe; }, [tonConnectUI]); ``` * Handle transaction rejection explicitly. Treat user rejection as a normal cancellation, not as an error. ```typescript try { await tonConnectUI.sendTransaction(transaction); } catch (error) { if (error.message?.includes("rejected")) { // Don't show error - user intentionally cancelled console.log("Transaction cancelled by user"); } else { // Show error for unexpected failures showErrorMessage("Transaction failed"); } } ``` ## Troubleshooting [#troubleshooting] Ensure the wallet is connected before calling `sendTransaction`: ```typescript if (!tonConnectUI.wallet) { await tonConnectUI.connectWallet(); // Wait for connection before proceeding } ``` Add a connection state check: ```typescript const isConnected = tonConnectUI.wallet !== null; ``` 1. Ensure the `from` address matches the connected wallet address. 2. Verify that the recipient address is [a valid TON address](/blockchain-basics/primitives/addresses/formats). 3. Use the wallet address provided by the SDK to avoid format mismatches: ```typescript const address = useTonAddress(true); // Ensure consistent format ``` The `validUntil` timestamp may be too short. Increase the validity period to give the user more time to confirm the transaction: ```typescript // Increase from 5 to 10 minutes if needed validUntil: Math.floor(Date.now() / 1000) + 600 ``` Check for the following common issues: * The URL is not publicly accessible. * [CORS](https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CORS) headers are not configured correctly. * The manifest JSON is malformed. * The URL is not HTTPS; required in production. Open the manifest URL directly in a browser to verify that it is accessible. Ensure that the status change subscription is created once and remains active for the lifetime of the component. ```typescript useEffect(() = >{ const unsubscribe = tonConnectUI.onStatusChange(handleWalletChange); return () = >unsubscribe(); // Clean up subscription }, [tonConnectUI]); ``` `connectWallet()` may be called more than once. Track the connection state: ```typescript const[isConnecting, setIsConnecting] = useState(false); const connect = async() = >{ if (isConnecting) return; setIsConnecting(true); try { await tonConnectUI.connectWallet(); } finally { setIsConnecting(false); } }; ``` ## Optional API key configuration [#optional-api-key-configuration] When using TON Connect with server-side message building, [the optional API key can be included](/applications/ton-pay/payment-integration/payments-tonconnect#api-key-configuration) in the backend: ```typescript import { createTonPayTransfer } from "@ton-pay/api"; app.post("/api/create-transaction", async (req, res) => { const { orderId, senderAddr } = req.body; const order = await db.orders.findById(orderId); const { message, reference, bodyBase64Hash } = await createTonPayTransfer( { amount: order.amount, asset: "TON", recipientAddr: "", senderAddr: "", }, { chain: "testnet", apiKey: "TONPAY_API_KEY", // optional } ); await db.payments.create({ orderId, reference, bodyBase64Hash }); res.json({ message }); }); ``` ## Testnet configuration [#testnet-configuration]
Running tests on mainnet can result in irreversible loss of real TON. Always use `chain: "testnet"` and testnet wallet addresses during development. Verify the network before switching to mainnet.
### Set up testnet [#set-up-testnet] Configure the environment to use testnet: ```bash # .env.development TON_CHAIN=testnet MERCHANT_WALLET_ADDRESS=TESTNET_ADDRESS ``` ```tsx import { useTonAddress, useTonConnectUI } from "@tonconnect/ui-react"; import { createTonPayTransfer } from "@ton-pay/api"; export function TestnetPayment({ amount }: { amount: number }) { const address = useTonAddress(true); const [tonConnectUI] = useTonConnectUI(); const handlePayment = async () => { if (!address) { tonConnectUI.connectWallet(); return; } const { message } = await createTonPayTransfer( { amount, asset: "TON", recipientAddr: "", senderAddr: "", }, { chain: "testnet" } // Use testnet ); const result = await tonConnectUI.sendTransaction({ messages: [message], validUntil: Math.floor(Date.now() / 1000) + 300, from: address, }); console.log("Testnet transaction:", result.boc); }; return ; } ``` ## Next steps [#next-steps] Receive real-time notifications when payments complete. Query payment status using reference or body hash. # How to check status and retrieve info (/applications/ton-pay/payment-integration/status-info) After sending, look up the final result and details. The SDK exposes two lookup functions. ## By body hash [#by-body-hash] Use the Base64 hash of the signed message body payload. ```ts import { getTonPayTransferByBodyHash } from "@ton-pay/api"; const info = await getTonPayTransferByBodyHash(bodyBase64Hash, { chain: "testnet", }); ``` ## By reference [#by-reference] Use the `reference` returned by `createTonPayTransfer`. ```ts import { getTonPayTransferByReference } from "@ton-pay/api"; const info = await getTonPayTransferByReference(reference, { chain: "testnet", }); ``` ### Return shape [#return-shape] ```ts type CompletedTonPayTransferInfo = { amount: string; rawAmount: string; senderAddr: string; recipientAddr: string; asset: string; assetTicker?: string; status: string; reference: string; bodyBase64Hash: string; txHash: string; traceId: string; commentToSender?: string; commentToRecipient?: string; date: string; errorCode?: number; errorMessage?: string; }; ``` Use `status` to drive UI state and use `reference`, `bodyBase64Hash`, and `txHash` for reconciliation.
For Toncoin payments, the recipient amount may be reduced by [network fees](/blockchain-basics/primitives/fees). Use jettons or slightly overpay in TON when an exact settlement amount is required.
## Response fields [#response-fields] Human-readable amount with decimals. Amount in base units; nano for TON and jetton base units. Sender wallet address. Recipient wallet address. Asset address. "TON" for coin or jetton master address. Possible values: * `pending` – the transfer is created and awaits confirmation on the blockchain. * `success` – the transfer is completed successfully; the trace completes without errors. * `error` – the transfer fails; the trace completes with an error. Tracking reference returned at creation time. Base64 hash of the signed message body content (payload). Used for lookups. Transaction hash assigned by the network. Trace identifier for explorer. Optional note shown to the payer while signing. Public on-chain; avoid confidential data and keep under 120 characters to reduce gas. Optional note shown to the payee after receipt. Public on-chain; avoid confidential data and keep under 120 characters to reduce gas. # How to build a transfer (/applications/ton-pay/payment-integration/transfer) Use this server-side helper to generate a canonical TON message payload and a tracking reference. ```ts import { createTonPayTransfer } from "@ton-pay/api"; const { message, bodyBase64Hash, reference } = await createTonPayTransfer( { amount: 10.5, asset: "TON", recipientAddr: "", senderAddr: "", commentToSender: "Payment for Order #1234", commentToRecipient: "Order #1234", }, { chain: "testnet", apiKey: "", // optional } ); ```
The TON Pay API key is optional, but providing it enables transaction visibility in the TON Pay Merchant Dashboard, webhook notifications, and wallet management features.
## Function signature [#function-signature] ```ts createTonPayTransfer( params: CreateTonPayTransferParams, options?: APIOptions ): Promise ``` ### Transfer parameters [#transfer-parameters] ```ts type CreateTonPayTransferParams = { amount: number; asset: string; recipientAddr?: string; senderAddr: string; queryId?: number; commentToSender?: string; commentToRecipient?: string; }; ``` ### API options [#api-options] ```ts type APIOptions = { chain?: "mainnet" | "testnet"; apiKey?: string; // optional }; ``` Target blockchain network. Use `"mainnet"` for production or `"testnet"` for development and testing. The optional TON Pay API key from the Merchant Dashboard. When provided, it enables: * Transaction visibility in the TON Pay Merchant Dashboard. * Webhook notifications for completed transactions. * Receiving wallet management from the Merchant Dashboard. ## Parameter details [#parameter-details] Human-readable payment amount. Decimals are allowed, for example, 10.5 TON. Asset to transfer. Use "TON" for Toncoin or a jetton master address or constant, for example, USDT.
Token constants such as `USDT` always reference mainnet jetton master addresses and are not affected by the `chain` option. Using them on testnet may send transactions to mainnet contracts. For testnet, explicitly pass the correct testnet jetton master address instead of using token constants.
Payee wallet address. Optional if an API key is provided. Defaults to the merchant’s default wallet address configured in the Merchant Dashboard. Payer wallet address. In UI flows, obtain it from TON Connect. Jetton only. Numeric identifier embedded into the jetton payload for idempotency and tracking. Ignored for Toncoin payments. Short note visible to the user in the wallet while signing.
Comments are on-chain and publicly visible in blockchain explorers. Do not include confidential data. Keep comments under 120 characters to avoid increased gas fees.
Note visible to the recipient after the transfer is received.
Comments are on-chain and publicly visible in blockchain explorers. Do not include confidential data. Keep comments under 120 characters to avoid increased gas fees.
## Predefined asset constants [#predefined-asset-constants] Built-in constants can be used instead of raw addresses. ```ts import { createTonPayTransfer, TON, USDT } from "@ton-pay/api"; // Toncoin transfer await createTonPayTransfer( { amount: 1, asset: TON, // same as "TON" recipientAddr: "", // shortened example; replace with a full wallet address senderAddr: "", // shortened example; replace with a full wallet address }, { chain: "testnet", apiKey: "", // optional } ); // USDT jetton transfer await createTonPayTransfer( { amount: 25, asset: USDT, // mainnet USDT jetton master address recipientAddr: "", // shortened example; replace with a full wallet address senderAddr: "", // shortened example; replace with a full wallet address }, { chain: "testnet", apiKey: "", // optional } ); ```
In `asset`, token constants such as `USDT` always reference mainnet jetton master addresses and are not affected by the `chain` option. Using them on testnet may send transactions to mainnet contracts. For testnet, explicitly pass the correct testnet jetton master address instead of using token constants.
Response: ```ts type CreateTonPayTransferResponse = { message: { address: string; amount: string; payload: string; }; bodyBase64Hash: string; reference: string; }; ``` ## Response fields [#response-fields] Prebuilt TON Connect transaction message. Intended to be passed to `sendTransaction` as `messages: [message]`. Base64 hash of the signed message body content (payload). Used with `getTonPayTransferByBodyHash`. Tracking reference string. Used with `getTonPayTransferByReference`. The SDK call returns a ready-to-send message along with identifiers for subsequent status lookups. Always persist tracking identifiers server-side before sending the transaction to the user. ## Optional API key configuration [#optional-api-key-configuration] The TON Pay API key is optional but enables merchant features, including transaction visibility in the dashboard, webhook notifications, and centralized wallet management in the TON Pay Merchant Dashboard. ### Obtain an optional API key [#obtain-an-optional-api-key] Open the TON Pay Merchant Dashboard and sign in to the merchant account. Navigate to Developer → API Keys sections to set up the optional API key. Generate a new API key (optional) or copy an existing one and store it securely. ### Usage in code [#usage-in-code] ```typescript import { createTonPayTransfer } from "@ton-pay/api"; const { message, reference, bodyBase64Hash } = await createTonPayTransfer( { amount: 10.5, asset: "TON", // recipientAddr is optional when API key is provided // Will use merchant's default wallet from the Merchant Dashboard senderAddr: userWalletAddress, }, { chain: "testnet", apiKey: "", // optional } ); ``` ### Optional API key capabilities [#optional-api-key-capabilities] | Capability | With optional API key | Without API key | | ------------------------------------- | ----------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------- | | Transaction visibility and monitoring | Transfers appear in the TON Pay Merchant Dashboard with status tracking and full transaction history. | Transfers are processed on-chain but are not visible in the Merchant dashboard. | | Webhook notifications | Real-time HTTP POST notifications are sent for completed and failed payments. | No webhook notifications; payment status must be obtained through the manual polling. | | Receiving wallet management | Receiving wallets are managed from the TON Pay Merchant Dashboard; addresses can be updated without code changes. | Receiving wallet addresses must be hard-coded in the application. | | `recipientAddr` handling | Optional; when omitted, the merchant’s default wallet from the Merchant Dashboard is used automatically. | Required for every transfer. | With optional API key: `recipientAddr` is optional. ```ts const result = await createTonPayTransfer( { amount: 10, asset: "TON", senderAddr: "", }, { chain: "testnet", apiKey: "", // optional } ); ``` Without API key (the API key remains optional): `recipientAddr` is required. ```ts // Works without API key (it is optional) - transaction processes normally const result = await createTonPayTransfer( { amount: 10, asset: "TON", recipientAddr: "", senderAddr: "", }, { chain: "testnet" } // No optional apiKey - transaction works but no dashboard features ); ``` ## Testnet configuration [#testnet-configuration]
Running tests on mainnet can result in irreversible loss of real TON. Always use `chain: "testnet"` and testnet wallet addresses during development. Verify the network before switching to mainnet.
### Set up testnet [#set-up-testnet] Configure the `chain` option to `"testnet"` in the API calls: ```typescript const { message, reference, bodyBase64Hash } = await createTonPayTransfer( { amount: 5.0, asset: "TON", recipientAddr: "", senderAddr: "", }, { chain: "testnet", // Use testnet apiKey: "", // optional } ); ``` Ensure all wallet addresses are valid [testnet addresses](/blockchain-basics/primitives/addresses/formats). * Use testnet wallet account: [Tonkeeper](/overview/wallets/wallet-apps/tonkeeper) or other TON wallets. * [Get testnet TON](/overview/wallets/wallet-apps/get-coins) from a faucet to test transactions. If testing with jettons, use the correct testnet jetton master addresses; not mainnet addresses. ```typescript // Example: Testnet USDT (use actual testnet address) await createTonPayTransfer( { amount: 10, asset: "", // Testnet jetton address recipientAddr: "", senderAddr: "", }, { chain: "testnet" } ); ``` ### Configure environment [#configure-environment] Use environment variables to switch between mainnet and testnet: ```typescript // .env.development TON_CHAIN=testnet MERCHANT_WALLET_ADDRESS=EQC...TESTNET_ADDRESS // .env.production TON_CHAIN=mainnet MERCHANT_WALLET_ADDRESS=EQC...MAINNET_ADDRESS ``` ```typescript // In the application code const { message, reference, bodyBase64Hash } = await createTonPayTransfer( { amount: orderAmount, asset: "TON", recipientAddr: "", senderAddr: "", }, { chain: "testnet", apiKey: "", // optional } ); ``` ### Verify testnet transactions [#verify-testnet-transactions] Verify testnet transactions using testnet block [explorers](/overview/infrastructure/explorers/overview): * [Testnet Tonviewer](https://testnet.tonviewer.com/) * [Testnet Tonscan](https://testnet.tonscan.org/) ```typescript // Replace txHash with the actual transaction hash. // After transaction completes: console.log(`View on explorer: https://testnet.tonscan.org/tx/${txHash}`); ``` ### Apply testing best practices [#apply-testing-best-practices] * Test all payment outcomes on testnet, including success, failures, user rejections, and edge cases. * Verify webhook endpoint correctly processes testnet webhooks; payload structure matches mainnet. * Validate behavior across different amounts, including small, large, and fractional values. * Ensure `reference` and `bodyBase64Hash` are persisted and usable for status lookups. * Exercise error paths such as insufficient balance, invalid addresses, and network issues. # How to add a TON Pay button using JS (/applications/ton-pay/ui-integration/button-js) Add a TON Pay button to a plain HTML/JavaScript page using the embed script or TON Pay client. The default button appearance is shown below.

## Installation [#installation] Choose one of the installation methods: 1. npm ```bash npm install @ton-pay/ui @tonconnect/ui ``` 2. CDN: no installation needed ```html ``` 3. Local copy After npm install, copy `node_modules/@ton-pay/ui/dist/ton-pay-embed.js` to a public assets folder. For example, the site's `public/` directory. Then include it with a ` ``` ```html ``` ```html ```
The `callback` parameter in the embed script must match the global function name in the handler.
## Option 2: use TON Pay client [#option-2-use-ton-pay-client] Use `createTonPay` for custom UI and payment flow control. ```html My TON Payment App
``` ```html ``` ```html ```
`createTonPay` opens TON Connect modal when `pay()` is called and no wallet is connected.
## Create messages with createTonPayTransfer [#create-messages-with-createtonpaytransfer] Use `createTonPayTransfer` to build a canonical payment message with tracking identifiers. Combine the snippets in this section into one HTML page. ```html ``` ```html ```
Store `reference` and `bodyBase64Hash` to track payment status via the [webhooks guide](/applications/ton-pay/webhooks).
## Embed script parameters [#embed-script-parameters] | Parameter | Type | Default | Description | | -------------- | --------------------------- | ----------------- | -------------------------------------------------------------- | | `containerId` | string | `"ton-pay-btn"` | Target element ID where the button renders. | | `preset` | `"default"` \| `"gradient"` | - | Built-in theme preset. | | `bgColor` | string | `"#0098EA"` | Background color in hex or CSS gradient. URL-encode the value. | | `textColor` | string | `"#FFFFFF"` | Text and icon color. | | `variant` | `"long"` \| `"short"` | `"long"` | Button text variant. | | `text` | string | - | Custom button text. Overrides `variant`. | | `loadingText` | string | `"Processing..."` | Text shown during loading. | | `borderRadius` | number | `8` | Border radius in pixels. | | `fontFamily` | string | `"inherit"` | CSS font-family value. | | `width` | number | `300` | Button width in pixels. | | `height` | number | `44` | Button height in pixels. | | `showMenu` | boolean | `true` | Show dropdown menu with wallet actions. | | `callback` | string | - | Global function name called on click. | ### Examples [#examples] ```html Default blue button ``` ```html Gradient button ``` ```html Custom colors ``` ```html Custom size ```
URL-encode special characters in parameters. For example, `#` becomes `%23` in color values.
## TonPayEmbed API [#tonpayembed-api] The embed script exposes a global `TonPayEmbed` object for programmatic control. ### `TonPayEmbed.mount(config)` [#tonpayembedmountconfig] Update button configuration dynamically. ```js TonPayEmbed.mount({ preset: "gradient", variant: "short", borderRadius: 12, width: 350 }); ``` ### `TonPayEmbed.setCallback(functionName)` [#tonpayembedsetcallbackfunctionname] Change the callback function. ```js TonPayEmbed.setCallback("newPaymentHandler"); ``` ### `TonPayEmbed.setAddress(address)` [#tonpayembedsetaddressaddress] Update the displayed wallet address in the menu. ```js TonPayEmbed.setAddress(""); ``` ### `TonPayEmbed.click()` [#tonpayembedclick] Trigger a button click programmatically. ```js TonPayEmbed.click(); ``` ### Example: dynamic configuration [#example-dynamic-configuration] ```html
``` ## TonPay client API [#tonpay-client-api] `createTonPay` returns a client for wallet connection and payments. ### Properties [#properties] * `address: string | null` Current wallet address. ```js const tonPay = createTonPay({ manifestUrl: "https:///tonconnect-manifest.json" }); console.log(tonPay.address); // null or wallet address ``` ### Methods [#methods] * `waitForWalletConnection(): Promise` Wait for a wallet connection and open the modal if needed. ```js try { const address = await tonPay.waitForWalletConnection(); console.log("Connected:", address); } catch (error) { console.error("Connection failed:", error); } ``` * `pay(getMessage): Promise` Execute a payment transaction. ```js const result = await tonPay.pay(async (senderAddr) => { const message = { address: "", amount: "1000000" }; return { message }; }); console.log(result.txResult); ``` * `disconnect(): Promise` Disconnect the current wallet. ```js await tonPay.disconnect(); ``` ## Framework integration [#framework-integration] ### WordPress [#wordpress] ```html
``` ### Plain HTML/CSS/JS [#plain-htmlcssjs] Use the complete example of the embed script in a single HTML file. ### Build tools: Webpack and Vite [#build-tools-webpack-and-vite] ```js import { createTonPay } from "@ton-pay/ui/vanilla"; const tonPay = createTonPay({ manifestUrl: "https:///tonconnect-manifest.json" }); // Use tonPay.pay() in event handlers ``` ## Best practices [#best-practices] * Wrap payment calls in try-catch blocks and display clear error messages. * Update the UI during payment processing to prevent repeated clicks. * Check amounts, addresses, and input before calling the payment function. * Use HTTPS in production. TON Connect requires HTTPS for the manifest URL and callbacks. * Save `reference` and `bodyBase64Hash` from `createTonPayTransfer` to track payments via webhooks. * Test with testnet first and handle error scenarios before going live. ## Troubleshooting [#troubleshooting] 1. Verify that `containerId` matches the target div ID 2. Check the browser console for errors 3. Ensure the script loads after the container div 4. Verify that the script URL is correct and accessible 1. Ensure the callback function is defined on the `window` object 2. Verify that the function name matches the `callback` parameter exactly 3. Define the callback before the embed script runs 1. Add the import map before any module scripts 2. Verify that the `@tonconnect/ui` version is compatible 3. Check that the import map syntax is valid 1. Serve the manifest from the same domain or enable CORS 2. Use HTTPS in production 3. Verify that CDN resources are accessible # How to add a TON Pay button using React (/applications/ton-pay/ui-integration/button-react) `TonPayButton` is a ready-to-use React component that handles wallet connection and payment flow with configurable styling for TON payments. The default button appearance is shown below.

## Install packages [#install-packages] ```bash npm install @ton-pay/ui-react @ton-pay/api @tonconnect/ui-react ``` Create [`tonconnect-manifest.json`](/ecosystem/ton-connect/manifest) in the app public directory: ```json { "url": "", "name": "", "iconUrl": "" } ``` Wrap the root component with `TonConnectUIProvider`. ```tsx import { TonConnectUIProvider } from "@tonconnect/ui-react"; function App() { return ( ); } ```
To receive webhooks in production, ensure corresponding endpoints use HTTPS. Regular HTTP endpoints would be ignored by TON Pay.
## Option 1: use useTonPay hook [#option-1-use-usetonpay-hook] The `useTonPay` hook simplifies wallet connection and transaction handling. Use it for a direct integration path. ```tsx import { TonPayButton } from "@ton-pay/ui-react"; import { useTonPay } from "@ton-pay/ui-react"; import { createTonPayTransfer } from "@ton-pay/api"; import { useState } from "react"; ``` ```tsx function PaymentComponent() { const { pay } = useTonPay(); const [isLoading, setIsLoading] = useState(false); ``` ```tsx const handlePayment = async () => { setIsLoading(true); try { const { txResult, reference, bodyBase64Hash } = await pay( async (senderAddr: string) => { // Build the payment message const { message, reference, bodyBase64Hash } = await createTonPayTransfer( { amount: 3.5, asset: "TON", recipientAddr: "", senderAddr, commentToSender: "Order #12345", }, { chain: "testnet" } // change to "mainnet" only after full validation ); return { message, reference, bodyBase64Hash }; } ); console.log("Payment sent:", txResult); console.log("Tracking:", reference, bodyBase64Hash); } catch (error) { console.error("Payment failed:", error); } finally { setIsLoading(false); } }; ```
The `useTonPay` hook automatically checks wallet connection. If the user is not connected, it opens the TON Connect modal first.
```tsx return ( ); } ``` ## Option 2: use TON Connect directly [#option-2-use-ton-connect-directly] Use TON Connect hooks directly when full control over the connection flow is required. ```tsx import { TonPayButton } from "@ton-pay/ui-react"; import { useTonAddress, useTonConnectModal, useTonConnectUI, } from "@tonconnect/ui-react"; import { createTonPayTransfer } from "@ton-pay/api"; import { useState } from "react"; ``` ```tsx function DirectPaymentComponent() { const address = useTonAddress(true); const modal = useTonConnectModal(); const [tonConnectUI] = useTonConnectUI(); const [isLoading, setIsLoading] = useState(false); ``` ```tsx const handlePay = async () => { // Check if wallet is connected if (!address) { modal.open(); return; } setIsLoading(true); try { // Create the payment message const { message } = await createTonPayTransfer( { amount: 1.2, asset: "TON", recipientAddr: "", senderAddr: "", commentToSender: "Invoice #5012", }, { chain: "mainnet" } // can be changed to testnet ); // Send the transaction await tonConnectUI.sendTransaction({ messages: [message], validUntil: Math.floor(Date.now() / 1000) + 5 * 60, from: address, }); console.log("Payment completed!"); } catch (error) { console.error("Payment failed:", error); } finally { setIsLoading(false); } }; ``` ```tsx return ; } ``` ## TonPayButton props [#tonpaybutton-props] All props are optional except `handlePay`. | Prop | Type | Default | Description | | ----------------------- | --------------------------- | ----------------- | --------------------------------------------------------------------------------------------------------------- | | `handlePay` | `() => Promise` | required | Payment handler called when the button is selected. | | `isLoading` | `boolean` | `false` | Shows a loading spinner and disables the button. | | `variant` | `"long"` \| `"short"` | `"long"` | Button text variant: "Pay with TON Pay" (long) or "TON Pay" (short). | | `preset` | `"default"` \| `"gradient"` | - | Predefined theme preset; overrides `bgColor` and `textColor`. | | `onError` | `(error: unknown) => void` | - | Called when `handlePay` throws. A built-in error popup is also shown unless `showErrorNotification` is `false`. | | `showErrorNotification` | `boolean` | `true` | Shows the built-in error notification popup on error. | | `bgColor` | `string` | `"#0098EA"` | Background color (hex) or CSS gradient. | | `textColor` | `string` | `"#FFFFFF"` | Text and icon color (hex). | | `borderRadius` | `number` \| `string` | `8` | Border radius in pixels or CSS value. | | `fontFamily` | `string` | `"inherit"` | Font family for button text. | | `width` | `number` \| `string` | `300` | Button width in pixels or CSS value. | | `height` | `number` \| `string` | `44` | Button height in pixels or CSS value. | | `loadingText` | `string` | `"Processing..."` | Text shown during loading state. | | `showMenu` | `boolean` | `true` | Shows the dropdown menu with wallet actions. | | `disabled` | `boolean` | `false` | Disables the button. | | `style` | `Record` | - | Additional inline styles. | | `className` | `string` | - | Additional CSS class name. | ## Customization [#customization] ### Button variants [#button-variants] [Use `useTonPay`](/applications/ton-pay/ui-integration/button-react#option-1:-using-usetonpay-hook-recommended) for a complete example. ```tsx Long variant (default) // Displays: "Pay with [TON icon] Pay" ``` ```tsx Short variant // Displays: "[TON icon] Pay" ``` ### Presets [#presets] [Use `useTonPay`](/applications/ton-pay/ui-integration/button-react#option-1:-using-usetonpay-hook-recommended) for a complete example. ```tsx Default preset // Blue theme: #0098EA ``` ```tsx Gradient preset // Gradient: #2A82EB to #0355CF ``` ### Custom styling [#custom-styling] [Use `useTonPay`](/applications/ton-pay/ui-integration/button-react#option-1:-using-usetonpay-hook-recommended) for a complete example. ```tsx ``` CSS gradients can be used in `bgColor`. For example: `"linear-gradient(135deg, #667eea 0%, #764ba2 100%)"`. ### Button states [#button-states] [Use `useTonPay`](/applications/ton-pay/ui-integration/button-react#option-1:-using-usetonpay-hook-recommended) for a complete example. ```tsx ``` ## Advanced patterns [#advanced-patterns] ### Error handling [#error-handling] ```tsx import { TonPayButton, useTonPay } from "@ton-pay/ui-react"; import { createTonPayTransfer } from "@ton-pay/api"; import { useState } from "react"; function PaymentWithErrors() { const { pay } = useTonPay(); const [isLoading, setIsLoading] = useState(false); const [error, setError] = useState(null); const handlePayment = async () => { setIsLoading(true); setError(null); try { await pay(async (senderAddr: string) => { const { message, reference, bodyBase64Hash } = await createTonPayTransfer( { amount: 5.0, asset: "TON", recipientAddr: "", senderAddr, }, { chain: "testnet" } ); return { message, reference, bodyBase64Hash }; }); // Show success message... } catch (err: any) { setError(err.message || "Payment failed. Please try again."); } finally { setIsLoading(false); } }; return (
{error &&
{error}
}
); } ``` #### Built-in error notification [#built-in-error-notification] `TonPayButton` catches errors thrown from `handlePay` and shows a notification pop-up with the error message. If a custom error UI is also rendered, both messages appear. Use either the built-in pop-up or a custom UI, but not both. #### Add a custom error handler [#add-a-custom-error-handler] Use `onError` for logging or custom notifications. Set `showErrorNotification={false}` to disable the built-in pop-up. ```tsx import { TonPayButton, useTonPay } from "@ton-pay/ui-react"; import { createTonPayTransfer } from "@ton-pay/api"; import { useState } from "react"; function PaymentWithCustomHandler() { const { pay } = useTonPay(); const [isLoading, setIsLoading] = useState(false); const handlePayment = async () => { setIsLoading(true); try { await pay(async (senderAddr: string) => { const { message } = await createTonPayTransfer( { amount: 3, asset: "TON", recipientAddr: "", senderAddr, }, { chain: "testnet" } ); return { message }; }); } finally { setIsLoading(false); } }; return ( { analytics.track("payment_error", { message: (error as any)?.message ?? String(error), }); // The toast/notification can go here }} showErrorNotification={false} /> ); } ``` Replace the pop-up with a custom UI. Catch errors inside `handlePay` and do not rethrow. When `handlePay` resolves, the button does not show the default pop-up. ```tsx import { TonPayButton, useTonPay } from "@ton-pay/ui-react"; import { createTonPayTransfer } from "@ton-pay/api"; import { useState } from "react"; function PaymentWithOwnUI() { const { pay } = useTonPay(); const [isLoading, setIsLoading] = useState(false); const [error, setError] = useState(null); const handlePayment = async () => { setIsLoading(true); setError(null); try { await pay(async (senderAddr: string) => { const { message } = await createTonPayTransfer( { amount: 2.5, asset: "TON", recipientAddr: "", senderAddr, }, { chain: "testnet" } ); return { message }; }); } catch (e: any) { // Handle the error here and DO NOT rethrow setError(e?.message ?? "Payment failed. Please try again."); } finally { setIsLoading(false); } }; return (
{error &&
{error}
}
); } ``` ## Server-side payment creation [#server-side-payment-creation] Create the payment message on a backend to store tracking identifiers and validate parameters before sending. Build an endpoint that returns the message for `TonPayButton`. ```ts // /api/create-payment app.post("/api/create-payment", async (req, res) => { const { amount, senderAddr, orderId } = req.body; const { message, reference, bodyBase64Hash } = await createTonPayTransfer( { amount, asset: "TON", recipientAddr: "", senderAddr, commentToSender: `Order ${orderId}`, }, { chain: "testnet" } ); // Store reference and bodyBase64Hash in the database await db.savePayment({ orderId, reference, bodyBase64Hash }); res.json({ message }); }); ``` ```tsx import { TonPayButton, useTonPay } from "@ton-pay/ui-react"; import { useState } from "react"; function ServerSidePayment() { const { pay } = useTonPay(); const [isLoading, setIsLoading] = useState(false); const handlePayment = async () => { setIsLoading(true); try { await pay(async (senderAddr: string) => { const response = await fetch("/api/create-payment", { method: "POST", headers: { "Content-Type": "application/json" }, body: JSON.stringify({ amount: 10.5, senderAddr, orderId: "", }), }); const data = await response.json(); return { message: data.message }; }); } finally { setIsLoading(false); } }; return ; } ```
Creating payments server-side allows storing tracking identifiers and validating payment parameters before sending.
## Test the integration [#test-the-integration] Run the interactive button showcase to test variants and styling. ```bash npm run test:button-react # or bun test:button-react ```
Running tests on mainnet can result in irreversible loss of real TON. Always use `chain: "testnet"` and testnet wallet addresses during development. Verify the network before switching to mainnet.
## Best practices [#best-practices] * Wrap payment calls in try-catch blocks and display user-friendly error messages. Network issues and cancellations are common. * Set `isLoading={true}` during payment processing to prevent double submissions and provide visual feedback. * Verify cart totals, user input, and business rules before calling the payment handler. * Use `chain: "testnet"` during development. Switch to `"mainnet"` only after validation. * Save `reference` and `bodyBase64Hash` to track payment status using [webhooks](/applications/ton-pay/webhooks). * After successful payment, show a confirmation message, redirect to a success page, or update the UI. # How to retrieve wallet information, jettons, and NFTs with WalletKit on the iOS platform (/applications/walletkit/ios/data)
All methods require an existing wallet instance. [Create or retrieve](/applications/walletkit/ios/wallets) a wallet before accessing data.
Retrieve wallet information, Jettons, and NFTs using WalletKit. ## Wallet information [#wallet-information] ### Balance [#balance] ```swift // Returns balance in nanoToncoin let balance = try await wallet.balance() ``` ### Address [#address] ```swift let address = wallet.address ``` ## Jettons [#jettons] ### Get all Jettons [#get-all-jettons] ```swift let jettons = try await wallet.jettons(limit: TONLimitRequest(limit: 10, offset: 0)) ``` ### Get specific Jetton balance [#get-specific-jetton-balance] ```swift // Address of a Jetton minter contract // E.g., EQCxE6mUtQJKFnGfaROTKOt1lZbDiiX1kCixRv7Nw2Id_sDs for USDT let jettonAddress = "" // Returns balance in nano with decimals count according to Jetton specification let balance = try await wallet.jettonBalance(jettonAddress: jettonAddress) ``` ### Get Jetton wallet address [#get-jetton-wallet-address] ```swift // Address of a Jetton minter contract // E.g., EQCxE6mUtQJKFnGfaROTKOt1lZbDiiX1kCixRv7Nw2Id_sDs for USDT let jettonAddress = "" let walletAddress = try await wallet.jettonWalletAddress(jettonAddress: jettonAddress) ``` ## NFTs [#nfts] ### Get all NFTs [#get-all-nfts] ```swift let nfts = try await wallet.nfts(limit: TONLimitRequest(limit: 10, offset: 0)) ``` ### Get specific NFT [#get-specific-nft] ```swift // Address of an NFT // E.g., EQDkT3BSIU3CTwnZG9ZIdyWYmcnuaAEwGr_dsS1RFYqBTanY let nftAddress = "" let nft = wallet.nft(address: nftAddress) ``` ## Next steps [#next-steps] Transfer Toncoin, Jettons and NFTs Create and manage TON wallets # How to connect to dApp and handle wallet events on the iOS platform (/applications/walletkit/ios/events)
Initialize WalletKit before adding an events handler. See the [initialization guide](/applications/walletkit/ios/init) for details.
## Connection [#connection] Before receiving and handling wallet events, set up an events handler and establish a connection with a dApp. ### Setting up events handler [#setting-up-events-handler] Create your own implementation of an events handler and add it to the WalletKit instance: ```swift import TONWalletKit class YourCustomWalletEventsHandler: TONBridgeEventsHandler { func handle(event: TONWalletKitEvent) throws { // Process the event or throw an error } } let eventsHandler = YourCustomWalletEventsHandler() try await walletKit.add(eventsHandler: eventsHandler) ``` If a handler is not needed anymore or needs to be replaced by some other handler, remove it: ```swift try await walletKit.remove(eventsHandler: eventsHandler) ``` ### Establishing connection with dApp [#establishing-connection-with-dapp] To establish a connection with a dApp, one needs a connection request URL from any source: copy/paste, QR code, deep link, etc. Send it to the WalletKit to initiate a connection request. ```swift try await walletKit.connect(url: /* connection url */) ``` Once the connection request is fired, the corresponding event will be sent to your event handler. The connection event contains an object you can use to display request information to your app's users and to approve (or reject) the request to complete connection establishment. ```swift class YourCustomWalletEventsHandler: TONBridgeEventsHandler { func handle(event: TONWalletKitEvent) throws { switch event { case .connectRequest(let request): // Send request object to appropriate screen // to display request information to app user break default: () } } } // Call an appropriate method corresponding to the user's response // To approve try await request.approve(walletAddress: /* TON wallet address */) // To reject try await request.reject(reason: /* rejection reason */) ``` After approval, the connection will be established, and the wallet service will be able to receive and handle other events associated with the corresponding TON wallet. ## Handling events [#handling-events] All event handling is made through a custom event handler. Received events carry a lot of useful information that can be displayed to the user to allow them to approve or reject the request based on their action. The only exception is a disconnection request. Even though it contains information you can show to a user, there is no need to approve or reject it on their end. ### Transaction event handling [#transaction-event-handling] ```swift class YourCustomWalletEventsHandler: TONBridgeEventsHandler { func handle(event: TONWalletKitEvent) throws { switch event { case .transactionRequest(let request): // Send request object to appropriate screen // to display request information to app user break default: () } } } // Call an appropriate method corresponding to the user's response // To approve try await request.approve() // To reject try await request.reject(reason: /* rejection reason */) ``` ### Sign data event handling [#sign-data-event-handling] ```swift class YourCustomWalletEventsHandler: TONBridgeEventsHandler { func handle(event: TONWalletKitEvent) throws { switch event { case .signDataRequest(let request): // Send request object to appropriate screen // to display request information to app user break default: () } } } // Call an appropriate method corresponding to the user's response // To approve try await request.approve() // To reject try await request.reject(reason: /* rejection reason */) ``` ### Disconnection event handling [#disconnection-event-handling] ```swift class YourCustomWalletEventsHandler: TONBridgeEventsHandler { func handle(event: TONWalletKitEvent) throws { switch event { case .disconnect(let info): // Send info object to appropriate screen // to display request information to app user break default: () } } } ``` Alternatively, explore the complete demo wallet with WalletKit integration: # How to initialize the TON Connect's WalletKit on the iOS platform (/applications/walletkit/ios/init) ## Creating configuration [#creating-configuration] The basic kit initialization consists of creating a corresponding object by passing it a minimal set of necessary arguments. Pick a TON network to operate on, a wallet manifest, and feature configurations. Here is an example of a minimal configuration: ```swift import TONWalletKit // URL of the wallet's implementation of the HTTP bridge: // https://github.com/ton-connect/docs/blob/main/bridge.md#http-bridge // // Can be different, e.g., https://bridge.tonapi.io/bridge let bridgeURL = "https://connect.ton.org/bridge" let features: [TONWalletKitConfiguration.Feature] = [ // Wallet can send transactions. TONWalletKitConfiguration.SendTransactionFeature( // Max number of messages that can be sent in a single transaction. // Depends on the TON wallet used, because different kinds can handle // different number of messages. maxMessages: 1, // Are messages sending extra-currencies supported? extraCurrencySupported: false ), TONWalletKitConfiguration.SignDataFeature(types: [ // Types of data to sign. .text, .binary, .cell ]), ] let configuration = TONWalletKitConfiguration( network: .mainnet, /* or .testnet */ walletManifest: TONWalletKitConfiguration.Manifest( name: "Name of your wallet service", appName: "your_wallet_service_id", /* e.g. best_ton_wallet_service */ imageUrl: "https:///image.png", aboutUrl: "https:///about", universalLink: "https:///universal-link", bridgeUrl: bridgeURL ), features: features ) ``` ## Creating WalletKit instance [#creating-walletkit-instance] Once you have a configuration, create an instance of the kit: ```swift import TONWalletKit // Instructs how to store intermediate events and other data from the WalletKit. let storage: TONWalletKitStorageType = .memory // .keychain or .custom(/* custom storage */) // Instance let walletKit = try await TONWalletKit.initialize( configuration: configuration, storage: storage ) ``` ### Creating custom storage [#creating-custom-storage] One can implement a custom storage and provide it during initialization: ```swift import TONWalletKit class YourCustomStorage: TONWalletKitStorage { func save(key: String, value: String) throws { ... } func get(key: String) throws -> String? { ... } func remove(key: String) throws { ... } func clear() throws { ... } } let walletKit = try await TONWalletKit.initialize( configuration: configuration, storage: .custom(YourCustomStorage()) ) ``` # How to install the TON Connect's WalletKit on the iOS platform (/applications/walletkit/ios/installation) ## Requirements [#requirements] * iOS 13.0+ * Swift 5.9+ ## Adding WalletKit to XCode project [#adding-walletkit-to-xcode-project] 1. Open the project in XCode 2. Go to `File` → `Add Package Dependencies` 3. Search for WalletKit package by URL: [`https://github.com/ton-connect/kit-ios.git`](https://github.com/ton-connect/kit-ios.git) 4. Tap the Add Package button ## Adding WalletKit to Swift package [#adding-walletkit-to-swift-package] 1. Open the package's `Package.swift` manifest file 2. Add a dependency: ```swift dependencies: [ .package(url: "https://github.com/ton-connect/kit-ios.git", .upToNextMajor(from: "0.0.2")) ] ``` 3. Add a product to the target: ```swift .product(name: "TONWalletKit", package: "TONWalletKit") ``` Alternatively, explore the complete demo wallet with WalletKit integration: # How to transfer Toncoin, Jettons and NFTs with WalletKit on the iOS platform (/applications/walletkit/ios/transactions)
All methods require an existing wallet instance. [Create or retrieve](/applications/walletkit/ios/wallets) a wallet before accessing data.
Create transactions to send Toncoin, Jettons, and NFTs, or generate previews for users. ## Creating a transaction [#creating-a-transaction] Before sending any transaction to the blockchain, initialize it for the appropriate asset: Toncoin, Jetton, or NFT. ### Toncoin [#toncoin] ```swift // Transaction for 1 Toncoin let amountFormatter = TONTokenAmountFormatter() // Provide the user's input here guard let amount = amountFormatter.amount(from: "1") else { return } let message = TONTransferMessage( // TON wallet address toAddress: address, amount: amount, ) let transaction = try await wallet.transferTONTransaction(message: message) ``` ### Jettons [#jettons] ```swift // Transaction for 1 Jetton of some kind (e.g., USDT) let amountFormatter = TONTokenAmountFormatter() amountFormatter.nanoUnitDecimalsNumber = 6 // Provide the user's input here guard let amount = amountFormatter.amount(from: "1") else { return } let parameters = TONJettonTransferParams( // TON wallet address toAddress: address, // Address of a Jetton minter contract jettonAddress: jettonAddress, amount: amount, ) let transaction = try await wallet.transferJettonTransaction(parameters: parameters) ``` ### NFTs [#nfts] ```swift let parameters = TONNFTTransferParamsHuman( // TON wallet address toAddress: address, // Address of an NFT item contract nftAddress: nft.address, ) let transaction = try await wallet.transferNFTTransaction(parameters: parameters) ``` ## Transaction Preview [#transaction-preview] Once a transaction object is created, present a preview to the user before sending it. ```swift let preview = try await wallet.preview(transaction: transaction) ``` ## Sending a transaction [#sending-a-transaction] ```swift try await wallet.send(transaction: transaction) ``` ## Next steps [#next-steps] Get wallet information, Jettons, and NFTs Create and manage TON wallets # How to manage TON wallets with WalletKit on the iOS platform (/applications/walletkit/ios/wallets)
Initialize the WalletKit before managing wallets. See the [initialization guide](/applications/walletkit/ios/init) for details.
The SDK provides a comprehensive API for creating, retrieving, and managing wallets. All wallet operations follow a three-step pattern. ## Creation pattern [#creation-pattern] The SDK uses a three-step pattern for creating wallets, providing fine-grained control over key management and wallet configuration: 1. Create a signer: generate or import cryptographic keys 2. Create an adapter: configure wallet version and network settings 3. Add the wallet: register the wallet with the SDK ## Creating wallets from mnemonic [#creating-wallets-from-mnemonic] Import an existing wallet from a mnemonic: ```swift let mnemonic = TONMnemonic(value: ["word1", "word2", /* ... 24 words ... */]) let signer = try await walletKit.signer(mnemonic: mnemonic) let adapter = try await walletKit.walletV5R1Adapter( signer: signer, parameters: .init(network: .mainnet) ) let wallet = try await walletKit.add(walletAdapter: adapter) ```
Always store mnemonic phrases securely using platform-specific encrypted storage. Never store them in plain text or as part of the code.
## Creating wallets from secret key [#creating-wallets-from-secret-key] For externally managed keys: ```swift let privateKey = /* 32-byte private key as Data */ let signer = try await walletKit.signer(privateKey: privateKey) let adapter = try await walletKit.walletV5R1Adapter( signer: signer, parameters: .init(network: .mainnet) ) let wallet = try await walletKit.add(walletAdapter: adapter) ``` ## Wallet versions [#wallet-versions] The SDK supports multiple wallet contract versions: V5R1 and V4R2. ### V5R1 (Recommended) [#v5r1-recommended] The latest wallet version with improved features and gas optimization: ```swift let adapter = try await walletKit.walletV5R1Adapter( signer: signer, parameters: .init(network: .mainnet) ) ``` ### V4R2 (Compatible) [#v4r2-compatible] Widely supported legacy version: ```swift let adapter = try await walletKit.walletV4R2Adapter( signer: signer, parameters: .init(network: .mainnet) ) ``` ## Retrieving wallets [#retrieving-wallets] Get all wallets managed by the SDK: ```swift let wallets = try await walletKit.wallets() ``` Get a specific wallet by an address: ```swift let wallet = try walletKit.wallet(address: "") ``` ## Removing wallets [#removing-wallets] Remove a single wallet: ```swift try await walletKit.remove(walletAddress: "") ``` ## Next steps [#next-steps] Learn how to handle dApp connections and other events Get balances, Jettons, and NFTs # How to inject TON's WalletKit into WebView on iOS platform (/applications/walletkit/ios/webview)
Initialize the WalletKit before injecting it into WebView. See the [initialization guide](/applications/walletkit/ios/init) for details.
Injecting WalletKit into WebView allows integrating the wallet service with a dApp running in a native WebView and handling its events. To do so, obtain the dApp injection bridge key — it is the name under which the dApp injects itself in the `window` object. ```swift import TONWalletKit import WebKit let webView = WKWebView() try webView.inject(walletKit: walletKit, key: /* dApp bridge key */) webView.load(URLRequest(url: /* dApp URL */)) ``` After the injection is complete, handle dApp events from a [custom events handler](/applications/walletkit/android/events). # How to retrieve wallet information, jettons, and NFTs with WalletKit on the Android platform (/applications/walletkit/android/data)
All methods require an existing wallet instance. [Create or retrieve](/applications/walletkit/android/wallets) a wallet before accessing data.
Retrieve wallet information, Jettons, and NFTs using WalletKit. ## Wallet information [#wallet-information] ### Balance [#balance] ```kotlin // Returns balance in nanoToncoin val balance = wallet.getBalance() ``` ### Address [#address] ```kotlin val address = wallet.address ``` ## Jettons [#jettons] ### Get all Jettons [#get-all-jettons] ```kotlin val jettons = wallet.getJettons(limit = 10, offset = 0) ``` ### Get specific Jetton balance [#get-specific-jetton-balance] ```kotlin // Address of a Jetton minter contract // E.g., EQCxE6mUtQJKFnGfaROTKOt1lZbDiiX1kCixRv7Nw2Id_sDs for USDT val jettonAddress = "" // Returns balance in nanoToncoin with decimals count according to Jetton specification val balance = wallet.getJettonBalance(jettonAddress) ``` ### Get Jetton wallet address [#get-jetton-wallet-address] ```kotlin // Address of a Jetton minter contract // E.g., EQCxE6mUtQJKFnGfaROTKOt1lZbDiiX1kCixRv7Nw2Id_sDs for USDT val jettonAddress = "" val walletAddress = wallet.getJettonWalletAddress(jettonAddress) ``` ## NFTs [#nfts] ### Get all NFTs [#get-all-nfts] ```kotlin val nfts = wallet.getNFTItems(limit = 10, offset = 0) ``` ### Get specific NFT [#get-specific-nft] ```kotlin // Address of an NFT item contract // E.g., EQDkT3BSIU3CTwnZG9ZIdyWYmcnuaAEwGr_dsS1RFYqBTanY val nftAddress = "" val nft = wallet.getNFT(nftAddress) ``` ## Next steps [#next-steps] Transfer Toncoin, Jettons and NFTs Create and manage TON wallets # How to connect to dApp and handle wallet events on the Android platform (/applications/walletkit/android/events)
Initialize WalletKit before adding an events handler. See the [initialization guide](/applications/walletkit/android/init) for details.
## Connection [#connection] Before receiving and handling wallet events, set up an events handler and establish a connection with a dApp. ### Setting up events handler [#setting-up-events-handler] Create your own implementation of an events handler and add it to the WalletKit instance: ```kotlin import io.ton.walletkit.ITONWalletKit import io.ton.walletkit.listener.TONBridgeEventsHandler import io.ton.walletkit.event.TONWalletKitEvent class YourCustomWalletEventsHandler : TONBridgeEventsHandler { override fun handle(event: TONWalletKitEvent) { // Process the event or throw an error } } val eventsHandler = YourCustomWalletEventsHandler() walletKit.addEventsHandler(eventsHandler) ``` If a handler is not needed anymore or needs to be replaced by some other handler, remove it: ```kotlin walletKit.removeEventsHandler(eventsHandler) ``` ### Establishing connection with dApp [#establishing-connection-with-dapp] To establish a connection with a dApp, one needs a connection request URL from any source: copy/paste, QR code, deep link, etc. Send it to the WalletKit to initiate a connection request. ```kotlin wallet.connect(/* connection url */) ``` Once the connection request is fired, the corresponding event will be sent to your event handler. The connection event contains an object you can use to display request information to your app's users and to approve (or reject) the request to complete connection establishment. ```kotlin class YourCustomWalletEventsHandler : TONBridgeEventsHandler { override fun handle(event: TONWalletKitEvent) { when (event) { is TONWalletKitEvent.ConnectRequest -> { // Send request object to appropriate screen // to display request information to app user } else -> {} } } } // Call an appropriate method corresponding to the user's response // To approve request.approve(walletAddress = /* TON wallet address */) // To reject request.reject(reason = /* rejection reason */) ``` After approval, the connection will be established, and the wallet service will be able to receive and handle other events associated with the corresponding TON wallet. ## Handling events [#handling-events] All event handling is made through a custom event handler. Received events carry a lot of useful information that can be displayed to the user to allow them to approve or reject the request based on their action. The only exception is a disconnection request. Even though it contains information you can show to a user, there is no need to approve or reject it on their end. ### Transaction event handling [#transaction-event-handling] ```kotlin class YourCustomWalletEventsHandler : TONBridgeEventsHandler { override fun handle(event: TONWalletKitEvent) { when (event) { is TONWalletKitEvent.TransactionRequest -> { // Send request object to appropriate screen // to display request information to app user } else -> {} } } } // Call an appropriate method corresponding to the user's response // To approve request.approve() // To reject request.reject(reason = /* rejection reason */) ``` ### Sign data event handling [#sign-data-event-handling] ```kotlin class YourCustomWalletEventsHandler : TONBridgeEventsHandler { override fun handle(event: TONWalletKitEvent) { when (event) { is TONWalletKitEvent.SignDataRequest -> { // Send request object to appropriate screen // to display request information to app user } else -> {} } } } // Call an appropriate method corresponding to the user's response // To approve request.approve() // To reject request.reject(reason = /* rejection reason */) ``` ### Disconnection event handling [#disconnection-event-handling] ```kotlin class YourCustomWalletEventsHandler : TONBridgeEventsHandler { override fun handle(event: TONWalletKitEvent) { when (event) { is TONWalletKitEvent.Disconnect -> { // Send info object to appropriate screen // to display request information to app user } else -> {} } } } ``` Alternatively, explore the complete demo wallet with WalletKit integration: # How to initialize the TON Connect's WalletKit on the Android platform (/applications/walletkit/android/init) ## Creating configuration [#creating-configuration] The basic kit initialization consists of creating a corresponding object by passing it a minimal set of necessary arguments. Pick a TON network to operate on, a wallet manifest, and feature configurations. Here is an example of a minimal configuration: ```kotlin import io.ton.walletkit.ITONWalletKit import io.ton.walletkit.config.TONWalletKitConfiguration import io.ton.walletkit.config.SignDataType import io.ton.walletkit.model.TONNetwork // URL of the wallet's implementation of the HTTP bridge: // https://github.com/ton-connect/docs/blob/main/bridge.md#http-bridge // // Can be different, e.g., https://bridge.tonapi.io/bridge val bridgeURL = "https://connect.ton.org/bridge" val features = listOf( // Wallet can send transactions. TONWalletKitConfiguration.SendTransactionFeature( // Max number of messages that can be sent in a single transaction. // Depends on the TON wallet used, because different kinds can handle // different number of messages. maxMessages = 1, // Are messages sending extra-currencies supported? extraCurrencySupported = false ), TONWalletKitConfiguration.SignDataFeature( types = listOf( // Types of data to sign. SignDataType.TEXT, SignDataType.BINARY, SignDataType.CELL ) ) ) val configuration = TONWalletKitConfiguration( network = TONNetwork.MAINNET, /* or TONNetwork.TESTNET */ walletManifest = TONWalletKitConfiguration.Manifest( name = "Name of your wallet service", appName = "your_wallet_service_id", /* e.g. best_ton_wallet_service */ imageUrl = "https:///image.png", aboutUrl = "https:///about", universalLink = "https:///universal-link", bridgeUrl = bridgeURL ), bridge = TONWalletKitConfiguration.Bridge( bridgeUrl = bridgeURL ), features = features ) ``` ### Storage configuration [#storage-configuration] By default, WalletKit uses persistent storage. To set a different behavior, use the `storage` parameter when [creating a new configuration](#creating-configuration): ```kotlin val configuration = TONWalletKitConfiguration( // ...other fields... storage = TONWalletKitConfiguration.Storage( persistent = true // or false for memory-only storage ) ) ``` ## Creating WalletKit instance [#creating-walletkit-instance] Once you have a configuration, create an instance of the kit: ```kotlin import io.ton.walletkit.ITONWalletKit // Instance val walletKit = ITONWalletKit.initialize( context = context, config = configuration ) ``` # How to install the TON Connect's WalletKit on the Android platform (/applications/walletkit/android/installation) ## Requirements [#requirements] * Android SDK 26+ * Java 17+ * Gradle 7.0+ * Up-to-date Android System WebView (tested with 138.0.7204.179+) ## Adding WalletKit to project [#adding-walletkit-to-project] 1. Add the dependency to the app's `build.gradle.kts` file: ```kotlin dependencies { // See https://central.sonatype.com/artifact/org.ton/walletkit-android/versions implementation("org.ton:walletkit-android:+") } ``` 2. Ensure Maven Central is included in the repository list: ```kotlin repositories { google() mavenCentral() } ``` ## Permissions [#permissions] Add the required permission to the `AndroidManifest.xml`: ```xml ``` Alternatively, explore the complete demo wallet with WalletKit integration: # How to transfer Toncoin, Jettons and NFTs with WalletKit on the Android platform (/applications/walletkit/android/transactions)
All methods require an existing wallet instance. [Create or retrieve](/applications/walletkit/android/wallets) a wallet before accessing data.
Create transactions to send Toncoin, Jettons, and NFTs, or generate previews for users. ## Creating a transaction [#creating-a-transaction] Before sending any transaction to the blockchain, initialize it for the appropriate asset: Toncoin, Jetton, or NFT. ### Toncoin [#toncoin] ```kotlin val message = TONTransferParams( // TON wallet address toAddress = "", // 1 Toncoin in nanoToncoin format amount = "1000000000" ) val transaction = wallet.createTransferTonTransaction(message) ``` ### Jettons [#jettons] ```kotlin val parameters = TONJettonTransferParams( // TON wallet address toAddress = "", // Address of a Jetton minter contract // E.g., EQCxE6mUtQJKFnGfaROTKOt1lZbDiiX1kCixRv7Nw2Id_sDs for USDT jettonAddress = "", // 1 token in Jetton units amount = "1000000" ) val transaction = wallet.createTransferJettonTransaction(parameters) ``` ### NFTs [#nfts] ```kotlin val parameters = TONNFTTransferParamsHuman( // TON wallet address toAddress = "", // Address of an NFT item contract // E.g., EQDkT3BSIU3CTwnZG9ZIdyWYmcnuaAEwGr_dsS1RFYqBTanY nftAddress = "", ) val transaction = wallet.createTransferNFTTransaction(parameters) ``` ## Transaction Preview [#transaction-preview] Once a transaction object is created, present a preview to the user before sending it. ```kotlin val preview = wallet.getTransactionPreview(transaction) ``` ## Sending a transaction [#sending-a-transaction] ```kotlin wallet.sendTransaction(transaction) ``` ## Next steps [#next-steps] Get wallet information, Jettons, and NFTs Create and manage TON wallets # How to manage TON wallets with WalletKit on the Android platform (/applications/walletkit/android/wallets)
Initialize the WalletKit before managing wallets. See the [initialization guide](/applications/walletkit/android/init) for details.
The SDK provides a comprehensive API for creating, retrieving, and managing wallets. All wallet operations follow a three-step pattern. ## Creation pattern [#creation-pattern] The SDK uses a three-step pattern for creating wallets, providing fine-grained control over key management and wallet configuration: 1. Create a signer: generate or import cryptographic keys 2. Create an adapter: configure wallet version and network settings 3. Add the wallet: register the wallet with the SDK ## Creating wallets from mnemonic [#creating-wallets-from-mnemonic] Import an existing wallet from a mnemonic: ```kotlin val mnemonic = listOf("word1", "word2", /* ... 24 words ... */) val signer = walletKit.createSignerFromMnemonic(mnemonic) val adapter = walletKit.createV5R1Adapter( signer = signer, network = TONNetwork.MAINNET ) val wallet = walletKit.addWallet(adapter.adapterId) ```
Always store mnemonic phrases securely using platform-specific encrypted storage. Never store them in plain text or as part of the code.
## Creating wallets from secret key [#creating-wallets-from-secret-key] For externally managed keys: ```kotlin val secretKey = /* 32-byte secret key as ByteArray */ val signer = walletKit.createSignerFromSecretKey(secretKey) val adapter = walletKit.createV5R1Adapter( signer = signer, network = TONNetwork.MAINNET ) val wallet = walletKit.addWallet(adapter.adapterId) ``` ## Wallet versions [#wallet-versions] The SDK supports multiple wallet contract versions: V5R1 and V4R2. ### V5R1 (Recommended) [#v5r1-recommended] The latest wallet version with improved features and gas optimization: ```kotlin val adapter = walletKit.createV5R1Adapter( signer = signer, network = TONNetwork.MAINNET ) ``` ### V4R2 (Compatible) [#v4r2-compatible] Widely supported legacy version: ```kotlin val adapter = walletKit.createV4R2Adapter( signer = signer, network = TONNetwork.MAINNET ) ``` ## Retrieving wallets [#retrieving-wallets] Get all wallets managed by the SDK: ```kotlin val wallets = walletKit.getWallets() ``` Get a specific wallet by an address: ```kotlin val wallet = walletKit.getWallet("") ``` ## Removing wallets [#removing-wallets] Remove a single wallet: ```kotlin walletKit.removeWallet("") ``` ## Next steps [#next-steps] Learn how to handle dApp connections and other events Get balances, Jettons, and NFTs # How to inject TON's WalletKit into WebView on Android platform (/applications/walletkit/android/webview)
Initialize the WalletKit before injecting it into WebView. See the [initialization guide](/applications/walletkit/android/init) for details.
Injecting WalletKit into WebView allows integrating the wallet service with a dApp running in a native WebView and handling its events. To do so, enable JavaScript in the WebView and inject `TonConnect`. ```kotlin import android.webkit.WebView import io.ton.walletkit.ITONWalletKit import io.ton.walletkit.extensions.injectTonConnect val webView = WebView(context) webView.settings.javaScriptEnabled = true webView.injectTonConnect(walletKit) webView.loadUrl(/* dApp URL */) ``` After the injection is complete, handle dApp events from a [custom events handler](/applications/walletkit/android/events). # How to handle connections with WalletKit on the Web platform (/applications/walletkit/web/connections)
[Initialize the WalletKit](/applications/walletkit/web/init) and [set up at least one TON wallet](/applications/walletkit/web/wallets) before using examples on this page.
To use a wallet service for initiating blockchain transactions and signing data, dApps need to set up a connection over the bridge first. Connection is established via `connect` requests and terminated via `disconnect` requests. ## Connection flow [#connection-flow] Standard flow looks as follows: 1. User clicks a "Connect wallet" button in the dApp, selecting the desired wallet service 2. WalletKit processes the connection URL and triggers the `onConnectRequest()` method 3. WalletKit instructs the wallet service to show a connection request preview, waiting for the user's approval 4. User approves or rejects a connection
The flow can be started by scanning a QR code from a dApp in the wallet service, or by following a deep link from a dApp to the wallet service. In both cases, WalletKit will process the URL via the `handleTonConnectUrl()` method, then fire a `connect` event for the `onConnectRequest()` method to handle.
If the connection was approved, the dApp could proceed to send various transaction or data sign requests. If it was rejected, the dApp can repeat the flow. If a user decides to disconnect a wallet at any point, the `disconnect` request will be issued and the `onDisconnect()` method of the WalletKit will handle it. ## Handlers [#handlers] To work with connection-specific requests, the WalletKit offers three methods which expect processing functions as callbacks: * The `onConnectRequest()` method processes connection requests * The `onDisconnect()` method processes disconnection requests * The `onRequestError()` method allows to [handle errors](/applications/walletkit/web/events#handle-request-errors) arising in any of the requests ### Handle `onConnectRequest` [#handle-onconnectrequest] When a user wants to connect a TON wallet from the dApp, the dApp fires the `connect` request over the bridge. The wallet service then handles it with the `onConnectRequest` method of the WalletKit. On the dApp side, this flow is often initiated by pressing the "Connect a wallet" button, followed by selecting the user's wallet service. Additionally, a dApp can produce a [QR code or a deep link](#qr-codes-and-deep-links), which initiate the connection flow from within the wallet service. ```ts title="TypeScript" kit.onConnectRequest(async (event) => { try { const wallets = kit.getWallets(); if (wallets.length === 0) { // Make sure to present a message to the user. console.log('No wallets available'); await kit.rejectConnectRequest(event, 'No wallets available'); return; } const dappName = event.preview.dAppInfo?.name || 'Unknown dApp'; const dappUrl = event.preview.dAppInfo?.url || event.preview.dAppInfo?.manifestUrl || 'Unknown URL'; // Show the connection confirmation UI to the user of the wallet service if (confirm(`Connect to ${dappName} from ${dappUrl}?`)) { // Set `walletId` on the request before approving event.walletId = wallets[0].getWalletId(); await kit.approveConnectRequest(event); console.log('Connected to:', dappName); } else { await kit.rejectConnectRequest(event, 'User rejected'); console.log('Connection rejected by a user'); } } catch (error) { console.error('Connection handler error:', error); await kit.rejectConnectRequest(event, 'Fatal error in the connection handler'); } }); ``` #### Wallet selection [#wallet-selection] When there are several TON wallets added, ask the user to select one before approving the connection request. ```ts title="TypeScript" kit.onConnectRequest(async (event) => { try { const wallets = kit.getWallets(); if (wallets.length === 0) { // Make sure to present a message to the user. console.log('No wallets available'); await kit.rejectConnectRequest(event, 'No wallets available'); return; } // Selecting the 1st TON wallet by default let selectedWallet = { ok: true, wallet: wallets[0] }; // Yet, asking the user to pick one if there are many if (wallets.length > 1) { // Here, uiSelectWallet() is assumed to be implemented elsewhere: // it takes the list of wallets and provides the user with a choice // to pick one from the list, then returns with the picked option // or a rejection if there was none. selectedWallet = await uiSelectWallet(wallets); } if (!selectedWallet.ok) { // Make sure to present a message to the user. console.log('No wallet selected'); await kit.rejectConnectRequest(event, 'No wallet selected'); return; } const dappName = event.preview.dAppInfo?.name || 'Unknown dApp'; const dappUrl = event.preview.dAppInfo?.url || event.preview.dAppInfo?.manifestUrl || 'Unknown URL'; // Show the connection confirmation UI to the user of the wallet service if (confirm(`Connect to ${dappName} from ${dappUrl}?`)) { // Set `walletId` on the request before approving event.walletId = selectedWallet.wallet.getWalletId(); await kit.approveConnectRequest(event); console.log('Connected to:', dappName); } else { await kit.rejectConnectRequest(event, 'User rejected'); console.log('Connection rejected by a user'); } } catch (error) { console.error('Connection handler error:', error); await kit.rejectConnectRequest(event, 'Fatal error in the connection handler'); } }); ``` #### QR codes and deep links [#qr-codes-and-deep-links] The `handleTonConnectUrl()` method of the WalletKit parses a TON Connect link and creates a new [connection request event](#handle-onconnectrequest). Usually, this link comes from a QR code generated on the dApp side, but it can also be provided within the mobile dApp as a deep link. ```ts title="TypeScript" async function handleQrCode(content: string) { try { // On success, this will fire the onConnectRequest handler: await kit.handleTonConnectUrl(content); } catch (error) { console.error('Invalid QR code:', error); // Make sure to present an error to the user. throw new Error('Failed to process TON Connect QR code'); } } async function handleDeepLink(url: string) { if (url.startsWith('tc://') || url.includes('ton-connect')) { try { // On success, this will fire the onConnectRequest handler: await kit.handleTonConnectUrl(url); } catch (error) { console.error('Invalid link:', error); // Make sure to present an error to the user. throw new Error('Failed to process TON Connect deep link'); } } } ``` ### Handle `onDisconnect` [#handle-ondisconnect] When a user disconnects a wallet service and its TON wallet from the dApp, the dApp fires the `disconnect` request over the bridge. The wallet service then handles it with the `onDisconnect` method of the WalletKit. ```ts title="TypeScript" kit.onDisconnect(async (event) => { // Clean up any UI state related to this connection. console.log(`Disconnected from a dApp that used this TON wallet: ${event.walletAddress}`); }); ``` ## Next steps [#next-steps] ## See also [#see-also] * [WalletKit overview](/applications/walletkit/overview) * [TON Connect overview](/applications/ton-connect/overview) # How to handle other events with WalletKit on the Web platform (/applications/walletkit/web/events)
[Initialize the WalletKit](/applications/walletkit/web/init), [set up at least one TON wallet](/applications/walletkit/web/wallets) and [handle connection requests](/applications/walletkit/web/connections) before using examples on this page.
In total, there are five distinct kinds of incoming requests from the TON Connect bridge. They form the corresponding events and their handlers: | Incoming request | WalletKit method to listen and process the request | | ------------------- | ------------------------------------------------------------------------------------------ | | `connect` | [`onConnectRequest()`](/applications/walletkit/web/connections#handle-onconnectrequest) | | `disconnect` | [`onDisconnect()`](/applications/walletkit/web/connections#handle-ondisconnect) | | `transaction` | [`onTransactionRequest()`](/applications/walletkit/web/events#handle-ontransactionrequest) | | `signData` | [`onSignDataRequest()`](/applications/walletkit/web/events#handle-onsigndatarequest) | | `restoreConnection` | None — this is a connection health check of the JS bridge | | Any event error | [`onRequestError()`](#handle-request-errors) | ## Handle `onTransactionRequest` [#handle-ontransactionrequest] If a dApp is connected to the wallet service, the former can request to initiate a blockchain transaction, which fires the `transaction` request over the bridge. The wallet service then handles it with the `onTransactionRequest` method of the WalletKit. On TON, transactions are initiated by sending an external message to the TON wallet contract, which then processes it and sends internal messages as requested. To estimate money flows for planned transactions, WalletKit uses emulation via the configured API client, if supported.
The API client in use is determined by the required [`networks` configuration parameter](/applications/walletkit/web/init#param-networks) during [WalletKit initialization](/applications/walletkit/web/init#initialization).
```ts title="TypeScript" kit.onTransactionRequest(async (event) => { try { if (!event.preview.data) { console.log('Transaction emulation skipped'); } else if (event.preview.data.result === 'success') { // If the emulation was successful, // show net asset changes to the user for a confirmation. // There, positive amounts mean incoming transfers, // and negative mean outgoing ones. console.log(event.preview.data.moneyFlow?.ourTransfers ?? []); } else { // Transaction emulation was not successful, // but you can still allow a user to proceed — with a warning. console.warn('Transaction emulation failed'); } if (confirm('Do you confirm this transaction?')) { await kit.approveTransactionRequest(event); } else { await kit.rejectTransactionRequest(event, 'User rejected'); } } catch (error) { console.error('Transaction handler error:', error); await kit.rejectTransactionRequest(event, 'Fatal error in the connection handler'); } }); ``` ## Handle `onSignDataRequest` [#handle-onsigndatarequest] If a dApp is connected to the wallet service, the former can request to sign data with the private key used by the selected TON wallet, which fires the `signData` request over the bridge. The wallet service then handles it with the `onSignDataRequest` method of the WalletKit. The data to sign can be of several kinds: `text`, `binary`, or a raw [`cell`](/blockchain-basics/primitives/serialization/cells). ```ts title="TypeScript" kit.onSignDataRequest(async (event) => { try { // Data to be signed can be of three distinct types. // Depending on a type, show it to the user for a confirmation. const dataToSign = event.payload.data; switch (dataToSign.type) { case 'text': console.log(dataToSign.value.content); break; case 'binary': console.log(dataToSign.value.content); break; case 'cell': // The `request.cell` contains a hex-encoded string with a serialized cell // and the `request.schema` describes a TL-B schema to parse the `request.cell` console.log(dataToSign.value.content); console.log(dataToSign.value.schema); break; } if (confirm('Do you confirm this data sign request?')) { try { // Sign the data with the user's approval const result = await kit.approveSignDataRequest(event); console.log('Signed successfully:', result); } catch (error) { console.error('Signing failed:', error); } } else { await kit.rejectSignDataRequest(event, 'User rejected'); } } catch (error) { console.error('Data sign handler error:', error); await kit.rejectSignDataRequest(event, 'Fatal error in the data sign handler'); } }); ``` ## Handle request errors [#handle-request-errors] Upon any error in any of the requests, the `onRequestError()` method is invoked. Provide it with a callback function that would handle arbitrary errors and display useful information to the user. ```ts title="TypeScript" kit.onRequestError(async (event) => { console.error('Error in request ID:', event.id); console.error('Details:', event.error); console.error('Data:', event.data); }); ``` ## Next steps [#next-steps] ## See also [#see-also] * [WalletKit overview](/applications/walletkit/overview) * [TON Connect overview](/applications/ton-connect/overview) # How to initialize the TON Connect's WalletKit on the Web platform (/applications/walletkit/web/init) Before initializing the TON Connect's WalletKit, install it in the web project: ```shell npm i @ton/walletkit ``` Alternatively, explore the complete demo wallet with WalletKit integration: ## Initialization [#initialization] The basic kit initialization consists of creating a corresponding object by passing it a minimal set of necessary arguments: TON networks to operate on. Yet, it is often useful to configure optional parameters right away — the following example also specifies core wallet information, TON Connect manifest, and bridge settings. ```ts import { // Main class TonWalletKit, // Network object Network, // Helper functions createDeviceInfo, createWalletManifest, } from '@ton/walletkit'; // 0. Create a kit object. const kit = new TonWalletKit({ // 1. Configure networks. networks: { // Production network. All contracts and funds are real. [Network.mainnet().chainId]: { apiClient: { // Most commonly used, official API provider. url: 'https://toncenter.com', // A key to access higher RPS limits. // Get it from https://t.me/toncenter key: '', }, }, // Testing network. For experiments, beta tests, and feature previews. [Network.testnet().chainId]: { apiClient: { url: 'https://testnet.toncenter.com', key: '', }, }, }, // 2. Specify core information and constraints of the given wallet. deviceInfo: createDeviceInfo({ // Version of your wallet appVersion: '0.0.1', // The rest of the params will have default values set for you, // including the features your wallet should support, // maximum supported TON Connect protocol version, // human-readable name of your wallet, // and a current platform ('browser'). }), // 3. Specify the TON Connect's wallet manifest. // The following function provides initial defaults, // but you may want to specify some custom values, // such as the human-readable name of your wallet or its icon image url. walletManifest: createWalletManifest(), // 4. Specify the TON Connect's bridge settings bridge: { // The main TON Connect bridge for dApp communication. // It is capable to withstand significant load. // // To self-host, see https://github.com/ton-connect/bridge bridgeUrl: 'https://connect.ton.org/bridge', }, }); // 5. Finally, wait for the initialization to complete await kit.waitForReady(); ``` See also: [TON Connect's wallet manifest](/ecosystem/ton-connect/manifest#wallet-manifest).
The given example must be invoked in **browser environments only**. To run it locally with Node.js or other JS runtimes, set `storage.allowMemory` to `true`. It enables a built-in storage adapter for non-browser environments that do not have `localStorage` available. ```ts const kit = new TonWalletKit({ // ...prior fields... storage: { allowMemory: true }, // ...later fields... }); ``` Remember to disable this adapter in web environments or provide a dedicated [`storage` adapter](#param-storage) wrapper to switch between environments.
## Configuration parameters [#configuration-parameters] ### Required [#required] For one or more TON networks, configure their respective API or RPC providers to interact with. ```ts import { Network } from '@ton/walletkit'; new TonWalletKit({ networks: { // Production network. All contracts and funds are real. [Network.mainnet().chainId]: { // "-239" apiClient: { // Most commonly used, official API provider. // // To self-host, see: // * Real-time API: https://github.com/toncenter/ton-http-api-cpp // * Indexer: https://github.com/toncenter/ton-indexer // It is important to put real-time API under `/api/v2` route and indexer API under `/api/v3` route. url: 'https://toncenter.com', // Optional key to access higher RPS limits. key: '', }, }, // Testing network. For experiments, beta tests, and feature previews. [Network.testnet().chainId]: { // "-3" apiClient: { url: 'https://testnet.toncenter.com', key: '', }, }, }, // ...later fields... }); ``` It is also possible to provide an entirely custom provider with its own `ApiClient` interface implementation. ```ts import { Network } from '@ton/walletkit'; new TonWalletKit({ networks: { [Network.testnet().chainId]: { // "-3" apiClient: /* A complete ApiClient interface implementation */, }, }, // ...later fields... }); ``` ### Optional [#optional] Core information and constraints of the given wallet. If not provided, defaults will be used. ```ts interface DeviceInfo { // Name of the wallet. appName: string; // The platform it works on. Select 'browser' for the web wallets. platform: 'iphone' | 'ipad' | 'android' | 'windows' | 'mac' | 'linux' | 'browser'; // The current wallet version. appVersion: string; // Latest protocol version to use. maxProtocolVersion: number; // Which features are supported in the wallet. features: Feature[]; } ``` There, `Feature` type is defined as: ```ts type Feature = | { // Wallet can send transactions. name: "SendTransaction"; // Max number of messages that can be sent in a single transaction. // Depends on the TON wallet used, because different kinds can handle // different number of messages. For example, // - ledger wallet would only handle 1 message per transaction // - wallet v4r2 handles up to 4 messages // - wallet v5r1 handles up to 255 messages maxMessages: number; // Are messages sending extra-currencies supported? extraCurrencySupported?: boolean; } | { // Wallet can sign data. name: "SignData"; // A type of data to sign. // Either of: "text", "binary", "cell". types: SignDataType[]; } ``` The `maxMessages` number depends on the TON wallet used, because every wallet has its own limit on the volume of messages. For example, * Ledger wallet would only handle 1 message per transaction * Wallet `v4r2` handles up to 4 messages * Wallet `v5r1` handles up to 255 messages How your wallet interacts with the TON Connect. If not provided, defaults will be used. This field is closely related to the [corresponding JSON manifest file](/ecosystem/ton-connect/manifest#wallet-manifest). ```ts expandable interface WalletInfo { /** * Human-readable name of the wallet. */ name: string; /** * ID of the wallet, equals to the `appName` property of the `deviceInfo`. */ appName: string; /** * Url to the icon of the wallet. Resolution 288×288px. On a non-transparent background, without rounded corners. PNG format. */ imageUrl: string; /** * Will be used in the protocol later. */ tondns?: string; /** * Info or landing page of your wallet. It may be useful for TON newcomers. */ aboutUrl: string; /** * List of features supported by the wallet. */ features?: Feature[]; /** * OS and browsers where the wallet could be installed */ platforms: ('ios' | 'android' | 'macos' | 'windows' | 'linux' | 'chrome' | 'firefox' | 'safari')[]; /** * Base part of the wallet universal url. The link should support TON Connect parameters: https://github.com/ton-connect/docs/blob/main/bridge.md#universal-link. */ universalLink: string; /** * Native wallet app deep link. The link should support TON Connect parameters: https://github.com/ton-connect/docs/blob/main/bridge.md#universal-link. */ deepLink?: string; /** * Url of the wallet's implementation of the HTTP bridge: https://github.com/ton-connect/docs/blob/main/bridge.md#http-bridge. */ bridgeUrl: string; // JS-injectable wallet information /** * If the wallet handles JS Bridge connection, specifies the binding for the bridge object accessible through window. Example: the key "tonkeeper" means the bridge can be accessed as window.tonkeeper. */ jsBridgeKey: string; /** * Indicates if the wallet currently is injected to the webpage. */ injected: boolean; /** * Indicates if the dapp is opened inside this wallet's browser. */ embedded: boolean; } ``` Connectivity options: either an HTTP or JavaScript bridge setup. The former's `bridgeUrl` points to the publicly exposed bridge URL, while the latter's `jsBridgeKey` points to the property name within the `window` object on the same web page. Bridges are used for dApp communication — if the dApp exists in the same web environment as the wallet, then the JavaScript bridge is enough. Otherwise, use an HTTP bridge setup.
For HTTP bridge setups, use a publicly available and production-ready bridge deployed at `https://connect.ton.org/bridge`.
```ts interface BridgeConfig { // Defaults to `walletInfo`'s `bridgeUrl`, if it exists bridgeUrl?: string; // Defaults to true if `walletInfo`'s `jsBridgeKey` exists enableJsBridge?: boolean; // Defaults to `walletInfo`'s `jsBridgeKey`, if it exists jsBridgeKey?: string; // Defaults to false disableHttpConnection?: boolean; // Settings for bridge-sdk heartbeatInterval?: number; reconnectInterval?: number; maxReconnectAttempts?: number; } ``` How to store intermediate events. ```ts // Either a small object: interface StorageConfig { prefix?: string; maxRetries?: number; retryDelay?: number; allowMemory?: boolean; } // Or a complete StorageAdapter interface implementation: interface StorageAdapter { get(key: string): Promise; set(key: string, value: string): Promise; remove(key: string): Promise; clear(): Promise; } ``` How TON Connect events are processed. This is useful for background scripts in browser extensions that process incoming events and log them, but do so outside a queue. ```ts interface EventProcessorConfig { disableEvents?: boolean; // If true, transaction events will not be emulated, // and their `preview` field will be undefined. disableTransactionEmulation?: boolean; } ``` Collect and gather analytical data. ```ts interface AnalyticsConfig { enabled?: boolean; // A web URL to send analytics data to. endpoint?: string; } ``` Extra configuration used when developing WalletKit itself. Irrelevant in other cases. ## Next steps [#next-steps] ## See also [#see-also] * [WalletKit overview](/applications/walletkit/overview) * [TON Connect's wallet manifest](/ecosystem/ton-connect/manifest#wallet-manifest) * [TON Connect overview](/applications/ton-connect/overview) # How to work with Jettons using WalletKit on the Web platform (/applications/walletkit/web/jettons)
[Initialize the WalletKit](/applications/walletkit/web/init), [set up at least one TON wallet](/applications/walletkit/web/wallets), handle [connection requests](/applications/walletkit/web/connections) and [transaction requests](/applications/walletkit/web/events) before using examples on this page.
[Jettons](/blockchain-basics/standard/tokens/jettons/overview) are fungible tokens on TON, similar to ERC-20 tokens on Ethereum. Unlike Toncoin, which is the native TON currency used in all transfers, each Jetton has a separate master (minter) contract and an individual wallet contract for each holder. For example, USDT on TON is implemented as a Jetton, and its minter contract address is `EQCxE6mUtQJKFnGfaROTKOt1lZbDiiX1kCixRv7Nw2Id_sDs`. By providing this address and the recipient's TON wallet contract address, WalletKit knows which tokens to send and to whom. To work with Jettons, the wallet service needs to handle [Jetton balances](#balances) and perform transfers initiated [from dApps](#transfers-from-dapps) and [from within the wallet service itself](#transfers-in-the-wallet-service).
Each Jetton stores a [`decimals`](/blockchain-basics/standard/tokens/metadata#decimals) parameter in its metadata. Transferring without accounting for `decimals` can result in sending drastically more tokens than expected — irreversible on mainnet. Mitigation: Always retrieve and apply the correct `decimals` value. Test on testnet first.
## Balances [#balances] Jetton balances are stored in individual Jetton wallet contracts, one per holder per Jetton kind. It is possible to obtain the current Jetton balance by providing the address of the Jetton master (minter) contract for a given Jetton, or by querying a TON wallet. The latter can be done either by the `getJettons()` method of wallet adapters or by calling `kit.jettons.getAddressJettons()` and passing it the TON wallet address. Similar to Toncoin balance checks, [discrete one-off checks](#on-demand-balance-check) have limited value on their own and [continuous monitoring](#continuous-balance-monitoring) should be used for UI display. ### On-demand balance check [#on-demand-balance-check] Use the `getJettonBalance()` method to check a specific Jetton balance for a wallet managed by WalletKit. The balance is returned in the smallest Jetton unit, where `1` token equals 10^decimals smallest units.
Do not store the balance check results anywhere in the wallet service's state, as they become outdated very quickly. For UI purposes, do [continuous balance monitoring](#continuous-balance-monitoring).
```ts title="TypeScript" // Jetton master (minter) contract address // E.g., USDT on TON has the following address in mainnet: // EQCxE6mUtQJKFnGfaROTKOt1lZbDiiX1kCixRv7Nw2Id_sDs const JETTON_MASTER_ADDRESS = ''; async function getJettonBalance(walletId: string): Promise { // Get TON wallet instance const wallet = kit.getWallet(walletId); if (!wallet) return; // Query Jetton balance in smallest Jetton units return await wallet.getJettonBalance(JETTON_MASTER_ADDRESS); } ``` The most practical use of one-off balance checks is right before approving a transaction request. At this point, the actual balance usually is not less than the checked amount, though it might be higher if new funds arrived right after the check.
Despite this check, the transaction may still fail due to insufficient balance at the time of transfer.
```ts title="TypeScript" // An enumeration of various common error codes import { SEND_TRANSACTION_ERROR_CODES } from '@ton/walletkit'; // Address of the Jetton master (minter) contract const JETTON_MASTER_ADDRESS = ''; kit.onTransactionRequest(async (event) => { const wallet = kit.getWallet(event.walletId ?? ''); if (!wallet) { console.error('Wallet not found for a transaction request', event); await kit.rejectTransactionRequest(event, { code: SEND_TRANSACTION_ERROR_CODES.UNKNOWN_ERROR, message: 'Wallet not found', }); return; } // Check Jetton balance before proceeding const jettonBalance = BigInt(await wallet.getJettonBalance(JETTON_MASTER_ADDRESS)); // Calculate minimum needed from the transaction request: // transfers include Toncoin for fees plus Jetton amounts const minNeededJettons = calculateJettonAmount(event.request.messages); // Reject early if Jetton balance is clearly insufficient if (jettonBalance < minNeededJettons) { await kit.rejectTransactionRequest(event, { code: SEND_TRANSACTION_ERROR_CODES.BAD_REQUEST_ERROR, message: 'Insufficient Jetton balance', }); return; } // Proceed with the regular transaction flow // ... }); ``` ### Continuous balance monitoring [#continuous-balance-monitoring] Poll the balance at regular intervals to keep the displayed value up to date. Use an appropriate interval based on UX requirements — shorter intervals provide fresher data but increase API usage. This example should be modified according to the wallet service's logic: ```ts title="TypeScript" expandable // Not runnable: implement the updateUI()! /** * Starts the monitoring of a given wallet's Jetton balance, * calling `onBalanceUpdate()` every `intervalMs` milliseconds * * @returns a function to stop monitoring */ export function startJettonBalanceMonitoring( walletId: string, jettonMasterAddress: string, onBalanceUpdate: (balance: string) => void, intervalMs: number = 10_000, ): () => void { let isRunning = true; const poll = async () => { while (isRunning) { const wallet = kit.getWallet(walletId); if (wallet) { const balance = await wallet.getJettonBalance(jettonMasterAddress); onBalanceUpdate(balance); } await new Promise((resolve) => setTimeout(resolve, intervalMs)); } }; // Start monitoring poll(); // Return a cleanup function to stop monitoring return () => { isRunning = false; }; } // Usage const stopMonitoring = startJettonBalanceMonitoring( walletId, // Jetton master (minter) contract address // E.g., USDT on TON mainnet: 'EQCxE6mUtQJKFnGfaROTKOt1lZbDiiX1kCixRv7Nw2Id_sDs', // The updateUI() function is exemplary and should be replaced by // a wallet service function that refreshes the // state of the balance displayed in the interface (balance) => updateUI(balance), ); // Stop monitoring once it is no longer needed stopMonitoring(); ``` ## Transfers from dApps [#transfers-from-dapps] When a connected dApp requests a Jetton transfer, the wallet service follows the same flow as [Toncoin transfers](/applications/walletkit/web/toncoin#transfers-from-dapps): the dApp sends a transaction request through the bridge, WalletKit emulates it and presents a preview, the user approves or declines, and the result is returned to the dApp. ```ts title="TypeScript" kit.onTransactionRequest(async (event) => { if (!event.preview.data) { console.warn('Transaction emulation skipped'); } else if (event.preview.data?.result === 'success') { // Emulation succeeded — show the predicted money flow const { ourTransfers } = event.preview.data.moneyFlow; // This is an array of values, // where positive amounts mean incoming funds // and negative amounts — outgoing funds. console.log('Predicted transfers:', ourTransfers); // Filter Jetton transfers specifically const jettonTransfers = ourTransfers.filter( (transfer) => transfer.assetType === 'jetton', ); console.log('Jetton transfers:', jettonTransfers); } else { // Emulation failed — warn the user but allow proceeding console.warn('Transaction emulation failed:', event.preview); } // By knowing the Jetton master (minter) contract address, // one can obtain and preview Jetton's name, symbol and image. // // Present the enriched preview to the user and await their decision. // ... }); ``` There is an additional consideration for Jetton transfers: they involve multiple internal messages between contracts. As such, Jetton transfers always take longer than regular Toncoin-only transfers. As with Toncoin transfers, the wallet service should not block the UI while waiting for confirmation. With [continuous wallet balance monitoring](#continuous-balance-monitoring) and subsequent transaction requests, users will receive the latest information either way. Confirmations are only needed to display a list of past transactions reliably. ## Transfers in the wallet service [#transfers-in-the-wallet-service] Jetton transactions can be created directly from the wallet service (not from dApps) and fed into the regular approval flow via the `handleNewTransaction()` method of the WalletKit. It creates a new [transaction request event](/applications/walletkit/web/events#handle-ontransactionrequest), enabling the same UI confirmation-to-transaction flow for both dApp-initiated and wallet-initiated transactions.
Verify the `decimals` value from the Jetton metadata before calculating transfer amounts. Incorrect decimals can result in sending drastically more or fewer tokens than intended. For USDTs, the correct decimals value is 6.
This example should be modified according to the wallet service's logic: ```ts title="TypeScript" import { type JettonsTransferRequest } from '@ton/walletkit'; async function sendJetton( // Sender's TON `walletId` as a string walletId: string, // Jetton master (minter) contract address jettonAddress: string, // Recipient's TON wallet address as a string recipientAddress: string, // Amount in the smallest Jetton units (accounting for decimals) jettonAmount: bigint, // Optional comment string comment?: string, ) { const fromWallet = kit.getWallet(walletId); if (!fromWallet) { console.error('No wallet contract found'); return; } const transferParams: JettonsTransferRequest = { jettonAddress, recipientAddress, transferAmount: jettonAmount.toString(), // Optional comment ...(comment && { comment: comment }), }; // Build transaction content const tx = await fromWallet.createTransferJettonTransaction(transferParams); // Route into the normal flow, // triggering the onTransactionRequest() handler await kit.handleNewTransaction(fromWallet, tx); } ```
To avoid triggering the `onTransactionRequest()` handler and send the transaction directly, use the `sendTransaction()` method of the wallet instead of the `handleNewTransaction()` method of the WalletKit, modifying the last part of the previous code snippet: ```ts title="TypeScript" // Instead of calling kit.handleNewTransaction(fromWallet, tx) // one can avoid routing into the normal flow, // skip the transaction requests handler, // and make the transaction directly. await fromWallet.sendTransaction(tx); ``` Do not use this approach unless it is imperative to complete a transaction without the user's direct consent. Funds at risk: test this approach using testnet and proceed with utmost caution.
## See also [#see-also] Jettons: * [Jettons overview](/blockchain-basics/standard/tokens/jettons/overview) * [Jetton transfers](/blockchain-basics/standard/tokens/jettons/transfer) * [Token metadata and decimals](/blockchain-basics/standard/tokens/metadata#decimals) General: * [Handle transaction requests](/applications/walletkit/web/events#handle-ontransactionrequest) * [Transaction fees](/blockchain-basics/primitives/fees) * [WalletKit overview](/applications/walletkit/overview) * [TON Connect overview](/applications/ton-connect/overview) # How to work with NFTs using WalletKit on the Web platform (/applications/walletkit/web/nfts)
[Initialize the WalletKit](/applications/walletkit/web/init), [set up at least one TON wallet](/applications/walletkit/web/wallets), handle [connection requests](/applications/walletkit/web/connections) and [transaction requests](/applications/walletkit/web/events) before using examples on this page.
[NFTs](/blockchain-basics/standard/tokens/nft/overview) (non-fungible tokens) are unique digital assets on TON, similar to ERC-721 tokens on Ethereum. Unlike [jettons](/blockchain-basics/standard/tokens/jettons/overview), which are fungible and interchangeable, each NFT is unique and represents ownership of a specific item. NFTs consist of a collection contract and individual NFT item contracts for each token. To work with NFTs, the wallet service needs to handle [NFT ownership queries](#ownership) and perform transfers initiated [from dApps](#transfers-from-dapps) and [from within the wallet service itself](#transfers-in-the-wallet-service).
Before displaying or transferring NFTs, verify they belong to legitimate collections. Scammers may create fake NFTs mimicking popular collections. Mitigation: Always verify the collection address matches the official one. Check NFT metadata for suspicious content.
## Ownership [#ownership] NFT ownership is tracked through individual NFT item contracts. Unlike jettons, which have a balance, one either owns a specific NFT item or does not. To obtain a list of NFTs owned by a user, query their TON wallet by either the `getNfts()` method of wallet adapters or by calling `kit.nfts.getAddressNfts()` and passing it the TON wallet address. Similar to other asset queries, [discrete one-off checks](#on-demand-ownership-check) have limited value on their own and [continuous monitoring](#continuous-ownership-monitoring) should be used for UI display. ### On-demand ownership check [#on-demand-ownership-check] Use the `getNfts()` method to check which NFTs are owned by a wallet managed by WalletKit. The method returns an array of NFT items with their addresses, collection info, and metadata.
Do not store the ownership check results anywhere in the wallet service's state, as they become outdated very quickly. For UI purposes, do [continuous ownership monitoring](#continuous-ownership-monitoring).
```ts title="TypeScript" async function getNfts(walletId: string): Promise { // Get TON wallet instance const wallet = kit.getWallet(walletId); if (!wallet) return; // Query 100 NFTs owned by this wallet const ownedNfts = await wallet.getNfts({ pagination: { limit: 100 } }); // Optionally filter by a specific collection address const collectionNfts = ownedNfts.nfts.filter( (nft) => nft.collection?.address === '', ); return collectionNfts; } ``` The most practical use of one-off ownership checks is right before approving an NFT transfer request. At this point, verify that the wallet actually owns the NFT being transferred.
Despite this check, the transaction may still fail if the NFT is not owned or unaccessible at the time of transfer.
```ts title="TypeScript" // An enumeration of various common error codes import { SEND_TRANSACTION_ERROR_CODES } from '@ton/walletkit'; // Address of the NFT item contract const NFT_ITEM_ADDRESS = ''; kit.onTransactionRequest(async (event) => { const wallet = kit.getWallet(event.walletId ?? ''); if (!wallet) { console.error('Wallet not found for a transaction request', event); await kit.rejectTransactionRequest(event, { code: SEND_TRANSACTION_ERROR_CODES.UNKNOWN_ERROR, message: 'Wallet not found', }); return; } // Verify ownership const ownsNft = await wallet.getNft(NFT_ITEM_ADDRESS); // Reject early if NFT is not owned if (!ownsNft) { await kit.rejectTransactionRequest(event, { code: SEND_TRANSACTION_ERROR_CODES.BAD_REQUEST_ERROR, message: 'NFT not owned by this wallet', }); return; } // Proceed with the regular transaction flow // ... }); ``` ### Continuous ownership monitoring [#continuous-ownership-monitoring] Poll the NFT ownership at regular intervals to keep the displayed information up to date. Use an appropriate interval based on UX requirements — shorter intervals provide fresher data but increase API usage. This example should be modified according to the wallet service's logic: ```ts title="TypeScript" expandable import { type NFT } from '@ton/walletkit'; // Configuration const POLLING_INTERVAL_MS = 15_000; /** * Starts the monitoring of a given wallet's NFT ownership, * calling `onNftsUpdate()` every `intervalMs` milliseconds * * @returns a function to stop monitoring */ export function startNftOwnershipMonitoring( walletId: string, onNftsUpdate: (nfts: NFT[]) => void, intervalMs: number = POLLING_INTERVAL_MS, ): () => void { let isRunning = true; const poll = async () => { while (isRunning) { const wallet = kit.getWallet(walletId); if (wallet) { // Only looks for up to 100 NFTs. // To get more, call the `getNfts()` function // multiple times with increasing offsets const { nfts } = await wallet.getNfts({ pagination: { limit: 100 } }); onNftsUpdate(nfts); } await new Promise((resolve) => setTimeout(resolve, intervalMs)); } }; // Start monitoring poll(); // Return a cleanup function to stop monitoring return () => { isRunning = false; }; } // Usage const stopMonitoring = startNftOwnershipMonitoring( walletId, // The updateNftGallery() function is exemplary and should be replaced by // a wallet service function that refreshes the // NFT gallery displayed in the interface (nfts) => updateNftGallery(nfts), ); // Stop monitoring once it is no longer needed stopMonitoring(); ``` ## Transfers from dApps [#transfers-from-dapps] When a connected dApp requests an NFT transfer, the wallet service follows the same flow as [Toncoin transfers](/applications/walletkit/web/toncoin#transfers-from-dapps): the dApp sends a transaction request through the bridge, WalletKit emulates it and presents a preview, the user approves or declines, and the result is returned to the dApp. ```ts title="TypeScript" kit.onTransactionRequest(async (event) => { if (!event.preview.data) { console.warn('Transaction emulation skipped'); } else if (event.preview.data?.result === 'success') { // Emulation succeeded — show the predicted asset flow const { ourTransfers } = event.preview.data.moneyFlow; // This is an array of values, // where positive amounts mean incoming assets // and negative amounts — outgoing assets. console.log('Predicted transfers:', ourTransfers); // Filter NFT transfers specifically const nftTransfers = ourTransfers.filter( (transfer) => transfer.assetType === 'nft', ); console.log('NFT transfers:', nftTransfers); } else { // Emulation failed — warn the user but allow proceeding console.warn('Transaction emulation failed:', event.preview); } // By knowing the NFT item contract address, // one can obtain and preview NFT's name, description, image, and attributes. // // Present the enriched preview to the user and await their decision. // ... }); ``` There is an additional consideration for NFT transfers: they involve multiple internal messages between contracts. As such, NFT transfers always take longer than regular Toncoin-only transfers. As with Toncoin transfers, the wallet service should not block the UI while waiting for confirmation. With [continuous NFT ownership monitoring](#continuous-ownership-monitoring) and subsequent transaction requests, users will receive the latest information either way. Confirmations are only needed to display a list of past transactions reliably. ## Transfers in the wallet service [#transfers-in-the-wallet-service] NFT transactions can be created directly from the wallet service (not from dApps) and fed into the regular approval flow via the `handleNewTransaction()` method of the WalletKit. It creates a new [transaction request event](/applications/walletkit/web/events#handle-ontransactionrequest), enabling the same UI confirmation-to-transaction flow for both dApp-initiated and wallet-initiated transactions.
Verify the NFT address before initiating a transfer. Transferring an NFT is irreversible — once sent, only the new owner can transfer it back. Double-check the recipient address to avoid permanent loss of valuable NFTs.
This example should be modified according to the wallet service's logic: ```ts title="TypeScript" import { type NFTTransferRequest } from '@ton/walletkit'; async function sendNft( // Sender's TON `walletId` as a string walletId: string, // NFT item contract address nftAddress: string, // Recipient's TON wallet address as a string recipientAddress: string, // Optional comment string comment?: string, ) { const fromWallet = kit.getWallet(walletId); if (!fromWallet) { console.error('No wallet contract found'); return; } // Verify ownership before creating the transfer const ownsNft = await fromWallet.getNft(nftAddress); if (!ownsNft) { console.error('NFT not owned by this wallet'); return; } const transferParams: NFTTransferRequest = { nftAddress, recipientAddress, // Optional comment ...(comment && { comment }), }; // Build transaction content const tx = await fromWallet.createTransferNftTransaction(transferParams); // Route into the normal flow, // triggering the onTransactionRequest() handler await kit.handleNewTransaction(fromWallet, tx); } ```
To avoid triggering the `onTransactionRequest()` handler and send the transaction directly, use the `sendTransaction()` method of the wallet instead of the `handleNewTransaction()` method of the WalletKit, modifying the last part of the previous code snippet: ```ts title="TypeScript" // Instead of calling kit.handleNewTransaction(fromWallet, tx) // one can avoid routing into the normal flow, // skip the transaction requests handler, // and make the transaction directly. await fromWallet.sendTransaction(tx); ``` Do not use this approach unless it is imperative to complete a transaction without the user's direct consent. Assets at risk: proceed with utmost caution.
## See also [#see-also] NFTs: * [NFT overview](/blockchain-basics/standard/tokens/nft/overview) * [NFT metadata](/blockchain-basics/standard/tokens/nft/metadata) General: * [Handle transaction requests](/applications/walletkit/web/events#handle-ontransactionrequest) * [Transaction fees](/blockchain-basics/primitives/fees) * [WalletKit overview](/applications/walletkit/overview) * [TON Connect overview](/applications/ton-connect/overview) # How to work with Toncoin using WalletKit on the Web platform (/applications/walletkit/web/toncoin)
[Initialize the WalletKit](/applications/walletkit/web/init), [set up at least one TON wallet](/applications/walletkit/web/wallets), handle [connection requests](/applications/walletkit/web/connections) and [transaction requests](/applications/walletkit/web/events) before using examples on this page.
To work with Toncoin, the wallet service needs to handle [contract balances](#balances) and perform transfers initiated [from dApps](#transfers-from-dapps) and [from within the wallet service itself](#transfers-from-the-wallet-service). ## Balances [#balances] Blockchain state changes constantly as new blocks are produced. This has implications for when and how to check TON wallet contract balances: * [Discrete one-off checks](#on-demand-balance-check) have almost no value on their own — the state might change immediately after the query completes, invalidating its results. Thus, such checks are only practical when handling `transaction` requests. * [Continuous monitoring](#continuous-balance-monitoring) is useful for UI display, showing the most recent balance to users, but should not be used for transaction confirmations. Notice that both cases require querying the blockchain data via the API client set during the [WalletKit initialization](/applications/walletkit/web/init#param-networks). Obtain and provide the key from the selected client to access higher requests-per-second limits. ### On-demand balance check [#on-demand-balance-check] Use the `getBalance()` method to check the wallet contract balance in TON wallets managed by WalletKit. The balance is returned in nanoToncoin, with 1 Toncoin equal to 10⁹ nanoToncoin.
Do not store the balance check results anywhere in the wallet service's state, as they become outdated very quickly. For UI purposes, do [continuous balance monitoring](#continuous-balance-monitoring).
```ts title="TypeScript" async function getBalance(walletId: string): Promise { // Get TON wallet instance const wallet = kit.getWallet(walletId); if (!wallet) return; // Query its balance in nanoToncoin return await wallet.getBalance(); } ``` The most practical use of one-off balance checks is right before approving a transaction request. At this point, the actual wallet contract balance usually is not less than the checked amount, though it might be higher if new funds arrived right after the check.
Despite this check, the transaction may still fail due to insufficient balance at the time of transfer.
```ts title="TypeScript" // An enumeration of various common error codes import { SEND_TRANSACTION_ERROR_CODES } from '@ton/walletkit'; kit.onTransactionRequest(async (event) => { const wallet = kit.getWallet(event.walletId ?? ''); if (!wallet) { console.error('Wallet not found for a transaction request', event); await kit.rejectTransactionRequest(event, { code: SEND_TRANSACTION_ERROR_CODES.UNKNOWN_ERROR, message: 'Wallet not found', }); return; } // Calculate the minimum balance needed for this transaction const balance = BigInt(await wallet.getBalance()); const minNeededBalance = event.request.messages.reduce( (acc, message) => acc + BigInt(message.amount), 0n, ); // Reject early if balance is clearly insufficient if (balance < minNeededBalance) { await kit.rejectTransactionRequest(event, { code: SEND_TRANSACTION_ERROR_CODES.BAD_REQUEST_ERROR, message: 'Insufficient balance', }); return; } // Proceed with the regular transaction flow // ... }); ``` ### Continuous balance monitoring [#continuous-balance-monitoring] Poll the balance at regular intervals to keep the displayed value up to date. Use an appropriate interval based on UX requirements — shorter intervals provide fresher data but increase API usage. This example should be modified according to the wallet service's logic: ```ts title="TypeScript" expandable // Not runnable: implement the updateUI()! /** * Starts the monitoring of a given `walletId`, * calling `onBalanceUpdate()` every `intervalMs` milliseconds * * @returns a function to stop monitoring */ export function startBalanceMonitoring( walletId: string, onBalanceUpdate: (balance: string) => void, intervalMs: number = 10_000, ): () => void { let isRunning = true; const poll = async () => { while (isRunning) { const wallet = kit.getWallet(walletId); if (wallet) { const balance = await wallet.getBalance(); onBalanceUpdate(balance); } await new Promise((resolve) => setTimeout(resolve, intervalMs)); } }; // Start monitoring poll(); // Return a cleanup function to stop monitoring return () => { isRunning = false; }; } // Usage const stopMonitoring = startBalanceMonitoring( walletId, // The updateUI() function is exemplary and should be replaced by // a wallet service function that refreshes the // state of the balance displayed in the interface (balance) => updateUI(balance), ); // Stop monitoring once it is no longer needed stopMonitoring(); ``` ## Transfers from dApps [#transfers-from-dapps] When a connected dApp requests a Toncoin transfer, the wallet service follows this flow: ### Emulation and preview [#emulation-and-preview] WalletKit tries to automatically emulate every incoming transaction request before presenting it to the user. The emulation result is available in the `event.preview.data` object, which can be `undefined` if emulation was skipped: ```ts title="TypeScript" kit.onTransactionRequest(async (event) => { if (!event.preview.data) { console.log('Transaction emulation skipped'); } else if (event.preview.data.result === 'success') { // Emulation succeeded — show the predicted money flow const { ourTransfers } = event.preview.data.moneyFlow; // This is an array of values, // where positive amounts mean incoming funds // and negative amounts — outgoing funds console.log('Predicted transfers:', ourTransfers); } else { // Emulation failed — warn the user but allow proceeding console.warn('Transaction emulation failed:', event.preview); } // Present the preview to the user and await their decision // ... }); ```
Emulation uses the API client configured during [WalletKit initialization](/applications/walletkit/web/init#param-networks).
### Approve or reject [#approve-or-reject] After showing the preview, handle the user's decision: ```ts title="TypeScript" expandable import { // An enumeration of various common error codes SEND_TRANSACTION_ERROR_CODES, // The transfer type type TransactionTraceMoneyFlowItem, } from '@ton/walletkit'; kit.onTransactionRequest(async (event) => { try { // Show the emulation preview to the wallet service user const preview = event.preview; const isEmulationSuccessful = preview.data?.result === 'success'; // Build a confirmation message let confirmMessage = 'Confirm this transaction?'; if (isEmulationSuccessful) { const transfers = preview.data.moneyFlow?.ourTransfers || []; confirmMessage = `Send ${formatTransfers(transfers)}?`; } else { confirmMessage = 'Emulation failed or skipped. Proceed anyway?'; } // Handle user's decision if (confirm(confirmMessage)) { // Approve — this sends the transaction to the blockchain // and returns the signed message BoC to the dApp await kit.approveTransactionRequest(event); console.log('Transaction approved and sent'); } else { // Reject — notify the dApp that the user declined await kit.rejectTransactionRequest(event, { code: SEND_TRANSACTION_ERROR_CODES.USER_REJECTS_ERROR, message: 'User rejected the transaction', }); } } catch (error) { console.error('Transaction handler error:', error); await kit.rejectTransactionRequest(event, { code: SEND_TRANSACTION_ERROR_CODES.UNKNOWN_ERROR, message: 'Transaction processing failed', }); } }); function formatTransfers(transfers: Array): string { const formatNano = (value: string, decimals: number = 9): string => { const bigintValue = BigInt(value); const isNegative = bigintValue < 0n; const absoluteValue = bigintValue < 0n ? -bigintValue : bigintValue; const str = absoluteValue.toString().padStart(decimals + 1, '0'); const intPart = str.slice(0, -decimals) || '0'; const fracPart = str.slice(-decimals).replace(/0+$/, ''); const formatted = fracPart ? `${intPart}.${fracPart}` : intPart; return `${isNegative ? '-' : ''}${formatted}`; }; return transfers.map((t) => `${formatNano(t.amount)} ${t.assetType}`).join(', '); } ``` ### Confirm transaction delivery [#confirm-transaction-delivery] TON achieves transaction [finality](https://en.wikipedia.org/wiki/Blockchain#Finality) after a single masterchain block confirmation, where new blocks are produced approximately every 3 seconds. Once a transaction appears in a masterchain block, it becomes irreversible. Therefore, to reliably confirm the transaction delivery and status, one needs to check whether a transaction has achieved masterchain finality using the selected API client. That said, the wallet service should not block the UI while waiting for such confirmation. After all, with [continuous wallet balance monitoring](#continuous-balance-monitoring) and subsequent transaction requests, users will receive the latest information either way. Confirmations are only needed to reliably display a list of past transactions, including the most recent ones. For detailed transaction tracking and message lookups, the [message lookup guide](/ecosystem/ton-connect/message-lookup) covers finding transactions by external message hash, waiting for confirmations, and applying message normalization. ## Transfers in the wallet service [#transfers-in-the-wallet-service] Transactions can be created directly from the wallet service (not from dApps) and fed into the regular approval flow via `handleNewTransaction()` method of the WalletKit. It creates a new [transaction request event](/applications/walletkit/web/events#handle-ontransactionrequest), enabling the same UI confirmation-to-transaction flow for both dApp-initiated and wallet-initiated transactions. This example should be modified according to the wallet service's logic: ```ts title="TypeScript" import type { TONTransferRequest, Base64String } from '@ton/walletkit'; async function sendToncoin( // Sender's TON `walletId` as a string walletId: string, // Recipient's TON wallet address as a string recipientAddress: string, // Amount in nanoToncoins nanoAmount: BigInt, // Optional comment string comment?: string, // Optional payload body as a BoC in Base64-encoded string payload?: Base64String, ) { if (comment && payload) { console.error('Cannot attach both a comment or a payload body'); return; } const fromWallet = kit.getWallet(walletId); if (!fromWallet) { console.error('No wallet contract found'); return; } const transferParams: TONTransferRequest = { recipientAddress: recipientAddress, transferAmount: nanoAmount.toString(), // Optional comment OR payload, not both ...(comment && { comment }), ...(payload && { payload }), } // Build transaction content const tx = await fromWallet.createTransferTonTransaction(transferParams); // Route into the normal flow, // triggering the onTransactionRequest() handler await kit.handleNewTransaction(fromWallet, tx); } ```
To avoid triggering the `onTransactionRequest()` handler and send the transaction directly, use the `sendTransaction()` method of the wallet instead of the `handleNewTransaction()` method of the WalletKit, modifying the last part of the previous code snippet: ```ts title="TypeScript" // Instead of calling kit.handleNewTransaction(fromWallet, tx) // one can avoid routing into the normal flow, // skip the transaction requests handler, // and make the transaction directly. await fromWallet.sendTransaction(tx); ``` Do not use this approach unless it is imperative to complete a transaction without the user's direct consent. Funds at risk: test this approach using testnet and proceed with utmost caution.
## See also [#see-also] * [Handle transaction requests](/applications/walletkit/web/events#handle-ontransactionrequest) * [Transaction fees](/blockchain-basics/primitives/fees) * [WalletKit overview](/applications/walletkit/overview) * [TON Connect overview](/applications/ton-connect/overview) # How to manage TON wallets with WalletKit on the Web platform (/applications/walletkit/web/wallets)
[Initialize the WalletKit](/applications/walletkit/web/init) before using examples on this page.
The [basic configuration earlier](/applications/walletkit/web/init#initialization) is enough to outline necessary wallet information and initialize the WalletKit, but it isn't enough for deeper interactions with the blockchain. For that, you need to set up at least one TON wallet contract. ## Initialization [#initialization] 1. First, obtain the signer. It can be instantiated [from a mnemonic](#from-mnemonic), from [a private key](#from-private-key), or be [made custom](#from-custom-signer). 2. Then, select a wallet adapter — it is an implementation of the `WalletInterface` type for a particular TON wallet contract. Currently, WalletKit provides two: `WalletV5R1Adapter` (recommended) and `WalletV4R2Adapter`. Adapter takes in a signer from the previous step and a number of options, namely: * `network` — TON Blockchain network: `Network.mainnet()`, `Network.testnet()`, or `Network.custom(chainId)`. * `client` — API client to communicate with TON Blockchain. Use `kit.getApiClient(network)` to get the client for the specified network from the `networks` configuration passed during [WalletKit initialization](/applications/walletkit/web/init). * `walletId` — identifier of the new wallet, which is used to make its smart contract address unique. * `workchain` — either `0` for the basechain (default), or `-1` for the masterchain. ```ts title="TypeScript" import { // Network object Network, // Latest wallet version (recommended) WalletV5R1Adapter, defaultWalletIdV5R1, // Legacy wallet version WalletV4R2Adapter, defaultWalletIdV4R2, } from '@ton/walletkit'; const walletAdapter = await WalletV5R1Adapter.create(signer, { network: Network.mainnet(), client: kit.getApiClient(Network.mainnet()), // Either 0 for the basechain (default), // or -1 for the masterchain workchain: 0, // Specify an ID for this wallet when you plan // on adding more than one wallet to the kit // under the same mnemonic or private key. // // In such cases, ID is used to make wallet addresses unique, // because the same ID for the same mnemonic results in wallets // with the same address, i.e., the same smart contract. walletId: defaultWalletIdV5R1, // 2147483409 }); ``` 3. Finally, pass the adapter to the `addWallet()` method of the kit to complete the wallet initialization process: ```ts title="TypeScript" // Notice that addWallet() method returns an initialized TON wallet, // which can be used on its own elsewhere. const wallet = await kit.addWallet(walletAdapter); console.log('Wallet address:', wallet.getAddress()); ```
Apart from adding a new wallet, an adapter is also helpful when [removing one](#remove-a-single-wallet) too.
See the complete example for each signer kind: ### From mnemonic [#from-mnemonic] To initialize a TON wallet from an existing BIP-39 or TON-specific mnemonic seed phrase, the signer should be instantiated with the `fromMnemonic()` method of the utility `Signer` class of the WalletKit.
Never specify the mnemonic phrase directly in your code. It is a "password" to your wallet and all its funds. Instead, prefer sourcing the seed phrase from a secure storage, backend environment variables, or a special `.env` file that is Git-ignored and handled with care.
```ts title="TypeScript" expandable import { // Handles cryptographic signing Signer, // Latest wallet version (recommended) WalletV5R1Adapter, // Network object Network, } from '@ton/walletkit'; // 1. const signer = await Signer.fromMnemonic( // (REQUIRED) // A 12 or 24-word seed phrase obtained with general BIP-39 or TON-specific derivation. // The following value assumes a corresponding MNEMONIC localStorage entry // that contains 24 space-separated seed phrase words as a single string: localStorage.getItem('MNEMONIC')!.split(' '), // list of 24 strings { // Type of derivation used to produce a mnemonic. // If you've used a pure BIP-39 derivation, specify 'bip-39'. // Otherwise, specify 'ton'. // Defaults to: 'ton' type: 'ton', }, ); // 2. const walletAdapter = await WalletV5R1Adapter.create(signer, { network: Network.mainnet(), client: kit.getApiClient(Network.mainnet()), }); // 3. const wallet = await kit.addWallet(walletAdapter); ```
If you do not yet have a mnemonic for an existing TON wallet or you want to create a new one, you can generate a TON-specific mnemonic with the `CreateTonMnemonic()` function. However, it is crucial to use that function only **once per wallet** and then save it securely. You **must NOT** invoke this function amidst the rest of your project code. The following is an example of a simple one-off standalone script to produce a new mnemonic that then should be saved somewhere private: ```ts import { CreateTonMnemonic } from '@ton/walletkit'; console.log(await CreateTonMnemonic()); // word1, word2, ..., word24 ```
### From private key [#from-private-key] To initialize a TON wallet from an existing private key, the signer should be instantiated with the `fromPrivateKey()` method of the utility `Signer` class of the WalletKit. If there is a [mnemonic](#from-mnemonic), one can convert it to an Ed25519 key pair with public and private key by using the `MnemonicToKeyPair()` function.
Handle private keys carefully. Use test keys, keep them in a secure keystore, and avoid logs or commits.
```ts title="TypeScript" expandable import { // Handles cryptographic signing Signer, // Latest wallet version (recommended) WalletV5R1Adapter, // Conversion function MnemonicToKeyPair, // Network object Network, } from '@ton/walletkit'; // 1. const signer = await Signer.fromPrivateKey( // Private key as a hex-encoded string or Uint8Array of bytes. // The following value assumes a corresponding PRIVATE_KEY localStorage entry // that contains the private key as a hex-encoded string: localStorage.getItem('PRIVATE_KEY')!, ); // 2. const walletAdapter = await WalletV5R1Adapter.create(signer, { network: Network.mainnet(), client: kit.getApiClient(Network.mainnet()), }); // 3. const wallet = await kit.addWallet(walletAdapter); ``` ### From custom signer [#from-custom-signer] To provide a custom signing mechanism as an alternative to using a [mnemonic phrase](#from-mnemonic) or a [private key](#from-private-key), create an object of type `WalletSigner` and then pass it to the target wallet adapter's `create()` method. The signer object has to have two fields: * Signing function of type `ISigner`, which takes an iterable bytes object, such as `array`, `Uint8Array`, or `Buffer`, and asynchronously produces an Ed25519-encoded signature of the input as `Hex`. The `Hex` type is a string containing a hexadecimal value that starts with an explicit `0x` prefix. ```ts title="TypeScript" type ISigner = (bytes: Iterable) => Promise; ``` * Relevant Ed25519 public key of type `Hex`. ```ts title="TypeScript" type Hex = `0x${string}`; ``` A custom signer is useful to maintain complete control over the signing process, such as when using a hardware wallet or signing data on the backend. ```ts title="TypeScript" expandable import { // Network object Network, // Latest wallet version (recommended) WalletV5R1Adapter, // Conversion function MnemonicToKeyPair, // Utility function to convert an array of bytes into a string of type Hex Uint8ArrayToHex, // Utilify function to obtain an Ed25519 signature DefaultSignature, // Handles cryptographic signing type WalletSigner, // String with a hexadecimal value, which starts with the `0x` prefix type Hex, } from '@ton/walletkit'; // A Ed25519 key pair from a mnemonic const keyPair = await MnemonicToKeyPair( // The following value assumes a corresponding MNEMONIC localStorage entry // that contains 24 space-separated seed phrase words as a single string: localStorage.getItem('MNEMONIC')!.split(' '), 'ton', ); // 1. const signer: WalletSigner = { // The following is a simple demo of a signing function. // Make sure to replace it with a production-ready one! sign: async (bytes: Iterable): Promise => { return DefaultSignature(Uint8Array.from(bytes), keyPair.secretKey); }, // Public key as a Hex publicKey: Uint8ArrayToHex(keyPair.publicKey) as Hex, }; // 2. const walletAdapter = await WalletV5R1Adapter.create(signer, { network: Network.mainnet(), client: kit.getApiClient(Network.mainnet()), }); // 3. const wallet = await kit.addWallet(walletAdapter); ``` ### Multiple wallets [#multiple-wallets] You can add multiple TON wallets to WalletKit and switch between them as needed. ```ts title="TypeScript" const wallet1 = await kit.addWallet(walletAdapter1); const wallet2 = await kit.addWallet(walletAdapter2); // ... const walletN = await kit.addWallet(walletAdapterN); ``` Providing the same wallet adapter to the kit multiple times will return the wallet that was already added in the first attempt. ## Methods [#methods] ### Get a single wallet [#get-a-single-wallet] The `getWallet()` method expects a wallet identifier string. Note that the same wallet on different chains must have different identifiers. Compose it via the `createWalletId()` helper function: ```ts title="TypeScript" import { createWalletId, Network, type Wallet } from '@ton/walletkit'; // Using the helper function to create a wallet identifier. const walletId = createWalletId( Network.mainnet(), walletAdapter.getAddress(), ); const wallet: Wallet | undefined = kit.getWallet(walletId); if (wallet) { console.log('Wallet address: ', wallet.getAddress()); } ``` ### Get all wallets [#get-all-wallets] To obtain all added wallets, use the `getWallets()` method of the initialized kit. ```ts title="TypeScript" const wallets: Wallet[] = kit.getWallets(); wallets.forEach(w => console.log('TON wallet address:', w.getAddress())); ``` ### Remove a single wallet [#remove-a-single-wallet] The `kit.removeWallet()` method accepts either a `walletId` or the adapter instance itself. Compose the identifier via the `createWalletId()` helper function or pass the adapter used when adding the wallet: ```ts title="TypeScript" import { createWalletId, Network } from '@ton/walletkit'; // Using the helper function to create a wallet identifier. const walletId = createWalletId( Network.mainnet(), walletAdapter.getAddress(), ); await kit.removeWallet(walletId); // Alternatively, pass the adapter directly. await kit.removeWallet(walletAdapter); ``` ### Clear all wallets [#clear-all-wallets] To remove all previously added wallets from the kit, use the `clearWallets()` method of the initialized kit. ```ts title="TypeScript" await kit.clearWallets(); ``` ## Next steps [#next-steps] ## See also [#see-also] * [WalletKit overview](/applications/walletkit/overview) * [TON Connect overview](/applications/ton-connect/overview) # TON plugin for IDEs from JetBrains (/blockchain-basics/contract-dev/ide/jetbrains) TON plugin for IntelliJ IDEA (Ultimate and Community), WebStorm, CLion, GoLand, PyCharm, RustRover, and all other JetBrains IDEs. ## Installation [#installation] ### From marketplace [#from-marketplace] 1. In the IDE, open Settings
Skip this step if you do not have open projects and are in the Start menu 2. Go to Plugins 3. Select the Marketplace tab (default) 4. Search for `TON` 5. Select the official plugin from TON Core and click Install The plugin would be fetched and installed in your current JetBrains IDE. You might need to restart it for changes to take effect. Here is how the plugin installation page may look in the start menu of WebStorm, before pressing the Install button: Alternatively, you can press Get on the [plugin homepage in the JetBrains Marketplace](https://plugins.jetbrains.com/plugin/23382-ton) and then follow subsequent instructions. ### From disk [#from-disk] To manually install the plugin: 1. Download the plugin archive from the [latest GitHub release](https://github.com/ton-blockchain/intellij-ton/releases/latest) or from the exact version [on the marketplace](https://plugins.jetbrains.com/plugin/23382-ton/versions) 2. In the IDE, open Settings
Skip this step if you do not have open projects and are in the Start menu 3. Go to Plugins 4. Click the gear icon on top and then select `Install Plugin from Disk...` 5. Select the plugin archive in the pop-up and complete the installation See also: [Installing a plugin from the command line in IntelliJ IDEA](https://www.jetbrains.com/help/idea/managing-plugins.html#install_plugin_cmd). ## Features and language support [#features-and-language-support] This plugin provides first-class support for TON-specific languages, schemas, and data formats in IntelliJ-based IDEs. Everything you need to develop, test, debug, and deploy TON smart contracts is made available right from your favorite JetBrains-made editor. Recommended language for TON smart contract development Legacy TON smart contract programming language Low-level stack-based language with deep TVM integration Cell-based data serialization and markup language Textual TVM bitcode assembly language and corresponding (dis)assembler Work with Acton projects and other tools for TON development ### Tolk [#tolk] **File extension:** `.tolk` The plugin provides the following features for Tolk files: * Syntax and error highlighting * [Code completion] — context-specific suggestions as you type * [Parameter info] — names of parameters in function calls, with option to enable complete function signatures info * [Quick documentation] — pop-up and hover documentation for any symbol right from the editor * [Declarations] — go to declarations, implementations, and types * [Usages] — search for references and usages of a code element throughout the codebase * [Inlay hints] — special in-editor markers, like parameter name blobs next to the corresponding argument values * [Inspections] — detects, finds, and highlights various problems and abnormal code * [Intention actions] — contextual code edits and quick fixes * [Formatting] — rearrangements and code cleanup * [Rename refactorings] — change names of symbols and files * [Code fragment surrounding] — templates for wrapping code fragments in various constructs, such as `try...catch` blocks. * [File structure] — view and navigate the code structure of the open file. * [Navigation bar] — structure of the project from directories down to code elements, usually located at the bottom of the status bar. ### FunC [#func] **File extensions:** `.fc`, `.func` The plugin provides the following features for FunC files: * Syntax and error highlighting * [Code completion] * [Quick documentation] * [Declarations] * [Usages] * [Inlay hints] * [Inspections] ### Fift [#fift] **File extensions:** `.fif`, `.fift` The plugin provides the following features for Fift: * Syntax and error highlighting, with better support for Fift assembly * [Code completion] * [Declarations] * [Usages] * [Inspections] ### TL-B [#tl-b] **File extension:** `.tlb` The plugin provides the following features for TL-B files: * Syntax and error highlighting * [Code completion] * [Declarations] * [Usages] * [Inspections] ### TASM [#tasm] **File extensions:** * `.tasm` — textual bitcode assembly * `.boc` — serialized binary smart contract code The plugin provides the following features for TON Assembly (TASM): * Syntax and error highlighting of `.tasm` files * [Code completion] * [Declarations] * [Usages] * [Inspections] ### Integrations [#integrations] The plugin integrates with [Acton](https://ton-blockchain.github.io/acton/docs/welcome) — a recommended modern all-in-one Tolk smart contract development environment.
[Plugin versions prior to `v4.0.0`](https://plugins.jetbrains.com/plugin/23382-ton/versions/stable/856449) also offer support for: * [Blueprint](/blockchain-basics/contract-dev/blueprint/overview) — comprehensive TypeScript development environment for TON smart contract development * [Sandbox](https://github.com/ton-org/sandbox) — local TON emulator Since [version `v4.0.0`](https://plugins.jetbrains.com/plugin/23382-ton/versions/stable/1040358), Acton is used as the primary TON development toolchain.
## Community [#community] Follow news and development discussions in [Telegram channels and chats](/overview/get-support#telegram-chats-channels-and-bots). [Code completion]: https://www.jetbrains.com/help/idea/auto-completing-code.html [Parameter info]: https://www.jetbrains.com/help/idea/viewing-reference-information.html#view-parameter-info [Quick documentation]: https://www.jetbrains.com/help/idea/viewing-reference-information.html#inline-quick-documentation [Intention actions]: https://www.jetbrains.com/help/idea/intention-actions.html [Declarations]: https://www.jetbrains.com/help/idea/navigating-through-the-source-code.html#go_to_declaration [Usages]: https://www.jetbrains.com/help/idea/find-highlight-usages.html [Inlay hints]: https://www.jetbrains.com/help/idea/inlay-hints.html [Inspections]: https://www.jetbrains.com/help/idea/code-inspection.html [Formatting]: https://www.jetbrains.com/help/idea/reformat-and-rearrange-code.html [Rename refactorings]: https://www.jetbrains.com/help/idea/rename-refactorings.html [Code fragment surrounding]: https://www.jetbrains.com/help/idea/surrounding-blocks-of-code-with-language-constructs.html [Navigation bar]: https://www.jetbrains.com/help/idea/guided-tour-around-the-user-interface.html#navigation-bar [File structure]: https://www.jetbrains.com/help/idea/viewing-structure-of-a-source-file.html # TON extension for Visual Studio Code (VS Code) and VSCode-based editors (/blockchain-basics/contract-dev/ide/vscode) TON extension for Visual Studio Code (VS Code) and VSCode-based editors, such as VSCodium, Cursor, Windsurf, and others. ## Installation [#installation] ### From Visual Studio Marketplace [#from-visual-studio-marketplace] Applicable for: VSCode
Extension on: [Marketplace](https://marketplace.visualstudio.com/items?itemName=ton-core.vscode-ton "TON extension on the Visual Studio Marketplace") 1. In the editor, open the Command Palette with Ctrl+Shift+P (or ⌘+⇧+P on macOS) 2. Type and select `Extensions: Install Extensions` 3. Search for `TON` 4. Select the official extension from TON Core and click Install The editor fetches and installs the extension. Restart the editor to apply changes if prompted. Here is how the extension page may look in VSCode, before pressing the Install button: ### From Open VSX Registry [#from-open-vsx-registry] Applicable for: VSCodium, Cursor, Windsurf, and other VSCodium-based editors
Extension in: [Registry](https://open-vsx.org/extension/ton-core/vscode-ton "TON extension in the Open VSX Registry") Installation steps are identical to the [VSCode setup](#from-visual-studio-marketplace). Additionally, one can download the exact extension version from the [Open VSX Registry](https://open-vsx.org/extension/ton-core/vscode-ton) and then proceed with [installation from disk](#from-disk). ### From disk [#from-disk] Applicable for: any VSCodium-based editor
VSIX file: [latest GitHub release](https://github.com/ton-blockchain/ton-language-server/releases/latest) To manually install the extension: 1. Download the `.vsix`-packaged plugin archive from the [latest GitHub release](https://github.com/ton-blockchain/ton-language-server/releases/latest) or from the exact version [in the registry](https://open-vsx.org/extension/ton-core/vscode-ton) 2. In the editor, open the Command Palette with Ctrl+Shift+P (or ⌘+⇧+P on macOS) 3. Type and select `Extensions: Install from VSIX...` 4. Browse and select the downloaded `.vsix` file The editor installs the extension. Restart the editor to apply changes if prompted.
To install the extension using CLI, specify the editor executable and the `--install-extension` command-line switch, followed by the path to a `.vsix` file: ```shell # Command for VSCode code --install-extension # Command for VSCodium codium --install-extension # Other VSCodium-based editors have similar commands ```
Visual Studio Code’s [“Installing an extension from a VSIX”](https://code.visualstudio.com/docs/configure/extensions/extension-marketplace#_install-from-a-vsix) guide explains the process. ## Features and language support [#features-and-language-support] Extension provides support for TON Blockchain languages and tools in VSCode and VSCode-based editors: from syntax highlighting to on-the-fly inspections and toolchain management. Recommended language for TON smart contract development Legacy TON smart contract programming language Low-level stack-based language with deep TVM integration Cell-based data serialization and markup language Textual TVM bitcode assembly language and corresponding (dis)assembler Work with Acton projects and other tools for TON development ### Tolk [#tolk] **File extension:** `.tolk` Tolk support includes: * Semantic syntax highlighting * Code completion with auto import, postfix completion, snippets, imports completion * Go to definition, type definition * Find all references, workspace symbol search, symbol renaming * Automatic import updates when renaming and moving files * Types and documentation on hover * Various inlay hints, including hints for types and parameter names. * On-the-fly inspections with quick fixes * Signature help inside calls * Build, test, and debug [Acton](https://ton-blockchain.github.io/acton/docs/welcome)-based projects * Flexible toolchain management ### FunC [#func] **File extensions:** `.fc`, `.func` FunC support includes: * Semantic syntax highlighting * Code completion, imports completion * Go to definition * Find all references, workspace symbol search, symbol renaming * Automatic import updates when renaming and moving files * Types and documentation on hover * Inlay hints for method IDs * On-the-fly inspections * Build, test, and debug [Acton](https://ton-blockchain.github.io/acton/docs/welcome)-based projects ### Fift [#fift] **File extensions:** `.fif`, `.fift` Fift support includes: * Basic and semantic syntax highlighting * Go-to definition * Inlay hints with instruction gas consumption * Hover documentation for instructions ### TL-B [#tl-b] **File extension:** `.tlb` TL-B support includes: * Basic and semantic syntax highlighting * Go-to definition * Completion for fields, parameters, and types * Go-to references for types * Hover documentation for declarations ### TASM [#tasm] **File extensions:** * `.tasm` — textual bitcode assembly * `.boc` — serialized binary smart contract code TON Assembly (TASM) support includes: * Basic syntax highlighting * Go-to definition * Inlay hints with instruction gas consumption * Hover documentation for instructions * Code completion for instructions Additionally, BoC support includes: * Automatic BoC disassembly with syntax highlighting * Automatic updates on changes in BoC ### Integrations [#integrations] The extension integrates with [Acton](https://ton-blockchain.github.io/acton/docs/welcome) — a recommended modern all-in-one Tolk smart contract development environment.
[Plugin versions `v0.6.0` and below](https://marketplace.visualstudio.com/items?itemName=ton-core.vscode-ton) also offer support for: * [Blueprint](/blockchain-basics/contract-dev/blueprint/overview) — comprehensive TypeScript development environment for TON smart contract development * [Sandbox](#sandbox) — Local TON emulator used to [test](/blockchain-basics/contract-dev/blueprint/testing/overview) smart contracts Since version `v1.0.0`, Acton is used as the primary TON development toolchain.
#### Sandbox [#sandbox] Available only in versions `v0.6.0` and below There is a graphical interface for local TON Blockchain emulation testing. By using it in Blueprint-based projects or any projects that use Sandbox (`@ton/sandbox`) for contract emulation, one can: * Deploy contracts directly from source code * Send internal and external messages * Execute get-methods * Inspect all transactions and messages * Inspect storage and balances in real time * Rollback to previous states and export or import various scenarios It is suited for prototyping, interactive debugging, and educational purposes. To start, open the "TON Sandbox" panel in the primary sidebar after installing the extension, then follow instructions on top. The [Sandbox wiki page](https://github.com/ton-blockchain/ton-language-server/wiki/Sandbox:-1.-Overview) provides more detail. ## Usage [#usage] * Customize the default config by [setting various options](#configuration-options) * Utilize commands from the [Command Palette](#command-palette) ### Configuration options [#configuration-options] This extension provides a wide range of options configurable in the [settings editor](https://code.visualstudio.com/docs/getstarted/extensions#_open-extension-settings). #### General [#general] Path to Tolk standard library. If empty, will try to find in `node_modules`. #### Toolchain [#toolchain] Configured Tolk toolchains. Each key serves as a unique identifier for the toolchain, which is an object with the following properties: * `"name"` (required) — Display name for the toolchain * `"path"` (required) — Path to the Tolk compiler executable * `"description"` — Optional description for the toolchain Default configuration: ```json "ton.tolk.toolchain.toolchains": { "auto": { "name": "Auto-detected", "path": "", "description": "Automatically detect Tolk compiler in node_modules" } } ``` Name of the active Tolk toolchain to use. The `"auto"` is a default toolchain that is automatically detected in `node_modules/`. Whether to add a short commit hash after Tolk version in the status bar. #### Editor → Hints [#editor--hints] Tolk: Disable all inlay hints. Tolk: Show type hints for variables and expressions. Tolk: Show parameter name hints in function calls. Tolk: Show method ID hints for get methods. Tolk: Show computed values for constants. FunC: Disable all inlay hints. FunC: Show method ID hints for functions with `method_id`. FunC: Show type hints for constants without explicit type. #### Editor → Completion [#editor--completion] Tolk: Sort completion items by relevance to the current context type. Tolk: Automatically add necessary imports for symbols from other files. #### Editor → Inspections [#editor--inspections] Tolk: List of disabled code inspections. All available inspections are enabled by default: * `"unused-parameter"` * `"unused-type-parameter"` * `"unused-variable"` * `"unused-top-level-declaration"` * `"unused-import"` * `"deprecated-symbol-usage"` * `"struct-initialization"` * `"cannot-reassign"` * `"need-not-null-unwrapping"` * `"missed-semicolon"` * `"call-arguments-count-mismatch"` FunC: List of disabled code inspections. All available inspections are enabled by default: * `"unused-parameter"` * `"unused-type-parameter"` * `"unused-variable"` * `"unused-import"` #### Editor → Find Usages [#editor--find-usages] Tolk: Where to search when using "Find Usages". Allowed values: * `"workspace"` (default) — Search only in workspace files * `"everywhere"` — Search everywhere, including the standard library #### Fift [#fift-1] Show gas consumption hints for Fift instructions. Enable/disable semantic highlighting for Fift files. #### BoC [#boc] Automatically open decompiled Fift assembly when opening BoC files (with `.boc` extension). #### Formatter [#formatter] Use experimental Tolk formatter. Sort imports on format. #### Sandbox [#sandbox-1] Available only in versions `v0.6.0` and below Port of the TON Sandbox server. Path to the TON Sandbox server binary. ### Command Palette [#command-palette] The Ctrl+Shift+P on Windows and Linux (and ⌘+⇧+P on macOS) brings up the [Command Palette](https://code.visualstudio.com/docs/getstarted/userinterface#_command-palette). This plugin provides a number of custom commands available for launch from the palette. #### General [#general-1] * `TON: Open decompiled BoC file` * `TON: Decompile BoC to TON Assembly file` * `TON: Debug contract` #### Tolk [#tolk-1] * `Tolk: Build project` * `Tolk: Get type at position` * `Tolk: Get contract ABI` * `Tolk: Get documentation at position` * `Tolk: Get scope information` * `Tolk: Get unresolved identifiers` * `Tolk: Show toolchain information` * `Tolk: Select active toolchain` — modifies the config * `Tolk: Add new toolchain` — modifies the config * `Tolk: Remove toolchain` — modifies the config * `Tolk: Manage toolchains` — modifies the config #### Sandbox [#sandbox-2] Available only in versions `v0.6.0` and below Work everywhere: * `TON: Install TON Sandbox Server` — modifies the config * `TON: Start TON Sandbox Server` * `TON: Stop TON Sandbox Server` * `TON: Open Sandbox Terminal` Only work in the Sandbox panel: * `TON: Refresh` * `TON: Refresh history` * `TON: Import history` * `TON: Export history` * `TON: Reset history` * `TON: Delete message template` * `TON: Copy contract ABI` * `TON: Copy address` # Blueprint TypeScript API (/blockchain-basics/contract-dev/blueprint/api)
[Acton](https://ton-blockchain.github.io/acton/docs/welcome) is the recommended tool for new smart contract projects. Blueprint remains supported for existing projects.
Blueprint exports functions and classes for programmatic interaction with TON smart contracts. ### `tonDeepLink` [#tondeeplink] Generates a TON deep-link for transfer. ```typescript function tonDeepLink( address: Address, amount: bigint, body?: Cell, stateInit?: Cell, testOnly?: boolean ): string; ``` **Parameters:** * `address` — the recipient's TON address * `amount` — the amount of nanoTON to send * `body` — optional message body as a Cell * `stateInit` — optional [`StateInit`](/blockchain-basics/primitives/messages/deploy) cell for deploying a contract * `testOnly` — optional flag to determine output address format **Returns:** a URL deep link that can be opened in TON wallets **Example:** ```typescript const link = tonDeepLink(myAddress, 10_000_000n); // 0.01 TON // "ton://transfer/..." ``` ### `getExplorerLink` [#getexplorerlink] Generates a link to view a TON address in a selected blockchain explorer. ```typescript function getExplorerLink( address: string, network: string, explorer: 'tonscan' | 'tonviewer' | 'toncx' | 'dton' ): string; ``` **Parameters:** * `address` — the TON address to view in explorer * `network` — the target network (`mainnet` or `testnet`) * `explorer` — the desired explorer (`tonscan`, `tonviewer`, `toncx`, `dton`) **Returns:** a full URL pointing to the address in the selected explorer **Example:** ```typescript const link = getExplorerLink("", "testnet", "tonscan"); // "https://testnet.tonscan.org/address/EQC...9gA" // — TON address to view. ``` ### `getNormalizedExtMessageHash` [#getnormalizedextmessagehash] Generates a normalized hash of an `external-in` message for comparison. ```typescript function getNormalizedExtMessageHash(message: Message): Buffer; ``` This function ensures consistent hashing of external-in messages by following [TEP-467](https://github.com/ton-blockchain/TEPs/blob/8b3beda2d8611c90ec02a18bec946f5e33a80091/text/0467-normalized-message-hash.md). **Parameters:** * `message` — the message to be normalized and hashed (must be of type `external-in`) **Returns:** the hash of the normalized message as `Buffer` **Throws:** error if the message type is not `external-in` ### `compile` [#compile] Compiles a contract using the specified configuration for `tact`, `func`, or `tolk` languages. ```typescript async function compile(name: string, opts?: CompileOpts): Promise ``` **Parameters:** * `name` — the name of the contract to compile (should correspond to a file named `.compile.ts`) * `opts` — optional [`CompileOpts`](#compileopts), including user data passed to hooks **Returns:** a promise that resolves to the compiled contract code as a `Cell` **Example:** ```typescript import { compile } from '@ton/blueprint'; async function main() { const codeCell = await compile('Contract'); console.log('Compiled code BoC:', codeCell.toBoc().toString('base64')); } ``` ### `libraryCellFromCode` [#librarycellfromcode] Packs the resulting code hash into a library cell. ```typescript function libraryCellFromCode(code: Cell): Cell ``` **Parameters:** * `code` — the contract code cell **Returns:** a library cell containing the code hash ### `NetworkProvider` [#networkprovider] Interface representing a network provider for interacting with the TON Blockchain. ```typescript interface NetworkProvider { network(): 'mainnet' | 'testnet' | 'custom'; explorer(): Explorer; sender(): SenderWithSendResult; api(): BlueprintTonClient; provider(address: Address, init?: { code?: Cell; data?: Cell }): ContractProvider; isContractDeployed(address: Address): Promise; waitForDeploy(address: Address, attempts?: number, sleepDuration?: number): Promise; waitForLastTransaction(attempts?: number, sleepDuration?: number): Promise; getContractState(address: Address): Promise; getConfig(configAddress?: Address): Promise; open(contract: T): OpenedContract; ui(): UIProvider; } ``` #### `network()` [#network] ```typescript network(): 'mainnet' | 'testnet' | 'custom'; ``` **Returns:** current network type that the provider is connected to #### `explorer()` [#explorer] ```typescript explorer(): Explorer; ``` **Returns:** [`Explorer`](#explorer) name for the current network #### `sender()` [#sender] ```typescript sender(): SenderWithSendResult ``` **Returns:** the [`SenderWithSendResult`](#senderwithsendresult) instance used for sending transactions #### `api()` [#api] ```typescript api(): BlueprintTonClient ``` **Returns:** the underlying [`BlueprintTonClient`](#blueprinttonclient) API for direct blockchain interactions #### `provider()` [#provider] ```typescript provider(address: Address, init?: { code?: Cell; data?: Cell }): ContractProvider ``` Creates a contract provider for interacting with a contract at the specified address. **Parameters:** * `address` — the contract address to interact with * `init` — optional contract initialization data * `code` — Contract code cell * `data` — Contract initial data cell **Returns:** `contractProvider` instance for the specified address #### `isContractDeployed()` [#iscontractdeployed] ```typescript isContractDeployed(address: Address): Promise ``` Checks whether a contract is deployed at the specified address. **Parameters:** * `address` — the contract address to check **Returns:** promise resolving to `true` if contract is deployed, `false` otherwise **Usage example:** ```typescript export async function run(provider: NetworkProvider) { const isDeployed = await provider.isContractDeployed(contractAddress); if (!isDeployed) { console.log('Contract not yet deployed'); } } ``` #### `waitForDeploy()` [#waitfordeploy] ```typescript waitForDeploy(address: Address, attempts?: number, sleepDuration?: number): Promise ``` Waits for a contract to be deployed by polling the address until the contract appears on-chain. **Parameters:** * `address` — the contract address to monitor * `attempts` — maximum number of polling attempts (default: 20) * `sleepDuration` — delay between attempts in milliseconds (default: 2000) **Returns:** a promise that resolves when the contract is deployed **Throws:** error if the contract is not deployed within the specified attempts **Usage example:** ```typescript export async function run(provider: NetworkProvider) { // Send deployment transaction await contract.sendDeploy(provider.sender(), { value: toNano('0.01') }); // Wait for deployment to complete await provider.waitForDeploy(contract.address); console.log('Contract deployed successfully'); } ``` #### `waitForLastTransaction()` [#waitforlasttransaction] ```typescript waitForLastTransaction(attempts?: number, sleepDuration?: number): Promise ``` Waits for the last sent transaction to be processed and confirmed on the blockchain. **Parameters:** * `attempts` — maximum number of polling attempts (default: 20) * `sleepDuration` — delay between attempts in milliseconds (default: 2000) **Returns:** promise that resolves when the last transaction is confirmed **Usage example:** ```typescript export async function run(provider: NetworkProvider) { await contract.sendIncrement(provider.sender(), { value: toNano('0.01') }); await provider.waitForLastTransaction(); } ``` #### `getContractState()` [#getcontractstate] ```typescript getContractState(address: Address): Promise ``` Retrieves the current state of a contract, including its balance, code, and data. **Parameters:** * `address` — the contract address to query **Returns:** promise resolving to `ContractState`. **Usage example:** ```typescript export async function run(provider: NetworkProvider) { const state = await provider.getContractState(contractAddress); console.log(`Contract balance: ${fromNano(state.balance)} TON`); } ``` #### `getConfig()` [#getconfig] ```typescript getConfig(configAddress?: Address): Promise ``` Fetches the current blockchain configuration parameters. **Parameters:** * `configAddress` — optional config contract address (uses default if not provided) **Returns:** promise resolving to `BlockchainConfig` #### `open()` [#open] ```typescript open(contract: T): OpenedContract ``` Opens a contract instance for interaction, binding it to the current provider. **Parameters:** * `contract` — the contract instance to open **Returns:** `openedContract` wrapper that enables direct method calls **Usage example:** ```typescript export async function run(provider: NetworkProvider) { const counter = provider.open(Counter.fromAddress(contractAddress)); const currentValue = await counter.getCounter(); console.log('Current counter value:', currentValue); } ``` #### `ui()` [#ui] ```typescript ui(): UIProvider ``` **Returns:** [`UIProvider`](#uiprovider) instance for console interactions **Usage example:** ```typescript export async function run(provider: NetworkProvider) { const ui = provider.ui(); ui.write('Deployment starting...'); const confirmed = await ui.prompt('Deploy to mainnet?'); } ``` ### `UIProvider` [#uiprovider] Interface for handling user interactions, such as displaying messages, prompting for input, and managing action prompts. This interface abstracts console interactions and can be used in both interactive and automated scenarios. ```typescript interface UIProvider { write(message: string): void; prompt(message: string): Promise; inputAddress(message: string, fallback?: Address): Promise
; input(message: string): Promise; choose(message: string, choices: T[], display: (v: T) => string): Promise; setActionPrompt(message: string): void; clearActionPrompt(): void; } ``` #### `write()` [#write] ```typescript write(message: string): void ``` Displays a message to the user console. **Parameters:** * `message` — the text message to display **Usage example:** ```typescript export async function run(provider: NetworkProvider) { const ui = provider.ui(); ui.write('Starting contract deployment...'); ui.write(`Network: ${provider.network()}`); } ``` #### `prompt()` [#prompt] ```typescript prompt(message: string): Promise ``` Displays a yes/no prompt to the user and waits for their response. **Parameters:** * `message` — the prompt message to display **Returns:** promise resolving to `true` for yes, `false` for no **Usage example:** ```typescript export async function run(provider: NetworkProvider) { const ui = provider.ui(); const confirmed = await ui.prompt('Deploy to mainnet? This will cost real TON'); if (confirmed) { ui.write('Proceeding with deployment...'); } else { ui.write('Deployment cancelled'); return; } } ``` #### `inputAddress()` [#inputaddress] ```typescript inputAddress(message: string, fallback?: Address): Promise
``` Prompts the user to input a TON address with validation. **Parameters:** * `message` — the prompt message to display * `fallback` — optional default address to use if user provides empty input **Returns:** promise resolving to Address object **Usage example:** ```typescript export async function run(provider: NetworkProvider) { const ui = provider.ui(); const targetAddress = await ui.inputAddress( 'Enter the contract address to interact with:', Address.parse('EQD4FPq-PRDieyQKkizFTRtSDyucUIqrj0v_zXJmqaDp6_0t') // fallback ); ui.write(`Using address: ${targetAddress.toString()}`); } ``` #### `input()` [#input] ```typescript input(message: string): Promise ``` Prompts the user for a text input and returns the entered string. **Parameters:** * `message` — the prompt message to display **Returns:** promise resolving to the user's input as a string **Usage example:** ```typescript export async function run(provider: NetworkProvider) { const ui = provider.ui(); const contractName = await ui.input('Enter the contract name:'); ui.write(`Deploying contract: ${contractName}`); } ``` #### `choose()` [#choose] ```typescript choose(message: string, choices: T[], display: (v: T) => string): Promise ``` Presents a list of choices to the user and returns the selected option. **Parameters:** * `message` — the prompt message to display * `choices` — array of options to choose from * `display` — function to convert each choice to a display string **Returns:** promise resolving to the selected choice **Usage example:** ```typescript export async function run(provider: NetworkProvider) { const ui = provider.ui(); const networks = ['mainnet', 'testnet']; const selectedNetwork = await ui.choose( 'Select deployment network:', networks, (network) => network.toUpperCase() ); ui.write(`Selected network: ${selectedNetwork}`); } ``` #### `setActionPrompt()` [#setactionprompt] ```typescript setActionPrompt(message: string): void ``` Sets a persistent action prompt that remains visible during operations. **Parameters:** * `message` — the action prompt message to display **Usage example:** ```typescript export async function run(provider: NetworkProvider) { const ui = provider.ui(); ui.setActionPrompt('⏳ Waiting for transaction confirmation...'); await contract.send(provider.sender(), { value: toNano('0.01') }, 'increment'); await provider.waitForLastTransaction(); ui.clearActionPrompt(); ui.write('✅ Transaction confirmed'); } ``` #### `clearActionPrompt()` [#clearactionprompt] ```typescript clearActionPrompt(): void ``` Clears the current action prompt, removing it from display. **Usage example:** ```typescript export async function run(provider: NetworkProvider) { const ui = provider.ui(); ui.setActionPrompt('🔄 Processing...'); // Perform some operation await someAsyncOperation(); ui.clearActionPrompt(); ui.write('Operation completed'); } ``` ## Type definitions [#type-definitions] Blueprint exports several TypeScript types for configuration and compilation options. These types provide type safety and IntelliSense support when working with Blueprint programmatically. ### `CompileOpts` [#compileopts] Optional compilation settings, including user data passed to hooks and compilation flags. ```typescript type CompileOpts = { hookUserData?: any; debugInfo?: boolean; buildLibrary?: boolean; }; ``` **Properties:** * `hookUserData` — optional user data passed to pre/post compile hooks * `debugInfo` — enable debug information in compiled output (default: `false`) * `buildLibrary` — build as a library instead of a regular contract (default: `false`) **Usage example:** ```typescript import { compile } from '@ton/blueprint'; const codeCell = await compile('MyContract', { debugInfo: true, hookUserData: { customFlag: true } }); ``` ### `CommonCompilerConfig` [#commoncompilerconfig] Base configuration shared by all compiler types. This interface defines common compilation hooks and options. ```typescript type CommonCompilerConfig = { preCompileHook?: (params: HookParams) => Promise; postCompileHook?: (code: Cell, params: HookParams) => Promise; buildLibrary?: boolean; }; ``` **Properties:** * `preCompileHook` — optional function called before compilation starts (receives [`HookParams`](#hookparams)) * `postCompileHook` — optional function called after compilation completes (receives compiled `Cell` and [`HookParams`](#hookparams)) * `buildLibrary` — whether to build as a library (default: `false`) **Usage example:** ```typescript title="./wrappers/MyContract.compile.ts" import { CompilerConfig } from '@ton/blueprint'; export const compile: CompilerConfig = { lang: 'func', targets: ['contracts/my_contract.fc'], preCompileHook: async (params) => { console.log('Starting compilation...'); }, postCompileHook: async (code, params) => { console.log('Compilation completed!'); } }; ``` ### `FuncCompilerConfig` [#funccompilerconfig] Configuration specific to the FunC compiler, including optimization levels and source file specifications. ```typescript type FuncCompilerConfig = { lang?: 'func'; optLevel?: number; debugInfo?: boolean; } & ( | { targets: string[]; sources?: SourceResolver | SourcesMap; } | { targets?: string[]; sources: SourcesArray; } ); ``` **Properties:** * `lang` — compiler language identifier (optional, defaults to `'func'`) * `optLevel` — optimization level (0-2, default: 2) * `debugInfo` — include debug information in output * `targets` — array of FunC source file paths to compile * `sources` — alternative source specification method **Usage example:** ```typescript title="./wrappers/MyContract.compile.ts" import { CompilerConfig } from '@ton/blueprint'; export const compile: CompilerConfig = { lang: 'func', targets: [ 'contracts/imports/stdlib.fc', 'contracts/my_contract.fc' ], optLevel: 2, debugInfo: false }; ``` ### `TolkCompilerConfig` [#tolkcompilerconfig] Configuration for the Tolk compiler, including optimization and debugging options. ```typescript type TolkCompilerConfig = { lang: 'tolk'; entrypoint: string; optimizationLevel?: number; withStackComments?: boolean; withSrcLineComments?: boolean; experimentalOptions?: string; }; ``` **Properties:** * `lang` — compiler language identifier (must be `'tolk'`) * `entrypoint` — path to the main Tolk source file * `optimizationLevel` — optimization level * `withStackComments` — include stack operation comments in Fift output * `withSrcLineComments` — include source line comments in Fift output * `experimentalOptions` — additional experimental compiler flags **Usage example:** ```typescript title="./wrappers/MyContract.compile.ts" import { CompilerConfig } from '@ton/blueprint'; export const compile: CompilerConfig = { lang: 'tolk', entrypoint: 'contracts/my_contract.tolk', optimizationLevel: 2, withStackComments: true, withSrcLineComments: true }; ``` ### `TactLegacyCompilerConfig` [#tactlegacycompilerconfig] Configuration for the Tact compiler (legacy configuration format). ```typescript type TactLegacyCompilerConfig = { lang: 'tact'; target: string; options?: Options; }; ``` **Properties:** * `lang` — compiler language identifier (must be `'tact'`) * `target` — path to the main Tact source file * `options` — additional Tact compiler options **Usage example:** ```typescript title="./wrappers/MyContract.compile.ts" import { CompilerConfig } from '@ton/blueprint'; export const compile: CompilerConfig = { lang: 'tact', target: 'contracts/my_contract.tact', options: { debug: false, external: true } }; ``` ### `HookParams` [#hookparams] Parameters passed to compilation hooks, providing context about the compilation process. ```typescript type HookParams = { userData?: any; }; ``` **Properties:** * `userData` — optional user data passed from [`CompileOpts`](#compileopts) ### `SenderWithSendResult` [#senderwithsendresult] An extended sender interface that tracks the result of the last send operation. ```typescript interface SenderWithSendResult extends Sender { readonly lastSendResult?: unknown; } ``` **Properties:** * `lastSendResult` — optional result from the most recent send operation ### `BlueprintTonClient` [#blueprinttonclient] Union type representing supported TON client implementations. ```typescript type BlueprintTonClient = TonClient4 | TonClient | ContractAdapter | LiteClient; ``` **Supported clients:** * `TonClient4` — TON HTTP API v4 client * `TonClient` — TON HTTP API v2/v3 client * `ContractAdapter` — TON API adapter * `LiteClient` — Lite client for direct node communication ### `Explorer` [#explorer-1] Supported blockchain explorer types. ```typescript type Explorer = 'tonscan' | 'tonviewer' | 'toncx' | 'dton'; ``` **Supported explorers:** * `'tonscan'` — Tonscan explorer * `'tonviewer'` — Tonviewer explorer (default) * `'toncx'` — TON.cx explorer * `'dton'` — dTON.io explorer ## Configuration [#configuration] For detailed configuration options, refer to the [Blueprint Configuration](/blockchain-basics/contract-dev/blueprint/config) guide. # Benchmarking performance with Blueprint (/blockchain-basics/contract-dev/blueprint/benchmarks)
[Acton](https://ton-blockchain.github.io/acton/docs/welcome) is the recommended tool for new smart contract projects. Blueprint remains supported for existing projects.
In TON, a contract's performance is defined by its gas consumption, so it's important to design your logic efficiently. Unlike many other blockchains, TON also requires you to pay for storing contract data and forwarding messages between contracts. ## Gas consumption [#gas-consumption] As you develop and iterate on a contract, even small changes to its logic can affect both gas usage and data size. Monitoring these changes helps ensure that your contract remains efficient and cost-effective.
For a deeper breakdown of how fees work in TON, refer to [Transaction fees](/blockchain-basics/primitives/fees)
## Gas metrics reporting [#gas-metrics-reporting] To simplify tracking changes in gas usage and data size, we’ve introduced a reporting system that lets you collect and compare metrics across different versions of a contract. To enable this, write test scenarios that cover the contract’s primary usage patterns and verify expected behavior. This approach is sufficient to gather relevant metrics, which you can later use to compare performance changes after updating the implementation. Before running the tests, a store is created to collect metrics from all transactions generated during the tests. After test execution, the collected metrics are supplemented with [ABI information from the snapshot](https://github.com/ton-org/sandbox/blob/main/docs/collect-metric-api.md#abi-auto-mapping), and a report is generated based on this data. While more [metrics are collected](https://github.com/ton-org/sandbox/blob/main/docs/collect-metric-api.md#snapshot-structure), the current report format includes `gasUsed`, `cells`, and `bits`, which correspond to the internal metrics `compute.phase`, `state.code`, and `state.data`. ## Metrics comparison example [#metrics-comparison-example] To see how gas metrics can be collected and compared in practice, let’s walk through a complete example. Start by creating a new project using `npm create ton@latest`: ```bash npm create ton@latest -y -- sample --type func-counter --contractName Sample cd sample ``` **Note:** * The `-y` flag skips prompts and accepts defaults. * `--type` specifies the template (e.g., `func-counter`). * `--contractName` sets the contract name. Alternatively, you can run: ```bash npm create ton@latest sample ``` This command scaffolds a project with a basic counter contract at `contracts/sample.fc`. It defines a simple stateful contract that stores an `id` and a `counter` and supports an `increase` operation. ```func title="sample.fc" #include "imports/stdlib.fc"; const op::increase = "op::increase"c; global int ctx_id; global int ctx_counter; () load_data() impure { var ds = get_data().begin_parse(); ctx_id = ds~load_uint(32); ctx_counter = ds~load_uint(32); ds.end_parse(); } () save_data() impure { set_data( begin_cell() .store_uint(ctx_id, 32) .store_uint(ctx_counter, 32) .end_cell() ); } () recv_internal(int my_balance, int msg_value, cell in_msg_full, slice in_msg_body) impure { if (in_msg_body.slice_empty?()) { ;; ignore all empty messages return (); } slice cs = in_msg_full.begin_parse(); int flags = cs~load_uint(4); if (flags & 1) { ;; ignore all bounced messages return (); } load_data(); int op = in_msg_body~load_uint(32); int query_id = in_msg_body~load_uint(64); if (op == op::increase) { int increase_by = in_msg_body~load_uint(32); ctx_counter += increase_by; save_data(); return (); } throw(0xffff); } int get_counter() method_id { load_data(); return ctx_counter; } int get_id() method_id { load_data(); return ctx_id; } ``` ### Generate a gas report [#generate-a-gas-report] Let’s now generate a gas usage report for the contract. Run the following command: ```bash npx blueprint test --gas-report ``` This runs your tests with gas tracking enabled and outputs a `gas-report.json` with transaction metrics. ... PASS Comparison metric mode: gas depth: 1 Gas report write in 'gas-report.json' ┌───────────┬──────────────┬───────────────────────────┐ │ │ │ current │ │ Contract │ Method ├──────────┬────────┬───────┤ │ │ │ gasUsed │ cells │ bits │ ├───────────┼──────────────┼──────────┼────────┼───────┤ │ │ sendDeploy │ 1937 │ 11 │ 900 │ │ ├──────────────┼──────────┼────────┼───────┤ │ │ send │ 515 │ 11 │ 900 │ │ Sample ├──────────────┼──────────┼────────┼───────┤ │ │ sendIncrease │ 1937 │ 11 │ 900 │ │ ├──────────────┼──────────┼────────┼───────┤ │ │ 0x7e8764ef │ 2681 │ 11 │ 900 │ └───────────┴──────────────┴──────────┴────────┴───────┘ ### Storage fee calculation [#storage-fee-calculation] You can use the `cells` and `bits` values from the report to estimate the **storage fee** for your contract. Here’s the formula: ```text storage_fee = ceil( (account.bits * bit_price + account.cells * cell_price) * time_delta / 2 ** 16) ``` To try this in practice, use the [calculator example](/blockchain-basics/primitives/fees). ### Regenerate the gas report [#regenerate-the-gas-report] Note that the `op::increase` method appears in the report as the raw opcode `0x7e8764ef`. To display a human-readable name in the report, update the generated `contract.abi.json` by replacing the raw opcode with the name **increase** in both the `messages` and `types` sections: ```diff --- a/contract.abi.json +++ b/contract.abi.json @@ -6,13 +6,13 @@ "receiver": "internal", "message": { "kind": "typed", - "type": "0x7e8764ef" + "type": "increase" } } ], "types": [ { - "name": "0x7e8764ef", + "name": "increase", "header": 2122802415 } ], ``` Once you've updated the `contract.abi.json` file, rerun the command to regenerate the gas report: ```bash npx blueprint test --gas-report ``` Now the method name appears in the report as `increase`, making it easier to read: ... │ ├──────────────┼──────────┼────────┼───────┤ │ │ increase │ 2681 │ 11 │ 900 │ └───────────┴──────────────┴──────────┴────────┴───────┘ ### Save a snapshot for future comparison [#save-a-snapshot-for-future-comparison] To track how gas usage evolves, you can create a named snapshot of the current metrics. This allows you to compare future versions of the contract against this baseline: ```bash npx blueprint snapshot --label "v1" ``` This creates a snapshot file in `.snapshot/`: ```text ... PASS Collect metric mode: "gas" Report write in '.snapshot/1749821319408.json' ``` ### Optimize the contract and compare the metrics [#optimize-the-contract-and-compare-the-metrics] Let’s try a simple optimization — adding the `inline` specifier to some functions.
An [inline specifier](/blockchain-basics/languages/func/functions#inline-specifier) is directly substituted into the code wherever it’s called, which can help reduce gas usage by eliminating the overhead of a function call.
Update your contract like this: ```diff --- a/contracts/sample.fc +++ b/contracts/sample.fc -() load_data() impure { +() load_data() impure inline { -() save_data() impure { +() save_data() impure inline { -() recv_internal(int my_balance, int msg_value, cell in_msg_full, slice in_msg_body) impure { +() recv_internal(int my_balance, int msg_value, cell in_msg_full, slice in_msg_body) impure inline { ``` Now regenerate the gas report. Since we already created a snapshot labeled `v1`, this report will include a comparison with the previous version: ```bash npx blueprint test --gas-report ``` You see a side-by-side comparison of gas usage before and after the change: PASS Comparison metric mode: gas depth: 2 Gas report write in 'gas-report.json' ┌───────────┬──────────────┬─────────────────────────────────────────┬───────────────────────────┐ │ │ │ current │ v1 │ │ Contract │ Method ├──────────────┬───────────┬──────────────┼──────────┬────────┬───────┤ │ │ │ gasUsed │ cells │ bits │ gasUsed │ cells │ bits │ ├───────────┼──────────────┼──────────────┼───────────┼──────────────┼──────────┼────────┼───────┤ │ │ sendDeploy │ 1937 same │ 7 -36.36% │ 1066 +18.44% │ 1937 │ 11 │ 900 │ │ ├──────────────┼──────────────┼───────────┼──────────────┼──────────┼────────┼───────┤ │ │ send │ 446 -13.40% │ 7 -36.36% │ 1066 +18.44% │ 515 │ 11 │ 900 │ │ Sample ├──────────────┼──────────────┼───────────┼──────────────┼──────────┼────────┼───────┤ │ │ sendIncrease │ 1937 same │ 7 -36.36% │ 1066 +18.44% │ 1937 │ 11 │ 900 │ │ ├──────────────┼──────────────┼───────────┼──────────────┼──────────┼────────┼───────┤ │ │ increase │ 1961 -26.86% │ 7 -36.36% │ 1066 +18.44% │ 2681 │ 11 │ 900 │ └───────────┴──────────────┴──────────────┴───────────┴──────────────┴──────────┴────────┴───────┘ ## Project setup instructions [#project-setup-instructions] If your project already exists, you need to configure **jest** to collect gas metrics. You can do this in one of two ways: #### Option 1: update the existing `jest.config.ts` [#option-1-update-the-existing-jestconfigts] Add the necessary environment and reporter settings: ```diff title="jest.config.ts" import type { Config } from 'jest'; const config: Config = { preset: 'ts-jest', + testEnvironment: '@ton/sandbox/jest-environment', testPathIgnorePatterns: ['/node_modules/', '/dist/'], + reporters: [ + 'default', + ['@ton/sandbox/jest-reporter', {}], + ] }; export default config; ```
See the full list of options in the [Sandbox jest config docs](https://github.com/ton-org/sandbox/blob/main/README.md#setup-in-jestconfigts).
#### Option 2: create a separate config `gas-report.config.ts` [#option-2-create-a-separate-config-gas-reportconfigts] If you prefer not to modify your main `jest.config.ts`, you can create a dedicated config file: ```ts title="gas-report.config.ts" import config from './jest.config'; // use filter tests if needed, see https://jestjs.io/docs/cli#--testnamepatternregex // config.testNamePattern = '^Foo should increase counter$' config.testEnvironment = '@ton/sandbox/jest-environment' config.reporters = [ ['@ton/sandbox/jest-reporter', { }], ] export default config; ``` When using this separate config, pass it using the `--config` option: ```bash npx blueprint test --gas-report -- --config gas-report.config.ts npx blueprint snapshot --label "v2" -- --config gas-report.config.ts ``` ## Collect metrics manually [#collect-metrics-manually] You can collect metrics manually using the low-level API from `@ton/sandbox`. ```typescript title="collect-metrics.ts" import { Blockchain, createMetricStore, makeSnapshotMetric, resetMetricStore } from '@ton/sandbox'; const store = createMetricStore(); async function someDo() { const blockchain = await Blockchain.create(); const [alice, bob] = await blockchain.createWallets(2); await alice.send({ to: bob.address, value: 1 }); } async function main() { resetMetricStore(); await someDo(); const metric = makeSnapshotMetric(store); console.log(metric); } main().catch((error) => { console.log(error.message); }); ``` For more details, see the [Collect Metric API documentation](https://github.com/ton-org/sandbox/blob/main/docs/collect-metric-api.md#example). # Blueprint CLI reference (/blockchain-basics/contract-dev/blueprint/cli)
[Acton](https://ton-blockchain.github.io/acton/docs/welcome) is the recommended tool for new smart contract projects. Blueprint remains supported for existing projects.
Blueprint is a CLI tool for TON smart contract development. This reference covers all available commands, options, configuration, and API methods. ## CLI commands [#cli-commands] Blueprint provides a comprehensive set of CLI commands for smart contract development, testing, and deployment. Commands support both interactive and non-interactive modes. ### `create` [#create] ```bash npx blueprint create --type ``` Creates a new smart contract with all necessary files, including the contract source, TypeScript wrapper, test file, and deployment script. #### Interactive mode [#interactive-mode] ```bash npx blueprint create ``` Launches an interactive wizard that guides you through: 1. Contract name selection (validates CamelCase format) 2. Programming language choice (Tolk, FunC, or Tact) 3. Template type selection (empty or counter example) #### Non-interactive mode [#non-interactive-mode] ```bash npx blueprint create --type ``` **Parameters:** * `` — contract name in CamelCase format (e.g., `MyAwesomeContract`) * `` — template type from available options **Available template types:** * `tolk-empty` — an empty contract (Tolk) * `func-empty` — an empty contract (FunC) * `tact-empty` — an empty contract (Tact) * `tolk-counter` — a simple counter contract (Tolk) * `func-counter` — a simple counter contract (FunC) * `tact-counter` — a simple counter contract (Tact) **Usage examples:** ```bash # Create empty Tolk contract npx blueprint create MyToken --type tolk-empty # Create Tolk counter example npx blueprint create SimpleCounter --type tolk-counter # Create contract interactively npx blueprint create ``` **Generated files:** * `contracts/MyContract.{tolk|fc|tact}` — contract source code * `wrappers/MyContract.ts` — TypeScript wrapper for contract interaction * `tests/MyContract.spec.ts` — Jest test suite with basic test cases * `scripts/deployMyContract.ts` — deployment script with network configuration ### `build` [#build] ```bash npx blueprint build --all ``` Compiles smart contracts using their corresponding `.compile.ts` configuration files. #### Interactive mode [#interactive-mode-1] ```bash npx blueprint build ``` Displays a list of all available contracts with `.compile.ts` files for selection. Shows compilation status and allows building individual contracts or all at once. #### Non-interactive mode [#non-interactive-mode-1] ```bash npx blueprint build npx blueprint build --all ``` **Parameters:** * `` — specific contract name to build (matches the `.compile.ts` filename) * `--all` — build all contracts in the project that have compilation configurations **Usage examples:** ```bash # Build specific contract npx blueprint build MyToken # Build all contracts npx blueprint build --all # Interactive selection npx blueprint build ``` For detailed information about build artifacts, see [Compiled Artifacts](/blockchain-basics/contract-dev/blueprint/develop#compiled-artifacts). ### `run` [#run] ```bash npx blueprint run ``` ```html ``` * [Example](https://github.com/sorawalker/demo-dapp-with-analytics/blob/patch-1/index.html) ### Using the NPM [#using-the-npm] Install using the npm: ```sh icon="package" npm install @telegram-apps/analytics ``` To ensure that all events are collected correctly, you must initialize the SDK before the application starts rendering. For example, in React applications, before calling the render() function ```javascript import telegramAnalytics from '@telegram-apps/analytics'; telegramAnalytics.init({ token: 'YOUR_TOKEN', // SDK Auth token received via @DataChief_bot appName: 'ANALYTICS_IDENTIFIER', // The analytics identifier you entered in @DataChief_bot }); ``` After initializing the Telegram Analytics, you are all set to transfer the data, gain insights, and improve user engagement. Most of them will be tracked automatically without manual control. * [Example](https://github.com/sorawalker/demo-dapp-with-analytics/blob/master/src/main.tsx) ## Contributing [#contributing] Contributions are welcome! To contribute, fork the repository, make your changes, and submit a pull request. We look forward to your innovative [ideas](https://github.com/Telegram-Mini-Apps/TelegramAnalytics/pulls) and improvements. ## License [#license] This Telegram Analytics SDK is available under the [MIT License](https://opensource.org/license/mit). Feel free to use it in both personal and commercial projects. The library was expertly developed by [`@sorawalker`](https://github.com/sorawalker), with generous support from [TON Foundation](https://github.com/ton-society/grants-and-bounties/). # API Endpoints (/ecosystem/tma/analytics/api-endpoints) Here, you can view information about existing endpoints and how to make requests for them. ## API URL [#api-url] URL for POST requests: [`/events`](https://tganalytics.xyz/events) ## POST events [#post-events] This request is needed to record an event in the database. ### Body [#body] The request body may contain an array rather than a single event. The main thing is that all events in the array satisfy the scheme below. #### Required [#required] | Field | Type | Description | | ------------ | ------ | --------------------------------------------------------------------------------------------------------------------------------------------------------- | | `user_id` | number | Unique identifier for the user. | | `event_name` | string | The name of the event from the supported events. | | `session_id` | string | Session identifier for tracking user sessions. **Must be** [UUID](https://github.com/Telegram-Mini-Apps/analytics/blob/master/src/utils/generateUUID.ts). | | `app_name` | string | The name of the application that you specified when creating the token | #### Optional [#optional] | Field | Type | Description | | ------------------ | ------------------------------------- | --------------------------------------------------------------------------------------------- | | `is_premium` | boolean | If the user has a premium account, by default - false | | `is_success` | boolean | Indicates whether a wallet is connected or the transaction was successful, by default - false | | `error_message` | string | Error message if the wallet connection or transaction is unsuccessful | | `error_code` | number | Description: error code if the wallet connection or transaction is unsuccessful | | `wallet_address` | string | Wallet address involved in the event | | `wallet_type` | string | Type of the wallet | | `wallet_version` | string | Version of the wallet software | | `auth_type` | enum | Type of authorization used. `0` - `ton_addr`, `1` - `ton_proof`. | | `valid_until` | string | Timestamp until when a transaction offer is valid | | `from` | string | Wallet address initiating the transaction | | `messages` | `{ address: string; amount: string }` | List of transactions `{to, amount}` involved in the event | | `custom_data` | object | Object to store custom event details as needed | | `client_timestamp` | string | The time when the event occurred on the client | | `platform` | string | The platform from which the MiniApp was opened | | `locale` | string | User language code | | `start_param` | string | `tgWebAppStartParam` | | `url_referer` | string | The URL of the web application from which the request was sent | | `scope` | string | Event scope | ### Request body example: [#request-body-example] ```json [ { "event_name": "app-init", "session_id": "10c574d9-6d2c-4e6d-a141-ce6da141ce6d", "user_id": 111111111, "app_name": "docs", "is_premium": true, "platform": "tdesktop", "locale": "en", "client_timestamp": "1743503599534" } ] ``` ```json [ { "event_name": "connection-started", "custom_data": { "ton_connect_sdk_lib": "3.0.3", "ton_connect_ui_lib": "2.0.5" }, "session_id": "10c574d9-6d2c-4e6d-a141-ce6da141ce6d", "user_id": 111111111, "app_name": "docs", "is_premium": true, "platform": "tdesktop", "locale": "en", "client_timestamp": "1743503647541" } ] ``` ```json [ { "event_name": "connection-error", "is_success": false, "error_message": "Connection was cancelled", "error_code": null, "custom_data": { "ton_connect_sdk_lib": "3.0.3", "ton_connect_ui_lib": "2.0.5" }, "session_id": "10c574d9-6d2c-4e6d-a141-ce6da141ce6d", "user_id": 111111111, "app_name": "docs", "is_premium": true, "platform": "tdesktop", "locale": "en", "client_timestamp": "1743503683701" } ] ``` ### Headers [#headers] Instead of `YOUR_TOKEN`, you need to specify the token received using the managing integration. (TO DO link) ```json { "TGA-Auth-Token": "YOUR_TOKEN", "Content-Type": "application/json" } ``` ### Responses [#responses] #### HTTP201 [#http201] * Description: The event has been successfully recorded * Content: ```json { "message": "Success record." } ``` #### HTTP400 [#http400] * Description: The event was not recorded due to server issues * Content: ```json { "message": "Failed to record" } ``` #### HTTP400 [#http400-1] * Description: The token was entered incorrectly or in the wrong format * Content: ```json { "message": "The token is not specified in the headers or is specified incorrectly." } ``` #### HTTP400 [#http400-2] * Description: The entered token is invalid (was not created through a Data Chief bot) * Content: ```json { "message": "Token is invalid." } ``` #### HTTP400 [#http400-3] * Description: The request body contains the application name that does not match the token * Content: ```json { "message": "Invalid app_name is specified." } ``` #### HTTP400 [#http400-4] * Description: the body specified in the request was not validated (for example, the type of one of the fields does not match) * Content: ```json { "status": 400, "message": "VALIDATION_MISMATCH_REPORT" } ``` #### HTTP403 [#http403] * Description: an attempt to use the API on a domain name that does not match the token * Content: ```json { "message": "The domain name does not match." } ``` #### HTTP429 [#http429] * Description: too many requests from the client in a certain amount of time * Content: ```json { "message": "Too many requests. Try again later." } ``` # FAQ (/ecosystem/tma/analytics/faq) ## How can I check the integration status of the SDK? [#how-can-i-check-the-integration-status-of-the-sdk] ### Using a bot [#using-a-bot] After [completing the integration process](/ecosystem/tma/analytics/preparation#initialize-sdk), the bot [`@DataChief_bot`](https://t.me/DataChief_bot) will display the time of the last recorded event in our database. If it shows something like "one minute ago", then everything is working correctly. ### Using DevTools [#using-devtools] #### Desktop version [#desktop-version] Go to Telegram settings, then to Advanced Settings, and then to Experimental Settings. Toggle on the "Enable webview inspecting" function. Next, open your application and right-click to open the developer console. In the Network section, you should see the SDK script (index.js) loading and sending events. If this is not observed, try refreshing the application without closing TMA. #### Web version [#web-version] Go to [Telegram's web version](https://web.telegram.org/), open the developer tools, go to the network section, open your TMA, and filter queries by `'tganalytics.xyz'`. You'll see the SDK being loaded (index.js) and events being sent afterward. # Installation via NPM package (/ecosystem/tma/analytics/install-via-npm) ## How to install it? [#how-to-install-it] **1. Install the NPM package in your project** ```shell npm install @telegram-apps/analytics ``` ```shell yarn add @telegram-apps/analytics ``` ```sh pnpm add @telegram-apps/analytics ``` **2. Add Telegram Mini Apps Analytics in code** Once you have your unique access token (if not, see [Preparations](/ecosystem/tma/analytics/preparation) page) and installed the NPM package, you can initialize the Telegram Analytics SDK in your code. To ensure that all events are collected correctly, you must initialize the SDK before the application starts rendering. For example, in React applications, before calling the `render()` function ```jsx import TelegramAnalytics from '@telegram-apps/analytics' TelegramAnalytics.init({ token: 'YOUR_TOKEN', appName: 'ANALYTICS_IDENTIFIER', }); ``` ### Supported events [#supported-events] After initializing the **Telegram analytics**, you are all set to transfer the data, gain insights, and improve user engagement. (99% of them will be tracked **automatically** without manual control) * [Supported events](/ecosystem/tma/analytics/supported-events) # Installation via script tag (/ecosystem/tma/analytics/install-via-script) ## How to install it? [#how-to-install-it] ### 1.Add Telegram Mini Apps Analytics to your project\*\* [#1add-telegram-mini-apps-analytics-to-your-project] Include the Telegram Mini Apps Analytics script in the header of your HTML document. This script will allow you to track and analyze user interactions effectively. ```html ``` Alternative solution (not recommended) ```html ``` ### 2. Initialize the **Telegram Mini Apps Analytics** SDK [#2-initialize-the-telegram-mini-apps-analytics-sdk] Once you have your unique access token and analytics identifier (if not, see Preparations (TO DO link) page), you can initialize the Telegram Analytics SDK in your code. This step is crucial for enabling the tracking of events without repeatedly transferring the token. ```html ``` ### Supported events [#supported-events] After initializing the **Telegram Analytics**, you are all set to transfer the data, gain insights, and improve user engagement. (99% of them will be tracked **automatically** without manual control) * [Supported events](/ecosystem/tma/analytics/supported-events) # Managing integration (/ecosystem/tma/analytics/managing-integration) [TON Builders](https://builders.ton.org) helps you manage your SDK keys and participate in various support programs from TON Foundation. Register your project and go to the **Analytics** tab. Enter your Telegram Bot URL and mini app domain to receive an **API key** for SDK initialization. You can also manage your existing keys from the same section. # Preparations (/ecosystem/tma/analytics/preparation) ### Connect the TON Connect SDK [#connect-the-ton-connect-sdk] Web3 events for the Telegram Mini Apps Analytics SDK are supported by the [`@tonconnect/ui`](https://www.npmjs.com/package/@tonconnect/ui) and [`@tonconnect/ui-react`](https://www.npmjs.com/package/@tonconnect/ui-react) libraries since version 2.0.3, [`@tonconnect/sdk`](https://www.npmjs.com/package/@tonconnect/sdk) since version 3.0.3. [Read more about TON Connect integration](https://github.com/ton-connect) Don't worry if your app doesn't use TON Connect; the analytics SDK will still work and collect non-Web3 events. ### Get the token with TON Builders [#get-the-token-with-ton-builders] Register your project on [TON Builders](https://builders.ton.org) and go to the Analytics tab. Enter your Telegram Bot URL and mini app domain to receive an **API key** for SDK initialization. You can also manage your existing keys from the same section. Enter your Telegram Bot URL and mini app domain to receive a token for SDK initialization. ### Initialize SDK [#initialize-sdk] Now you can initialize the SDK in your application. There are two ways to do this: * [Install with script tag](/ecosystem/tma/analytics/install-via-script) * [Install with NPM package](/ecosystem/tma/analytics/install-via-npm) # Supported events (/ecosystem/tma/analytics/supported-events) Events from TON Connect will be sent only if `@tonconnect/ui-react@2.0.3`, `@tonconnect/ui@2.0.3` or `@tonconnect/sdk@3.0.3` and higher versions packages are used. | Event name | Description | TON Connect required | | -------------------------------- | ---------------------------------------------------------------------------------------- | -------------------- | | `app-init` | Connection attempts and their initiation | false | | `app-hide` | Hiding the app from the screen | false | | `custom-event` | The event specified by the user | false | | `connection-started` | The user starts connecting the wallet | true | | `connection-completed` | Successful connection to a wallet | true | | `connection-error` | Errors in connection specifying reasons (e.g., user canceled) | true | | `connection-restoring-completed` | The connection was restored successfully | true | | `connection-restoring-error` | Connection restoration failed | true | | `transaction-sent-for-signature` | The user submits the transaction for signature | true | | `transaction-signed` | The user successfully signs the transaction | true | | `transaction-signing-failed` | The user cancels the transaction signature or an error occurs during the signing process | true | | `disconnection user-initiated` | Disconnection events, specifying scope (dApp or wallet) | true | # Getting started (/ecosystem/tma/telegram-ui/getting-started) Dive into our sleek design on [Figma](https://figma.com/community/file/1348989725141777736/) to get a glimpse of what awaits you. ## Easy installation [#easy-installation] Getting started is a breeze with npm or yarn. Simply run: ```sh icon="package" npm install @telegram-apps/telegram-ui ```
If using `@telegram-apps/telegram-ui` with Next.js 15+ (React 19), create a `.npmrc` file in the project root with `legacy-peer-deps=true` to resolve peer dependency conflicts.
## Import styles [#import-styles] Before diving into the development, ensure to import the necessary styles: ```jsx import '@telegram-apps/telegram-ui/dist/styles.css'; ``` ## Wrap your App [#wrap-your-app] Wrap your application with `AppRoot` to leverage this platform's features: ```jsx import { AppRoot } from '@telegram-apps/telegram-ui'; ReactDOM.render( , document.getElementById('root') ); ``` ## Usage example [#usage-example] ```jsx // Import the necessary styles globally import '@telegram-apps/telegram-ui/dist/styles.css'; // Import components from the library import { AppRoot, Cell, List, Section } from '@telegram-apps/telegram-ui'; // Example data for rendering list cells const cellsTexts = ['Chat Settings', 'Data and Storage', 'Devices']; export const App = () => ( {/* List component to display a collection of items */} {/* Section component to group items within the list */}
{/* Mapping through the cells data to render Cell components */} {cellsTexts.map((cellText, index) => ( {cellText} ))}
); ``` With these steps, you're all set to explore the potential of this library. ### More UI components [#more-ui-components] Find more demo components [here](https://tgui.xelene.me/?path=/docs/getting-started--documentation). # Overview (/ecosystem/tma/telegram-ui/overview) Telegram UI kit equips you with a variety of pre-designed components and tools to help you quickly develop high-quality Telegram applications. Whether you're aiming to create custom client apps, integrate Telegram functionality, or develop unique bots, this toolkit is your go-to resource. ## Installation [#installation] ```sh icon="package" npm i @telegram-apps/telegram-ui ``` ## Usage [#usage] ```jsx import '@telegram-apps/telegram-ui/dist/styles.css'; import { AppRoot, Placeholder } from '@telegram-apps/telegram-ui'; const App = () => ( ); export default App; ``` ## Features [#features] * **Cross-Platform Design Consistency:** Use built-in support for iOS’s Human Interface Guidelines and Android’s Material Design to maintain a uniform look and functionality across both platforms. * **Pre-designed UI Components:** Access a variety of ready-to-use UI components inspired by Telegram’s interface, designed for easy integration and customization. * **Responsive Design:** Create apps that look and work great on any device, using flexible layouts and media queries to ensure optimal display and functionality. * **Telegram Color Scheme Support:** Apply Telegram’s native color schemes to your apps for consistent branding and a familiar user experience. ## Environment support [#environment-support] * Modern browsers * Server-side Rendering * [All known](https://telegram.org/apps) Telegram clients ## Resources [#resources] * **Example Mini App:** [GitHub](https://github.com/Telegram-Mini-Apps/TGUI-Example). * **Playground and Storybook:** Experiment with components and visualize changes in real-time at [Playground and Storybook](https://tgui.xelene.me/). * **Figma Resources:** Design and prototype with ease using our comprehensive Figma files available at [Figma](https://figma.com/community/file/1348989725141777736/). ## Contribute [#contribute] Contributions are welcome! To contribute, fork the repository, make your changes, and [submit a pull request](https://github.com/Telegram-Mini-Apps/TelegramUI/pulls). We look forward to your innovative [ideas](https://github.com/Telegram-Mini-Apps/TelegramUI/pulls) and improvements. ## License [#license] This Telegram UI Kit is available under the [MIT License](https://opensource.org/license/mit). Use it freely in both personal and commercial projects. The library was skillfully crafted by [`@mainsmirnov`](https://github.com/mainsmirnov) and [`@heyqbnk`](https://github.com/heyqbnk), with the generous sponsorship of [TON Foundation](https://github.com/ton-society/grants-and-bounties/issues/364). # AppRoot component (/ecosystem/tma/telegram-ui/platform-and-palette) The `AppRoot` component is pivotal in implementing a dynamic theming system within your application. It employs a sophisticated approach to CSS variables and React context to seamlessly adapt to various themes and platforms. This section delves into the inner workings of this system, explaining how themes are managed and applied internally. ## CSS variables: the backbone of theming [#css-variables-the-backbone-of-theming] At the heart of the `AppRoot` theming system lie CSS variables, which are utilized to create a flexible and adaptable styling framework. These variables are divided into two main categories: **Basic Variables** and **Custom Variables**. Both play a crucial role in tailoring the application's appearance to match both Telegram's theme and any additional stylistic preferences. ### Basic variables [#basic-variables] Basic Variables are designed to inherit styles directly from Telegram or fall back on predefined styles within the library. This ensures that the application remains consistent with the user's current Telegram theme settings. * **Telegram Style Inheritance**: When available, Basic Variables dynamically adopt values from Telegram's theme, aligning the application's appearance with the platform's chosen theme. * **Library Defaults**: In scenarios where Telegram theme data isn't available or not supported in the current version, these variables revert to a set of default styles specified within the library, maintaining a coherent and user-friendly interface. ### Custom variables [#custom-variables] Custom Variables offer an extension to the theming capabilities, allowing for more nuanced and specific styling adjustments that go beyond the scope of Telegram's native themes. * **Enhanced Styling Flexibility**: These variables enable the definition of unique stylistic elements like accent colors, providing opportunities for brand alignment and distinct visual design. * **Brand Identity Support**: By leveraging Custom Variables, developers can ensure that the application not only adheres to Telegram's theming but also reflects the brand's identity through consistent use of colors, typography, and other design elements. ## Internal mechanism for theme and platform adaptation [#internal-mechanism-for-theme-and-platform-adaptation] `AppRoot` intelligently leverages React context and CSS variables to dynamically adjust the application's styling based on the current theme (light, dark, or Telegram custom themes) and platform (iOS, Android, web). Here's an overview of how this process unfolds internally: * **Theme Detection and Application**: Upon initialization, `AppRoot` detects the current theme settings (from Telegram or manually set preferences) and updates the CSS variables accordingly. This process ensures that the theme is consistently applied across the application. * **Platform-Specific Styling**: In addition to theme management, `AppRoot` also detects the user's platform and applies platform-specific styles to optimize the user experience. This might include adjustments to typography, element sizing, and interaction feedback, aligning with platform conventions. * **Contextual Theme and Platform Information**: Through the use of React context, `AppRoot` provides nested components with access to current theme and platform information. This allows for conditional rendering or styling adjustments deep within the component tree, based on the overall application context. ## Summary [#summary] The `AppRoot` theming system is a sophisticated framework designed to ensure visual consistency and adaptability across different themes and platforms. By combining CSS variables with React context, it offers a robust solution for managing theme and platform-specific styling, all while keeping the application aligned with Telegram's theming capabilities and the brand's visual identity. Through this internal mechanism, `AppRoot` abstracts away the complexities of dynamic theming, allowing developers to focus on building feature-rich and visually appealing applications that provide a seamless user experience across all platforms and themes. # Aside component (/overview/contribute/snippets/aside) To display secondary information alongside a page’s main content, use the `
` component.
Include nonessential, supplementary information in a regular `
`. If some information is important or might lead to bad cases when not taken into consideration, specify a different [`type`](#type), such as `"caution"` or `"danger"`.
It is a wrapper over built-in [Callout components](https://www.mintlify.com/docs/components/callouts) provided by Mintlify, but with a unified interface and a way to specify a title. ## Import [#import] ```tsx ``` ## Usage [#usage] Display an aside (also known as "admonitions" or "callouts") using the `
` component. An `
` can have an optional [`type`](#type) attribute, which controls the aside’s color, icon, and default title. ````mdx
Some content in an aside.

Some cautionary content.

Other content is also supported in asides. ```js // A code snippet, for example. ```

Do not give your password to anyone.
```` ### Use custom titles [#use-custom-titles] Override the default aside titles by using the [`title`](#title) attribute. ```mdx title="Watch out!"
A warning aside _with_ a custom title.
``` ## `
` props [#aside-props] **Implementation:** [`aside.jsx`](https://github.com/ton-org/docs/blob/main/snippets/aside.jsx) The `
` component accepts the following props: ### `type` [#type] **type:** `"note" | "tip" | "caution" | "danger"`
**default:** `"note"` The type of aside to display: * `note` asides (the default) are blue and display an information icon. * `tip` asides are purple and display a rocket icon. * `caution` asides are yellow and display a triangular warning icon. * `danger` asides are red and display an octagonal warning icon. Passing a different, unrecognized type resets the type to `danger` and replaces text content with the corresponding error message. ### `title` [#title] **type:** `string`
**default:** `""` (no title) The title of the aside to display. If `title` is not set, no title is displayed. ### `icon` [#icon] **type:** `string`
**default:** `""` (corresponds to the [`type`](#type)) The custom icon to display instead of the default one set by the [`type`](#type). Can be one of the following: * [Font Awesome icon] name * [Lucide icon](https://lucide.dev/icons) name ### `iconType` [#icontype] **type:** `"regular" | "solid" | "light" | "thin" | "sharp-solid" | "duotone" | "brands"`
**default:** `"regular"` The [Font Awesome icon] style — only used with Font Awesome icons. [Font Awesome icon]: https://fontawesome.com/icons # FileTree component (/overview/contribute/snippets/filetree) To display the structure of a directory with files and collapsible subdirectories, use the `` component. Click on a subdirectory to open or close it.
Additionally, notes can be added to files and directories, which are displayed after their names.
The `` is a wrapper over the built-in [`` component](https://www.mintlify.com/docs/components/tree) provided by Mintlify, but with a data-driven interface: pass a list of objects and strings instead of [composing JSX children manually](#using-\-directly). ## Import [#import] ```tsx ``` ## Usage [#usage] Specify the structure of files and directories inside the [`items` property](#items) as a JavaScript list of strings, objects, and nested lists. ```mdx ``` ### Specify files and placeholders [#specify-files-and-placeholders] ```mdx {/* Files and a placeholder by the end */} ``` ### Add notes and comments [#add-notes-and-comments] ```mdx {/* Using objects to add notes or nested folders */} ``` ### Specify folders and their state [#specify-folders-and-their-state] ```mdx {/* Make all sub-folders be closed by default */} ``` ## `` props [#filetree-props] **Implementation:** [`filetree.jsx`](https://github.com/ton-org/docs/blob/main/snippets/filetree.jsx) The `` component accepts the following props: ### `items` (required) [#items-required] **type:** `FileTreeItem[]` Hierarchy of files and folders to display. The `FileTreeItem` can be one of the following kinds: * `...` or `…` — both display a placeholder entry `…` indicating additional items in a directory that are intentionally omitted * any `string` — name of the file inside the currently described directory * `{ kind: "file", ...fields... }` — an extended syntax for files, with the following fields: * `name: string` — the filename; * `note?: string` — optional comment, displayed next to the filename; * `{ kind: "folder", ...fields... }` — syntax for folders and directories, with the following fields: * `name: string` — the directory name; * `note?: string` — optional comment, displayed next to the directory name; * `open?: boolean` — whether to open the directory, defaults to `true`; * `items: FileTreeItem[]` — nested files and folders;
Folders are open by default. That is, their `open` property is `true` unless specified otherwise.
### `defaultOpen` [#defaultopen] **type:** `boolean`
**default:** `true` Whether to open all folders on page load. Can be overridden by the `open` property of individual [`FileTreeItem` entries](#items-required). ## Using `` directly [#using-tree-directly] For cases where a data-driven approach is unnecessary, use the built-in `` component directly. It requires no import and accepts `` and `` sub-components as children. ```mdx ``` # Image component (/overview/contribute/snippets/image) To display an image, use the `` component. It allows displaying either a single image for all themes ([`src`](#src)) or one image per light theme (`src`) and one image for the dark theme ([`darkSrc`](#darksrc)).
When an `src` path points to the SVG image and there is no [`darkSrc`](#darksrc) alternative, image colors will be inverted in the dark theme.
Additionally, you can specify the [`href`](#href) property, making an image double as a clickable link. When doing so, the [`target`](#href) property allows to change the browsing context of the link.
Making an image into a clickable link disables image zoom capabilities.
Finally, to adjust image dimensions in pixels, use [`height`](#height) or [`width`](#width) properties. By default, all images use 16:9 aspect ratio and set `height` to 342px and `width` to 608px. ## Import [#import] ```tsx ``` ## Usage [#usage] Show images using the `` component. ```mdx {/* A single image */} {/* Image with height of 608px (max allowed). Its width will be scaled proportionally to set height and vice versa. */} {/* Image variations for light or dark themes */} {/* Image with all properties set */} ``` ## `` props [#image-props] **Implementation:** [`image.jsx`](https://github.com/ton-org/docs/blob/main/snippets/image.jsx) The `` component accepts the following props: ### `src` (required) [#src-required] **type:** `string` The image file URL. The file path should be given either relative to the current `.mdx` file's location or absolute, assuming the root of the documentation repository is the `/` directory.
Relative links should **NOT** use `..` in their paths to avoid discovery or security issues.

Image files must be less than 20 MB uncompressed. For larger files, host them on a CDN service like Amazon S3.
Examples: * `` — relative path to an image placed in the same folder as the current `.mdx` file. * `` — absolute path to an image in the `resources/images/` sub-folder. ### `alt` [#alt] **type:** `string`
**default:** `""` The textual replacement for the image. It is mandatory and incredibly useful for accessibility — screen readers read the attribute value out to their users so they know what the image means. Alt text is also displayed on the page if the image can't be loaded for any reason, such as network errors, content blocking, or [link rot](https://en.wikipedia.org/wiki/Link_rot). Setting this attribute to an empty string (`alt=""`) indicates that this image is not a key part of the content (it's decoration or a tracking pixel), and that non-visual browsers may omit it from rendering. Visual browsers will also hide the broken image icon if the alt attribute is empty and the image failed to display. This attribute is also used when copying and pasting the image to text, or saving a linked image to a bookmark. See more: [`alt` attribute on the `` image embed element, MDN](https://developer.mozilla.org/en-US/docs/Web/HTML/Reference/Elements/img#alt). ### `darkSrc` [#darksrc]
The value of this property is ignored unless the [`src` property](#src) is set.
**type:** `string`
**default:** [`src`](#src) value Similar to the [`src` property](#src), but specifies the image file URL for the dark theme only. ### `darkAlt` [#darkalt]
The value of this property is ignored unless the [`darkSrc` property](#darksrc) is set.
**type:** `string`
**default:** [`alt`](#alt) value Similar to the [`alt` property](#alt), but specifies the image file URL for the dark theme only. ### `href` [#href] **type:** `string` The `` anchor element wraps the image, making it clickable. The `href` property is a URL that the clickable image hyperlink points to. See more: [`href` attribute on the `` anchor element, MDN](https://developer.mozilla.org/en-US/docs/Web/HTML/Reference/Elements/a#href). ### `target` [#target]
The value of this property is ignored unless the [`href` property](#href) is set.
**type:** `"_self" | "_blank" | "_parent" | "_top" | "_unfencedTop"`
**default:** `"_self"` The `` anchor element wraps the image, making it clickable. The `target` property specifies where to display the linked URL, as the name for a browsing context (a tab, window, or [``](https://developer.mozilla.org/en-US/docs/Web/HTML/Reference/Elements/iframe)). The following types have special meanings for where to load the URL: * `_self`: the current browsing context. (Default) * `_blank`: usually a new tab, but users can configure browsers to open a new window instead. * `_parent`: the parent browsing context of the current one. If there is no parent, behaves as `_self`. * `_top`: the topmost browsing context, i.e., the "highest" context that's an ancestor of the current one. If there are no ancestors, behaves as `_self`. * `_unfencedTop`: allows embedded [fenced frames](https://developer.mozilla.org/en-US/docs/Web/API/Fenced_frame_API) to navigate the top-level frame. See more: [`target` attribute on the `<a>` anchor element, MDN](https://developer.mozilla.org/en-US/docs/Web/HTML/Reference/Elements/a#target). ### `height` [#height] **type:** `string | number` <br /> **default:** `342` (pixels) The intrinsic height of the image, in pixels. Must be specified without a unit and be within the inclusive range from 9 to 608. If the [`width`](#width) property is not set, then the width of the image is adjusted according to the current aspect ratio in respect to the new set `height`. Examples: * `<Image src="<IMAGE>" height="100" />` — height of 100 pixels given in a string. * `<Image src="<IMAGE>" height={50 + 50} />` — also the height of 100 pixels, but given as a number. See more: [`height` attribute on the `<img>` image embed element, MDN](https://developer.mozilla.org/en-US/docs/Web/HTML/Reference/Elements/img#height). ### `width` [#width] **type:** `string | number` <br /> **default:** `608` (pixels) The intrinsic width of the image, in pixels. Must be specified without a unit and be within the inclusive range from 9 to 608. If the [`height`](#height) property is not set, then the height of the image is adjusted according to the current aspect ratio in respect to the new set `width`. Examples: * `<Image src="<IMAGE>" width="100" />` — width of 100 pixels given in a string. * `<Image src="<IMAGE>" width={50 + 50} />` — also the width of 100 pixels, but given as a number. See more: [`width` attribute on the `<img>` image embed element, MDN](https://developer.mozilla.org/en-US/docs/Web/HTML/Reference/Elements/img#width). ### `center` [#center] **type:** `boolean` <br /> **default:** `false` Whether to horizontally center the image. Usage: `<Image src="<IMAGE>" center={true}/>`. ### `noZoom` [#nozoom] **type:** `boolean` <br /> **default:** `false` Whether to disable the image zoom. Usage: `<Image src="<IMAGE>" noZoom={true}/>`. # Using components and snippets (/overview/contribute/snippets/overview) *Snippets* keep the same content in sync across pages, while *components* provide reusable UI elements with consistent styling. Examples include a [link card](https://www.mintlify.com/docs/components/cards) or a [YouTube embed](https://www.mintlify.com/docs/create/image-embeds#youtube-embeds). Mintlify supports MDX snippets and JSX (React) components in MDX files, and provides several [built-in components](#built-in-components). In addition, this documentation includes a number of [custom components](#custom-components) in the `snippets/` folder. ## Using a snippet [#using-a-snippet] The [DRY (Don't Repeat Yourself)](https://en.wikipedia.org/wiki/Don%27t_repeat_yourself) principle applies to documentation. When the same content appears in multiple places, create a custom snippet to keep it in sync. All snippets are placed in the root `snippets/` folder. For creation and usage details, see the [Mintlify reusable snippets documentation](https://www.mintlify.com/docs/create/reusable-snippets). ## Using a component [#using-a-component] To use a custom component, import it into the MDX file and render it as a JSX tag. Tags start with an uppercase letter matching the name in the import statement: ```mdx title="some/page.mdx" --- title: "Frontmatter goes first, as usual" --- {/* Snippet imports go right after the frontmatter */} import MyMdxSnippet from '/snippets/my-mdx-snippet.mdx'; {/* Component imports follow suit */} And now, some text and usage! <Aside>Here we go, some **nested content and formatting**!</Aside> ``` Related Mintlify documentation: * [JSX snippets](https://www.mintlify.com/docs/create/reusable-snippets#jsx-snippets) * [React components](https://www.mintlify.com/docs/customize/react-components) ## Built-in components [#built-in-components] [Mintlify provides built-in components](https://www.mintlify.com/docs/components/index) for common documentation use cases. These components are available globally without needing to import anything. ### Use sparingly [#use-sparingly] Keep formatting as simple as possible. Avoid components when a paragraph or series of paragraphs communicates the same intent and information without them. <Card title="Steps" icon="list-ordered" href="https://www.mintlify.com/docs/components/steps" horizontal="true"> Display sequential instructions in a numbered format. </Card> <Card title="Code groups" icon="code" href="https://www.mintlify.com/docs/components/code-groups" horizontal="true"> Display multiple code examples with a toggle. </Card> <Card title="Cards" icon="square" href="https://www.mintlify.com/docs/components/cards" horizontal="true"> Highlight content with customizable containers and icons. Prefer regular ordered or unordered Markdown lists and resort to cards only when the relevant links and content should stand out. </Card> <Card title="Columns" icon="columns-3" href="https://www.mintlify.com/docs/components/columns" horizontal="true"> Arrange \<Card> components in responsive layouts. </Card> <Card title="Accordions" icon="chevron-down" href="https://www.mintlify.com/docs/components/accordions" horizontal="true"> Expandable sections for progressive disclosure of content. </Card> <Card title="Expandables" icon="chevrons-down" href="https://www.mintlify.com/docs/components/expandables" horizontal="true"> Show and hide detailed content on demand. Append the expandable keyword to the opening part of a code block to collapse large examples. </Card> <Card title="Badge" icon="award" href="https://www.mintlify.com/docs/components/badge" horizontal="true"> Add inline labels and status indicators for outdated or deprecated items. Otherwise, avoid this component. </Card> <Card title="Tooltips" icon="message-circle" href="https://www.mintlify.com/docs/components/tooltips" horizontal="true"> Display additional information on hover without going too deep. Link to the [glossary](/foundations/glossary), a detailed explanation page, or a reference page instead. </Card> <Card title="Fields" icon="text-cursor-input" href="https://www.mintlify.com/docs/components/fields" horizontal="true"> Display parameter and property definitions, configuration options, or object fields. </Card> Use either of the following components only on pages that document HTTP APIs. Because they override the default auto-generated blocks, prefer regular code blocks whenever possible. <Card title="Responses" icon="arrow-left-right" href="https://www.mintlify.com/docs/components/responses" horizontal="true"> Show \<ResponseField> that describes API response structures and fields. </Card> <Card title="Examples" icon="file-code" href="https://www.mintlify.com/docs/components/examples" horizontal="true"> Show \<RequestExample> and \<ResponseExample> side by side. </Card> When explaining a complex topic or writing a tutorial, use concise diagrams to clarify behavior that text and code cannot. <Card title="Mermaid diagrams" icon="network" href="https://www.mintlify.com/docs/components/mermaid-diagrams" horizontal="true"> Use code blocks with [Mermaid.js](https://mermaid.js.org/) syntax to create flowcharts, sequence diagrams, and more. </Card> ### Do not use [#do-not-use] These components have better alternatives: 1. `<Callout>` - use the custom [`<Aside>`](/overview/contribute/snippets/aside) component. 2. `<Frame>` - use the custom [`<Image>`](/overview/contribute/snippets/image) component. 3. `<View>` - use `<CodeGroup>`, organize content in sub-headers, or create distinct pages per environment or language. 4. `<Tile>` - use `<Card>`. 5. `<Icon>` - do not use unless icons in other components or code blocks are insufficient in the given case. These components are currently unused: 1. `<Banner>` - reserved for special occasions and public releases. 2. `<Update>` - the documentation does not contain changelogs. ## Custom components [#custom-components] TON documentation includes custom components built for various needs. See items on the left navigation panel within the "Components and snippets" group under the "Contribute" section, such as: [Aside](/overview/contribute/snippets/aside), [Image](/overview/contribute/snippets/image), etc. ## Styling [#styling] Mintlify supports [Tailwind CSS v3][tailwind] for styling HTML elements and any components or snippets from the `snippets/` folder. Related resources: * [Styling with Tailwind CSS in the Mintlify documentation](https://www.mintlify.com/docs/settings/custom-scripts#styling-with-tailwind-css) * [Tailwind CSS v3 documentation][tailwind] * [Unofficial Tailwind CSS v3 cheatsheet](https://tailwindcss.504b.cc/) ## See also [#see-also] * [Text formatting, headers, and styling with Mintlify](https://www.mintlify.com/docs/create/text) [tailwind]: https://v3.tailwindcss.com/docs/utility-first # Overview (/overview/infrastructure/explorers/overview) Explorers are web tools for reading blockchain data. They let you look up accounts, transactions, blocks, and smart contracts, making it easy to verify activity and debug issues. ### Explorer [#explorer] A blockchain explorer is a website that indexes on‑chain data and presents it in a searchable user interface (UI). In TON, explorers commonly show account balances, recent transactions, jettons and non‑fungible tokens (NFTs), contract code and state, and links to related blocks and messages. ### What explorers show [#what-explorers-show] * Balances and assets: TON, jettons, and NFTs held by an address * Transactions and messages: history, fees, phases, and traces * Blocks and validators: block contents, masterchain and shardchain details * Smart contracts: code, state, disassembly, and known contract type * Analytics: top entities, volumes, gas, fees, and network health ### Indexers [#indexers] Indexers continuously read blocks from nodes, parse messages and transactions, and store them in a database optimized for queries. Explorers rely on these indexers to provide fast search, traces, higher‑level events, and historical views beyond what a single node exposes by default. ### Explorers comparison [#explorers-comparison] | Explorer | Type | Mainnet | Testnet | Official | | ------------ | --------------- | ----------------------------------------------------- | -------------------------------------------- | -------- | | Tonviewer | General‑purpose | [tonviewer.com](https://tonviewer.com/) | [Testnet](https://testnet.tonviewer.com/) | No | | Tonscan.org | General‑purpose | [tonscan.org](https://tonscan.org/) | [Testnet](https://testnet.tonscan.org/) | No | | Tonscan.com | General‑purpose | [tonscan.com](https://tonscan.com/) | - | No | | TON Explorer | Low‑level/core | [explorer.toncoin.org](https://explorer.toncoin.org/) | [Testnet](https://test-explorer.toncoin.org) | Yes | > Official: maintained by the TON Foundation or an affiliated team The [verifier tool](https://verifier.ton.org/) powers contract code verification. # Using Tonviewer (/overview/infrastructure/explorers/tonviewer) Tonviewer is a TON Blockchain explorer that allows you to inspect blocks, transactions, contracts, and tokens, as well as analyze activity. ## High-level entities [#high-level-entities] High-level entities provide the foundation for exploring TON Blockchain, understanding and tracking operations. They are essential for identifying transactions and tracing data flow across the network. * [Accounts](/blockchain-basics/primitives/status) — the primary entities representing actors on the blockchain. * [Addresses](/blockchain-basics/primitives/addresses/overview) — unique identifiers for accounts, showing balances and activity in Tonviewer. * [Messages](/blockchain-basics/primitives/messages/overview) — instructions sent between addresses. In explorers, they reveal what actions are initiated and how they lead to transactions. * [Transactions](/blockchain-basics/primitives/messages/ordinary-tx) — records of executed messages. Explorers display their details linked to a specific address. * Blocks — containers of transactions. In explorers, they expose block metadata and configuration parameters, allowing you to trace activity and understand how the blockchain operates. ## Reading traces [#reading-traces] ### Traces [#traces] In Tonviewer, operations are visualized through traces. A trace is a directed acyclic graph (DAG) where: * transactions are nodes on an account's address * messages are edges between addresses <Image src="/resources/images/tonviewer/trace.svg" darkSrc="/resources/images/tonviewer/trace-dark.svg" alt="Trace overview" /> ### Using the UI [#using-the-ui] Tonviewer provides a visual interface for exploring traces: * Hover over a "node" to see details about the account where a transaction succeeded or failed. * Hover over an "edge" to inspect the message contents. * Use "Show details" to examine full transaction and message information. <Aside> The UI may change, but the approach to reading traces remains consistent. </Aside> <Image src="/resources/images/tonviewer/ui-overview.png" darkSrc="/resources/images/tonviewer/ui-overview-dark.png" alt="UI overview" /> ### Steps to read a trace [#steps-to-read-a-trace] 1. **Determine the operation** The external-in message initiates the trace and defines the operation, such as a transfer, swap, or staking action. 2. **Clarify accounts' roles** Examine the accounts involved — wallet addresses, jetton wallets, jetton master wallets, and DEX contracts. It clarifies the role of each account in the operation flow. 3. **Read messages** Examine each message (edge in the trace). Its payload defines the intended actions and the transferred value: * value — amount of TON or jettons transferred * opcode — instruction type * payload — instructions 4. **Check transaction phases** Each transaction executes in phases. In the compute and action phases, an exit code of 0 indicates success; a non-zero code signals an error. This identifies which action succeeded and which failed. 5. **Find the failure point** Some failures can occur even if all transactions are successful. Examine messages and payloads to identify where an operation was constrained or prevented from proceeding. ## Failed use cases [#failed-use-cases] The following examples illustrate traces where operations did not complete as intended, even when transactions appear successful. They demonstrate a general approach to reading traces and identifying the point of failure. ### Jetton transfer [#jetton-transfer] Analyze a [jetton transfer](https://tonviewer.com/transaction/d5d50c3e5bde493ddc7853f784bdff75a37bf89473e77ba8d04615323c7c8117) attempt. <Image src="/resources/images/tonviewer/jetton-transfer.png" darkSrc="/resources/images/tonviewer/jetton-transfer-dark.png" alt="Jetton transfer" /> 1. **Determine the operation** At point **A** (mintmachine.ton), an external-in message initiates the operation, instructing *a jetton transfer*. 2. **Clarify accounts' roles** * A — sender’s wallet contract (mintmachine.ton), initiates the transfer. * B — jetton wallet contract governed by the jetton master, holds the tokens and executes the transfer. 3. **Read messages** * A → B: jetton transfer message with 0.2 TON attached to cover execution fees. 4. **Check transaction phases** The transaction at **B** failed during execution, with a non-zero exit code. 5. **Find the failure point** Exit code `48` per [jetton contract logic](https://github.com/ton-blockchain/jetton-contract/blob/main/contracts/op-codes.fc#L33) indicates that there isn't enough gas to complete the transfer. The attached TON was insufficient to cover execution and forwarding, so the contract aborted the transfer. ### NFT transfer [#nft-transfer] Analyze an [NFT transfer](https://tonviewer.com/transaction/d8b5dbfe1c115178f47b486d03982159ec8abe684cdbe1c75587293e877564d4) attempt. <Image src="/resources/images/tonviewer/nft-transfer.png" darkSrc="/resources/images/tonviewer/nft-transfer-dark.png" alt="NFT transfer" /> 1. **Determine the operation** At point **A** (address `UQDj…D0lN`), the user’s wallet sends an external-in message to *transfer an NFT*. 2. **Clarify accounts' roles** * A — the user's wallet, initiates the transfer. * B — the NFT contract at address `EQCo…gJdV`, validates ownership and executes the transfer. 3. **Read messages** * A → B: NFT transfer message with 0.04 TON attached. * B → A: bounce returning 0.036514 TON. 4. **Check transaction phases** The transaction at **B** failed in the compute phase, with an exit code of `401`. 5. **Find the failure point** According to the [NFT standard](https://github.com/ton-blockchain/token-contract/blob/main/nft/nft-item.fc#L65), exit code `401` means that the sender is not the owner of the NFT. Because the ownership check failed, the contract rejected the transfer and returned the unused funds to **A**. ### DEX swap [#dex-swap] Analyze a [token swap](https://tonviewer.com/transaction/fa8e119f8911d20bb078b9b81a3fc1f8ff2bcc723eda3ac7e873e97f455812e7) attempt from **DYX** to **pTON**. <Image src="/resources/images/tonviewer/dex-swap.png" darkSrc="/resources/images/tonviewer/dex-swap-dark.png" alt="DEX swap" /> 1. **Determine the operation** The trace begins at point **A** (the user’s `mintmachine.ton` contract). An external-in message initiates the *token swap attempt*. 2. **Clarify accounts' roles** * A — user's mintmachine.ton account, sending the initial funds. * B — user's jetton wallet, holds the tokens. * C — DEX jetton wallet, forwards tokens to the DEX. * D — DEX smart contract executing the swap. * E — jetton master (minter), authorizes token operations. 3. **Read messages** * A → B: 0.3 TON transferred via a jetton transfer. * B → C: jetton internal transfer to the DEX wallet. * C → D: swap request sent to the DEX contract. * C → A: return of excess funds. * D → E: request to the jetton master. * E → D: reply with `exit_code: 962605456 (0x39603190)`. 4. **Check transaction phases** Transactions in A, B, C, D, and E all completed with exit code 0. No phase errors were reported. 5. **Find the failure point** The issue appears in the payload of **E → D**. According to [STON.fi docs](https://docs.ston.fi/developer-section/dex/smart-contracts/v2/op-codes#transfer-exit-codes), the `exit_code: 962605456` corresponds to *Swap out token amount is less than provided minimum value*. This explains why, despite all transactions succeeding, the swap reverted: the output did not satisfy the minimum slippage tolerance. ## Successful use case [#successful-use-case] Analyze a [token swap](https://tonviewer.com/transaction/b1dce2881224590a7c60e61594c68bd477f84fe81519b373da8fbed9c0269565) from **REDO** to **TON**. <Image src="/resources/images/tonviewer/dex-swap-successful.png" darkSrc="/resources/images/tonviewer/dex-swap-successful-dark.png" alt="DEX swap successful case" /> 1. **Determine the operation** An **external-in** message arrives at point **A** (mintmachine.ton), initiating the *token swap*. 2. **Clarify accounts' roles** * A — mintmachine.ton account, provides initial funds for the swap. * B — user's jetton wallet, holds the tokens. * C — DEX jetton wallet, forwards tokens to the DEX. * D — DEX smart contract executing the swap. * E — jetton master (minter), authorizes token operations. * F — DEX payout account (mergesort.t.me), receives the swapped tokens. 3. **Read messages** * A → B: 0.2 TON transferred via a jetton transfer. * B → C: internal jetton transfer to the DEX wallet. * C → D: valid amount forwarded to the DEX contract for swap execution. * C → A: return of excess funds. * D → E: request to the jetton master (minter) to mint/settle token movements. * E → external-out: issues an **external-out message** — confirmation that the operation succeeded. * E → F: sends an internal message to the payout pool account. * F → A: forwards the swap result to the initiator (`mintmachine.ton`). 4. **Check transaction phases** All transactions along the trace completed their phases without error, no warning markers; exit codes are `0`. There are no bounces, failed compute or action phases reported in the nodes. 5. **Find the failure point** No failure point — the operation completed successfully. ## Debugging with retracer [#debugging-with-retracer] Sometimes, reading messages and transaction phases is not enough. A transaction may show *successful compute and action phases, exit codes of `0`, and no errors in messages* — yet still produce no effect on-chain. In such cases, you need to trace the **TVM execution path**. [Retracer](https://retracer.ton.org/) lets you replay the transaction and inspect what happened inside the virtual machine. See [Debugging with TVM Retracer](/blockchain-basics/contract-dev/blueprint/debug#debugging-with-tvm-retracer) for details. # Oracles overview (/overview/infrastructure/oracles/overview) Blockchain oracles are entities that connect the blockchain to external systems, allowing smart contracts to be executed based on real-world inputs. ## How blockchain oracles work [#how-blockchain-oracles-work] Blockchain oracles are specialized services that act as bridges between the real world and blockchain technology. They provide smart contracts with relevant and necessary information from the outside world, such as exchange rates, payment statuses, or even weather conditions. This data helps to automate and fulfill the terms of contracts without direct human intervention. The basic principle behind oracles is their ability to function outside of the blockchain by connecting to various online sources to collect data. Although oracles are not part of the blockchain itself, they play a key role in making it functional by acting as a trusted intermediary that reliably feeds external data into the system. Most oracles tend to be decentralized, avoiding the risks associated with dependence on a single source of data. This provides greater security and reliability to the system as data is verified and validated through a network of nodes before it is used in smart contracts. This approach minimizes the risk of manipulation and errors, ensuring that the information provided is accurate and up-to-date. ## Varieties of blockchain oracles [#varieties-of-blockchain-oracles] Blockchain oracles are categorized according to various aspects: mechanism of operation, data sources, data direction, and governance structure. Let's take a look at the most common types of oracles. ### Push and pull oracles [#push-and-pull-oracles] Push and pull oracles differ in how they deliver data to an on-chain smart contract. For push oracle, the data provider constantly updates info, *pushing* the newest data to the centralized trusted contract. Read more about oracle model differences: [ChainLink - Pull vs Push oracles](https://chain.link/education-hub/pull-oracles-vs-push-oracles). For pull oracle, users should retrieve the latest data from the off-chain data provider themselves, then verify it using the oracle contract. [Learn more](#oracles-in-ton) about data verification flow with pull model oracles. Given TON actor-model, pull oracles prove to be more suited for real world applications. ### Centralized and decentralized oracles [#centralized-and-decentralized-oracles] Centralized oracles are controlled by a single party, which creates security and reliability risks. Decentralized oracles use multiple nodes to verify data, making them more secure and reliable. ### Cross-chain oracles [#cross-chain-oracles] These oracles are used to transfer data between different blockchains and are a critical component of bridges. They are used for decentralized applications that use cross-chain transactions, such as cross-chain transfer of crypto assets from one network to another. ## Application of blockchain oracles [#application-of-blockchain-oracles] Blockchain oracles build bridges between the digital world of blockchains and real life, opening up a wide range of applications. Let's take a look at some of the most popular uses of oracles. ### DeFi (decentralized finance) [#defi-decentralized-finance] Oracles play a critical role in the DeFi ecosystem by providing market price and cryptocurrency data. Price oracles allow DeFi platforms to link token values to real assets, which is essential for controlling liquidity and securing users' positions. Additionally, oracles are vital for lending platforms, where accurate price data ensures proper collateral valuation and risk management, safeguarding both lenders and borrowers. This makes transactions more transparent and secure, contributing to the stability and reliability of financial transactions. ### Prediction markets [#prediction-markets] Oracles can automatically read and analyze data from a variety of sources to determine the occurrence of real-life events. This enables prediction and insurance contracts to automatically pay claims, reducing the need for manual processing of each case and speeding up response times to events. ### Random number generation [#random-number-generation] It is difficult to generate random numbers in smart contracts because all operations must be reproducible and predictable, which contradicts the concept of randomness. Computational oracles solve this problem by bringing data from the outside world into contracts. They can generate verifiable random numbers for games and lotteries, ensuring fairness and transparency of results. Read more: [Randomness in TON](/blockchain-basics/contract-dev/techniques/random) ## Oracles in TON [#oracles-in-ton] Since the TON execution model is asynchronous, the classic ways to interact with oracles (get methods during transaction) can't be applied here. You can learn about the differences in ["Coming from Ethereum"](/overview/learn-more/from-ethereum) article. The best pattern to retrieve data from an oracle is the Request-Response pattern - you send an internal message to the oracle contract and verify the response, getting the needed data. This model works well with pull oracles, since you can always guarantee the lowest possible latency for real-world data. If you use push oracle, you will still need to process two internal messages (request and response) to retrieve data. However, data relevance is limited by the data provider's up-time and pushing intervals: if the data provider pushes updated data every 10 minutes, you will commonly receive information that is outdated by 5 minutes. But using pull oracle, you can ensure pushes as often as your service needs by updating the data yourself. ### Push oracle flow [#push-oracle-flow] 0. Data provider pushes the latest data on-chain 1. The user contract, which needs prices on-chain, sends a request message to the trusted oracle contract 2. Oracle contract replies to the sender address with a response internal message, containing the requested data 3. User contract receives oracle response, verifies sender address, and then is ready to use the provided data ### Pull oracle flow [#pull-oracle-flow] 1. Users' off-chain backend calls the API method on the data provider 2. Provider responds with signed price data (including timestamp till this data is valid) 3-4. User sends a message to his on-chain contract that will need prices (and the rest of the business logic) 5. User contract sends "Verify that this price is correctly signed and valid" internal message to the oracle contract 6. Oracle contract verifies signature, timestamp, and price feed ID. If everything is okay, it sends a response with the prices back 7. User contract receives a response from the oracle contract, checks if the sender is really the oracle, and then can use the provided data <Image src="/resources/images/oracles/oracle-flow.svg" alt="oracle-flow" /> ## List of oracles in TON [#list-of-oracles-in-ton] * [RedStone](/overview/infrastructure/oracles/redstone) * [Pyth](/overview/infrastructure/oracles/pyth) # Pyth oracle (/overview/infrastructure/oracles/pyth) ## How to use real-time data in TON contracts [#how-to-use-real-time-data-in-ton-contracts] Pyth is a pull oracle. Pyth price feeds on TON are managed through the main TON Pyth smart contract, enabling seamless interaction with on-chain data. In TON, these interactions are facilitated by specific functions within the Pyth TON contract. This contract acts as an interface to Pyth price feeds, handling the retrieval and updating of price data. ## Install the Pyth SDK [#install-the-pyth-sdk] Install the Pyth TON SDK and other necessary dependencies using npm or yarn: ```bash npm install @pythnetwork/pyth-ton-js @pythnetwork/hermes-client @ton/core @ton/ton @ton/crypto ``` ## Write code to interact with oracle [#write-code-to-interact-with-oracle] ### Off-chain data fetch and update [#off-chain-data-fetch-and-update] The following code snippet demonstrates how to fetch price updates, interact with the Pyth contract on TON, and update price feeds: * TON Mainnet: [`EQA5NPyjfZztDm8jcTBwTAU9NGsgJEkw19z61yecX0TlseSB`](https://docs.pyth.network/price-feeds/contract-addresses/ton) * TON Testnet: [`EQBeydTZBuv4nkqN8jkScqZbWcyx7TsmOtxsEDbFann0IRtD`](https://docs.pyth.network/price-feeds/contract-addresses/ton) The following example uses the testnet contract. For mainnet usage, change the `PYTH_CONTRACT_ADDRESS_TESTNET` to `PYTH_CONTRACT_ADDRESS_MAINNET` accordingly. ```ts expandable import { TonClient, Address, WalletContractV4 } from "@ton/ton"; import { mnemonicToPrivateKey } from "@ton/crypto"; import { HermesClient } from "@pythnetwork/hermes-client"; import { PythContract, PYTH_CONTRACT_ADDRESS_TESTNET, PYTH_CONTRACT_ADDRESS_MAINNET, calculateUpdatePriceFeedsFee, } from "@pythnetwork/pyth-ton-js"; const BTC_PRICE_FEED_ID = "0xe62df6c8b4a85fe1a67db44dc12de5db330f7ac66b72dc658afedf0f4a415b43"; async function main() { // Initialize TonClient const client = new TonClient({ endpoint: "https://testnet.toncenter.com/api/v2/jsonRPC", apiKey: "your-api-key-here", // Get your TON Center API key via @tonapibot or https://t.me/toncenter (optional) }); // Create PythContract instance const contractAddress = Address.parse(PYTH_CONTRACT_ADDRESS_TESTNET); const contract = client.open(PythContract.createFromAddress(contractAddress)); // Get current guardian set index const guardianSetIndex = await contract.getCurrentGuardianSetIndex(); console.log("Guardian Set Index:", guardianSetIndex); // Get BTC price from TON contract const price = await contract.getPriceUnsafe(BTC_PRICE_FEED_ID); console.log("BTC Price from TON contract:", price); // Fetch latest price updates from Hermes const hermesEndpoint = "https://hermes.pyth.network"; const hermesClient = new HermesClient(hermesEndpoint); const priceIds = [BTC_PRICE_FEED_ID]; const latestPriceUpdates = await hermesClient.getLatestPriceUpdates( priceIds, { encoding: "hex" } ); console.log("Hermes BTC price:", latestPriceUpdates.parsed?.[0].price); // Prepare update data const updateData = Buffer.from(latestPriceUpdates.binary.data[0], "hex"); console.log("Update data:", updateData); // Get update fee const updateFee = await contract.getUpdateFee(updateData); console.log("Update fee:", updateFee); const totalFee = calculateUpdatePriceFeedsFee(BigInt(updateFee)) + BigInt(updateFee); // Update price feeds const mnemonic = "your mnemonic here"; const key = await mnemonicToPrivateKey(mnemonic.split(" ")); const wallet = WalletContractV4.create({ publicKey: key.publicKey, workchain: 0, }); const provider = client.open(wallet); await contract.sendUpdatePriceFeeds( provider.sender(key.secretKey), updateData, totalFee ); console.log("Price feeds updated successfully."); } main().catch(console.error); ``` ## Additional resources [#additional-resources] You may find these additional resources helpful for developing your TON application: * [Pyth price feed IDs](https://pyth.network/developers/price-feed-ids) * [Pyth TON contract](https://github.com/pyth-network/pyth-crosschain/tree/main/target_chains/ton/contracts) * [Pyth TON SDK](https://github.com/pyth-network/pyth-crosschain/tree/main/target_chains/ton/sdk) * [Pyth TON example](https://github.com/pyth-network/pyth-examples/tree/main/price_feeds/ton/sdk_js_usage) # RedStone oracle (/overview/infrastructure/oracles/redstone) ## How to use real-time data in TON contracts [#how-to-use-real-time-data-in-ton-contracts] RedStone is a pull oracle that uses an alternative design for providing oracle data to smart contracts. Instead of constantly persisting data on the contract's storage, the information is brought on-chain only when needed by end users. Until that moment, data remains in the decentralized cache layer, powered by RedStone light cache gateways and a stream-based data broadcasting protocol. Data is transferred to the contract by end users, who attach signed data packages to their function invocations. The information integrity is verified on-chain through signature checking. ## Install the RedStone SDK [#install-the-redstone-sdk] Install the RedStone TON connector and other necessary dependencies: ```bash npm install @redstone-finance/ton-connector @redstone-finance/sdk ``` ## Write code to interact with oracle [#write-code-to-interact-with-oracle] ### Off-chain data fetch and update [#off-chain-data-fetch-and-update] The following code snippet demonstrates how to fetch price updates and interact with RedStone contracts on TON: ```ts import { TonPricesContractConnector } from "@redstone-finance/ton-connector"; import { ContractParamsProvider, getSignersForDataServiceId } from "@redstone-finance/sdk"; async function main() { // Configure API endpoint const apiV2Config = { apiEndpoint: "https://testnet.toncenter.com/api/v2/jsonRPC", apiKey: "your-api-key-here", // Get your TON Center API key }; // Initialize the connector const contractAddress = "EQCMxfukwpP3BI_6Pn3lmOXgxlp3dPabVGOM0UvJCjsDhkdD"; const prices = new TonPricesContractConnector(network, contractAddress); // Configure RedStone data service parameters const paramsProvider = new ContractParamsProvider({ dataServiceId: "redstone-main-demo", uniqueSignersCount: 1, dataPackagesIds: ["ETH", "BTC"], authorizedSigners: getSignersForDataServiceId("redstone-main-demo"), }); // Get prices using on-the-fly processing (doesn't modify contract state) const pricesFromPayload = await (await prices.getAdapter()).getPricesFromPayload(paramsProvider); console.log("ETH and BTC prices from payload:", pricesFromPayload); // Write prices to contract storage (modifies contract state) await (await prices.getAdapter()).writePricesFromPayloadToContract(paramsProvider); console.log("Prices written to contract storage successfully."); // Read prices from contract storage const storedPrices = await (await prices.getAdapter()).readPricesFromContract(paramsProvider); console.log("Stored prices:", storedPrices); // Get timestamp of last update const lastUpdateTimestamp = await (await prices.getAdapter()).readTimestampFromContract(); console.log("Last update timestamp:", lastUpdateTimestamp); } main().catch(console.error); ``` This code snippet does the following: 1. Imports the `TonPricesContractConnector` and sets up the RedStone SDK. 2. Configures the API endpoint and creates a connector to your deployed contract. 3. Sets up a `ContractParamsProvider` with the data service ID and feed identifiers. 4. Fetches price data using on-the-fly processing (no gas cost). 5. Writes price data to the contract's storage (requires gas). 6. Reads stored prices and the last update timestamp from the contract. ## Contract types [#contract-types] RedStone provides several contract types for different use cases: ### Price Manager [#price-manager] Manages multiple price feeds with signature verification and supports both on-the-fly processing and storage persistence. ### Single Feed Manager [#single-feed-manager] Simplified version for handling a single price feed, reducing gas costs for single-feed applications. ### Price Feed [#price-feed] An individual feed contract that stores price data for a specific asset. ### Sample Consumer [#sample-consumer] Example consumer contract that demonstrates how to read data from price feeds. ## Error handling [#error-handling] Common error codes you might encounter: * **300+**: Insufficient valid signers (less than `signer_count_threshold`) * **200+**: Timestamp validation failed (data too old or in the future) * **Other codes**: See [RedStone constants](https://github.com/redstone-finance/redstone-oracles-monorepo/blob/main/packages/ton-connector/src/config/constants.ts) ## Additional resources [#additional-resources] You may find these additional resources helpful for developing your TON application: * [RedStone documentation](https://docs.redstone.finance/docs/introduction) * [RedStone TON connector](https://github.com/redstone-finance/redstone-oracles-monorepo/tree/main/packages/ton-connector) * [RedStone smart contracts](https://github.com/redstone-finance/redstone-oracles-monorepo/tree/main/packages/ton-connector/contracts) * [RedStone showroom](https://ton-showroom.redstone.finance/) # Addresses workflow (/overview/wallets/wallet-apps/addresses-workflow) To understand this article, it is necessary to periodically refer to [account status page](/blockchain-basics/primitives/status). At the moment, TON wallets work with [addresses](/blockchain-basics/primitives/addresses/formats) as follows: When receiving: 1. Wallets display the user's address in a [user-friendly](/blockchain-basics/primitives/addresses/formats) bounceable or non-bounceable form. When sending: 1. A user sends a message with funds and, possibly, a comment to the destination's wallet address in one of the user-friendly formats through the wallet application. 2. The wallet app checks the validity of the destination address representation - its length, valid characters, prefix, and checksum. If the address is not valid, then an alert is shown and the sending operation is not performed. 3. If the address has a testnet flag, and the wallet app works with the mainnet network, then an alert is shown and the sending operation is not performed. 4. The wallet app reads the bounceable flag from the address. 5. The wallet app checks the destination address. If it has the `uninitialized` status, the app force-sets the `bounce` field of the sending message to `false` and ignores the bounceable/non-bounceable flag from the address representation. 6. If the destination is not `uninitialized`, then the wallet app uses the bounceable/non-bounceable flag from the address representation for the `bounce` field of the sending message. # Deep links (/overview/wallets/wallet-apps/deep-links) Deep links allow to seamlessly direct users from a dApp back to a meaningful location within a TON wallet and invoke corresponding actions. Issue wallet invoices using deep links. See [transaction link formats](#explorers-links) for popular explorers. ## TON Connect invoices [#ton-connect-invoices] ```bash tc://<TON_CONNECT_LINK_BODY> ``` Best for dApps that require multiple transactions within a session or a persistent wallet connection. **Advantages** * Permanent communication channel with the wallet. * Users only scan a QR code once. * Can track transaction confirmation via the returned BoC. * Ready-made SDKs and UI kits for various platforms. **Disadvantages** * If only one payment is needed, users must connect the wallet and confirm the transaction. * More complex integration than a `ton://` link. Explore [TON Connect](/applications/ton-connect/overview). ## Deep links invoices [#deep-links-invoices] <Aside type="caution"> The TON link `ton://` is less preferred in the ecosystem, but may be useful for simple and tiny one-time payment flow. </Aside> ```bash ton://<LINK-BODY> ``` **Advantages** * Easy integration. * No need to connect a wallet. **Disadvantages** * Users must scan a new QR code for each payment. * Cannot track if the user signed the transaction. * No information about the user’s address. * Requires workarounds for platforms where links are not clickable (e.g., Telegram Desktop bots). The `ton://` scheme is part of the broader TON blockchain standard, enabling interoperability across different TON-based wallets and services. #### Example workflows [#example-workflows] * Quick payments: Integrate payment requests directly from your website, allowing users to complete transactions with a single tap using `ton://` transfer links. * In-app transactions: Use deep links to facilitate seamless transfers between users within your application. * Link to specific transfers: Provide support or history review by linking directly to specific transactions or transfers. ### TON transfer [#ton-transfer] Opens the pre-filled Send screen and prompts the user to enter the missing data. ```bash Transfer scheme ton://transfer/<ADDRESS>?amount=<AMOUNT>&text=<TEXT> ``` | Parameter | Description | Required | | ----------- | ----------------------------------------------------------- | -------- | | `<ADDRESS>` | The recipient's TON address. | required | | `<AMOUNT>` | The amount of TON to send, in nanotons. | optional | | `<TEXT>` | A URL-encoded UTF-8 text message to attach to the transfer. | optional | #### TON transfer to address [#ton-transfer-to-address] ```bash scheme ton://transfer/<ADDRESS> ``` ```bash example ton://transfer/UQDYzZmfsrGzhObKJUw4gzdeIxEai3jAFbiGKGwxvxHinf4K ``` #### TON transfer with amount [#ton-transfer-with-amount] ```bash scheme ton://transfer/<ADDRESS>?amount=<AMOUNT> ``` ```bash example ton://transfer/UQDYzZmfsrGzhObKJUw4gzdeIxEai3jAFbiGKGwxvxHinf4K?amount=5000000 ``` #### TON transfer with text comment [#ton-transfer-with-text-comment] ```bash scheme ton://transfer/<ADDRESS>?text=<TEXT> ``` ```bash example ton://transfer/UQDYzZmfsrGzhObKJUw4gzdeIxEai3jAFbiGKGwxvxHinf4K?text=hello ``` #### TON Transfer with amount and text comment [#ton-transfer-with-amount-and-text-comment] ```bash scheme ton://transfer/<ADDRESS>?amount=<AMOUNT>&text=<TEXT> ``` ```bash example ton://transfer/UQDYzZmfsrGzhObKJUw4gzdeIxEai3jAFbiGKGwxvxHinf4K?amount=5000000&text=hello ``` ### Transfer with expiry timestamp [#transfer-with-expiry-timestamp] Opens the Send screen with an expiry timestamp for the transaction. ```bash Scheme with timestamp ton://transfer/<ADDRESS>?amount=<AMOUNT>&text=<TEXT>&exp=<EXPIRY_TIMESTAMP> ``` | Parameter | Description | Required | | -------------------- | ----------------------------------------------------------- | -------- | | `<ADDRESS>` | The recipient's TON address. | required | | `<AMOUNT>` | The amount of TON to send, in nanotons. | optional | | `<TEXT>` | A URL-encoded UTF-8 text message to attach to the transfer. | optional | | `<EXPIRY_TIMESTAMP>` | Expiry timestamp in seconds since the Unix epoch. | optional | The `exp` parameter, like other parameters, must be included when constructing the message to ensure the blockchain rejects transactions with an expired exp. #### TON transfer with expiry timestamp [#ton-transfer-with-expiry-timestamp] ```bash scheme tranfser with expiry ton://transfer/<ADDRESS>?amount=<AMOUNT>&text=<TEXT>&exp=<EXPIRY_TIMESTAMP> ``` ```bash example transfer with expiry ton://transfer/EQD2NmD_lH5f5u1Kj3KfGyTvhZSX0Eg6qp2a5IQUKXxOG21n?amount=100000&text=test&exp=2147483647 ``` ### Jetton transfer [#jetton-transfer] Opens the Send screen with a jetton transfer. [Jetton](/blockchain-basics/standard/tokens/jettons/overview) is a standard for TON assets, like USDT, USDC and e.t.c. ```bash Scheme ton://transfer/<ADDRESS>?jetton=<JETTON_ADDRESS>&amount=<AMOUNT>&text=<TEXT> ``` | Parameter | Description | Required | | -------------------- | ----------------------------------------------------------- | -------- | | `<ADDRESS>` | The recipient's TON wallet address. | required | | `<JETTON_ADDRESS>` | The jetton master address. | required | | `<AMOUNT>` | The amount of jettons to send. | optional | | `<TEXT>` | A URL-encoded UTF-8 text message to attach to the transfer. | optional | | `<EXPIRY_TIMESTAMP>` | Expiry timestamp in seconds since the Unix epoch. | optional | <Aside type="tip"> One whole Jetton for `<AMOUNT>` is defined by * [`decimals`](/blockchain-basics/standard/tokens/metadata#decimals) the number of fractional digits * `unit` that represents the smallest indivisible amount of the token (similar to satoshi in Bitcoin). <Accordion title="Read more..."> $$ \text{One whole Jetton} = unit \times 10^{decimal} $$ For example, a USDT Jetton on TON defines decimals = 6. This means: $$ 1\ \text{USDT} = 1{,}000{,}000\ \text{smallest units} $$ Or, in general form: $$ \text{One whole USDT} = unit \times 10^{6} $$ Typically Jetton on TON defines with decimals = 9, for example, DUST jetton. This means: $$ 1\ \text{DUST} = 1{,}000{,}000{,}000\ \text{smallest units} $$ Or, in general form: $$ \text{One whole DUST} = unit \times 10^{9} $$ </Accordion> </Aside> #### Transfer default jetton [#transfer-default-jetton] Typically, jetton decimals in amount are equal 9 and evaluation same as for Toncoin. ```bash scheme ton://transfer/<ADDRESS>?jetton=<JETTON_ADDRESS>&amount=<AMOUNT>&text=<TEXT> ``` ```bash example transfer 0.005 DUST ton://transfer/UQDYzZmfsrGzhObKJUw4gzdeIxEai3jAFbiGKGwxvxHinf4K?jetton=EQBlqsm144Dq6SjbPI4jjZvA1hqTIP3CvHovbIfW_t-SCALE&amount=5000000&text=hello ``` #### Transfer USDT [#transfer-usdt] While Toncoin requires nine decimal places and 1 Toncoin equals 1 billion ($10^9$) nanoToncoin, USDT only uses six decimal places. This means that 1 USDT unit stands for 1 million ($10^6$) microUSDT units. The `AMOUNT` below requires the microUSDT format. ```bash scheme ton://transfer/<ADDRESS>?jetton=<JETTON_ADDRESS>&amount=<AMOUNT>&text=<TEXT> ``` ```bash example transfer 0.005 USDT ton://transfer/UQDYzZmfsrGzhObKJUw4gzdeIxEai3jAFbiGKGwxvxHinf4K?jetton=EQCxE6mUtQJKFnGfaROTKOt1lZbDiiX1kCixRv7Nw2Id_sDs&amount=5000&text=hello ``` ### Transfer with binary data [#transfer-with-binary-data] Opens the emulation screen or screen with alert about blind signing transactions with amount and destination. ```bash scheme ton://transfer/<ADDRESS>?amount=<AMOUNT>&bin=<BINARY_DATA> ``` | Parameter | Description | Required | | --------------- | ------------------------------------------------------------------------------ | -------- | | `<ADDRESS>` | The recipient's TON address. | required | | `<AMOUNT>` | The amount of TON to send, in nanotons. | optional | | `<BINARY_DATA>` | A URL-encoded base64 BoC which will be attached as a body to internal message. | optional | ```bash example transfer with binary data ton://transfer/UQDYzZmfsrGzhObKJUw4gzdeIxEai3jAFbiGKGwxvxHinf4K?amount=5000000&bin=te6cckECBQEAARUAAUWIAMEY4jHsfgXgPZLLJhtH/oPEOBKZZb6Y4/RJaJnbXc4GDAEBnBSf8D7P51eitphXHiTNAS6WXVDOgcxIxFWf7JICcG9ooFRNCDzTZbHg0mlW6782P8huKd5wzYK3huSVDMGTrQgpqaMXaMF9SAAAACsAAwIBaGIAV+9GxkYnezSj7VSw9vtlmc5RJ5lsyyItoKd5rFDpJZUgL68IAAAAAAAAAAAAAAAAAAEDAaFfzD0Ug3czLfk9/4aAArAmxHNbYrurO/IYyD89+mJZ/XDMnkMemHy/nTsrzYDwAYIxxGPY/AvAeyWWTDaP/QeIcCUyy30xx+iS0TO2u5wMIDgEACIAAAAAUmVmI05PTmQxZ0pCUK4fW14= ``` ## Wallet-specific invoices [#wallet-specific-invoices] Use wallet‑specific links to create simple jetton and Toncoin transfers. The syntax is usually similar to `ton://transfer` links, but always check each wallet’s documentation. Example: transferring 1 USDT to `EQCxE6mUtQJKFnGfaROTKOt1lZbDiiX1kCixRv7Nw2Id_sDs`: ```bash Tonkeeper mobile link https://app.tonkeeper.com/transfer/saint.ton?amount=1000000&jetton=EQCxE6mUtQJKFnGfaROTKOt1lZbDiiX1kCixRv7Nw2Id_sDs ``` ```bash Tonkeeper web link https://app.tonkeeper.com/transfer/saint.ton?amount=1000000&jetton=EQCxE6mUtQJKFnGfaROTKOt1lZbDiiX1kCixRv7Nw2Id_sDs ``` ```bash MyTonWallet https://my.tt/transfer/UQDYzZmfsrGzhObKJUw4gzdeIxEai3jAFbiGKGwxvxHinf4K?amount=1000000&jetton=EQCxE6mUtQJKFnGfaROTKOt1lZbDiiX1kCixRv7Nw2Id_sDs ``` Find more wallet-specific features in the documentation: * Tonkeeper - [`docs.tonconsole.com`](https://docs.tonconsole.com/tonkeeper/deep-linking) * MyTonWallet - [`help.mytonwallet.io`](https://help.mytonwallet.io/intro/key-features/deeplinks-in-mytonwallet) ## Explorers links [#explorers-links] To generate a transaction link, the service must obtain the account address, logical time (lt), and transaction hash by calling the [`getTransactions`](https://toncenter.com/api/v2/#/transactions/get_transactions_getTransactions_get) method. Using these values, [Tonviewer](https://tonviewer.com), [Tonscan](https://tonscan.org), and [Toncoin Explorer](https://explorer.toncoin.org/) render the transaction page according to the following formats respectively: * [Tonviewer links](#tonviewer) * [Tonscan links](#tonscan) * [Toncoin Explorer links](#toncoin-explorer) ### Tonviewer [#tonviewer] #### Mainnet [#mainnet] ```bash Tonviewer Mainnet link https://tonviewer.com/transaction/<hash as hex> ``` ```bash Tonviewer Mainnet link example https://tonviewer.com/transaction/aee8d185a0c8f73c787bf1872ee9659ac53ce11a90b16b384856a7821eff8c29 ``` #### Testnet [#testnet] ```bash Tonviewer Testnet link https://testnet.tonviewer.com/transaction/<hash as hex> ``` ```bash Tonviewer Testnet short link example https://testnet.tonviewer.com/transaction/61ef8fac43edf408fcc041aa8afaec14ac2c4f68faafe6eb18c50a921697d2f6 ``` ### Tonscan [#tonscan] #### Mainnet [#mainnet-1] ```bash Tonscan Mainnet link https://tonscan.org/tx/<lt as int>:<hash as base64url>:<account address> ``` ```bash Tonscan Mainnet link example https://tonscan.org/tx/63333243000002:rujRhaDI9zx4e_GHLullmsU84RqQsWs4SFangh7_jCk:Ef8zMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzM0vF ``` #### Testnet [#testnet-1] ```bash Tonscan Testnet link https://testnet.tonscan.org/tx/<lt as int>:<hash as base64url>:<account address> ``` ```bash Tonviewer Testnet link example https://testnet.tonscan.org/tx/40988257000002:Ye-PrEPt9Aj8wEGqivrsFKwsT2j6r-brGMUKkhaX0vY:kf8zMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzM_BP ``` ### Toncoin explorer [#toncoin-explorer] #### Mainnet [#mainnet-2] ```bash Toncoin Mainnet link https://explorer.toncoin.org/transaction?account=<account address>&lt=<lt as int>&hash=<transaction uppercase hex> ``` ```bash Toncoin Mainnet link example https://explorer.toncoin.org/transaction?account=Ef8zMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzM0vF&lt=63333243000002&hash=AEE8D185A0C8F73C787BF1872EE9659AC53CE11A90B16B384856A7821EFF8C29 ``` #### Testnet [#testnet-2] ```bash Toncoin Testnet link https://test-explorer.toncoin.org/transaction?account=<account address>&lt=<lt as int>&hash=<transaction uppercase hex> ``` ```bash Toncoin Testnet link example https://test-explorer.toncoin.org/transaction?account=Ef8zMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzM0vF&lt=40988257000002&hash=61EF8FAC43EDF408FCC041AA8AFAEC14AC2C4F68FAAFE6EB18C50A921697D2F6 ``` # How to get coins on testnet (/overview/wallets/wallet-apps/get-coins) Testnet coins are used for development and testing on the TON testnet. To obtain testnet Toncoin, a testnet wallet is required. Depending on the required amount of Toncoin, choose one of the following options: * For regular requests of 2 TON per hour, use Telegram [Testgiver TON bot](#use-testgiver-ton-bot). * For larger allocations of up to 5,000 TON, submit a [request form](#use-request-form). ## Use Testgiver TON Bot [#use-testgiver-ton-bot] 1. Download [Telegram](https://telegram.org/) and create an account. 2. Open [`@testgiver_ton_bot`](https://t.me/testgiver_ton_bot) in a browser and click <kbd>Open Telegram</kbd>. <Image src="/resources/images/fund-wallet/open-telegram-light.png" darkSrc="/resources/images/fund-wallet/open-telegram-dark.png" width="608" height="342" alt="Open Telegram prompt" /> 3. Once the bot opens, click <kbd>Start</kbd> to initiate the session. <Image src="/resources/images/fund-wallet/start-bot-light.png" darkSrc="/resources/images/fund-wallet/start-bot-dark.png" width="608" height="342" alt="Start bot screen" /> 4. After the `/start` command is sent, the bot displays a welcome message. Click <kbd>Get 2 TON in testnet</kbd> to request test coins. <Image src="/resources/images/fund-wallet/bot-welcome-light.png" darkSrc="/resources/images/fund-wallet/bot-welcome-dark.png" alt="Bot welcome screen" /> 5. A captcha prompt appears. Open the image to view it in full size and enter the displayed characters. <Image src="/resources/images/fund-wallet/captcha-light.png" darkSrc="/resources/images/fund-wallet/captcha-dark.png" alt="Captcha screen" /> 6. Once the captcha is complete, enter the testnet wallet address. <Image src="/resources/images/fund-wallet/enter-address-light.png" darkSrc="/resources/images/fund-wallet/enter-address-dark.png" alt="Enter wallet address" /> <Aside type="caution"> Verify that the pasted address belongs to the **testnet**. Mainnet and testnet addresses are distinct. See [Internal address formats](/blockchain-basics/primitives/addresses/formats#flag-definitions) for details. </Aside> 7. After submitting the address, a message confirms that the request is queued. Then, the bot processes it and sends 2 Toncoin in testnet. <Image src="/resources/images/fund-wallet/request-confirmed-light.png" darkSrc="/resources/images/fund-wallet/request-confirmed-dark.png" alt="Request confirmed" /> 8. No additional confirmation is sent when the request is processed. To confirm receipt of the testnet Toncoin, see [Verify the transfer](#verify-the-transfer). 9. To request again, open the menu in the lower-left corner, select `/get`, and repeat the steps. <Image src="/resources/images/fund-wallet/menu-light.png" darkSrc="/resources/images/fund-wallet/menu-dark.png" alt="Bot menu" /> ## Use request form [#use-request-form] Request up to 5,000 testnet TON by completing the [token request form](https://builders.ton.org/opportunities/testnet). The TON Foundation reviews the submission and transfers the tokens directly to the specified testnet wallet address. ## Verify the transfer [#verify-the-transfer] After requesting tokens, use the Tonviewer Testnet explorer to verify that the transfer occurred. 1. Open [Tonviewer Testnet](https://testnet.tonviewer.com/), enter the wallet address in the search bar, and click <kbd>Find</kbd>. <Image src="/resources/images/fund-wallet/tonviewer-light.png" darkSrc="/resources/images/fund-wallet/tonviewer-dark.png" alt="Tonviewer search" /> 2. The explorer shows the current balance and transaction history, including the testnet Toncoin received from the bot. The account state is `uninit`, indicating that the account is not deployed. <Image src="/resources/images/fund-wallet/account-uninit-light.png" darkSrc="/resources/images/fund-wallet/account-uninit-dark.png" alt="Wallet balance showing uninit state" /> 3. To [deploy the account](/overview/wallets/wallet-apps/web#deploy-the-code) send any transaction from the wallet. # Tonkeeper (/overview/wallets/wallet-apps/tonkeeper) [Tonkeeper](https://tonkeeper.com/) is a self‑custodial mobile wallet available on [iOS](https://apps.apple.com/us/app/tonkeeper-ton-wallet/id1587742107) and [Android](https://play.google.com/store/apps/details?id=com.ton_keeper). It supports regular [wallets](/blockchain-basics/standard/wallets/how-it-works), [Jettons](/blockchain-basics/standard/tokens/jettons/overview), [NFTs](/blockchain-basics/standard/tokens/nft/overview), and [TON Connect](/applications/ton-connect/overview). Its github repository can be found [here](https://github.com/tonkeeper). <div style="{ display: "flex", justifyContent: "center" }"> <Image src="/resources/images/wallets/tonkeeper/main-int-light.png" darkSrc="/resources/images/wallets/tonkeeper/main-int-dark.png" width="228" height="342" alt="Tonkeeper main interface" /> </div> * 🟡 **Account balance** displays the total amount of Toncoin and other tokens held on account. * 🔴 **Account address** is shown as a base64-encoded string. It can be shared to receive TON, jettons, or NFTs. * 🟢 **Send/Receive/Scan buttons** are used to transfer TON or jettons to another account, receive TON or jettons to the wallet, and scan QR codes to confirm transactions, respectively. ## Create a wallet [#create-a-wallet] A wallet is required to do any transactions on a public global network. It is the primary way to interact with the blockchain. This step-by-step guide explains how to use Tonkeeper app to create a testnet wallet account. Testnet is used instead of mainnet, because it is more suitable for development and experimentation, and test coins can be obtained for free on testnet. The procedure works the same way on mainnet, except funds will have to be procured in a different way. Overall procedure is: * Generate a mnemonic (a key). It uniquely determines wallet's address, but the wallet doesn't exist on blockchain yet, i.e. is in [`nonexist`](/blockchain-basics/primitives/status#status-variety) status. * Send some funds to the wallet's account. Now it will be in [`uninit`](/blockchain-basics/primitives/status#status-variety) status, i.e. already with some balance on it, but without any code yet. * Deploy wallet's code to this address. Some of these funds will be used to pay for the deploy process. Now the wallet is in [`active`](/blockchain-basics/primitives/status#status-variety) status, and can be used for any purpose. <Aside type="danger" title="Funds at risk"> Addresses of both mainnet and testnet accounts can be derived from the same mnemonic, i.e. the same key might be used for both wallets. Beware these accounts exist only in their corresponding networks. It's possible to forget switching to testnet, and accidentally spend real funds on mainnet. It's possible to accidentally transfer funds to a testnet wallet address on mainnet. These funds will be impossible to recover. Verify which network is used before any funds are sent. </Aside> ### Generate a key [#generate-a-key] 1. Install Tonkeeper on [iOS](https://apps.apple.com/us/app/tonkeeper-ton-wallet/id1587742107) or [Android](https://play.google.com/store/apps/details?id=com.ton_keeper). 2. Click <kbd>Create New Wallet</kbd> <div style="{ display: "flex", justifyContent: "center" }"> <Image src="/resources/images/wallets/tonkeeper/create-wallet-light.png" darkSrc="/resources/images/wallets/tonkeeper/create-wallet-dark.png" width="228" height="342" alt="Create a wallet" /> </div> 3. Create a passcode and re-enter it. Passcode is used to encrypt the mnemonic. <div style="{ display: "flex", justifyContent: "center", gap: "16px" }"> <Image src="/resources/images/wallets/tonkeeper/passcode-light.png" darkSrc="/resources/images/wallets/tonkeeper/passcode-dark.png" width="228" height="342" alt="Create a passcode" /> <Image src="/resources/images/wallets/tonkeeper/reenter-light.png" darkSrc="/resources/images/wallets/tonkeeper/reenter-dark.png" width="228" height="342" alt="Confirm the passcode" /> </div> 4. Click <kbd>Back up your recovery phrase</kbd> and <kbd>Back Up Manually</kbd>. <div style="{ display: "flex", justifyContent: "center", gap: "16px" }"> <Image src="/resources/images/wallets/tonkeeper/backup-light.png" darkSrc="/resources/images/wallets/tonkeeper/backup-dark.png" width="228" height="300" alt="Back up" /> <Image src="/resources/images/wallets/tonkeeper/backup-manually-light.png" darkSrc="/resources/images/wallets/tonkeeper/backup-manually-dark.png" width="228" height="342" alt="Confirm the passcode" /> </div> 5. Save 24 words of the [mnemonic](/blockchain-basics/standard/wallets/mnemonics). <Aside type="danger" title="Funds at risk"> Mnemonic is the text representation of wallet's secret key. Losing it is the same as losing access to the wallet.<br /> Anyone who has access to the mnemonic can take control of the wallet and move funds. If compromise is suspected, create a new wallet and transfer all funds immediately. Prefer not to store recovery words digitally; write them down and keep them offline. </Aside> <div style="{ display: "flex", justifyContent: "center" }"> <Image src="/resources/images/wallets/tonkeeper/recovery-light.png" darkSrc="/resources/images/wallets/tonkeeper/recovery-dark.png" width="228" height="342" alt="Recovery phrase" /> </div> 6. Pass the check that the mnemonic was saved. <div style="{ display: "flex", justifyContent: "center" }"> <Image src="/resources/images/wallets/tonkeeper/backup-check-light.png" darkSrc="/resources/images/wallets/tonkeeper/backup-check-dark.png" width="228" height="342" alt="Recovery phrase" /> </div> 7. The main interface of the app should now appear. ### Switch to testnet [#switch-to-testnet] 1. Click <kbd>wallet</kbd> to open the <kbd>Add Wallet</kbd> pop-up. <div style="{ display: "flex", justifyContent: "center" }"> <Image src="/resources/images/wallets/tonkeeper/add-testnet-wallet-light.png" darkSrc="/resources/images/wallets/tonkeeper/add-testnet-wallet-dark.png" width="228" height="342" alt="Add testnet" /> </div> 2. In the "Add Wallet" window, scroll down to the "For developers" section. Click the "Testnet Account" card. <div style="{ display: "flex", justifyContent: "center" }"> <Image src="/resources/images/wallets/tonkeeper/for-devs-light.png" darkSrc="/resources/images/wallets/tonkeeper/for-devs-dark.png" width="228" height="342" alt="Testnet account" /> </div> 3. Enter the recovery phrase that was provided when the wallet was created on Mainnet, then click <kbd>Confirm</kbd>. <div style="{ display: "flex", justifyContent: "center" }"> <Image src="/resources/images/wallets/tonkeeper/recovery-test-light.png" darkSrc="/resources/images/wallets/tonkeeper/recovery-test-dark.png" width="228" height="342" alt="Recovery phrase for testnet" /> </div> 4. The main interface of the app should now appear, indicating that the testnet is used. Also address of the testnet wallet in the [user-friendly format](/blockchain-basics/primitives/addresses/formats#user-friendly-format) starts with `k` or `0`. <div style="{ display: "flex", justifyContent: "center" }"> <Image src="/resources/images/wallets/tonkeeper/main-int-test-light.png" darkSrc="/resources/images/wallets/tonkeeper/main-int-test-dark.png" width="228" height="342" alt="Main interface with testnet note" /> </div> ### Add funds into the wallet [#add-funds-into-the-wallet] To get free coins on testnet, follow [the guide](/overview/wallets/wallet-apps/get-coins). #### Quick version [#quick-version] 1. Message [`@testgiver_ton_bot`](https://t.me/testgiver_ton_bot) in [Telegram](https://telegram.org/). 2. Press the <kbd>Start</kbd> or send `/start` message. 3. Pass the captcha test. 4. Enter and send the testnet wallet address displayed by wallet. 5. Soon after the "Request added to the queue" response, 2 TON will be sent to the wallet. 6. There won't be any other message that the transfer happened. [Use an explorer](#check-the-account-state) to check the request status. 7. The account should be in the `uninit` status now. <Image src="/resources/images/wallets/wallet-ton-org/address_uninit_light.png" darkSrc="/resources/images/wallets/wallet-ton-org/address_uninit_dark.png" alt="Account status: uninit" /> ### Deploy the code [#deploy-the-code] <Aside type="danger" title="Funds at risk"> On-chain transfers are irreversible — verify the recipient and amount before confirming. Use testnet for practice; use mainnet only for real transfers. </Aside> To deploy the code, send any transaction from the wallet. The recipient can be any address, including the wallet itself. 1. Click <kbd>Send</kbd> on the main interface, enter wallet address in "Address or name", and the "Amount" of TON. Click <kbd>Continue</kbd>. <div style="{ display: "flex", justifyContent: "center" }"> <Image src="/resources/images/wallets/tonkeeper/send-light.png" darkSrc="/resources/images/wallets/tonkeeper/send-dark.png" width="228" height="342" alt="Send TON" /> </div> 2. Verify the transaction details and swipe if correct. Otherwise, tap <kbd>`<`</kbd> in the top-left corner to edit. <div style="{ display: "flex", justifyContent: "center" }"> <Image src="/resources/images/wallets/tonkeeper/confirm-light.png" darkSrc="/resources/images/wallets/tonkeeper/confirm-dark.png" width="228" height="342" alt="Verify transaction" /> </div> 3. After confirmation, enter the passcode. Then, the "History" page displays the sent transaction. 4. [Use an explorer](#check-the-account-state) to check wallet's status. It should be `active` now. ## Check the account state [#check-the-account-state] Use a [blockchain explorer](/overview/infrastructure/explorers/overview) to inspect the account. For **Testnet**, use [Tonviewer Testnet](https://testnet.tonviewer.com/). 1. Paste the wallet address into the search bar.<br /><Image src="/resources/images/wallets/wallet-ton-org/tonviewer_light.png" darkSrc="/resources/images/wallets/wallet-ton-org/tonviewer_dark.png" alt="Insert address in Tonviewer search" /> 2. The account details will appear. In a newly created wallet, the status is `nonexist`, indicating the wallet is not deployed.<br /><Image src="/resources/images/wallets/wallet-ton-org/address_nonexist_light.png" darkSrc="/resources/images/wallets/wallet-ton-org/address_nonexist_dark.png" alt="Account status: nonexist" /> ## Verify wallet's version [#verify-wallets-version] By default, Tonkeeper creates wallets with the [Wallet v5](/blockchain-basics/standard/wallets/v5) code deployed on them. To switch [wallet contract version](/blockchain-basics/standard/wallets/comparison) to [v4](/blockchain-basics/standard/wallets/v4): 1. On the main menu, tap the gear icon <kbd><Icon icon="settings" size="16" /></kbd> in the upper-right corner. 2. In "Settings", select <kbd>Wallet v4R2</kbd> and enter the passcode. <div style="{ display: "flex", justifyContent: "center" }"> <Image src="/resources/images/wallets/tonkeeper/v4r2-light.png" darkSrc="/resources/images/wallets/tonkeeper/v4r2-dark.png" width="228" height="342" alt="V4R2" /> </div> 3. The wallet v4r2 is auto-generated and the app returns to the main menu. * If v5 is highlighted, v4 has no visual indicator. * To check, tap the wallet name — **wallet v4r2** — v5 is highlighted, while v4 is not. <div style="{ display: "flex", justifyContent: "center" }"> <Image src="/resources/images/wallets/tonkeeper/wallet-v4r2-light.png" darkSrc="/resources/images/wallets/tonkeeper/wallet-v4r2-dark.png" width="228" height="342" alt="V4R2" /> </div> # wallet.ton.org (/overview/wallets/wallet-apps/web) [wallet.ton.org](https://wallet.ton.org) is a self-custodial wallet web app that doesn't require installation. It supports regular [wallets](/blockchain-basics/standard/wallets/how-it-works), [Jettons](/blockchain-basics/standard/tokens/jettons/overview), and [NFTs](/blockchain-basics/standard/tokens/nft/overview). Its source code can be found [here](https://github.com/ton-blockchain/ton-wallet). <Image src="/resources/images/wallets/wallet-ton-org/ui_light.png" darkSrc="/resources/images/wallets/wallet-ton-org/ui_dark.png" alt="Wallet interface" /> * 🟡 **Account balance** displays the total amount of Toncoin and other tokens held on account. * 🔴 **Account address** is shown both as a QR code and as a base64-encoded string. You can share this address to receive TON, jettons, or NFTs. * 🟢 **Send button** opens the transfer form, allowing you to send TON or jettons to another account address. ## Create a wallet [#create-a-wallet] A wallet is required to do any transactions on a public global network. It is the primary way to interact with the blockchain. This step-by-step guide explains how to use [wallet.ton.org](https://wallet.ton.org) app to create a testnet wallet account. Testnet is used instead of mainnet, because it is more suitable for development and experimentation, and test coins can be obtained for free on testnet. The procedure works the same way on mainnet, except funds will have to be procured in a different way. Overall procedure is: * Generate a mnemonic (a key). It uniquely determines wallet's address, but the wallet doesn't exist on blockchain yet, i.e. is in [`nonexist`](/blockchain-basics/primitives/status#status-variety) status. * Send some funds to the wallet's account. Now it will be in [`uninit`](/blockchain-basics/primitives/status#status-variety) status, i.e. already with some balance on it, but without any code yet. * Deploy wallet's code to this address. Some of these funds will be used to pay for the deploy process. Now the wallet is in [`active`](/blockchain-basics/primitives/status#status-variety) status, and can be used for any purpose. <Aside type="caution" title="Funds at risk"> Addresses of both mainnet and testnet accounts can be derived from the same mnemonic, i.e. the same key might be used for both wallets. Beware these accounts exist only in their corresponding networks. It's possible to forget switching to testnet, and accidentally spend real funds on mainnet. It's possible to accidentally transfer funds to a testnet wallet address on mainnet. These funds will be impossible to recover. Verify which network is used before any funds are sent. </Aside> <Aside type="caution" title="Bug!"> There is a bug in wallet.ton.org. Mainnet [subwallet ID](/blockchain-basics/standard/wallets/how-it-works#subwallet-id) is used to generate the address of testnet account. If an address from wallet.ton.org doesn't match an address computed with `@ton/ton` or some other library, this might be the reason. </Aside> ### Generate a key [#generate-a-key] 1. Open [wallet.ton.org](https://wallet.ton.org/). 2. Click "Create Wallet".<br /><Image src="/resources/images/wallets/wallet-ton-org/welcome_page_light.png" darkSrc="/resources/images/wallets/wallet-ton-org/welcome_page_dark.png" alt="Web wallet welcome page" /> 3. Choose "Use Password".<br /><Image src="/resources/images/wallets/wallet-ton-org/password_light.png" darkSrc="/resources/images/wallets/wallet-ton-org/password_dark.png" alt="Password option" /> 4. Set and confirm password. Password will be used to encrypt the mnemonic that is stored in browser's local storage.<br /><Image src="/resources/images/wallets/wallet-ton-org/creating_password_light.png" darkSrc="/resources/images/wallets/wallet-ton-org/creating_password_dark.png" alt="Password setup" /> 5. Save 24 words of the [mnemonic](/blockchain-basics/standard/wallets/mnemonics).<br />{<Aside type="danger" title="Funds at risk"> Mnemonic is the text representation of wallet's secret key. Losing it is the same as losing access to the wallet.<br/> Anyone who has access to the mnemonic can take control of the wallet and move funds. If you suspect it already happened, create a new wallet and transfer all funds immediately. Prefer not to store recovery words digitally; write them down and keep them offline. </Aside>}{<Image src="/resources/images/wallets/wallet-ton-org/secret_words_light.png" darkSrc="/resources/images/wallets/wallet-ton-org/secret_words_dark.png" alt="Recovery words" />} 6. Pass the check that the mnemonic was actually saved.<br /><Image src="/resources/images/wallets/wallet-ton-org/verify_light.png" darkSrc="/resources/images/wallets/wallet-ton-org/verify_dark.png" alt="Verify secret words" /> 7. Now the app should show its main interface. ### Switch to testnet [#switch-to-testnet] 1. Click the "Settings" icon.<br /><Image src="/resources/images/wallets/wallet-ton-org/settings_light.png" darkSrc="/resources/images/wallets/wallet-ton-org/settings_dark.png" alt="Settings button" /> 2. In the settings window, double-click the wallet version number to open developer options.<br /><Image src="/resources/images/wallets/wallet-ton-org/version_light.png" darkSrc="/resources/images/wallets/wallet-ton-org/version_dark.png" alt="Click on version" /> 3. In the "Developer options" panel, locate the "Networks" section and select "Testnet".<br /><Image src="/resources/images/wallets/wallet-ton-org/testnet_light.png" darkSrc="/resources/images/wallets/wallet-ton-org/testnet_dark.png" alt="Choose Testnet" /> 4. The interface should indicate that testnet is used. Also address of the testnet wallet in the [user-friendly format](/blockchain-basics/primitives/addresses/formats#user-friendly-format) starts with `k` or `0`.<br />{<Image src="/resources/images/wallets/wallet-ton-org/testnet_version_light.png" darkSrc="/resources/images/wallets/wallet-ton-org/testnet_version_dark.png" alt="Choose Testnet" />} ### Add funds into the wallet [#add-funds-into-the-wallet] There is a [separate article](/overview/wallets/wallet-apps/get-coins) on this. 1. Message [`@testgiver_ton_bot`](https://t.me/testgiver_ton_bot) in [Telegram](https://telegram.org/). 2. Press the Start button or send `/start` message. 3. Pass the captcha test. 4. Enter and send the testnet wallet address displayed by wallet.ton.org. 5. Soon after the "Request added to the queue" response, 2 TON will be sent to the wallet. 6. There won't be any other message that the transfer happened. [Use an explorer](#check-the-account-state) to check the request status. 7. The account should be in the `uninit` status now. <Image src="/resources/images/wallets/wallet-ton-org/address_uninit_light.png" darkSrc="/resources/images/wallets/wallet-ton-org/address_uninit_dark.png" alt="Account status: uninit" /> ### Deploy the code [#deploy-the-code] <Aside type="caution" title="Funds at risk"> On-chain transfers are irreversible — verify the recipient and amount before confirming. Use testnet for practice; only use mainnet when you intend to make a real transfer. </Aside> To deploy the code, send any transaction from the wallet. The recipient can be any address, including the wallet itself. 1. Click "Send", enter wallet address in "Recipient Address", and the "Amount" of TON. Click "Send TON".<br /><Image src="/resources/images/wallets/wallet-ton-org/send_coins_light.png" darkSrc="/resources/images/wallets/wallet-ton-org/send_coins_dark.png" alt="Sending coins" /> 2. In the confirmation popup, verify the transaction details and click "Confirm" if correct; otherwise, "Edit".<br /><Image src="/resources/images/wallets/wallet-ton-org/confirm_light.png" darkSrc="/resources/images/wallets/wallet-ton-org/confirm_dark.png" alt="Confirm transaction" /> 3. After confirmation, the wallet will display a notification: "Coins have been sent!"<br /><Image src="/resources/images/wallets/wallet-ton-org/notification_light.png" darkSrc="/resources/images/wallets/wallet-ton-org/notification_dark.png" alt="Notification" /> 4. [Use an explorer](#check-the-account-state) to check wallet's status. It should be `active` now.<br /><Image src="/resources/images/wallets/wallet-ton-org/active_light.png" darkSrc="/resources/images/wallets/wallet-ton-org/active_dark.png" alt="Account status: active" /> ## Check the account state [#check-the-account-state] Use a [blockchain explorer](/overview/infrastructure/explorers/overview) to inspect the account. For **Testnet**, use [Tonviewer Testnet](https://testnet.tonviewer.com/). 1. Paste the wallet address into the search bar.<br /><Image src="/resources/images/wallets/wallet-ton-org/tonviewer_light.png" darkSrc="/resources/images/wallets/wallet-ton-org/tonviewer_dark.png" alt="Insert address in Tonviewer search" /> 2. The account details will appear. In a newly created wallet, the status is `nonexist`, indicating the wallet is not deployed.<br /><Image src="/resources/images/wallets/wallet-ton-org/address_nonexist_light.png" darkSrc="/resources/images/wallets/wallet-ton-org/address_nonexist_dark.png" alt="Account status: nonexist" /> ## Verify wallet's version [#verify-wallets-version] By default, wallet.ton.org creates wallets with the [Wallet v5](/blockchain-basics/standard/wallets/v5) code deployed on them. To check which [wallet contract version](/blockchain-basics/standard/wallets/comparison) is used: 1. Click the "Settings" icon.<br /><Image src="/resources/images/wallets/wallet-ton-org/settings_light.png" darkSrc="/resources/images/wallets/wallet-ton-org/settings_dark.png" alt="Settings button" /> 2. In the "Wallet Versions", you can see which contract the wallet uses.<br /><Image src="/resources/images/wallets/wallet-ton-org/wallet_version_light.png" darkSrc="/resources/images/wallets/wallet-ton-org/wallet_version_dark.png" alt="Settings button" /> 3. Click the field to view the current version, for example, W5.<br /><Image src="/resources/images/wallets/wallet-ton-org/contract_type_light.png" darkSrc="/resources/images/wallets/wallet-ton-org/contract_type_dark.png" alt="Settings button" /> # applications/api/toncenter/smc-index/get-nominator-bookings-method (/applications/api/toncenter/smc-index/get-nominator-bookings-method) # applications/api/toncenter/smc-index/get-nominator-earnings-method (/applications/api/toncenter/smc-index/get-nominator-earnings-method) # applications/api/toncenter/smc-index/get-nominator-method (/applications/api/toncenter/smc-index/get-nominator-method) # applications/api/toncenter/smc-index/get-pool-bookings-method (/applications/api/toncenter/smc-index/get-pool-bookings-method) # applications/api/toncenter/smc-index/get-pool-method (/applications/api/toncenter/smc-index/get-pool-method) # applications/api/toncenter/smc-index/lifecheck-method (/applications/api/toncenter/smc-index/lifecheck-method) # Streaming API overview (/applications/api/toncenter/streaming/overview) The TON Center **Streaming API** (v2) provides developer access to TON Blockchain through [Server-Sent Events (SSE)](https://en.wikipedia.org/wiki/Server-sent_events) and [WebSockets](https://en.wikipedia.org/wiki/WebSocket). It delivers low-latency, real-time updates on transactions and actions observed on the TON blockchain. Clients can subscribe to updates for monitoring a wallet, some contract addresses, or a specific trace of transactions. Streaming API serves as a real-time, streaming version of the [indexed access layer (API v3)](/applications/api/toncenter/v3/overview). Use it when building wallets, explorers, monitoring systems, or automation tools. <Aside type="caution" title="Gap recovery"> The Streaming API does not recover past events; it only tracks current ones. As such, network interruptions, client restarts, or brief service downtime can cause missed events. When application state or business logic depends on a complete event sequence, resynchronize with historical data by polling [API v3](/applications/api/toncenter/v3/overview) after reconnecting. </Aside> <Aside type="note" title="Version naming"> The [API v2](/applications/api/toncenter/v2/overview) and [API v3](/applications/api/toncenter/v3/overview) include their major version numbers in their product names. For the Streaming API, `v2` means the current protocol version and doesn't refer to different APIs. </Aside> <Aside type="note" title="Compatibility with TonAPI"> TonAPI exposes compatible Streaming API endpoints for the same SSE and WebSocket protocol. The request fields, event types, and finality model documented on this page also apply there. Authentication uses a [Ton Console API key](https://tonconsole.com/tonapi/api-keys). </Aside> ## Event groups [#event-groups] The Streaming API emits the following event groups: * Trace-based events: `transactions`, `actions`, `trace` * State updates: `account_state_change` and `jettons_change` * Invalidation signal: `trace_invalidated` The [event types section](/applications/api/toncenter/streaming/reference#event-types) and [notification schemas section](/applications/api/toncenter/streaming/reference#notification-schemas) provide the exact payload structure for each event. ## Finality model [#finality-model] Trace-based events carry a `finality` field according to their finality level: ```json "finality": "pending" | "confirmed" | "finalized" ``` Each trace moves through the following monotonic lifecycle: <Mermaid chart="flowchart LR pending --> confirmed --> finalized pending --> trace_invalidated confirmed --> trace_invalidated" /> * `pending` — result of emulation or speculative execution. This state can be invalidated (`trace_invalidated`). * `confirmed` — trace or transactions are included in a candidate shard block. Rollback chance is very small, but still possible. * `finalized` — committed in the masterchain and will not be updated nor invalidated. Non-trace events behave differently: * `account_state_change` and `jettons_change` are emitted only when `finality` field is set to either `confirmed` or `finalized`. * `trace_invalidated` applies to previously emitted trace-based data and is not emitted after `finalized`. ## Delivery behavior [#delivery-behavior] The `min_finality` field is used to control how early the server emits trace-based updates: * `pending` — receive every trace snapshot as it moves from `pending` to `confirmed` to `finalized`. * `confirmed` — skip pure emulation results and start at `confirmed` or later. * `finalized` — receive only finalized trace-based events. Choose the setting based on the tolerance for speculative data: * Use `pending` for the lowest latency. * Use `confirmed` for lower rollback risk with near-real-time delivery. * Use `finalized` when only settled data is acceptable. The [delivery semantics section](/applications/api/toncenter/streaming/reference#delivery-semantics) and [event invalidation section](/applications/api/toncenter/streaming/reference#event-invalidation) document the exact behavior for each event type. ## Supported interfaces [#supported-interfaces] The Streaming API exposes two transports: SSE and a WebSocket. Choose either of the transports to proceed with its usage: <Columns cols="2"> <Card title="SSE: Server-Sent Events" icon="server" href="/applications/api/toncenter/streaming/sse"> Recommended for browser environments or clients that prefer HTTP streaming and a fixed subscription. </Card> <Card title="WebSocket" icon="radio" href="/applications/api/toncenter/streaming/wss"> Preferred for persistent, bidirectional communication with dynamic subscription patterns. </Card> </Columns> ## See also [#see-also] * [Notification reference](/applications/api/toncenter/streaming/reference) * [API key](/applications/api/toncenter/get-api-key) * [API authentication](/applications/api/toncenter/v3-authentication) # Streaming API notification reference (/applications/api/toncenter/streaming/reference) ## Event types [#event-types] Once a subscription is established, the server sends event messages (notifications) matching the selected `types` and `min_finality`. Each message is a JSON object representing a single event. The `type` field in each notification identifies the notification schema: * `"transactions"` — subscribe to transactions and their finality levels. * `"actions"` — subscribe to certain actions by setting `action_types`. * `"trace"` — subscribe to a transaction trace. * `"account_state_change"` — emitted for each matching confirmed or finalized account transaction. * `"jettons_change"` — emitted for each matching confirmed or finalized jetton wallet transaction. * `"trace_invalidated"` — emitted when earlier trace data becomes invalid. ## Notification schemas [#notification-schemas] Trace-related notifications, such as `"transactions"`, `"actions"`, and `"trace"` are grouped by the trace. They use the same `trace_external_hash_norm` value across all events generated from one external message. Transactions and actions in the same trace are ordered by logical time (LT) in descending order. The `"trace"` event includes the full trace tree and a map of all transactions in that trace. ### `"transactions"` [#transactions] Subscriptions that include `"transactions"` can receive multiple notifications for the same trace as finality increases. Trace is determined by its `trace_external_hash_norm`. | Field | Type | Description | | -------------------------- | --------------- | ------------------------------------------------------------------------ | | `type` | `string` | Always `"transactions"`. | | `finality` | `string` | `"pending"`, `"confirmed"`, or `"finalized"`. | | `trace_external_hash_norm` | `string` | Normalized external message hash for the trace. | | `transactions` | `Transaction[]` | Transactions in the trace, ordered by descending logical time. | | `address_book` | `object` | Optional mapping of addresses to a friendly format and a TON DNS domain. | | `metadata` | `object` | Optional mapping of token addresses to metadata (jetton or NFT). | ```jsonc title="Notification example" { "type": "transactions", "finality": "pending", "trace_external_hash_norm": "E7...NORMALIZED_EXTERNAL_MSG_HASH", "transactions": [ /* transaction objects */ ], "address_book": { /* mapping of known addresses */ }, "metadata": { /* mapping of known token addresses to metadata */ } } ``` ### `"actions"` [#actions] Subscriptions that include `"actions"` can receive multiple notifications for the same trace as finality increases. <Aside type="note"> Unlike [traces](#traces) and [transactions](#transactions), actions do not exist on-chain and in blockchain history. Instead, actions are aggregated based on the internal logic of TON Center's [API v3](/applications/api/toncenter/v3/overview). </Aside> Trace is determined by its `trace_external_hash_norm`. | Field | Type | Description | | -------------------------- | ---------- | ------------------------------------------------------------------------ | | `type` | `string` | Always `"actions"`. | | `finality` | `string` | `"pending"`, `"confirmed"`, or `"finalized"`. | | `trace_external_hash_norm` | `string` | Normalized external message hash for the trace. | | `actions` | `Action[]` | Classified actions for the trace. | | `address_book` | `object` | Optional mapping of addresses to a friendly format and a TON DNS domain. | | `metadata` | `object` | Optional mapping of token addresses to metadata (jetton or NFT). | <Aside type="note"> Use `action_types` when subscribing via [SSE](/applications/api/toncenter/streaming/sse) or a [WebSocket](/applications/api/toncenter/streaming/wss) to filter received `actions`. Refer to a list of [available action types in API v3](/applications/api/toncenter/v3/actions-and-traces/get-actions#parameter-action-type). </Aside> ```jsonc title="Notification example" { "type": "actions", "finality": "confirmed", "trace_external_hash_norm": "E7...NORMALIZED_EXTERNAL_MSG_HASH", "actions": [ /* action objects */ ], "address_book": { /* mapping of known addresses */ }, "metadata": { /* mapping of known token addresses to metadata */ } } ``` ### `"trace"` [#trace] Subscriptions that include `"trace"` receive trace-wide payloads. These payloads are not filtered by account address and include all transactions and actions in the trace. Trace is determined by its `trace_external_hash_norm`. | Field | Type | Description | | -------------------------- | ----------- | ------------------------------------------------------------------------ | | `type` | `string` | Always `"trace"`. | | `finality` | `string` | `"pending"`, `"confirmed"`, or `"finalized"`. | | `trace_external_hash_norm` | `string` | Normalized external message hash for the trace. | | `trace` | `TraceNode` | Trace tree. | | `transactions` | `object` | Map of transaction hash to transaction object. | | `actions` | `Action[]` | Optional classified actions for the trace. | | `address_book` | `object` | Optional mapping of addresses to a friendly format and a TON DNS domain. | | `metadata` | `object` | Optional mapping of token addresses to metadata (jetton or NFT). | ```jsonc title="Notification example" { "type": "trace", "finality": "confirmed", "trace_external_hash_norm": "E7...NORMALIZED_EXTERNAL_MSG_HASH", "trace": {}, "transactions": { /* mappings */ }, "actions": [ /* action objects */ ], "address_book": { /* mapping of known addresses */ }, "metadata": { /* mapping of known token addresses to metadata */ } } ``` ### `"account_state_change"` [#account_state_change] Subscriptions that include `"account_state_change"` receive notifications for each transaction executed on a subscribed account address. This event is emitted only for `"confirmed"` and `"finalized"` finality levels. | Field | Type | Description | | ---------- | -------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | `type` | `string` | Always `"account_state_change"`. | | `finality` | `string` | `"confirmed"` or `"finalized"`. | | `account` | `string` | Account address in raw format, e.g., `0:abc...RAW_ADDRESS`. | | `state` | `AccountState` | Account state without full code and data [BoCs](/blockchain-basics/primitives/serialization/boc). Includes state hash, nanoToncoin balance, [account status](/blockchain-basics/primitives/status), data and code hashes. All hashes are given in the Base64 format. | ```jsonc title="Notification example" { "type": "account_state_change", "finality": "finalized", "account": "0:18AA...RAW_ADDRESS", "state": { "hash": "P0Gc...BASE64_HASH", "balance": "42...NANOTON_BALANCE", "account_status": "active", "data_hash": "7qNe...BASE64_HASH", "code_hash": "ow8E...BASE64_HASH" } } ``` ### `"jettons_change"` [#jettons_change] Subscriptions that include `"jettons_change"` receive notifications for each transaction on a jetton wallet contract when the subscribed address is its own address or its owner's TON wallet address. This event is emitted only for `"confirmed"` and `"finalized"` finality levels. | Field | Type | Description | | -------------- | -------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------- | | `type` | `string` | Always `"jettons_change"`. | | `finality` | `string` | `"confirmed"` or `"finalized"`. | | `jetton` | `JettonWallet` | Jetton wallet data. Includes its raw address, jetton balance, owner's raw address, jetton master (minter) raw address, and logical time of its last transaction. | | `address_book` | `object` | Optional mapping of addresses to a friendly format and a TON DNS domain. | | `metadata` | `object` | Optional mapping of token addresses to metadata (jetton or NFT). | ```jsonc title="Notification example" { "type": "jettons_change", "finality": "finalized", "jetton": { "address": "0:88DA...RAW_ADDRESS", "balance": "42...JETTON_BALANCE", "owner": "0:18AA...RAW_ADDRESS", "jetton": "0:B113...RAW_ADDRESS", "last_transaction_lt": "61664...LT_UNIX_TIME", }, "address_book": { /* mapping of known addresses */ }, "metadata": { /* mapping of known token addresses to metadata */ } } ``` ### `"trace_invalidated"` [#trace_invalidated] The `"trace_invalidated"` notification signals that previously emitted speculative or intermediate trace data is no longer valid. Typical causes include: * external message was not accepted by the blockchain; * later state change invalidated previous emulation result; * confirmed shard block was replaced by another block, and the trace did not end up in the finalized block. Trace in the notification is determined by its `trace_external_hash_norm`. | Field | Type | Description | | -------------------------- | -------- | ----------------------------------------------------------- | | `type` | `string` | Always `"trace_invalidated"`. | | `trace_external_hash_norm` | `string` | Normalized external message hash for the invalidated trace. | ```jsonc title="Notification example" { "type": "trace_invalidated", "trace_external_hash_norm": "E7...NORMALIZED_EXTERNAL_MSG_HASH" } ``` Upon receiving this notification, remove any stored `"trace"`, `"transactions"`, and `"actions"` data for the affected `trace_external_hash_norm`. The `"trace_invalidated"` notification cannot be sent for the `"finalized"` finality level of the trace. ## Delivery semantics [#delivery-semantics] | Type | Finality values | Delivery behavior | | ---------------------- | ----------------------------------------- | ----------------------------------------------------------------------------- | | `transactions` | `"pending"`, `"confirmed"`, `"finalized"` | Emitted per trace as finality increases. | | `actions` | `"pending"`, `"confirmed"`, `"finalized"` | Emitted per trace as action classification and finality progress. | | `trace` | `"pending"`, `"confirmed"`, `"finalized"` | Emitted per trace with the full trace payload. | | `account_state_change` | `"confirmed"`, `"finalized"` | Emitted for each matching confirmed or finalized account transaction. | | `jettons_change` | `"confirmed"`, `"finalized"` | Emitted for each matching confirmed or finalized jetton wallet transaction. | | `trace_invalidated` | Not applicable | Emitted when earlier trace-based data [becomes invalid](#event-invalidation). | ### `min_finality` behavior [#min_finality-behavior] For trace-based events: * `min_finality = "pending"` returns `"pending"`, `"confirmed"`, and `"finalized"` snapshots. * `min_finality = "confirmed"` skips pure emulation and starts at `"confirmed"` or later. * `min_finality = "finalized"` returns only finalized trace-based events. For non-trace events: * `"account_state_change"` and `"jettons_change"` are emitted only with `"confirmed"` and `"finalized"` finality levels. ## Event invalidation [#event-invalidation] Subscriptions that allow speculative states can later receive `"trace_invalidated"`. If the finality level reaches `"finalized"`, the server is guaranteed not to emit `"trace_invalidated"` for the trace. <Aside type="note"> The current API does not expose a separate invalidation signal for `"account_state_change"` or `"jettons_change"` emitted at the `"confirmed"` finality level. </Aside> ## See also [#see-also] * [Streaming API overview](/applications/api/toncenter/streaming/overview) * [SSE](/applications/api/toncenter/streaming/sse) * [WebSocket](/applications/api/toncenter/streaming/wss) * [API key](/applications/api/toncenter/get-api-key) * [API authentication](/applications/api/toncenter/v3-authentication) # Streaming API: Server-Sent Events (/applications/api/toncenter/streaming/sse) [Server-Sent Events (SSE)](https://en.wikipedia.org/wiki/Server-sent_events) transport of the [Streaming API](/applications/api/toncenter/streaming/overview) uses a single `POST` request to establish the connection and specify the subscription. No further messages are sent by the client on this connection. ## Usage [#usage] Send one `POST` request to the SSE endpoint with a JSON body that defines the subscription. ### Endpoints [#endpoints] * Mainnet: `https://toncenter.com/api/streaming/v2/sse` * Testnet: `https://testnet.toncenter.com/api/streaming/v2/sse` <Aside type="note" title="TonAPI endpoint compatibility"> TonAPI supports the same SSE subscription format on different endpoints: * Mainnet: `https://tonapi.io/streaming/v2/sse` * Testnet: `https://testnet.tonapi.io/streaming/v2/sse` Authentication uses a [Ton Console API key](https://tonconsole.com/tonapi/api-keys). </Aside> ### Request fields [#request-fields] <ParamField path="types" type="string[]" required="true"> One or more event types to receive: `transactions`, `actions`, `trace`, `trace_invalidated`, `account_state_change`, `jettons_change`. The [event types section](/applications/api/toncenter/streaming/reference#event-types) and [notification schemas section](/applications/api/toncenter/streaming/reference#notification-schemas) provide the exact payload structure for each event. </ParamField> <ParamField path="addresses" type="string[]"> Wallet or contract addresses to monitor. Accepts [valid TON address formats](/blockchain-basics/primitives/addresses/formats). Optional when subscribing only to a `"trace"`, otherwise required. </ParamField> <ParamField path="trace_external_hash_norms" type="string[]"> Optional list of normalized external message hashes to monitor. Required when subscribing to a `"trace"`. </ParamField> <ParamField path="min_finality" type="string" default="finalized"> Optional minimum finality: `"pending"`, `"confirmed"`, or `"finalized"`. Defaults to `"finalized"`. </ParamField> <ParamField path="include_address_book" type="boolean"> Optional. If `true`, includes address book data in supported notifications. </ParamField> <ParamField path="include_metadata" type="boolean"> Optional. If `true`, includes token metadata (jetton or NFT) in supported notifications. </ParamField> <ParamField path="action_types" type="string[]"> Optional action type filter. Applies only to `"actions"`. Refer to a list of [available action types in API v3](/applications/api/toncenter/v3/actions-and-traces/get-actions#parameter-action-type). </ParamField> <ParamField path="supported_action_types" type="string[]" default="`["latest"]`"> Optional list of action classification types supported by the client. Defaults to `["latest"]`. </ParamField> <Aside type="note" title="SSE subscription rules"> Streaming API does not expose separate `"pending_transactions"` or `"pending_actions"` event types. Subscribe to `"transactions"` or `"actions"`, then use `min_finality` to control delivery timing. </Aside> * Include `"trace"` in `types` and provide `trace_external_hash_norms` to subscribe to a specific trace. * Omit `addresses` when subscribing only to a `"trace"`. ### Examples [#examples] Lowest-latency stream of `"pending"` → `"confirmed"` → `"finalized"` finality levels: ```http POST https://toncenter.com/api/streaming/v2/sse Content-Type: application/json Accept: text/event-stream { "types": ["transactions", "actions"], "addresses": ["EQC...ACCOUNT_ADDRESS", "0:abc...RAW_ADDRESS"], "min_finality": "pending", "include_address_book": true, "include_metadata": false, "action_types": ["jetton_transfer", "ton_transfer"] } ``` Subscribing to a specific trace: ```http POST https://toncenter.com/api/streaming/v2/sse Content-Type: application/json Accept: text/event-stream { "types": ["trace"], "trace_external_hash_norms": ["E7...NORMALIZED_EXTERNAL_MSG_HASH"], "min_finality": "pending", "include_address_book": true, "include_metadata": true } ``` Successful SSE subscriptions receive the following message from the server: ```json {"status": "subscribed"} ``` To keep the subscription alive, the server sends the following `keepalive` line every 15 seconds: ```text : keepalive\n\n ``` Ignore SSE lines that begin with `:`. ## Known limitations [#known-limitations] ### Rate limit on reconnect (429 error) [#rate-limit-on-reconnect-429-error] If a client reconnects immediately after a disconnect, the previous connection may still be open for \~1 minute. The reconnect attempt receives a 429 error. Use exponential backoff or [an enterprise plan API key](/applications/api/toncenter/get-api-key). ### POST-only subscription [#post-only-subscription] Despite SSE typically using `GET` requests, Streaming API endpoints require a `POST` with the subscription JSON in the request body. <Aside type="note"> `GET` requests are not supported yet. </Aside> ### No invalidation signal for `account_state_change` or `jettons_change` [#no-invalidation-signal-for-account_state_change-or-jettons_change] If a `"confirmed"` account state or jetton balance update is later rolled back, no `"trace_invalidated"` notification is sent for these event types. When using `"account_state_change"` or `"jettons_change"` at `"confirmed"` finality, consider waiting for `"finalized"` for balance-critical flows. ## Next steps [#next-steps] * Skim the server [notification reference](/applications/api/toncenter/streaming/reference) * [Get an API key](/applications/api/toncenter/get-api-key) # Streaming API: WebSocket (/applications/api/toncenter/streaming/wss) [WebSocket](https://en.wikipedia.org/wiki/WebSocket) transport of the [Streaming API](/applications/api/toncenter/streaming/overview) is the preferred interface for persistent and bidirectional communication with dynamic subscription patterns. ## Usage [#usage] Connect to the WebSocket endpoint, then send JSON messages for `subscribe`, `unsubscribe`, and `ping` operations. Each request may include an optional `id` field for request and response correlation. ### Endpoints [#endpoints] * Mainnet: `wss://toncenter.com/api/streaming/v2/ws` * Testnet: `wss://testnet.toncenter.com/api/streaming/v2/ws` <Aside type="note" title="TonAPI endpoint compatibility"> TonAPI supports the same WebSocket subscription format on different endpoints: * Mainnet: `wss://tonapi.io/streaming/v2/ws` * Testnet: `wss://testnet.tonapi.io/streaming/v2/ws` Authentication uses a [Ton Console API key](https://tonconsole.com/tonapi/api-keys). </Aside> ### Operations [#operations] #### `subscribe` [#subscribe] Subscribe operation replaces the entire subscription snapshot for the current connection. <ParamField path="operation" type="string" required="true"> Must be `"subscribe"`. </ParamField> <ParamField path="types" type="string[]" required="true"> One or more event types to receive: `transactions`, `actions`, `trace`, `trace_invalidated`, `account_state_change`, `jettons_change`. The [event types section](/applications/api/toncenter/streaming/reference#event-types) and [notification schemas section](/applications/api/toncenter/streaming/reference#notification-schemas) provide the exact payload structure for each event. </ParamField> <ParamField path="addresses" type="string[]"> Wallet or contract addresses to monitor. Accepts [valid TON address formats](/blockchain-basics/primitives/addresses/formats). May be left empty when subscribing only to a `"trace"`, otherwise required for non-trace event types. </ParamField> <ParamField path="trace_external_hash_norms" type="string[]"> Optional list of normalized external message hashes to monitor. Required when subscribing to a `"trace"`. </ParamField> <ParamField path="min_finality" type="string" default="finalized"> Optional minimum finality: `"pending"`, `"confirmed"`, or `"finalized"`. Defaults to `"finalized"`. </ParamField> <ParamField path="include_address_book" type="boolean"> Optional. If `true`, includes address book data in supported notifications. </ParamField> <ParamField path="include_metadata" type="boolean"> Optional. If `true`, includes token metadata (jetton or NFT) in supported notifications. </ParamField> <ParamField path="action_types" type="string[]"> Optional action type filter. Applies only to `"actions"`. Refer to a list of [available action types in API v3](/applications/api/toncenter/v3/actions-and-traces/get-actions#parameter-action-type). </ParamField> <ParamField path="supported_action_types" type="string[]" default="`["latest"]`"> Optional list of action classification types supported by the client. Defaults to `["latest"]`. </ParamField> <ParamField path="id" type="string"> Optional request identifier to match responses with requests. </ParamField> ```json title="Request example" { "operation": "subscribe", "types": ["transactions", "actions", "account_state_change", "jettons_change", "trace"], "addresses": ["<ACCOUNT_ADDRESS>"], "trace_external_hash_norms": ["E7...NORMALIZED_EXTERNAL_MSG_HASH"], "min_finality": "pending", "include_address_book": true, "include_metadata": false, "action_types": ["jetton_transfer", "ton_transfer"], "id": "1" } ``` ```json title="Successful response" {"id": "1", "status": "subscribed"} ``` #### `unsubscribe` [#unsubscribe] Unsubscribe operation removes one or more addresses or trace hashes from the active subscription. <ParamField path="operation" type="string" required="true"> Must be `"unsubscribe"`. </ParamField> <ParamField path="addresses" type="string[]"> Wallet or contract addresses to remove from monitoring. Accepts [valid TON address formats](/blockchain-basics/primitives/addresses/formats). </ParamField> <ParamField path="trace_external_hash_norms" type="string[]"> List of normalized external message hashes to remove from monitoring. </ParamField> <ParamField path="id" type="string"> Optional request identifier to match responses with requests. </ParamField> ```json title="Request example" { "operation": "unsubscribe", "addresses": ["<ACCOUNT_ADDRESS>"], "trace_external_hash_norms": ["E7...NORMALIZED_EXTERNAL_MSG_HASH"], "id": "2" } ``` ```json title="Successful response" {"id": "2", "status": "unsubscribed"} ``` #### `ping` [#ping] Ping operation serves as a `keepalive` or a connection health check. <ParamField path="operation" type="string" required="true"> Must be `"ping"`. </ParamField> <ParamField path="id" type="string"> Optional request identifier to match responses with requests. </ParamField> It is recommended to send `ping` request every 15 seconds to keep the connection active. ```json title="Request example" { "operation": "ping", "id": "ping-42" } ``` ```json title="Successful response" {"id": "ping-42", "status": "pong"} ``` ## Next steps [#next-steps] * Skim the server [notification reference](/applications/api/toncenter/streaming/reference) * [Get an API key](/applications/api/toncenter/get-api-key) # API v2 overview (/applications/api/toncenter/v2/overview) The TON Center **API v2** provides developer access to TON Blockchain through [REST](https://en.wikipedia.org/wiki/REST) and [JSON-RPC](https://en.wikipedia.org/wiki/JSON-RPC) endpoints. It allows applications to read blockchain data, run smart contract methods, and send transactions. API v2 serves as the non-indexed access layer. Applications interact with the TON blockchain by connecting to a TON node. Since nodes communicate through the binary ADNL protocol, an intermediate layer is needed for web-based access. API v2 provides this bridge by using [`tonlib`](https://github.com/ton-blockchain/ton/tree/master/tonlib/tonlib) to query data from liteservers and exposes it through a standard REST interface. <Aside type="note"> Refer to the [Streaming API v2](/applications/api/toncenter/streaming/overview) page for an API that uses Server-Sent Events (SSE) and exposes WebSocket interfaces. </Aside> ## Base URLs [#base-urls] | API | Mainnet | Testnet | | ---------- | ------------------------------ | -------------------------------------- | | **API v2** | `https://toncenter.com/api/v2` | `https://testnet.toncenter.com/api/v2` | ## Versioning [#versioning] API v2 uses semantic versioning in the format `a.b.c` (for example, `2.1.1`): | Segment | Example | Meaning | | --------- | ------- | ------------------------------------------------------------------- | | **Major** | `2.x.x` | Fixed at `2` to avoid confusion ("API v2 v3.x.x"). Will not change. | | **Minor** | `2.1.x` | Implementation variant: `0` = Python version, `1` = C++ version. | | **Patch** | `2.1.1` | Bumped with every release on GitHub. | ## Typical use cases [#typical-use-cases] * Query account balances and state * Run get-methods on smart contracts * Send or broadcast messages * Retrieve latest transactions and block information ## Endpoints [#endpoints] {/* BEGIN_AUTO_GENERATED: API_V2_ENDPOINTS */} | Category | Method | Description | | ----------------- | ---------------------------------------------------------------------------------------------------------------- | --------------------------------- | | **Accounts** | [`GET /getAddressInformation`](/applications/api/toncenter/v2/accounts/get-address-information) | Get address information | | **Accounts** | [`GET /getExtendedAddressInformation`](/applications/api/toncenter/v2/accounts/get-extended-address-information) | Get extended address information | | **Accounts** | [`GET /getWalletInformation`](/applications/api/toncenter/v2/accounts/get-wallet-information) | Get wallet information | | **Accounts** | [`GET /getAddressBalance`](/applications/api/toncenter/v2/accounts/get-address-balance) | Get address balance | | **Accounts** | [`GET /getAddressState`](/applications/api/toncenter/v2/accounts/get-address-state) | Get address state | | **Accounts** | [`GET /getTokenData`](/applications/api/toncenter/v2/accounts/get-token-data) | Get token data | | **Blocks** | [`GET /getMasterchainInfo`](/applications/api/toncenter/v2/blocks/get-masterchain-info) | Get masterchain info | | **Blocks** | [`GET /getMasterchainBlockSignatures`](/applications/api/toncenter/v2/blocks/get-masterchain-block-signatures) | Get masterchain block signatures | | **Blocks** | [`GET /getShardBlockProof`](/applications/api/toncenter/v2/blocks/get-shard-block-proof) | Get shard block proof | | **Blocks** | [`GET /getConsensusBlock`](/applications/api/toncenter/v2/blocks/get-consensus-block) | Get consensus block | | **Blocks** | [`GET /lookupBlock`](/applications/api/toncenter/v2/blocks/lookup-block) | Lookup block | | **Blocks** | [`GET /getShards`](/applications/api/toncenter/v2/blocks/get-shards) | Get shards | | **Blocks** | [`GET /getBlockHeader`](/applications/api/toncenter/v2/blocks/get-block-header) | Get block header | | **Blocks** | [`GET /getOutMsgQueueSize`](/applications/api/toncenter/v2/blocks/get-outbound-message-queue-size) | Get outbound message queue size | | **Transactions** | [`GET /getBlockTransactions`](/applications/api/toncenter/v2/transactions/get-block-transactions) | Get block transactions | | **Transactions** | [`GET /getBlockTransactionsExt`](/applications/api/toncenter/v2/transactions/get-block-transactions-extended) | Get block transactions (extended) | | **Transactions** | [`GET /getTransactions`](/applications/api/toncenter/v2/transactions/get-transactions) | Get transactions | | **Transactions** | [`GET /getTransactionsStd`](/applications/api/toncenter/v2/transactions/get-transactions-standard) | Get transactions (standard) | | **Transactions** | [`GET /tryLocateTx`](/applications/api/toncenter/v2/transactions/try-locate-transaction) | Try locate transaction | | **Transactions** | [`GET /tryLocateResultTx`](/applications/api/toncenter/v2/transactions/try-locate-result-transaction) | Try locate result transaction | | **Transactions** | [`GET /tryLocateSourceTx`](/applications/api/toncenter/v2/transactions/try-locate-source-transaction) | Try locate source transaction | | **Send** | [`POST /sendBoc`](/applications/api/toncenter/v2/send/send-boc) | Send BoC | | **Send** | [`POST /sendBocReturnHash`](/applications/api/toncenter/v2/send/send-boc-return-hash) | Send BoC (return hash) | | **Send** | [`POST /estimateFee`](/applications/api/toncenter/v2/send/estimate-fee) | Estimate fee | | **Run method** | [`POST /runGetMethod`](/applications/api/toncenter/v2/run-method/run-get-method) | Run get method | | **Run method** | [`POST /runGetMethodStd`](/applications/api/toncenter/v2/run-method/run-get-method-standard) | Run get method (standard) | | **Utils** | [`GET /detectAddress`](/applications/api/toncenter/v2/utils/detect-address) | Detect address | | **Utils** | [`GET /detectHash`](/applications/api/toncenter/v2/utils/detect-hash) | Detect hash | | **Utils** | [`GET /packAddress`](/applications/api/toncenter/v2/utils/pack-address) | Pack address | | **Utils** | [`GET /unpackAddress`](/applications/api/toncenter/v2/utils/unpack-address) | Unpack address | | **Configuration** | [`GET /getConfigParam`](/applications/api/toncenter/v2/configuration/get-config-parameter) | Get config parameter | | **Configuration** | [`GET /getConfigAll`](/applications/api/toncenter/v2/configuration/get-all-config-parameters) | Get all config parameters | | **Configuration** | [`GET /getLibraries`](/applications/api/toncenter/v2/configuration/get-libraries) | Get libraries | | **RPC** | [`POST /jsonRPC`](/applications/api/toncenter/v2/rpc/json-rpc-endpoint) | JSON-RPC endpoint | {/* END_AUTO_GENERATED: API_V2_ENDPOINTS */} ## How to access the API [#how-to-access-the-api] Developers can access API v2 either through hosted infrastructure managed by TON Center or by running a self-hosted instance. ### Managed service [#managed-service] Hosted access uses TON Center's managed infrastructure instead of running a personal node. This approach enables immediate network access without setup or maintenance. Requests without an API key are limited to a default rate of 1 request per second. To increase this limit or access private liteservers, generate an [API key](/applications/api/toncenter/get-api-key) and [choose a plan](/applications/api/toncenter/rate-limit). ### Self-hosted service [#self-hosted-service] Run a self-hosted TON Center API v2 infrastructure for full control over performance and data retention. See the [API v2](https://github.com/toncenter/ton-http-api) repository for setup instructions. # API v3 overview (/applications/api/toncenter/v3/overview) The TON Center **API v3** provides developer access to TON Blockchain through an indexed data layer. It allows applications to read blockchain data, run analytical queries, retrieve historical information, and decode Jetton, NFT, and action data. API v3 serves as the indexed access layer. It reads raw data from a node's RocksDB storage, parses and decodes it, and stores it in PostgreSQL. <Aside type="note"> Refer to the [Streaming API v2](/applications/api/toncenter/streaming/overview) page for an API that uses Server-Sent Events (SSE) and exposes WebSocket interfaces. </Aside> ## Base URLs [#base-urls] | API | Mainnet | Testnet | | ---------- | ------------------------------ | -------------------------------------- | | **API v3** | `https://toncenter.com/api/v3` | `https://testnet.toncenter.com/api/v3` | ## Typical use cases [#typical-use-cases] * Query historical transactions and traces * Retrieve decoded Jetton and NFT data * Run analytical or filtered searches across multiple accounts * Power explorers or reporting tools ## Endpoints [#endpoints] {/* BEGIN_AUTO_GENERATED: API_V3_ENDPOINTS */} | Category | Method | Description | | ---------------------- | ----------------------------------------------------------------------------------------------------------------------------- | ------------------------------------- | | **Accounts** | [`GET /accountStates`](/applications/api/toncenter/v3/accounts/get-account-states) | Get Account States | | **Accounts** | [`GET /addressBook`](/applications/api/toncenter/v3/accounts/address-book) | Address Book | | **Accounts** | [`GET /metadata`](/applications/api/toncenter/v3/accounts/metadata) | Metadata | | **Accounts** | [`GET /walletStates`](/applications/api/toncenter/v3/accounts/get-wallet-states) | Get Wallet States | | **Actions and traces** | [`GET /actions`](/applications/api/toncenter/v3/actions-and-traces/get-actions) | Get Actions | | **Actions and traces** | [`GET /pendingActions`](/applications/api/toncenter/v3/actions-and-traces/get-pending-actions) | Get Pending Actions | | **Actions and traces** | [`GET /pendingTraces`](/applications/api/toncenter/v3/actions-and-traces/get-pending-traces) | Get Pending Traces | | **Actions and traces** | [`GET /traces`](/applications/api/toncenter/v3/actions-and-traces/get-traces) | Get Traces | | **Blockchain Data** | [`GET /adjacentTransactions`](/applications/api/toncenter/v3/blockchain-data/get-adjacent-transactions) | Get Adjacent Transactions | | **Blockchain Data** | [`GET /blocks`](/applications/api/toncenter/v3/blockchain-data/get-blocks) | Get blocks | | **Blockchain Data** | [`GET /masterchainBlockShardState`](/applications/api/toncenter/v3/blockchain-data/get-masterchain-block-shard-state) | Get masterchain block shard state | | **Blockchain Data** | [`GET /masterchainBlockShards`](/applications/api/toncenter/v3/blockchain-data/get-masterchain-block-shard-state) | Get masterchain block shard state | | **Blockchain Data** | [`GET /masterchainInfo`](/applications/api/toncenter/v3/blockchain-data/get-masterchain-info) | Get Masterchain Info | | **Blockchain Data** | [`GET /messages`](/applications/api/toncenter/v3/blockchain-data/get-messages) | Get messages | | **Blockchain Data** | [`GET /pendingTransactions`](/applications/api/toncenter/v3/blockchain-data/get-pending-transactions) | Get pending transactions | | **Blockchain Data** | [`GET /transactions`](/applications/api/toncenter/v3/blockchain-data/get-transactions) | Get transactions | | **Blockchain Data** | [`GET /transactionsByMasterchainBlock`](/applications/api/toncenter/v3/blockchain-data/get-transactions-by-masterchain-block) | Get transactions by Masterchain block | | **Blockchain Data** | [`GET /transactionsByMessage`](/applications/api/toncenter/v3/blockchain-data/get-transactions-by-message) | Get transactions by message | | **Jettons** | [`GET /jetton/burns`](/applications/api/toncenter/v3/jettons/get-jetton-burns) | Get Jetton Burns | | **Jettons** | [`GET /jetton/masters`](/applications/api/toncenter/v3/jettons/get-jetton-masters) | Get Jetton Masters | | **Jettons** | [`GET /jetton/transfers`](/applications/api/toncenter/v3/jettons/get-jetton-transfers) | Get Jetton Transfers | | **Jettons** | [`GET /jetton/wallets`](/applications/api/toncenter/v3/jettons/get-jetton-wallets) | Get Jetton Wallets | | **NFTs** | [`GET /nft/collections`](/applications/api/toncenter/v3/nfts/get-nft-collections) | Get NFT collections | | **NFTs** | [`GET /nft/items`](/applications/api/toncenter/v3/nfts/get-nft-items) | Get NFT items | | **NFTs** | [`GET /nft/transfers`](/applications/api/toncenter/v3/nfts/get-nft-transfers) | Get NFT Transfers | | **Dns** | [`GET /dns/records`](/applications/api/toncenter/v3/dns/get-dns-records) | Get DNS Records | | **Multisig** | [`GET /multisig/orders`](/applications/api/toncenter/v3/multisig/get-multisig-orders) | Get Multisig Orders | | **Multisig** | [`GET /multisig/wallets`](/applications/api/toncenter/v3/multisig/get-multisig-wallets) | Get Multisig Wallets | | **Vesting** | [`GET /vesting`](/applications/api/toncenter/v3/vesting/get-vesting-contracts) | Get Vesting Contracts | | **Stats** | [`GET /topAccountsByBalance`](/applications/api/toncenter/v3/stats/get-top-accounts-by-balance) | Get Top Accounts By Balance | | **Utils** | [`GET /decode`](/applications/api/toncenter/v3/utils/decode-opcodes-and-bodies) | Decode Opcodes and Bodies | | **Legacy (v2)** | [`GET /addressInformation`](/applications/api/toncenter/v3/apiv2/get-address-information) | Get Address Information | | **Legacy (v2)** | [`POST /estimateFee`](/applications/api/toncenter/v3/apiv2/estimate-fee) | Estimate Fee | | **Legacy (v2)** | [`POST /message`](/applications/api/toncenter/v3/apiv2/send-message) | Send Message | | **Legacy (v2)** | [`POST /runGetMethod`](/applications/api/toncenter/v3/apiv2/run-get-method) | Run Get-Method | | **Legacy (v2)** | [`GET /walletInformation`](/applications/api/toncenter/v3/apiv2/get-wallet-information) | Get Wallet Information | {/* END_AUTO_GENERATED: API_V3_ENDPOINTS */} ## How to access the API [#how-to-access-the-api] Developers can access TON Center API v3 either through hosted infrastructure or by running a self-hosted instance. ### Managed service [#managed-service] Hosted access uses TON Center’s indexed infrastructure. Requests without an API key are rate-limited to a default value. To increase limits, generate an [API key](/applications/api/toncenter/get-api-key) and select a [plan](/applications/api/toncenter/rate-limit). ### Self-hosted service [#self-hosted-service] Run a self-hosted API v3 setup for full control over performance and data retention. See the [ton-indexer](https://github.com/toncenter/ton-indexer) repository for setup instructions. # Prepare your project (/applications/appkit/get-started/installation/installation) Before adding AppKit, you need a JavaScript project with a module bundler. If you already have one, skip the scaffold step. The Buffer polyfill is required either way — AppKit's dependencies (`@ton/core` and `@ton/crypto`) use Node.js' `Buffer` global, which browsers don't expose and bundlers (Vite, esbuild, Rollup, Parcel) don't polyfill automatically. Without it, the first call into `@ton/core` — usually address parsing — throws `ReferenceError: Buffer is not defined`. The polyfill must run before any AppKit import. Load it from a dedicated module in the HTML entry, ahead of the application script — relying on import order inside the entry file alone is fragile. The steps below use Vite. The same pattern applies to any module-based bundler (Webpack, Parcel, Rollup): a dedicated polyfill module referenced from the HTML entry, before the application script. <Steps> <Step title="Scaffold a project (skip if you already have one)"> Create a new Vite project with the React + TypeScript template. ```shell pnpm create vite my-app --template react-ts cd my-app pnpm install ``` Swap `pnpm` for `npm create` or `yarn create` if you don't use pnpm. </Step> <Step title="Install the polyfill package"> ```shell npm i buffer ``` </Step> <Step title="Create a polyfill module"> Add a file that imports `buffer` and exposes it on `window`. Use `.ts` for TypeScript projects, `.js` otherwise. ```ts // src/buffer.ts import { Buffer } from 'buffer'; window.Buffer = Buffer; ``` </Step> <Step title="Load it before the application entry"> In `index.html`, reference the polyfill from a `<script type="module">` placed above the application entry. Module scripts execute in document order, so the polyfill resolves before any application import. ```html  <body> <div id="root"></div> <script type="module" src="/src/buffer.ts"></script> <script type="module" src="/src/main.tsx"></script> </body> ``` </Step> </Steps> ## Next steps [#next-steps] <Columns cols="2"> <Card title="React" icon="atom" href="/applications/appkit/get-started/installation/react-app"> Install `@ton/appkit-react` with TanStack Query and TON Connect UI for React. </Card> <Card title="Vanilla JS" icon="globe" href="/applications/appkit/get-started/installation/vanilla-js"> Install `@ton/appkit` with TON Connect UI. </Card> </Columns> # Install AppKit in a React app (/applications/appkit/get-started/installation/react-app) Install AppKit's React packages, create an `AppKit` instance, and mount the providers that AppKit hooks rely on. ## Install packages [#install-packages] ```bash npm i @ton/appkit @ton/appkit-react @tanstack/react-query @tonconnect/ui-react @ton/core ``` | Package | Use | | ----------------------- | ----------------------------------------------------------------------------------------------- | | `@ton/appkit` | Core runtime: actions, connectors, types. | | `@ton/appkit-react` | React layer: hooks, components, default stylesheet. | | `@tanstack/react-query` | Cache backing every query and mutation hook. | | `@tonconnect/ui-react` | TON Connect transport. `@ton/appkit-react` re-exports `<TonConnectButton />` from this package. | | `@ton/core` | TON address and cell primitives. | <Note> Complete the [Preparation](/applications/appkit/get-started/installation/installation) step first. The `Buffer` polyfill it sets up is required for AppKit to run in the browser. </Note> ## Create the AppKit instance [#create-the-appkit-instance] Create the `AppKit` instance in a dedicated module. An empty configuration is enough to start — connectors, networks, and DeFi providers are added on the following pages. ```ts // src/appkit.ts import { AppKit } from "@ton/appkit-react" export const appKit = new AppKit({}); ``` ## Wrap the application [#wrap-the-application] AppKit hooks read from two React contexts: the `AppKit` instance and a TanStack Query cache. Mount both at the application root. <Steps> <Step title="AppKit provider"> `AppKitProvider` exposes the `AppKit` instance to descendant hooks and components, removing the need to thread it through props. ```tsx import { AppKitProvider } from '@ton/appkit-react' import { appKit } from './appkit' function App() { return ( <AppKitProvider appKit={appKit}> {/** ... */} </AppKitProvider> ) } ``` </Step> <Step title="TanStack Query provider"> `QueryClientProvider` owns the cache used by every query and mutation hook. Create one `QueryClient` per application and mount it inside `AppKitProvider`. ```tsx import { QueryClient, QueryClientProvider } from '@tanstack/react-query' import { AppKitProvider } from '@ton/appkit-react' import { appKit } from './appkit' const queryClient = new QueryClient() function App() { return ( <AppKitProvider appKit={appKit}> <QueryClientProvider client={queryClient}> {/** ... */} </QueryClientProvider> </AppKitProvider> ) } ``` </Step> </Steps> ## Import styles [#import-styles] To use the bundled components from `@ton/appkit-react` (`<TonConnectButton />`, `<SendTonButton />`, `<NftItem />`), import the default stylesheet once at the application root. Without it, the components render unstyled. ```ts import { QueryClient, QueryClientProvider } from '@tanstack/react-query' import { AppKitProvider } from '@ton/appkit-react' import { appKit } from './appkit' import '@ton/appkit-react/styles.css' const queryClient = new QueryClient() function App() { return ( <AppKitProvider appKit={appKit}> <QueryClientProvider client={queryClient}> {/** ... */} </QueryClientProvider> </AppKitProvider> ) } ``` ## Next steps [#next-steps] <Columns cols="2"> <Card title="Connectors" icon="plug" href="/applications/appkit/get-started/connectors"> Register wallet connectors on the `AppKit` instance and render the connect button. </Card> <Card title="Basic getter hooks" icon="code" href="/applications/appkit/get-started/basic-getter-hooks"> Read wallet, balance, and transaction state from React. </Card> </Columns> # Install AppKit in a vanilla JS app (/applications/appkit/get-started/installation/vanilla-js) Install AppKit's core package, create an `AppKit` instance, and call actions such as `connect`, `transferTon`, `sendTransaction`, and the `watch*` subscribers directly on it. ## Install packages [#install-packages] ```bash npm i @ton/appkit @tonconnect/ui @ton/core ``` | Package | Use | | ---------------- | ------------------------------------------------------- | | `@ton/appkit` | Core runtime: actions, connectors, types. | | `@tonconnect/ui` | TON Connect transport used by the TonConnect connector. | | `@ton/core` | TON address and cell primitives. | <Note> Complete the [Preparation](/applications/appkit/get-started/installation/installation) step first. The `Buffer` polyfill it sets up is required for AppKit to run in the browser. </Note> ## Create the AppKit instance [#create-the-appkit-instance] Create the `AppKit` instance in a dedicated module. An empty configuration is enough to start — connectors, networks, and DeFi providers are added on the following pages. ```ts // src/appkit.ts import { AppKit } from '@ton/appkit'; export const appKit = new AppKit({}); ``` Import the instance wherever a core action is called: ```ts import { connect, getBalance, transferTon } from '@ton/appkit'; import { appKit } from './appkit'; await connect(appKit, { connectorId: 'tonconnect' }); const balance = await getBalance(appKit); await transferTon(appKit, { recipientAddress, amount: '0.1' }); ``` ## TanStack Query (optional) [#tanstack-query-optional] The `@ton/appkit/queries` entry point exports framework-agnostic `queryOptions` and mutation helpers compatible with any TanStack adapter — `@tanstack/vue-query`, `@tanstack/svelte-query`, `@tanstack/solid-query`, and others. The same entry point backs `@ton/appkit-react` through `@tanstack/react-query`. ```ts import { useQuery } from '@tanstack/react-query'; import { getBalanceQueryOptions } from '@ton/appkit/queries'; const { data } = useQuery(getBalanceQueryOptions(appKit, { address: '...' })); ``` ## Next steps [#next-steps] <Columns cols="2"> <Card title="Connectors" icon="plug" href="/applications/appkit/get-started/connectors"> Register wallet connectors on the `AppKit` instance and open the connect flow. </Card> <Card title="Sending transactions" icon="code" href="/applications/appkit/get-started/sending-transactions"> Call `transferTon`, `transferJetton`, and `sendTransaction` from the AppKit core. </Card> </Columns> # Overview (/blockchain-basics/contract-dev/blueprint/testing/overview) <Aside type="note"> [Acton](https://ton-blockchain.github.io/acton/docs/welcome) is the recommended tool for new smart contract projects. Blueprint remains supported for existing projects. </Aside> TON Sandbox ([`@ton/sandbox`](https://github.com/ton-org/sandbox)) is a local blockchain emulator that allows you to test smart contracts from TypeScript, without deploying them to a real network, and without running a blockchain node. It provides a complete testing environment that closely mimics the behavior of the actual TON blockchain. [Blueprint](/blockchain-basics/contract-dev/blueprint/overview) project template already includes the `@ton/sandbox` dependency. The companion `@ton/test-utils` helper library provides [matchers](https://jestjs.io/docs/using-matchers) for writing tests with Jest. This guide covers everything you need to know about writing, running, and debugging tests for your smart contracts. For other programming languages consult documentation of corresponding [SDKs](/applications/sdks). ### Sandbox vs real network [#sandbox-vs-real-network] | Feature | Sandbox | Real Network | | ------------- | ------------------ | ---------------------------------- | | Speed | Instant execution | \~5-15 second finality | | Cost | Free | Requires real TON | | Deterministic | Yes | No (depends on network conditions) | | Debugging | Full introspection | Limited visibility | | State Control | Complete control | Immutable history | ### Sandbox limitations [#sandbox-limitations] While Sandbox closely emulates the real network, there are some differences to be aware of: * **Time-dependent contracts**: Sandbox time is controlled, not real-time * **External dependencies**: Cannot interact with real external contracts, but can get their state and emulate them * **Blockchain imitation**: Because there is no concept of blocks in Sandbox, things like sharding do not work. ## Writing tests [#writing-tests] Blueprint uses Jest as the default testing framework, providing powerful assertion capabilities and excellent TypeScript support. ### Basic test setup [#basic-test-setup] Every Blueprint project includes a test template. Here's the standard structure: ```typescript title="tests/MyContract.spec.ts" expandable import { Blockchain, SandboxContract, TreasuryContract } from '@ton/sandbox'; import { Cell, toNano } from '@ton/core'; import { MyContract } from '../wrappers/MyContract'; import '@ton/test-utils'; import { compile } from '@ton/blueprint'; describe('MyContract', () => { let code: Cell; beforeAll(async () => { code = await compile('MyContract'); }); let blockchain: Blockchain; let deployer: SandboxContract<TreasuryContract>; let myContract: SandboxContract<MyContract>; beforeEach(async () => { blockchain = await Blockchain.create(); myContract = blockchain.openContract( MyContract.createFromConfig({}, code) ); deployer = await blockchain.treasury('deployer'); const deployResult = await myContract.sendDeploy( deployer.getSender(), toNano('0.05') ); expect(deployResult.transactions).toHaveTransaction({ from: deployer.address, to: myContract.address, deploy: true, success: true, }); }); it('should deploy', async () => { // Contract is already deployed in beforeEach // Add additional deployment checks here }); }); ``` ### Test isolation [#test-isolation] Each test should include a fresh `Blockchain` instance to ensure: **Test isolation** * No state leakage between tests * Predictable initial conditions * Independent contract deployments **Clean environment** * Fresh treasury wallets * Reset logical time and configuration * Clear transaction history ```typescript beforeEach(async () => { // Fresh blockchain for each test blockchain = await Blockchain.create(); // Each test gets clean treasuries deployer = await blockchain.treasury('deployer'); user = await blockchain.treasury('user'); }); ``` ### Understanding transaction results [#understanding-transaction-results] When you send a message to a contract, you receive a `SendMessageResult` containing: ```typescript const result = await contract.sendIncrement(user.getSender(), toNano('0.1')); // result.transactions - Array of all transactions in the chain // result.events - Blockchain events emitted // result.externals - External messages generated ``` ### Transaction matchers [#transaction-matchers] Blueprint provides powerful matchers for validating transactions: ```typescript expect(result.transactions).toHaveTransaction({ from: user.address, to: contract.address, value: toNano('1'), op: 0x12345678, // Operation code success: true, outMessagesCount: 2, // Number of outbound messages deploy: false, body: beginCell() .storeUint(0, 32) // Comment op .storeStringTail("Hello, user!") .endCell() }); ``` ## Running tests [#running-tests] ```bash # Run all tests npx blueprint test # Run specific test file npx blueprint test MyContract # Run with coverage npx blueprint test --coverage # Run with gas reporting npx blueprint test --gas-report ``` ## Common pitfalls [#common-pitfalls] <Aside type="caution"> **Avoid These Common Mistakes** 1. **Shared State**: Don't reuse blockchain instances between tests 2. **Async Issues**: Always await blockchain operations 3. **Time Dependencies**: Use `blockchain.now` for time-sensitive tests 4. **Gas Limits**: Be aware of the computation and action phase limits 5. **Message Ordering**: Remember that message processing is sequential 6. **Treasury Reuse**: Use unique seeds for different test scenarios </Aside> ### Debugging checklist [#debugging-checklist] When tests fail, check these common issues: * ✅ Contract is properly deployed before testing * ✅ Treasury has sufficient balance for operations * ✅ Transaction matchers use correct field names * ✅ Exit codes match expected error conditions * ✅ Message bodies are correctly formatted * ✅ Time-sensitive operations account for blockchain time ## Other resources [#other-resources] * [Debug Guide](/blockchain-basics/contract-dev/blueprint/debug) — Advanced debugging techniques * [TON Dev Wallet](https://github.com/TonDevWallet/TonDevWallet) — Visual debugging tool # Reference for testing with Blueprint (/blockchain-basics/contract-dev/blueprint/testing/reference) <Aside type="note"> [Acton](https://ton-blockchain.github.io/acton/docs/welcome) is the recommended tool for new smart contract projects. Blueprint remains supported for existing projects. </Aside> Blueprint provides comprehensive testing capabilities for TON smart contracts using the TON Sandbox emulator and test utilities. This reference covers all available testing APIs, methods, and utilities. ## Quick Navigation [#quick-navigation] **Main Sections:** * [Environment setup](#environment-setup) — installation and basic test structure * [Core Testing Classes](#core-testing-classes) — [`Blockchain`](#blockchain), [`Treasury`](#treasury), [`RemoteBlockchainStorage`](#remoteblockchainstorage) * [Type Definitions](#type-definitions) — [`SandboxContract`](#sandboxcontract), [`SendMessageResult`](#sendmessageresult), [`FlatTransaction`](#flattransaction), [`FlatTransactionComparable`](#flattransactioncomparable) * [Utility functions](#utility-functions) — helper functions for testing * [Test utilities and matchers](#test-utilities-and-matchers) — Jest/Chai assertion extensions and testing utilities * [Network configuration](#network-configuration) — custom blockchain configs ## Environment setup [#environment-setup] Blueprint testing environment requires proper setup of the TON Sandbox and test utilities. ### Installation [#installation] ```bash npm install --save-dev @ton/sandbox @ton/test-utils ``` ### Basic test structure [#basic-test-structure] ```typescript title="./tests/Sample.spec.ts" expandable import { Blockchain, SandboxContract, TreasuryContract } from '@ton/sandbox'; import { Cell, toNano } from '@ton/core'; import { Sample } from '../wrappers/Sample'; import '@ton/test-utils'; import { compile } from '@ton/blueprint'; describe('Sample', () => { let code: Cell; beforeAll(async () => { code = await compile('Sample'); }); let blockchain: Blockchain; let deployer: SandboxContract<TreasuryContract>; let sample: SandboxContract<Sample>; beforeEach(async () => { blockchain = await Blockchain.create(); sample = blockchain.openContract(Sample.createFromConfig({}, code)); deployer = await blockchain.treasury('deployer'); const deployResult = await sample.sendDeploy(deployer.getSender(), toNano('0.05')); expect(deployResult.transactions).toHaveTransaction({ from: deployer.address, to: sample.address, deploy: true, success: true, }); }); it('should deploy', async () => { // the check is done inside beforeEach // blockchain and sample are ready to use }); }); ``` ## Core Testing Classes [#core-testing-classes] ### `Blockchain` [#blockchain] The main blockchain emulator class provides an isolated testing environment. ```typescript class Blockchain { static create(opts?: { executor?: IExecutor; config?: BlockchainConfig; storage?: BlockchainStorage; meta?: ContractsMeta; autoDeployLibs?: boolean; }): Promise<Blockchain> // Contract and states management treasury(seed: string, params?: TreasuryParams): Promise<SandboxContract<TreasuryContract>> createWallets(n: number, params?: TreasuryParams): Promise<SandboxContract<TreasuryContract>[]> openContract<T extends Contract>(contract: T): SandboxContract<T> provider(address: Address, init?: StateInit | null): ContractProvider sender(address: Address): Sender getContract(address: Address): Promise<SmartContract> setShardAccount(address: Address, account: ShardAccount): Promise<void> getTransactions(address: Address, opts?: { limit?: number; lt?: string | bigint; hash?: string | Buffer }): Promise<BlockchainTransaction[]> // Core messaging methods sendMessage(message: Message | Cell, params?: MessageParams): Promise<SendMessageResult> sendMessageIter(message: Message | Cell, params?: SendMessageIterParams): Promise<AsyncIterator<BlockchainTransaction> & AsyncIterable<BlockchainTransaction>> runGetMethod(address: Address, method: number | string, stack?: TupleItem[], params?: GetMethodParams): Promise<GetMethodResult> runTickTock(on: Address | Address[], which: TickOrTock, params?: MessageParams): Promise<SendMessageResult> // Snapshotting snapshot(): BlockchainSnapshot loadFrom(snapshot: BlockchainSnapshot): Promise<void> // Coverage enableCoverage(enable?: boolean): void coverage(contract: Contract): Coverage | undefined coverageForCell(code: Cell, address?: Address): Coverage | undefined // Debugging getDebuggerExecutor(): Promise<Executor> get debug(): boolean set debug(value: boolean) // Configuration methods setVerbosityForAddress(address: Address, verbosity: Partial<LogsVerbosity> | Verbosity | undefined): Promise<void> setConfig(config: BlockchainConfig): void randomize(): Promise<Buffer> // Configuration properties get now(): number | undefined set now(now: number | undefined) get lt(): bigint get config(): Cell get configBase64(): string get verbosity(): LogsVerbosity set verbosity(value: LogsVerbosity) get libs(): Cell | undefined set libs(value: Cell | undefined) get random(): Buffer | undefined set random(value: Buffer | undefined) get recordStorage(): boolean set recordStorage(v: boolean) get autoDeployLibraries(): boolean set autoDeployLibraries(value: boolean) get prevBlocks(): PrevBlocksInfo | undefined set prevBlocks(value: PrevBlocksInfo | undefined) } ``` #### `Blockchain.create()` [#blockchaincreate] ```typescript static create(opts?: { executor?: IExecutor; config?: BlockchainConfig; storage?: BlockchainStorage; meta?: ContractsMeta; autoDeployLibs?: boolean; }): Promise<Blockchain> ``` Creates a new blockchain instance for testing. **Parameters:** * `opts` — optional blockchain configuration * `executor` — custom contract executor (default: `Executor`) * `config` — blockchain configuration (`Cell`, `'default'`, or `'slim'`) * `storage` — contracts storage (default: `LocalBlockchainStorage`) * `meta` — optional contracts metadata provider * `autoDeployLibs` — automatically collect and deploy libraries **Returns:** promise resolving to blockchain instance **Usage example:** ```typescript // Basic blockchain const blockchain = await Blockchain.create(); // With slim config for faster execution const blockchain = await Blockchain.create({ config: 'slim' }); // With remote storage const blockchain = await Blockchain.create({ storage: new RemoteBlockchainStorage(client) }); // With auto-deploy libraries const blockchain = await Blockchain.create({ autoDeployLibs: true }); ``` #### `treasury()` [#treasury] ```typescript treasury(seed: string, params?: TreasuryParams): Promise<SandboxContract<TreasuryContract>> ``` Creates a treasury wallet contract. This wallet is used as an alternative to the wallet smart contract. **Parameters:** * `seed` — initial seed for the treasury. If the same seed is used to create a treasury, then these treasuries will be identical * `params` — optional treasury parameters * `workchain` — the workchain ID of the treasury (default: 0) * `predeploy` — if set, the treasury will be deployed at the moment of creation * `balance` — initial balance of the treasury (default: 1\_000\_000 TON if omitted) * `resetBalanceIfZero` — if set and the treasury balance is zero at the moment of calling the method, it resets the balance to `balance` **Returns:** promise resolving to treasury contract wrapper **Usage example:** ```typescript const deployer = await blockchain.treasury('deployer'); const user = await blockchain.treasury('user', { balance: toNano('100') }); // Same seed creates identical treasury const wallet1 = await blockchain.treasury('same-seed'); const wallet2 = await blockchain.treasury('same-seed'); // wallet1.address equals wallet2.address ``` #### `createWallets()` [#createwallets] ```typescript createWallets(n: number, params?: TreasuryParams): Promise<SandboxContract<TreasuryContract>[]> ``` Bulk variant of `treasury()` method. **Parameters:** * `n` — number of wallets to create * `params` — params for treasury creation **Returns:** array of opened treasury contracts **Usage example:** ```typescript const [wallet1, wallet2, wallet3] = await blockchain.createWallets(3); ``` #### `openContract()` [#opencontract] ```typescript openContract<T extends Contract>(contract: T): SandboxContract<T> ``` Wraps a contract for testing with additional methods and state tracking. **Parameters:** * `contract` — contract instance to wrap **Returns:** [`SandboxContract`](#sandboxcontract) wrapper with testing capabilities **Usage example:** ```typescript const myContract = blockchain.openContract(MyContract.createFromConfig(config, code)); ``` #### `provider()` [#provider] ```typescript provider(address: Address, init?: StateInit | null): ContractProvider ``` Creates a new `ContractProvider` for the contract address. **Parameters:** * `address` — address to create contract provider for * `init` — initial state of contract **Returns:** ContractProvider instance **Usage example:** ```typescript const contractProvider = blockchain.provider(address, init); ``` #### `sender()` [#sender] ```typescript sender(address: Address): Sender ``` Creates a Sender for the address. Note that this sender pushes internal messages to the Blockchain directly. No value is deducted from the sender address; all the values are set to defaults. Use for test purposes only. **Parameters:** * `address` — address to create sender for **Returns:** `Sender` instance **Usage example:** ```typescript const sender = blockchain.sender(address); await contract.send(sender, ...); ``` #### `getContract()` [#getcontract] ```typescript getContract(address: Address): Promise<SmartContract> ``` Retrieves `SmartContract` from `BlockchainStorage`. **Parameters:** * `address` — address of the contract to get **Returns:** a promise resolving to a `SmartContract` instance #### `setShardAccount()` [#setshardaccount] ```typescript setShardAccount(address: Address, account: ShardAccount): Promise<void> ``` Sets the account state directly for a contract address. **Parameters:** * `address` — contract `Address` * `account` — `ShardAccount` state to set #### `getTransactions()` [#gettransactions] ```typescript getTransactions(address: Address, opts?: { limit?: number; lt?: string | bigint; hash?: string | Buffer; }): Promise<BlockchainTransaction[]> ``` Retrieves transactions for the specified address. Transactions are ordered from newest to oldest. **Parameters:** * `address` — the `Address` to retrieve transactions for * `opts` — options to fetch transactions * `lt` — logical time of the transaction to start from (must be used with `hash`) * `hash` — hash of the transaction to start from (must be used with `lt`) * `limit` — maximum number of transactions to return **Returns:** promise resolving to an array of transactions involving the given address **Usage example:** ```typescript const transactions = await blockchain.getTransactions(Address.parse('...'), { lt: '1234567890', hash: 'abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890', limit: 10 }); ``` #### `sendMessage()` [#sendmessage] ```typescript sendMessage(message: Message | Cell, params?: MessageParams): Promise<SendMessageResult> ``` Emulates the result of sending a message to this `Blockchain`. Emulates the whole chain of transactions before returning the result. Each transaction increases lt by 1000000. **Parameters:** * `message` — message to send (`Message` object or `Cell` for external messages) * `params` — optional [`MessageParams`](#messageparams) * `now` — override blockchain time for this message * `randomSeed` — random seed for deterministic execution * `ignoreChksig` — whether `CHKSIG` instructions are set to always succeed. Default: `false` **Returns:** promise resolving to [`SendMessageResult`](#sendmessageresult) containing transactions, events, and externals **Usage example:** ```typescript const result = await blockchain.sendMessage(internal({ from: sender.address, to: contract.address, value: toNano('1'), body: beginCell().storeUint(0, 32).endCell(), })); // Check transactions expect(result.transactions).toHaveTransaction({ from: sender.address, to: contract.address, success: true }); ``` #### `sendMessageIter()` [#sendmessageiter] ```typescript sendMessageIter(message: Message | Cell, params?: SendMessageIterParams): Promise<AsyncIterator<BlockchainTransaction> & AsyncIterable<BlockchainTransaction>> ``` Starts emulating the result of sending a message to this Blockchain. Each iterator call emulates one transaction, so the whole chain is not emulated immediately, unlike in `sendMessage`. **Parameters:** * `message` — message to send (`Message` or `Cell`) * `params` — optional parameters * `allowParallel` — when `true`, allows many consequential executions of this method (default: `false`) * other [`MessageParams`](#messageparams) (`now`, `randomSeed`, `ignoreChksig`) **Returns:** promise resolving to async iterator of [`BlockchainTransaction`](#blockchaintransaction) **Usage example:** ```typescript const message = internal({ from: sender.address, to: address, value: toNano('1'), body: beginCell().storeUint(0, 32).endCell(), }); for await (const tx of await blockchain.sendMessageIter(message, { randomSeed: crypto.randomBytes(32) })) { // process transaction console.log(tx); } ``` #### `runGetMethod()` [#rungetmethod] ```typescript runGetMethod(address: Address, method: number | string, stack?: TupleItem[], params?: GetMethodParams): Promise<GetMethodResult> ``` Runs a get method on the contract. **Parameters:** * `address` — contract `Address` * `method` — method ID (number) or method name (string) to run * `stack` — method parameters as `TupleItem` array * `params` — optional [`GetMethodParams`](#getmethodparams) * `now` — override blockchain time for this call * `randomSeed` — random seed for deterministic execution * `gasLimit` — overrides TVM emulator `gas_limit`, defaults to 10\_000\_000 **Returns:** promise resolving to [`GetMethodResult`](#getmethodresult) with stackReader and other execution details **Usage example:** ```typescript const { stackReader } = await blockchain.runGetMethod(address, 'get_now', [], { now: 2, }); const now = stackReader.readNumber(); // With method ID const result = await blockchain.runGetMethod(address, 123, []); ``` #### `runTickTock()` [#runticktock] ```typescript runTickTock(on: Address | Address[], which: TickOrTock, params?: MessageParams): Promise<SendMessageResult> ``` Runs tick or tock transaction. **Parameters:** * `on` — `Address` or `Address` array to run tick-tock * `which` — type of transaction (`'tick'` or `'tock'`) * `params` — [`MessageParams`](#messageparams) (`now`, `randomSeed`, `ignoreChksig`) **Returns:** promise resolving to [`SendMessageResult`](#sendmessageresult) **Usage example:** ```typescript let res = await blockchain.runTickTock(address, 'tock'); ``` #### `snapshot()` [#snapshot] ```typescript snapshot(): BlockchainSnapshot ``` Saves a snapshot of the current blockchain. **Returns:** [`BlockchainSnapshot`](#blockchainsnapshot) object **Usage example:** ```typescript const snapshot = blockchain.snapshot(); // some operations await blockchain.loadFrom(snapshot); // restores blockchain state ``` #### `loadFrom()` [#loadfrom] ```typescript loadFrom(snapshot: BlockchainSnapshot): Promise<void> ``` Restores blockchain state from the snapshot. **Parameters:** * `snapshot` — [`BlockchainSnapshot`](#blockchainsnapshot) to restore from **Usage example:** ```typescript const snapshot = blockchain.snapshot(); // ... perform operations await blockchain.loadFrom(snapshot); ``` #### `enableCoverage()` [#enablecoverage] ```typescript enableCoverage(enable?: boolean): void ``` Enable coverage collection. **Parameters:** * `enable` — if `false`, disable coverage collection (default: `true`) **Usage example:** ```typescript blockchain.enableCoverage(); // ... execute contract methods const coverage = blockchain.coverage(contract); ``` #### `coverage()` [#coverage] ```typescript coverage(contract: Contract): Coverage | undefined ``` Returns coverage analysis for the specified contract. Coverage is collected at the TVM assembly instruction level from all executed transactions and get method calls. **Parameters:** * `contract` — contract to analyze coverage for **Returns:** [`Coverage`](#coverage) object with detailed coverage data or undefined **Throws:** `Error` if the contract has no code or if verbose VM logs are not enabled **Usage example:** ```typescript blockchain.enableCoverage(); await contract.send(sender, { value: toNano('1') }, 'increment'); const coverage = blockchain.coverage(contract); const summary = coverage?.summary(); console.log(`Coverage: ${summary?.coveragePercentage?.toFixed(2)}%`); const htmlReport = coverage?.report("html"); await fs.writeFile("coverage.html", htmlReport); ``` #### `coverageForCell()` [#coverageforcell] ```typescript coverageForCell(code: Cell, address?: Address): Coverage | undefined ``` Returns coverage analysis for the specified code cell. This method allows analyzing coverage for code cells directly, with optional address filtering. **Parameters:** * `code` — Cell containing contract code to analyze * `address` — optional contract address to filter transactions by **Returns:** [`Coverage`](#coverage) object with detailed coverage data **Usage example:** ```typescript blockchain.enableCoverage(); const coverage = blockchain.coverageForCell(codeCell, contractAddress); const allCoverage = blockchain.coverageForCell(codeCell); // Without address filtering ``` #### `getDebuggerExecutor()` [#getdebuggerexecutor] ```typescript getDebuggerExecutor(): Promise<Executor> ``` Gets the debugger executor instance for debugging purposes. **Returns:** promise resolving to Executor instance for debugging **Usage example:** ```typescript const debugExecutor = await blockchain.getDebuggerExecutor(); // Use debugExecutor for debugging operations ``` #### `debug` [#debug] ```typescript get debug(): boolean set debug(value: boolean) ``` Gets or sets debug mode for the blockchain. #### `setVerbosityForAddress()` [#setverbosityforaddress] ```typescript setVerbosityForAddress(address: Address, verbosity: Partial<LogsVerbosity> | Verbosity | undefined): Promise<void> ``` Update the logs' verbosity level for the address. **Parameters:** * `address` — contract `Address` * `verbosity` — [`LogsVerbosity`](#logsverbosity) configuration or undefined to reset **Usage example:** ```typescript await blockchain.setVerbosityForAddress(contract.address, { blockchainLogs: true, vmLogs: 'vm_logs_full' }); ``` #### `setConfig()` [#setconfig] ```typescript setConfig(config: BlockchainConfig): void ``` Updates blockchain config. **Parameters:** * `config` — custom config in `Cell` format, or predefined `'default'` | `'slim'` **Usage example:** ```typescript blockchain.setConfig('slim'); // Use slim config for faster execution blockchain.setConfig(customConfigCell); // Use custom config ``` #### `randomize()` [#randomize] ```typescript randomize(): Promise<Buffer> ``` Generates and sets a new random seed using secure random bytes. **Returns:** promise resolving to the generated random seed `Buffer` **Usage example:** ```typescript const newSeed = await blockchain.randomize(); ``` #### `now` [#now] ```typescript get now(): number | undefined set now(now: number | undefined) ``` Gets or sets the current time in the blockchain (UNIX timestamp). **Usage example:** ```typescript // Get current time const currentTime = blockchain.now; // Set blockchain time blockchain.now = Math.floor(Date.now() / 1000); // Clear time (use system time) blockchain.now = undefined; ``` #### `lt` [#lt] ```typescript get lt(): bigint ``` Gets the current logical time in the blockchain. **Returns:** current logical time as `bigint` #### `config` [#config] ```typescript get config(): Cell ``` Gets the configuration used in the blockchain. **Returns:** configuration as `Cell` #### `configBase64` [#configbase64] ```typescript get configBase64(): string ``` Gets the configuration used in the blockchain in base64 format. **Returns:** configuration as base64 string #### `verbosity` [#verbosity] ```typescript get verbosity(): LogsVerbosity set verbosity(value: LogsVerbosity) ``` Gets or sets the logs verbosity level. **Usage example:** ```typescript // Get current verbosity const currentVerbosity = blockchain.verbosity; // Set verbosity blockchain.verbosity = { print: true, blockchainLogs: true, vmLogs: 'vm_logs_full', debugLogs: true }; ``` #### `libs` [#libs] ```typescript get libs(): Cell | undefined set libs(value: Cell | undefined) ``` Gets or sets the global blockchain libraries. **Usage example:** ```typescript // Get current libs const currentLibs = blockchain.libs; // Set libraries const libsDict = Dictionary.empty(Dictionary.Keys.Buffer(32), Dictionary.Values.Cell()); libsDict.set(libCell.hash(), libCell); blockchain.libs = beginCell().storeDictDirect(libsDict).endCell(); ``` #### `random` [#random] ```typescript get random(): Buffer | undefined set random(value: Buffer | undefined) ``` Gets or sets the random seed. **Usage example:** ```typescript // Get current random seed const currentSeed = blockchain.random; // Set random seed blockchain.random = crypto.randomBytes(32); ``` #### `recordStorage` [#recordstorage] ```typescript get recordStorage(): boolean set recordStorage(v: boolean) ``` If set to `true`, `BlockchainTransaction` will have `oldStorage` and `newStorage` fields. Note that enabling this flag will disable a certain optimization, which will slow down contract emulation. #### `autoDeployLibraries` [#autodeploylibraries] ```typescript get autoDeployLibraries(): boolean set autoDeployLibraries(value: boolean) ``` Gets or sets whether libraries should be automatically deployed. #### `prevBlocks` [#prevblocks] ```typescript get prevBlocks(): PrevBlocksInfo | undefined set prevBlocks(value: PrevBlocksInfo | undefined) ``` Gets or sets the `PrevBlocksInfo` for the blockchain. ### `Treasury` [#treasury-1] A test treasury wallet for sending transactions and managing test funds. Treasury is created by `blockchain.treasury()` and provides a convenient wallet interface for testing. ```typescript class TreasuryContract implements Contract { static readonly code: Cell; static create(workchain: number, subwalletId: bigint): TreasuryContract; readonly address: Address; readonly init: StateInit; readonly subwalletId: bigint; constructor(workchain: number, subwalletId: bigint); sendMessages(provider: ContractProvider, messages: MessageRelaxed[], sendMode?: SendMode): Promise<void>; send(provider: ContractProvider, args: SenderArguments): Promise<void>; getSender(provider: ContractProvider): Treasury; getBalance(provider: ContractProvider): Promise<bigint>; createTransfer(args: { messages: MessageRelaxed[]; sendMode?: SendMode; }): Cell; } type Treasury = SandboxContract<TreasuryContract> ``` #### `code` [#code] ```typescript static readonly code: Cell ``` Static property containing the compiled treasury contract code. **Returns:** Cell with treasury contract bytecode #### `create()` [#create] ```typescript static create(workchain: number, subwalletId: bigint): TreasuryContract ``` Creates a new treasury contract instance. **Parameters:** * `workchain` — workchain ID (typically 0) * `subwalletId` — unique subwallet identifier **Returns:** new TreasuryContract instance #### `address` [#address] ```typescript readonly address: Address ``` The address of the treasury contract. **Returns:** `Address` of the treasury #### `init` [#init] ```typescript readonly init: StateInit ``` The initial state of the treasury contract. **Returns:** [`StateInit`](/blockchain-basics/primitives/messages/deploy) for contract deployment #### `subwalletId` [#subwalletid] ```typescript readonly subwalletId: bigint ``` Unique subwallet identifier generated from the treasury seed using SHA-256. **Returns:** `bigint` subwallet ID #### `sendMessages()` [#sendmessages] ```typescript sendMessages(provider: ContractProvider, messages: MessageRelaxed[], sendMode?: SendMode): Promise<void> ``` Sends multiple messages via the treasury contract. **Parameters:** * `provider` — `ContractProvider` * `messages` — array of `MessageRelaxed` to send * `sendMode` — optional `SendMode` (default: pay gas fees separately) #### `send()` [#send] ```typescript send(provider: ContractProvider, args: SenderArguments): Promise<void> ``` Sends a single message via the treasury contract. **Parameters:** * `provider` — `ContractProvider` * `args` — `SenderArguments` including value, body, and [send mode](/blockchain-basics/primitives/messages/modes) #### `getSender()` [#getsender] ```typescript getSender(): Sender ``` Returns a sender interface for this treasury that automatically handles sending transactions. **Returns:** `Sender` object for transaction signing **Usage example:** ```typescript const deployer = await blockchain.treasury('deployer'); const sender = deployer.getSender(); // Sender automatically handles seqno and signing await contract.sendDeploy(sender, toNano('0.05')); ``` #### `getBalance()` [#getbalance] ```typescript getBalance(provider: ContractProvider): Promise<bigint> ``` Returns the current TON balance of the treasury. **Parameters:** * `provider` — `ContractProvider` **Returns:** promise resolving to balance in nanoTON **Usage example:** ```typescript const treasury = await blockchain.treasury('user'); const balance = await treasury.getBalance(); console.log(`Treasury balance: ${balance} nanoTON`); ``` #### `createTransfer()` [#createtransfer] ```typescript createTransfer(args: { messages: MessageRelaxed[]; sendMode?: SendMode; }): Cell ``` Creates a transfer message cell for sending multiple messages via the treasury. **Parameters:** * `args` — transfer arguments * `messages` — array of `MessageRelaxed` to include in transfer * `sendMode` — optional `SendMode` (default: pay gas fees separately) **Returns:** `Cell` containing the transfer message body #### Treasury usage [#treasury-usage] Treasury contracts are pre-funded wallets that work like regular wallet contracts: **Usage example:** ```typescript // Create treasury with default 1M TON balance const treasury = await blockchain.treasury('user'); // Create treasury with custom balance const richTreasury = await blockchain.treasury('rich', { balance: toNano(10_000_000n) }); // Use treasury sender for transactions await contract.sendMessage(treasury.getSender(), toNano('1'), messageBody); // Treasury handles all operations automatically ``` ### `RemoteBlockchainStorage` [#remoteblockchainstorage] Storage implementation that fetches contract states from a real TON network. ```typescript class RemoteBlockchainStorage implements BlockchainStorage { constructor(client: TonClient4Wrapper, blockSeqno?: number) } ``` **Parameters:** * `client` — wrapped TON client for network access * `blockSeqno` — optional block number to fetch state from **Usage example:** ```typescript import { TonClient4 } from '@ton/ton'; import { RemoteBlockchainStorage, wrapTonClient4ForRemote } from '@ton/sandbox'; const blockchain = await Blockchain.create({ storage: new RemoteBlockchainStorage( wrapTonClient4ForRemote( new TonClient4({ endpoint: 'https://mainnet-v4.tonhubapi.com' }) ) ) }); ``` ## Type Definitions [#type-definitions] ### `SandboxContract` [#sandboxcontract] Enhanced contract wrapper that transforms contract methods for sandbox testing. SandboxContract automatically wraps `get` methods and `send` methods to work with the sandbox environment. ```typescript export type SandboxContract<F> = { [P in keyof F]: P extends `${'get' | 'is'}${string}` ? F[P] extends (x: infer CP, ...args: infer P) => infer R ? ExtendsContractProvider<CP> extends true ? (...args: P) => R : never : never : P extends `send${string}` ? F[P] extends (x: infer CP, ...args: infer P) => infer R ? ExtendsContractProvider<CP> extends true ? (...args: P) => Promise<SendMessageResult & { result: R extends Promise<infer PR> ? PR : R; }> : never : never : F[P]; }; ``` **Key transformations:** * **Get methods** (`get*`) — Remove the ContractProvider parameter, return the same result * **Send methods** (`send*`) — Remove ContractProvider parameter, return `Promise<SendMessageResult & { result: R }>` * **Other properties** — Remain unchanged **Usage example:** ```typescript // Open a contract in sandbox const myContract = blockchain.openContract(MyContract.createFromConfig(config, code)); // Deploy the contract - returns SendMessageResult const deployResult = await myContract.sendDeploy(deployer.getSender(), toNano('0.05')); expect(deployResult.transactions).toHaveTransaction({ from: deployer.address, to: myContract.address, success: true }); // Send methods return SendMessageResult with transaction info const incrementResult = await myContract.sendIncrement(user.getSender(), toNano('0.1')); expect(incrementResult.transactions).toHaveTransaction({ from: user.address, to: myContract.address, success: true }); // Get methods work the same as production const counter = await myContract.getCounter(); expect(counter).toBe(1n); ``` ### `SendMessageResult` [#sendmessageresult] Result of sending a message to the blockchain emulator. ```typescript export type SendMessageResult = { transactions: BlockchainTransaction[]; events: Event[]; externals: ExternalOut[]; }; ``` **Properties:** * `transactions` — array of [`BlockchainTransaction`](#blockchaintransaction) objects that resulted from the message * `events` — array of [`Event`](#event-types) objects emitted during execution * `externals` — array of `ExternalOut` messages generated during execution ### `BlockchainTransaction` [#blockchaintransaction] Enhanced transaction type with additional sandbox-specific properties. ```typescript export type BlockchainTransaction = SmartContractTransaction & { events: Event[]; parent?: BlockchainTransaction; children: BlockchainTransaction[]; externals: ExternalOut[]; mode?: number; }; ``` **Properties:** * `events` — [`Event`](#event-types) objects emitted during transaction execution * `parent` — parent [`BlockchainTransaction`](#blockchaintransaction) that triggered this one * `children` — child [`BlockchainTransaction`](#blockchaintransaction) objects triggered by this transaction * `externals` — `ExternalOut` messages generated during execution * `mode` — transaction execution mode ### `MessageParams` [#messageparams] Optional parameters for message sending operations. ```typescript export type MessageParams = Partial<{ now: number; randomSeed: Buffer; ignoreChksig: boolean; }>; ``` **Properties:** * `now` — override blockchain time for this message (UNIX timestamp) * `randomSeed` — random seed for deterministic execution * `ignoreChksig` — whether `CHKSIG` instructions are set to always succeed ### `GetMethodParams` [#getmethodparams] Optional parameters for a get method execution. ```typescript export type GetMethodParams = Partial<{ now: number; randomSeed: Buffer; gasLimit: bigint; }>; ``` **Properties:** * `now` — override blockchain time for this call (UNIX timestamp) * `randomSeed` — random seed for deterministic execution * `gasLimit` — override TVM emulator gas limit (default: 10,000,000) ### `GetMethodResult` [#getmethodresult] Result of executing a get method on a contract. ```typescript export type GetMethodResult = { stack: TupleItem[]; stackReader: TupleReader; exitCode: number; gasUsed: bigint; blockchainLogs: string; vmLogs: string; debugLogs: string; }; ``` **Properties:** * `stack` — raw `TupleItem` array returned by the method * `stackReader` — convenient `TupleReader` for parsing stack items * `exitCode` — TVM exit code (0 for success, see [ExitCodes](#exitcodes)) * `gasUsed` — amount of gas consumed during execution * `blockchainLogs` — blockchain-level execution logs * `vmLogs` — TVM execution logs * `debugLogs` — debug-level execution logs ### `Verbosity` [#verbosity-1] Verbosity levels for TVM execution logging. ```typescript export type Verbosity = 'none' | 'vm_logs' | 'vm_logs_location' | 'vm_logs_gas' | 'vm_logs_full' | 'vm_logs_verbose'; ``` **Values:** * `'none'` — no VM logs * `'vm_logs'` — basic VM execution logs * `'vm_logs_location'` — VM logs with code location information * `'vm_logs_gas'` — VM logs with gas consumption details * `'vm_logs_full'` — comprehensive VM logs * `'vm_logs_verbose'` — maximum verbosity VM logs ### `LogsVerbosity` [#logsverbosity] Configuration for different types of logging output. ```typescript export type LogsVerbosity = { print: boolean; blockchainLogs: boolean; vmLogs: Verbosity; debugLogs: boolean; }; ``` **Properties:** * `print` — enable console output * `blockchainLogs` — enable blockchain-level logs * `vmLogs` — TVM execution [`Verbosity`](#verbosity) level * `debugLogs` — enable debug-level logs ### `SmartContractTransaction` [#smartcontracttransaction] Enhanced transaction type with execution logs and storage information. ```typescript export type SmartContractTransaction = Transaction & { blockchainLogs: string; vmLogs: string; debugLogs: string; oldStorage?: Cell; newStorage?: Cell; outActions?: OutAction[]; }; ``` **Properties:** * `blockchainLogs` — blockchain execution logs * `vmLogs` — TVM execution logs * `debugLogs` — debug execution logs * `oldStorage` — contract storage before transaction (if `recordStorage` enabled) * `newStorage` — contract storage after transaction (if `recordStorage` enabled) * `outActions` — output actions generated during execution ### `BlockchainSnapshot` [#blockchainsnapshot] Snapshot of blockchain state for persistence and restoration. ```typescript export type BlockchainSnapshot = { contracts: SmartContractSnapshot[]; networkConfig: string; lt: bigint; time?: number; verbosity: LogsVerbosity; libs?: Cell; nextCreateWalletIndex: number; prevBlocksInfo?: PrevBlocksInfo; randomSeed?: Buffer; autoDeployLibs: boolean; transactions: BlockchainTransaction[]; }; ``` **Properties:** * `contracts` — snapshots of all contract states * `networkConfig` — blockchain configuration * `lt` — current logical time * `time` — current blockchain time * `verbosity` — logging configuration * `libs` — shared libraries * `nextCreateWalletIndex` — next treasury wallet index * `prevBlocksInfo` — previous blocks information * `randomSeed` — random seed for execution * `autoDeployLibs` — auto-deploy libraries flag * `transactions` — transaction history ### `GetMethodResultSuccess` [#getmethodresultsuccess] Successful get method execution result from the remote API. ```typescript export type GetMethodResultSuccess = { success: true; stack: string; gas_used: string; vm_exit_code: number; vm_log: string; missing_library: string | null; }; ``` **Properties:** * `success` — always true for successful results * `stack` — serialized result stack * `gas_used` — gas consumption as string * `vm_exit_code` — TVM exit code * `vm_log` — TVM execution log * `missing_library` — missing library hash if any ### `GetMethodResultError` [#getmethodresulterror] A failed get method execution result from the remote API. ```typescript export type GetMethodResultError = { success: false; error: string; }; ``` **Properties:** * `success` — always false for error results * `error` — error description ### `Event` Types [#event-types] Blockchain events that were emitted during transaction execution. ```typescript export type EventAccountCreated = { type: 'account_created'; account: Address; }; export type EventAccountDestroyed = { type: 'account_destroyed'; account: Address; }; export type EventMessageSent = { type: 'message_sent'; from: Address; to: Address; value: bigint; body: Cell; bounced: boolean; }; export type Event = EventAccountCreated | EventAccountDestroyed | EventMessageSent; ``` **Event Types:** * `EventAccountCreated` — account was created during execution * `EventAccountDestroyed` — account was destroyed during execution * `EventMessageSent` — message was sent during execution ### `BlockId` [#blockid] An identifier for a blockchain block. ```typescript export type BlockId = { workchain: number; shard: bigint; seqno: number; rootHash: Buffer; fileHash: Buffer; }; ``` **Properties:** * `workchain` — workchain number * `shard` — shard identifier * `seqno` — sequence number * `rootHash` — block root hash * `fileHash` — block file hash ### `PrevBlocksInfo` [#prevblocksinfo] Information about previous blocks in the blockchain. ```typescript export type PrevBlocksInfo = { lastMcBlocks: BlockId[]; prevKeyBlock: BlockId; lastMcBlocks100?: BlockId[]; }; ``` **Properties:** * `lastMcBlocks` — last masterchain blocks * `prevKeyBlock` — previous key block * `lastMcBlocks100` — last 100 masterchain blocks (optional) ### `SerializableSnapshot` [#serializablesnapshot] JSON-serializable format for blockchain snapshots. ```typescript export type SerializableSnapshot = { contracts: { address: string; account: string; lastTxTime: number; verbosity?: Partial<LogsVerbosity>; }[]; networkConfig: string; lt: string; time?: number; verbosity: LogsVerbosity; libs?: string; nextCreateWalletIndex: number; prevBlocksInfo?: { lastMcBlocks: SerializableBlockId[]; prevKeyBlock: SerializableBlockId; lastMcBlocks100?: SerializableBlockId[]; }; randomSeed?: string; autoDeployLibs: boolean; transactions: { transaction: string; blockchainLogs: string; vmLogs: string; debugLogs: string; oldStorage?: string; newStorage?: string; outActions?: string; externals: string[]; mode?: number; parentHash?: string; childrenHashes: string[]; }[]; }; ``` ### `ExtraCurrency` [#extracurrency] Type for extra currencies in transactions. ```typescript export type ExtraCurrency = { [key: number]: bigint; }; ``` **Properties:** * `[key: number]` — currency ID mapped to amount in basic units ## Utility functions [#utility-functions] ### `loadConfig()` [#loadconfig] Loads and parses blockchain configuration from Cell or base64 string. ```typescript export function loadConfig(configCellOrBase64: string | Cell): BlockchainConfig; ``` **Parameters:** * `configCellOrBase64` — configuration as `Cell` or base64 string **Returns:** parsed `BlockchainConfig` object ### `updateConfig()` [#updateconfig] Updates blockchain configuration with new parameters. ```typescript export function updateConfig(config: Cell, ...params: ConfigParam[]): Cell; ``` **Parameters:** * `config` — existing configuration `Cell` * `...params` — `ConfigParam` array to update **Returns:** updated configuration `Cell` ### `prettyLogTransaction()` [#prettylogtransaction] Creates a formatted log string for a transaction. ```typescript export function prettyLogTransaction(tx: Transaction, mapFunc?: AddressMapFunc): string; ``` **Parameters:** * `tx` — `Transaction` to create a log string for * `mapFunc` — optional `AddressMapFunc` to map addresses to human-readable strings **Returns:** formatted transaction log string ### `prettyLogTransactions()` [#prettylogtransactions] Logs multiple transactions to the console using formatted output. ```typescript export function prettyLogTransactions(txs: Transaction[], mapFunc?: AddressMapFunc): void; ``` **Parameters:** * `txs` — `Transaction` array to log * `mapFunc` — optional `AddressMapFunc` to map addresses to a human-readable format **Example Output:** ``` null ➡️ EQBGhqLAZseEqRXz4ByFPTGV7SVMlI4hrbs-Sps_Xzx01x8G ➡️ 0.05 💎 EQC2VluVfpj2FoHNMAiDMpcMzwvjLZxxTG8ecq477RE3NvVt ``` ### `internal()` (Utility Function) [#internal-utility-function] Creates an internal message from parameters. This is a utility function used internally and in message builders. ```typescript export function internal(params: { from: Address; to: Address; value: bigint; body?: Cell; stateInit?: StateInit; bounce?: boolean; bounced?: boolean; ihrDisabled?: boolean; ihrFee?: bigint; forwardFee?: bigint; createdAt?: number; createdLt?: bigint; ec?: Dictionary<number, bigint> | [number, bigint][] | ExtraCurrency; }): Message; ``` **Parameters:** * `from` — sender `Address` * `to` — recipient `Address` * `value` — message value in nanoTON * `body` — optional message body `Cell` * `stateInit` — optional [`StateInit`](/blockchain-basics/primitives/messages/deploy) for contract deployment * `bounce` — bounce flag (default: true for bounceable messages) * `bounced` — indicates if this is a bounced message (default: false) * `ihrDisabled` — disable Instant Hypercube Routing (default: true) * `ihrFee` — IHR fee amount * `forwardFee` — forward fee amount * `createdAt` — message creation timestamp * `createdLt` — logical time when message was created * `ec` — extra currencies `Dictionary` or [`ExtraCurrency`](#extracurrency) **Returns:** `Message` object for blockchain processing **Usage examples:** ```typescript // Simple internal message const message = internal({ from: sender.address, to: contract.address, value: toNano('1'), body: beginCell().storeUint(1, 32).endCell() }); // Message with stateInit for deployment const deployMessage = internal({ from: deployer.address, to: contract.address, value: toNano('0.05'), stateInit: { code, data }, body: beginCell().endCell() }); // Non-bounceable message const nonBounceMessage = internal({ from: sender.address, to: wallet.address, value: toNano('0.1'), bounce: false }); ``` ### `printTransactionFees()` [#printtransactionfees] Prints transaction fees in a formatted table to the console. ```typescript export function printTransactionFees(transactions: Transaction[], mapFunc?: OpMapFunc): void; ``` **Parameters:** * `transactions` — list of `Transaction` to analyze and print fees for * `mapFunc` — optional `OpMapFunc` to map operation codes to a human-readable format **Returns:** `void` (outputs formatted table to console) ### `snapshotToSerializable()` [#snapshottoserializable] ```typescript export function snapshotToSerializable(snapshot: BlockchainSnapshot): SerializableSnapshot; ``` **Parameters:** * `snapshot` — [`BlockchainSnapshot`](#blockchainsnapshot) to serialize **Returns:** [`SerializableSnapshot`](#serializablesnapshot) — JSON-serializable snapshot object ### `snapshotFromSerializable()` [#snapshotfromserializable] ```typescript export function snapshotFromSerializable(serialized: SerializableSnapshot): BlockchainSnapshot; ``` **Parameters:** * `serialized` — [`SerializableSnapshot`](#serializablesnapshot) object **Returns:** [`BlockchainSnapshot`](#blockchainsnapshot) — restored blockchain snapshot **Usage example:** ```typescript import { snapshotToSerializable, snapshotFromSerializable } from '@ton/sandbox'; import fs from 'fs'; // Save snapshot to file const snapshot = blockchain.snapshot(); const serializable = snapshotToSerializable(snapshot); fs.writeFileSync('snapshot.json', JSON.stringify(serializable)); // Load snapshot from file const loaded = JSON.parse(fs.readFileSync('snapshot.json', 'utf8')); const restored = snapshotFromSerializable(loaded); await blockchain.loadFrom(restored); ``` ### `setGlobalVersion()` [#setglobalversion] Sets the global version in the blockchain configuration. ```typescript export function setGlobalVersion(config: Cell, version: number, capabilites?: bigint): Cell; ``` **Parameters:** * `config` — blockchain configuration `Cell` * `version` — global version number to set * `capabilites` — optional capabilities flags **Returns:** `Cell` — updated configuration Cell ### `fetchConfig()` [#fetchconfig] Fetches blockchain configuration from TON network. ```typescript export async function fetchConfig(network: 'mainnet' | 'testnet', maxRetries?: number): Promise<Cell>; ``` **Parameters:** * `network` — network to fetch config from (`'mainnet'` or `'testnet'`) * `maxRetries` — maximum number of retry attempts (default: 5) **Returns:** `Promise<Cell>` — blockchain configuration Cell ### `registerCompiledContract()` [#registercompiledcontract] Registers compiled contract for debugging support. ```typescript export function registerCompiledContract(code: Cell, debugInfo: FuncDebugInfo, marks: Cell): Cell; ``` **Parameters:** * `code` — compiled contract code `Cell` * `debugInfo` — `FuncDebugInfo` debug information * `marks` — debug marks `Cell` **Returns:** `Cell` — the same code Cell (for chaining) ## Test utilities and matchers [#test-utilities-and-matchers] Comprehensive testing utilities for TON blockchain transactions and state. Import from `@ton/test-utils` to use these utilities and matchers. ```typescript import '@ton/test-utils'; ``` ### `FlatTransaction` [#flattransaction] Flattened transaction structure for easier testing and comparison. ```typescript export type FlatTransaction = { from?: Address; to?: Address; on?: Address; value?: bigint; ec?: [number, bigint][]; body?: Cell; inMessageBounced?: boolean; inMessageBounceable?: boolean; op?: number; initData?: Cell; initCode?: Cell; deploy: boolean; lt: bigint; now: number; outMessagesCount: number; oldStatus: AccountStatus; endStatus: AccountStatus; totalFees?: bigint; aborted?: boolean; destroyed?: boolean; exitCode?: number; actionResultCode?: number; success?: boolean; mode?: number; }; ``` **Properties:** * `from` — sender address (if internal message) * `to` — recipient address * `on` — contract address being called * `value` — message value in nanoTON * `ec` — extra currencies as `[currencyId, amount]` pairs * `body` — message body cell * `inMessageBounced` — whether the incoming message was bounced * `inMessageBounceable` — whether the incoming message is bounceable * `op` — operation code extracted from message body * `initData` — contract initialization data * `initCode` — contract initialization code * `deploy` — whether this transaction deployed a contract * `lt` — logical time of transaction * `now` — timestamp of transaction * `outMessagesCount` — number of outbound messages * `oldStatus` — account status before transaction * `endStatus` — account status after transaction * `totalFees` — total fees paid for the transaction * `aborted` — whether the transaction was aborted * `destroyed` — whether the account was destroyed * `exitCode` — TVM exit code * `actionResultCode` — action phase result code * `success` — whether the transaction was successful * `mode` — transaction execution mode ### `FlatTransactionComparable` [#flattransactioncomparable] Pattern for matching transactions with optional fields and functions. ```typescript type WithFunctions<T> = { [K in keyof T]: T[K] | ((x: T[K]) => boolean); }; export type FlatTransactionComparable = Partial<WithFunctions<FlatTransaction>>; ``` A partial [`FlatTransaction`](#flattransaction) where each field can be either: * The exact value to match * A function that returns `true` if the value matches the criteria **Usage examples:** ```typescript // Exact value matching const exactMatch: FlatTransactionComparable = { from: deployer.address, to: contract.address, success: true, deploy: true }; // Function-based matching const conditionalMatch: FlatTransactionComparable = { value: (v) => v !== undefined && v >= toNano('0.1'), // At least 0.1 TON exitCode: (code) => code === 0 || code === undefined, // Success or no code totalFees: (fees) => fees !== undefined && fees < toNano('0.01') // Less than 0.01 TON fees }; // Mixed matching const mixedMatch: FlatTransactionComparable = { from: user.address, // Exact match success: true, // Exact match value: (v) => v >= toNano('1'), // Function match op: 0x12345678 // Exact match }; ``` ### `PrettyTransaction` [#prettytransaction] Human-readable transaction format for debugging and logging. ```typescript export type PrettyTransaction = Omit<FlatTransaction, 'from' | 'to' | 'on' | 'op' | 'failReason'> & { failReason?: FailReason; from?: string; to?: string; on?: string; op?: string; }; ``` **Properties:** * `failReason` — human-readable failure reason (if transaction failed) * `from` — readable sender address or name * `to` — readable recipient address or name * `on` — readable contract address or name * `op` — readable operation name or code ### `FailReason` [#failreason] Describes why a transaction failed with human-readable information. ```typescript export type FailReason = { message: string; }; ``` **Properties:** * `message` — human-readable failure description ### `ContractsMeta` [#contractsmeta] Registry for contract metadata to enhance debugging and logging. ```typescript export class ContractsMeta { get(key: Address): ContractMeta | undefined; upsert(key: Address, value: Partial<ContractMeta>): void; clear(): void; delete(key: Address): void; } export type ContractMeta = { wrapperName?: string; abi?: ContractABI | null; treasurySeed?: string; }; ``` **Methods:** * `get()` — retrieve metadata for contract address * `upsert()` — add or update metadata for contract address * `clear()` — remove all metadata * `delete()` — remove metadata for specific address **Usage example:** ```typescript import { contractsMeta } from '@ton/test-utils'; // Add contract metadata for better debugging contractsMeta.upsert(contract.address, { wrapperName: 'MyContract', abi: contractAbi, treasurySeed: 'deployer' }); // Pretty print transactions will now show readable names const pretty = prettifyTransaction(transaction); console.log(pretty.to); // "MyContract" instead of address ``` ### Jest/Chai matchers [#jestchai-matchers] Test utils provides custom Jest/Chai matchers for testing TON blockchain transactions and data structures. These matchers are automatically available when you import `@ton/test-utils`. #### `toHaveTransaction()` [#tohavetransaction] ```typescript toHaveTransaction(cmp: FlatTransactionComparable): R ``` Asserts that a transaction array or result contains a transaction matching the specified pattern. **Parameters:** * `cmp` — [`FlatTransactionComparable`](#flattransactioncomparable) pattern with optional fields to match **Usage examples:** ```typescript // Check deployment transaction expect(result.transactions).toHaveTransaction({ from: deployer.address, to: contract.address, deploy: true, success: true }); // Check specific operation with value expect(result.transactions).toHaveTransaction({ from: user.address, to: contract.address, value: toNano('1'), op: 0x12345678, success: true }); // Use functions for complex matching expect(result.transactions).toHaveTransaction({ value: (v) => v >= toNano('0.1'), exitCode: (code) => code !== 0 }); ``` #### `toEqualCell()` [#toequalcell] ```typescript toEqualCell(cell: Cell): R ``` Asserts that a Cell equals another Cell by comparing their hash and content. **Parameters:** * `cell` — Cell to compare against **Usage example:** ```typescript const expectedCell = beginCell().storeUint(123, 32).endCell(); expect(actualCell).toEqualCell(expectedCell); ``` #### `toEqualAddress()` [#toequaladdress] ```typescript toEqualAddress(address: Address): R ``` Asserts that an Address equals another Address. **Parameters:** * `address` — Address to compare against **Usage example:** ```typescript expect(contract.address).toEqualAddress(Address.parse('EQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAM9c')); ``` #### `toEqualSlice()` [#toequalslice] ```typescript toEqualSlice(slice: Slice): R ``` Asserts that a Slice equals another Slice by comparing their underlying Cell data. **Parameters:** * `slice` — Slice to compare against **Usage example:** ```typescript const expectedSlice = beginCell().storeUint(123, 32).endCell().beginParse(); expect(actualSlice).toEqualSlice(expectedSlice); ``` #### `toThrowExitCode()` [#tothrowexitcode] ```typescript toThrowExitCode(exitCode: number): Promise<R> ``` Asserts that a function throws an error with a specific TVM exit code. **Parameters:** * `exitCode` — expected TVM exit code **Usage examples:** ```typescript // Test that get method throws specific exit code await expect(async () => { await blockchain.runGetMethod(contract.address, 'fail_method'); }).toThrowExitCode(11); // Test that send method throws exit code await expect(async () => { await contract.sendInvalidOperation(user.getSender(), toNano('0.1')); }).toThrowExitCode(134); // Invalid argument ``` ### Transaction utilities [#transaction-utilities] Utilities for finding, filtering, and working with transactions in tests. #### `findTransaction()` [#findtransaction] ```typescript export function findTransaction<T extends Transaction>(txs: T | T[], match: FlatTransactionComparable): T | undefined; ``` Finds the first transaction matching the specified pattern. **Parameters:** * `txs` — single transaction or array of transactions to search * `match` — [`FlatTransactionComparable`](#flattransactioncomparable) pattern to match **Returns:** matching transaction or `undefined` if not found **Usage example:** ```typescript import { findTransaction } from '@ton/test-utils'; const deployTx = findTransaction(result.transactions, { from: deployer.address, to: contract.address, deploy: true }); if (deployTx) { console.log('Deploy transaction found:', deployTx.lt); } ``` #### `findTransactionRequired()` [#findtransactionrequired] ```typescript export function findTransactionRequired<T extends Transaction>(txs: T | T[], match: FlatTransactionComparable): T; ``` Finds the first transaction matching the specified pattern, throwing an error if not found. **Parameters:** * `txs` — single transaction or array of transactions to search * `match` — [`FlatTransactionComparable`](#flattransactioncomparable) pattern to match **Returns:** matching transaction **Throws:** `Error` if no matching transaction is found **Usage example:** ```typescript import { findTransactionRequired } from '@ton/test-utils'; const deployTx = findTransactionRequired(result.transactions, { from: deployer.address, to: contract.address, deploy: true }); // Guaranteed to have a transaction or throw console.log('Deploy transaction LT:', deployTx.lt); ``` #### `filterTransactions()` [#filtertransactions] ```typescript export function filterTransactions<T extends Transaction>(txs: T[], match: FlatTransactionComparable): T[]; ``` Filters the transactions array to only include transactions matching the specified pattern. **Parameters:** * `txs` — array of transactions to filter * `match` — [`FlatTransactionComparable`](#flattransactioncomparable) pattern to match **Returns:** array of matching transactions **Usage example:** ```typescript import { filterTransactions } from '@ton/test-utils'; const successfulTxs = filterTransactions(result.transactions, { success: true }); const userTxs = filterTransactions(result.transactions, { from: user.address }); ``` ### Async execution utilities [#async-execution-utilities] Utilities for working with transaction iterators and step-by-step execution. #### `executeTill()` [#executetill] ```typescript export async function executeTill<T extends Transaction>(txs: AsyncIterator<T>, match: FlatTransactionComparable): Promise<T[]>; ``` Executes transactions from an async iterator until finding a transaction matching the pattern. **Parameters:** * `txs` — async iterator of transactions from [`sendMessageIter()`](#sendmessageiter) * `match` — [`FlatTransactionComparable`](#flattransactioncomparable) pattern to match **Returns:** a `Promise` resolving to an array of executed transactions up to and including the match **Throws:** `Error` if no matching transaction is found **Usage example:** ```typescript import { executeTill } from '@ton/test-utils'; const message = internal({ from: sender.address, to: contract.address, value: toNano('1') }); const txIter = await blockchain.sendMessageIter(message); const executedTxs = await executeTill(txIter, { to: contract.address, success: true }); console.log(`Executed ${executedTxs.length} transactions until success`); ``` #### `executeFrom()` [#executefrom] ```typescript export async function executeFrom<T extends Transaction>(txs: AsyncIterator<T>): Promise<T[]>; ``` Executes all remaining transactions from an async iterator. **Parameters:** * `txs` — async iterator of transactions **Returns:** promise resolving to array of all executed transactions **Usage example:** ```typescript import { executeFrom } from '@ton/test-utils'; const message = internal({ from: sender.address, to: contract.address, value: toNano('1') }); const txIter = await blockchain.sendMessageIter(message); const allTxs = await executeFrom(txIter); console.log(`Total executed transactions: ${allTxs.length}`); ``` ### Formatting and debugging utilities [#formatting-and-debugging-utilities] Utilities for making transactions and debugging information more readable. #### `prettifyTransaction()` [#prettifytransaction] ```typescript export function prettifyTransaction(transaction: Transaction): PrettyTransaction; ``` Converts a transaction to a human-readable format for debugging and logging. **Parameters:** * `transaction` — transaction to prettify **Returns:** [`PrettyTransaction`](#prettytransaction) object with readable formatting **Usage example:** ```typescript import { prettifyTransaction } from '@ton/test-utils'; const pretty = prettifyTransaction(transaction); console.log('Transaction details:', pretty); ``` #### `contractsMeta` [#contractsmeta-1] Global registry for contract metadata to enhance debugging and logging. ```typescript export const contractsMeta: ContractsMeta; ``` **Usage example:** ```typescript import { contractsMeta } from '@ton/test-utils'; // Add contract metadata for better debugging contractsMeta.upsert(contract.address, { wrapperName: 'MyContract', abi: contractAbi, treasurySeed: 'deployer' }); // Pretty print transactions will now show readable names const pretty = prettifyTransaction(transaction); console.log(pretty.to); // "MyContract" instead of address ``` ### Testing constants and utilities [#testing-constants-and-utilities] #### `ExitCodes` [#exitcodes] Comprehensive collection of TVM exit codes for error testing and analysis. ```typescript export const ExitCodes: { // Numeric codes Success: 0; ReservedSuccess: 1; StackUnderflow: 2; StackOverflow: 3; IntegerOverflow: 4; RangeCheckError: 5; InvalidOpcode: 6; TypeCheckError: 7; CellOverflow: 8; CellUnderflow: 9; DictionaryError: 10; UnknownError: 11; FatalError: 12; OutOfGas: 13; OutOfGasNegative: -14; VirtualizationError: 14; InvalidActionList: 32; ActionListTooLong: 33; InvalidOrUnsupportedAction: 34; InvalidOutboundSrcAddress: 35; InvalidOutboundDestAddress: 36; NotEnoughToncoin: 37; NotEnoughExtraCurrencies: 38; OutboundMessageTooLarge: 39; CannotProcessMessage: 40; NullLibraryReference: 41; LibraryChangeError: 42; LibraryLimitsExceeded: 43; AccountStateTooLarge: 50; NullReference: 128; InvalidSerializationPrefix: 129; InvalidIncomingMessage: 130; ConstraintsError: 131; AccessDenied: 132; ContractStopped: 133; InvalidArgument: 134; ContractCodeNotFound: 135; InvalidStandardAddress: 136; NotBasechainAddress: 138; UnrecognizedMessageOpcode: 65535; // String mappings (reverse lookup) "0": "Success"; "1": "ReservedSuccess"; // ... etc }; ``` #### `randomAddress()` [#randomaddress] ```typescript export function randomAddress(workchain?: number): Address; ``` Generates a random TON address for testing purposes. **Parameters:** * `workchain` — workchain ID (default: 0) **Returns:** randomly generated `Address` **Usage example:** ```typescript import { randomAddress } from '@ton/test-utils'; const testAddress = randomAddress(); const masterchainAddress = randomAddress(-1); // Use in tests expect(contract.getOwner()).toEqualAddress(testAddress); ``` ## Network configuration [#network-configuration] ### Custom network configuration [#custom-network-configuration] ```typescript import { loadConfig, updateConfig } from '@ton/sandbox'; const oldConfig = loadConfig(blockchain.config); const updatedConfig = updateConfig(oldConfig, { ...oldConfig[8], anon0: { ...oldConfig[8].anon0, version: 99, }, }); blockchain.setConfig(updatedConfig); ``` # Jetton interface: messages and get methods (/blockchain-basics/standard/tokens/jettons/api) This page describes all messages and methods related to Jetton processing that are specified in TEPs. ## [TEP 0074](https://github.com/ton-blockchain/TEPs/blob/master/text/0074-jettons-standard.md) [#tep-0074] ### Transfer message layout [#transfer-message-layout] | Field | Type | Description | | :--------------------- | :------------------ | :----------------------------------------------------------------------------------------------------------------------- | | `transfer` | `0x0f8a7ea5` | tag | | `query_id` | `uint64` | arbitrary request number | | `amount` | `VarUInteger 16` | amount of transferred jettons in elementary units | | `destination` | `MsgAddress` | address of the new owner of the jettons | | `response_destination` | `MsgAddress` | address where to send a response with confirmation of a successful transfer and the rest of the incoming message Toncoin | | `custom_payload` | `Maybe ^Cell` | optional custom data (which is used by either sender or receiver jetton wallet for inner logic) | | `forward_ton_amount` | `VarUInteger 16` | the amount of nanotons to be sent to the destination address | | `forward_payload` | `Either Cell ^Cell` | optional custom data that should be sent to the destination address | ### Forward payload formats [#forward-payload-formats] If you want to send a simple comment in the `forward_payload`, then the `forward_payload` must start with `0x00000000` (32-bit unsigned integer equals to zero) and the comment is contained in the remainder of the `forward_payload`. If the comment does not begin with the byte `0xff`, the comment is a text one; it can be displayed "as is" to the end user of a wallet (after filtering invalid and control characters and checking that it is a valid UTF-8 string). For instance, users may indicate the purpose ("for coffee") of a simple transfer from their wallet to the wallet of another user in this text field. On the other hand, if the comment begins with the byte `0xff`, the remainder is a "binary comment", which should not be displayed to the end user as text (only as a hex dump if necessary). The intended use of "binary comments" is, e.g., to contain a purchase identifier for payments in a store, to be automatically generated and processed by the store's software. If the `forward_payload` contains a binary message for interacting with the destination smart contract (for example, with DEX), then there are no prefixes. ### Transfer notification message layout [#transfer-notification-message-layout] | Field | Type | Description | | ----------------------- | ------------------- | ------------------------------------------------------- | | `transfer_notification` | `0x7362d09c` | tag | | `query_id` | `uint64` | should be equal with request's `query_id` | | `amount` | `VarUInteger 16` | amount of transferred jettons | | `sender` | `MsgAddress` | an address of the previous owner of transferred jettons | | `forward_payload` | `Either Cell ^Cell` | should be equal with request's `forward_payload` | ### Excesses message layout [#excesses-message-layout] | Field | Type | Description | | ---------- | ------------ | ----------------------------------------- | | `excesses` | `0xd53276db` | tag | | `query_id` | `uint64` | should be equal with request's `query_id` | ### Burn message layout [#burn-message-layout] | Field | Type | Description | | ---------------------- | ---------------- | --------------------------------------------------------------------------------------------------------------------- | | `burn` | `0x595f07bc` | tag | | `query_id` | `uint64` | arbitrary request number | | `amount` | `VarUInteger 16` | amount of burned jettons | | `response_destination` | `MsgAddress` | an address where to send a response with confirmation of a successful burn and the rest of the incoming message coins | | `custom_payload` | `Maybe ^Cell` | optional custom data | ### get\_wallet\_data() [#get_wallet_data] No arguments. Outputs: | Field | Type | Description | | -------------------- | ---------------- | ------------------------------------ | | `balance` | `VarUInteger 16` | amount of jettons on wallet | | `owner` | `MsgAddress` | an address of wallet owner | | `jetton` | `MsgAddress` | an address of Jetton master contract | | `jetton_wallet_code` | `Cell` | code of this wallet | ### get\_jetton\_data() [#get_jetton_data] No arguments. Outputs: | Field | Type | Description | | -------------------- | ---------------- | ------------------------------------------------------------------ | | `total_supply` | `VarUInteger 16` | the total number of issues jettons | | `mintable` | `Bool` | (-1/0) flag which indicates whether number of jettons can increase | | `admin_address` | `MsgAddress` | an address of smart contract that controls Jetton | | `jetton_content` | `Cell` | data in accordance to TEP 0064 | | `jetton_wallet_code` | `Cell` | code of wallet for that jetton | ### get\_wallet\_address() [#get_wallet_address] Argument: `owner_address` as `MsgAddress`. Output: `jetton_wallet_address`as `MsgAddress`. ## [TEP 0089](https://github.com/ton-blockchain/TEPs/blob/master/text/0089-jetton-wallet-discovery.md) [#tep-0089] ### Provide wallet address message layout [#provide-wallet-address-message-layout] | Field | Type | Description | | ------------------------ | ------------ | -------------------------------------------------------------- | | `provide_wallet_address` | `0x2c76b973` | tag | | `query_id` | `uint64` | arbitrary request number | | `owner_address` | `MsgAddress` | owner's address of Jetton wallet of interest | | `include_address` | `Bool` | whether to include the owner's address in the outgoing message | ### Take wallet address message layout [#take-wallet-address-message-layout] | Field | Type | Description | | --------------------- | ------------------- | ------------------------------------------------------ | | `take_wallet_address` | `0xd1735400` | tag | | `query_id` | `uint64` | arbitrary request number | | `wallet_address` | `MsgAddress` | an address of Jetton wallet of interest | | `owner_address` | `Maybe ^MsgAddress` | optional: owner's address of Jetton wallet of interest | # How to burn jettons (/blockchain-basics/standard/tokens/jettons/burn) Burning is a process of reducing supply of a certain Jetton, mostly in order to create [deflation](https://en.wikipedia.org/wiki/Deflation). ## Web services [#web-services] To burn Jettons manually, use a web service, for example [Minter](https://minter.ton.org/): * Connect your wallet using TON Connect. * Enter the Jetton master contract address into the "Jetton address" field. * Click the "Burn" button in your wallet's balance field and enter the amount you want to burn. * Confirm burning in your wallet application. <Image src="/resources/images/burning-ton-minter.png" darkSrc="/resources/images/burning-ton-minter.png" alt="Burning" /> ## Another approach [#another-approach] An alternative way to burn tokens is to send them to a ["zero" account](https://tonviewer.com/UQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJKZ), see [How to transfer](/blockchain-basics/standard/tokens/jettons/transfer) page. A wallet app can be used for this. ## Programmatically [#programmatically] In more complex cases, it is usually done with an SDK (for example, [`assets-sdk`](https://github.com/ton-community/assets-sdk)) that handles low-level message serialization details. The provided example uses TON Center API. You'll need a mnemonic of a wallet that will pay for the burn. `JETTON_WALLET_ADDR` stands for the Jetton wallet that holds tokens that will be burned. <Aside type="danger" title="Funds at risk"> Beware that API keys and mnemonic must not be committed or shared publicly. A better approach is to use a `.env` file that is excluded from repository with `.gitignore`. For GitHub CI purposes, consult [their documentation](https://docs.github.com/en/actions/how-tos/write-workflows/choose-what-workflows-do/use-secrets). </Aside> ```typescript import { Address, toNano, WalletContractV5R1, TonClient } from "@ton/ton"; import { mnemonicToPrivateKey } from "@ton/crypto"; import { AssetsSDK, createApi } from "@ton-community/assets-sdk"; const NETWORK = "testnet"; // a list of 24 space-separated words const MNEMONIC = "foo bar baz ..."; const JETTON_WALLET_ADDR = Address.parse("<JETTON_WALLET_ADDR>"); async function main() { // create an RPC client that will send network requests const client = new TonClient({ endpoint: "https://toncenter.com/api/v2/jsonRPC", }); // extract private and public keys from the mnemonic const keyPair = await mnemonicToPrivateKey(MNEMONIC.split(" ")); // create a client for TON wallet const wallet = WalletContractV5R1.create({ workchain: 0, // public key is required to deploy a new wallet // if it wasn't deployed yet publicKey: keyPair.publicKey, }); const provider = client.provider(wallet.address); // sender is an object used by assets-sdk to send messages // private key is used to sign messages sent to a wallet const sender = wallet.sender(provider, keyPair.secretKey); // create an assets-sdk client const api = await createApi(NETWORK); const sdk = AssetsSDK.create({ api, sender, }); // create a client for interacting with given jetton wallet const jetton = sdk.openJettonWallet(JETTON_WALLET_ADDR); // burn 1200000 jettons await jetton.sendBurn(sender, 1200000n); } void main(); ``` # Jetton implementations comparison (/blockchain-basics/standard/tokens/jettons/comparison) This article will compare different implementations of the TEP-74 standard and explore the best version for each use case. ## In short [#in-short] [Jetton 2.0](https://github.com/ton-blockchain/jetton-contract/tree/jetton-2.0) is the latest and most optimized Jetton implementation. Unlike previous versions, it deploys Jetton Wallets in the same shardchain as the owner's Toncoin wallet. ## Implementation history [#implementation-history] ### Jetton 1.0 [#jetton-10] **Release date**: Apr 18, 2022 [GitHub](https://github.com/ton-blockchain/token-contract/commit/369ae089255edbd807eb499792a0a838c2e1b272) Since the [initial TEP-74](https://github.com/ton-blockchain/TEPs/blob/master/text/0074-jettons-standard.md) publication on 12.03.2022, this was the first public Jetton release. It doesn't support Jetton Wallet Discovery ([TEP-89 standard](https://github.com/ton-blockchain/TEPs/blob/master/text/0089-jetton-wallet-discovery.md)) and contains some gas estimation techniques that are now considered bad practice. Overall, this implementation is deprecated and shouldn't be used for any production development. ### Discoverable Jetton [#discoverable-jetton] **Release date**: Jan 19, 2023 [GitHub](https://github.com/ton-blockchain/token-contract/commit/f2253cb0f0e1ae0974d7dc0cef3a62cb6e19f806) For a long time, this version was the most widely adopted in the community. The [minter.ton.org](https://minter.ton.org/) UI mint tool deploys Jettons with this code. It contains the necessary minimum feature-wise, but isn't optimized for the latest TVM and blockchain changes. Also, the repository itself doesn't include any advanced tests and scripts. ### Stablecoin contract [#stablecoin-contract] **Release date**: Apr 14, 2024 [GitHub](https://github.com/ton-blockchain/stablecoin-contract/commit/7a22416d4de61336616960473af391713e100d7b) With the USDT release on TON, an advanced version of the Jetton contract was developed. This version introduces many new TVM gas assertion techniques, as well as extended functionality. Since USDT is a centralized asset, there are specific requirements and restrictions for its operations. More specifically, there is no *burn* opcode, which means that formally, the Governance contract is not TEP-compliant, as Jetton burn functionality is part of the standard. Also, the Minter contract includes a *governance* mechanism that allows users to perform any actions on other Jetton Wallets. Another noticeable advantage of this implementation is extensive testing. All previous versions didn't test edge cases of config changes that will affect storage / forward fees. This test suite became the foundation for all future Jetton versions. ### Notcoin contract [#notcoin-contract] **Release date**: Apr 25, 2024 [GitHub](https://github.com/OpenBuilders/notcoin-contract/commit/c9992514b71f1775cec5df49fbea31a85ddd87f9) This version is straightforward - it is a forked Stablecoin contract with removed *governance* functionality and added burn mechanism. Until recent times, it was the most suitable Jetton for basic on-chain coin use cases. ### Mintless Jetton [#mintless-jetton] **Release date**: Sep 22, 2024 [GitHub](https://github.com/ton-blockchain/mintless-jetton-contract/commit/77763e6b2df6cf96b0840c7306844751200ff046) During the time of massive on-chain project airdrops and CEX listings, there was a demand for a cheap and easy way to distribute initial Jetton tokens. You can read more about the history [here](/blockchain-basics/standard/tokens/airdrop). This version is also made from the Stablecoin contract with removed governance and allowed burn. It's implemented as a Merkle-proof airdrop, enabling the minting of Jettons directly on the Jetton-Wallet contract in a decentralized manner. The implementation is designed to support large-scale airdrops without incurring high costs or placing a significant load on the blockchain. To this day, Mintless Jetton is the only widely known implementation that uses the `custom_payload` field in the original `transfer#0f8a7ea5` TL-B. After the initial claim, each Jetton Wallet can be used as a regular Jetton (which it actually is). Note that to use Mintless Jetton to its full extent, you will need to cooperate with wallets for additional indexing and payload creation. ### Jetton 2.0 [#jetton-20] **Release date**: Aug 1, 2025 [GitHub](https://github.com/ton-blockchain/jetton-contract/commit/f2fb1fbb65d8e8ce6ec9f813f3e3dfab9268912a) This is the latest Jetton implementation. It utilizes new shardchain optimizations — Jetton Wallet holding a user's token balance is now always deployed in the same shardchain as the owner's wallet. This [became possible](/blockchain-basics/primitives/messages/deploy#deploying-to-specific-shard) after the TON node introduced functionality to deploy smart contracts into a specific shardchain. It makes transfers and operations with [Jetton 2.0](https://github.com/ton-blockchain/jetton-contract/tree/jetton-2.0) up to 3 times faster under heavy network load compared to the previous versions of Jetton. This version is recommended for all new projects working with Jettons. # How to find jetton wallet (/blockchain-basics/standard/tokens/jettons/find) Some applications may want to be able to discover their own or other contract wallets for a specific Jetton Master. For instance, some contracts may want to obtain and store their Jetton wallet for Jetton to handle transfer notifications from it in a specific way. To compute the address of a Jetton wallet from the address of its owner (a regular user wallet), the Jetton master contract provides the `get_wallet_address (slice owner_address)` method. ```typescript import { TonClient, Address, beginCell, TupleItemSlice } from "@ton/ton"; async function main() { const client = new TonClient({ endpoint: "https://toncenter.com/api/v2/jsonRPC", }); const jettonMasterAddress = Address.parse( "put the Jetton master address in any format", ); const walletAddress = Address.parse("put owner's address in any format"); const walletAddressCell = beginCell().storeAddress(walletAddress).endCell(); // forming the required type for the stack const el: TupleItemSlice = { type: "slice", cell: walletAddressCell, }; // call the get method with a non-empty stack const data = await client.runMethod( jettonMasterAddress, "get_wallet_address", [el], ); // get the Jetton wallet address console.log(data.stack.readAddress()); } void main(); ``` Or if you are sure about the structure of Jetton wallet's initial persistent storage and know its code, you can also manually create [`StateInit`](/blockchain-basics/primitives/messages/deploy) of the Jetton wallet and thus calculate its address. <Aside type="caution"> Use this method with great care, as the c4 of Jetton wallet contracts is not specified. </Aside> ```typescript import { Address, Cell, beginCell, contractAddress, StateInit, } from "@ton/core"; // let's choose Tether USDT as an example const jettonwalletcode = Cell.fromHex( "b5ee9c72010101010023000842028f452d7a4dfd74066b682365177259ed05734435be76b5fd4bd5d8af2b7c3d68", ); const masterAddress = Address.parse( "0:b113a994b5024a16719f69139328eb759596c38a25f59028b146fecdc3621dfe", ); const ownerAddress = Address.parse("an address in any format"); const jettonwalletdata = beginCell() .storeAddress(ownerAddress) .storeAddress(masterAddress) .storeVarUint(0, 16) // the initial value is always zero .endCell(); const jettonWalletStateInit: StateInit = { code: jettonwalletcode, data: jettonwalletdata, }; const BASECHAIN = 0; // All Jetton wallet contracts are located in Basechain by default const jettonWalletAddress = contractAddress(BASECHAIN, jettonWalletStateInit); console.log(jettonWalletAddress.toString()); ``` There are also various web services that allow you to call contract's get methods without writing any code. For example, let's inspect the [Tether USD](https://tonviewer.com/EQCxE6mUtQJKFnGfaROTKOt1lZbDiiX1kCixRv7Nw2Id_sDs?section=method) master contract page on Tonviewer. Inserting the owner's address in any format and executing the get method, you obtain the Jetton wallet address. <Image src="/resources/images/methods.png" darkSrc="/resources/images/methods.png" alt="Tether USDT master contract" /> Finally, you can use [built-in APIs](/applications/api/toncenter/introduction). # Jetton: How it works (/blockchain-basics/standard/tokens/jettons/how-it-works) This article describes the basic ideas and processes behind the implementation of Jettons (aka tokens in Ethereum) in the TON Blockchain. ## Related smart contracts [#related-smart-contracts] Standardized tokens on TON (see TEPs [0074](https://github.com/ton-blockchain/TEPs/blob/master/text/0074-jettons-standard.md) and [0089](https://github.com/ton-blockchain/TEPs/blob/master/text/0089-jetton-wallet-discovery.md)) are implemented using a set of smart contracts, including: * [Jetton master](https://github.com/ton-blockchain/token-contract/blob/main/ft/jetton-minter.fc) (that is also called *Jetton minter*) smart contract; * [Jetton wallet](https://github.com/ton-blockchain/token-contract/blob/main/ft/jetton-wallet.fc) smart contract. It is important to keep in mind that Jetton standards provide only a general scheme of interaction, leaving the specific implementation of related contracts to developers. ### Jetton master [#jetton-master] *Jetton master* smart contracts store general information about a particular jetton, such as total supply (the total number of tokens of this type), a metadata link (or the metadata itself), and the code of the standard jetton-wallet smart contract for this jetton. They also have an *owner (admin)* who, by sending suitable messages to them, [mints new tokens](/blockchain-basics/standard/tokens/jettons/mint), closes the minting, changes metadata, or transfers the admin rights to another contract. Jetton master contracts also receive notifications about the [burning of tokens](/blockchain-basics/standard/tokens/jettons/burn). When they receive such a notification, they must adjust the total supply accordingly. ### Jetton wallet [#jetton-wallet] *Jetton wallet* smart contracts are used to [transfer](/blockchain-basics/standard/tokens/jettons/transfer), receive, and [burn](/blockchain-basics/standard/tokens/jettons/burn) jettons. Each jetton wallet contract stores the wallet balance information for a specific user (owner), the address of the Jetton master contract (for appropriate minting), and some additional information. In certain cases, Jetton wallets are used for individual token holders for each token type. ### Difference between Jetton wallets and regular ones [#difference-between-jetton-wallets-and-regular-ones] Although both regular wallets and Jetton wallets are smart contracts, there are some significant differences between them. The regular wallets' smart contracts are designed for off-chain interaction with their owner. In most implementations, their main purpose is to receive external messages and perform the operations requested in them. It is through a regular wallet that the user sends requests for the transfer of tokens or their burning to the Jetton wallet smart contract. They are designed to store only the native TON Blockchain currency: Toncoin (or TON). On the other hand, Jetton wallet smart contracts are designed only for storing and processing tokens. They ignore any external messages and accept only special internal ones. They execute commands received only from the Jetton master, another Jetton wallet, or their owner's regular wallet smart contracts. ## Message layouts [#message-layouts] Interactions with Jetton contracts, which users and developers most often encounter, are: * tokens transfer: sending tokens from one Jetton wallet to another; * tokens minting: minting new tokens and transferring them to the Jetton wallet; * tokens burning: burn a certain number of tokens on the Jetton wallet contract; * wallet address providing: find the address of the Jetton wallet corresponding to a regular wallet. <Aside type="caution"> In all schemes below, you will see the `query id` field. Nowadays, the field is almost deprecated, and the protocol itself doesn't need it. It is mostly used for easier off-chain parsing and other web2 processing. </Aside> ### Token transfer [#token-transfer] <Image src="/resources/images/jettons/transfer_light.png" darkSrc="/resources/images/jettons/transfer_dark.png" alt="Jetton transfer" /> `Actor A regular wallet -> actor A Jetton wallet`. *Transfer* message contains the following data: | Name | Type | Description | | ---------------------- | ----------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | `query_id` | uint64 | Links the three messaging types—transfer, transfer notification, and excesses—to each other. To ensure this process works correctly, **always use a unique query ID**. | | `amount` | VarUInteger 16 | The total jetton amount to transfer. | | `destination` | MsgAddress | The address of the actor B's regular wallet. | | `response_destination` | MsgAddress | The wallet address used to return remaining Toncoin through the excesses message. | | `custom_payload` | Maybe ^Cell | The optional custom data used by either the sender or receiver jetton wallet for internal logic. | | `forward_ton_amount` | VarUInteger 16 | Toncoin to forward to the recipient. Must `> 0` to send a transfer notification with `forward_payload` and must be less than the amount attached to this message. | | `forward_payload` | Either Cell ^Cell | Optional data. If the first `32` bits equal `0x00000000`, it is a text comment. | that meet the TL-B scheme specified in [TEP 0074](https://github.com/ton-blockchain/TEPs/blob/master/text/0074-jettons-standard.md): ```tlb transfer#0f8a7ea5 query_id:uint64 amount:(VarUInteger 16) destination:MsgAddress response_destination:MsgAddress custom_payload:(Maybe ^Cell) forward_ton_amount:(VarUInteger 16) forward_payload:(Either Cell ^Cell) = InternalMsgBody; ``` `Actor A Jetton wallet -> actor B Jetton wallet`. *Internal transfer* message contains the following data: | Name | Type | Description | | ---------------------- | ----------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | `query_id` | uint64 | Links the three messaging types—transfer, transfer notification, and excesses—to each other. To ensure this process works correctly, **always use a unique query ID**. | | `amount` | VarUInteger 16 | The total jetton amount to transfer. | | `sender` | MsgAddress | The address of the actor A regular wallet. | | `response_destination` | Maybe MsgAddress | The optional wallet address used to return remaining Toncoin through the excesses message. | | `forward_ton_amount` | VarUInteger 16 | Toncoin to forward to the recipient. Must `> 0` to send a transfer notification with `forward_payload` and must be less than the amount attached to this message. | | `forward_payload` | Either Cell ^Cell | Optional data. If the first `32` bits equal `0x00000000`, it is a text comment. | that is not specified, but has a recommended TL-B scheme in [TEP 0074](https://github.com/ton-blockchain/TEPs/blob/master/text/0074-jettons-standard.md): ```tlb internal_transfer#178d4519 query_id:uint64 amount:(VarUInteger 16) from:MsgAddress response_address:MsgAddress forward_ton_amount:(VarUInteger 16) forward_payload:(Either Cell ^Cell) = InternalMsgBody; ``` `Actor B Jetton wallet → actor B regular wallet`. The transfer notification message. This is sent only if `forward_ton_amount` is not zero and contains the following data: | Name | Type | Description | | ----------------- | ----------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | `query_id` | uint64 | Links the three messaging types—transfer, transfer notification, and excesses—to each other. To ensure this process works correctly, **always use a unique query ID**. | | `amount` | VarUInteger 16 | The total jetton amount were transferred. | | `sender` | MsgAddress | The address of the actor A regular wallet. | | `forward_payload` | Either Cell ^Cell | Some data. | that meet the TL-B scheme specified in [TEP 0074](https://github.com/ton-blockchain/TEPs/blob/master/text/0074-jettons-standard.md): ```tlb transfer_notification#7362d09c query_id:uint64 amount:(VarUInteger 16) sender:MsgAddress forward_payload:(Either Cell ^Cell) = InternalMsgBody; ``` `Actor B Jetton wallet -> actor C smart contract`. Excess message body. This is sent only if there are remaining Toncoin after paying the fees. Contains the following data: | Name | Type | | ---------- | ------ | | `query_id` | uint64 | that meet the TL-B scheme specified in [TEP 0074](https://github.com/ton-blockchain/TEPs/blob/master/text/0074-jettons-standard.md): ```tlb excesses#d53276db query_id:uint64 = InternalMsgBody; ``` ### Token minting [#token-minting] <Image src="/resources/images/jettons/mint_light.png" darkSrc="/resources/images/jettons/mint_dark.png" alt="Jettons minting" /> `Admin regular wallet -> Jetton master contract`. *Mint* message contains the following data: <Aside type="caution"> The following data layout is just a possible example. The structure of the Mint message is not specified in any TEPs and is left to the choice of the developer. </Aside> | Name | Type | Description | | ------------- | ---------- | ------------------------------------------------------------------------------------- | | `query_id` | uint64 | To ensure this process works correctly, **always use a unique query ID**. | | `receiver` | MsgAddress | The address of the actor A regular wallet. | | `mintMessage` | Cell | The rest of the data as in an internal transfer message, except the `query_id` field. | The rest of the messages have already been described above when analyzing the transfer process. ### Token burning [#token-burning] <Image src="/resources/images/jettons/burn_light.png" darkSrc="/resources/images/jettons/burn_dark.png" alt="Jettons burning" /> `Actor A regular wallet -> actor A Jetton wallet`. *Burn* message contains the following data: | Name | Type | Description | | ---------------------- | -------------- | --------------------------------------------------------------------------------- | | `query_id` | uint64 | To ensure this process works correctly, **always use a unique query ID**. | | `amount` | VarUInteger 16 | The total jetton amount to burn. | | `response_destination` | MsgAddress | The wallet address used to return remaining Toncoin through the excesses message. | | `custom_payload` | Maybe ^Cell | The optional custom data used by the receiver jetton wallet for internal logic. | that meet a TL-B scheme in [TEP 0074](https://github.com/ton-blockchain/TEPs/blob/master/text/0074-jettons-standard.md): ```tlb burn#595f07bc query_id:uint64 amount:(VarUInteger 16) response_destination:MsgAddress custom_payload:(Maybe ^Cell) = InternalMsgBody; ``` `Actor A Jetton wallet -> Jetton master contract`. *Burn notification* message contains the following data: | Name | Type | Description | | ---------------------- | -------------- | --------------------------------------------------------------------------------- | | `query_id` | uint64 | To ensure this process works correctly, **always use a unique query ID**. | | `amount` | VarUInteger 16 | The total jetton amount was burned. | | `sender` | MsgAddress | The address of the actor A regular wallet. | | `response_destination` | MsgAddress | The wallet address used to return remaining Toncoin through the excesses message. | that is not specified but has a recommended TL-B scheme in [TEP 0074](https://github.com/ton-blockchain/TEPs/blob/master/text/0074-jettons-standard.md): ```tlb burn_notification#7bdd97de query_id:uint64 amount:(VarUInteger 16) sender:MsgAddress response_destination:MsgAddress = InternalMsgBody; ``` ### Wallet address providing [#wallet-address-providing] This process is straightforward. Some actor sends to the Jetton master contract `provide_wallet_address` message that contains the following fields: | Name | Type | Description | | ----------------- | ---------- | -------------------------------------------------------------------------- | | `query_id` | uint64 | To ensure this process works correctly, **always use a unique query ID**. | | `owner_address` | MsgAddress | The address of the actor for which the Jetton wallet address is needed. | | `include_address` | Bool | Whether to include the address of the actor himself in the output message. | Then, the Jetton master contract sends to the actor a message that contains the following fields: | Name | Type | Description | | ---------------- | ----------------- | ------------------------------------------------------------------------- | | `query_id` | uint64 | To ensure this process works correctly, **always use a unique query ID**. | | `wallet_address` | MsgAddress | The Jetton wallet contract address. | | `owner_address` | Maybe ^MsgAddress | The address of the owner. | These messages meet the corresponding TL-B schemes in [TEP 0089](https://github.com/ton-blockchain/TEPs/blob/master/text/0089-jetton-wallet-discovery.md): ```tlb provide_wallet_address#2c76b973 query_id:uint64 owner_address:MsgAddress include_address:Bool = InternalMsgBody; take_wallet_address#d1735400 query_id:uint64 wallet_address:MsgAddress owner_address:(Maybe ^MsgAddress) = InternalMsgBody; ``` ## Interaction from UI [#interaction-from-ui] There are three actions that can be performed through the UI: * [getting wallet balance](/blockchain-basics/standard/tokens/jettons/wallet-data); * [transfer jettons](/blockchain-basics/standard/tokens/jettons/transfer); * indexing available jettons. ### Applications [#applications] The most popular user wallet applications, such as [TonKeeper](https://tonkeeper.com/), use their own SQL-like database. When the user receives a new jetton for the first time, the application processes the `transfer_notification` message. Next, information about the number of jettons received is taken from it, and it is checked if there is information about this jetton in the applications database. If there is, information is added to the database stating that the user has a new type of jetton in the amount received. If not, the database starts indexing this new jetton, and after the validation process begins to show data about it to users. This is how all the jettons that a given user has and their amounts are listed. For a user to transfer a given amount of a token to another user, they only need to fill in the `destination` and `amount` fields through the application. Next, it will automatically generate a transfer message and send it to the Jetton wallet associated with the user. ### Web services [#web-services] Various web services, such as [Tonviewer](https://tonviewer.com/), can also be used to obtain information about the types of user jettons and their amounts. Unlike wallet applications, they also have the ability to directly invoke the get methods of related smart contracts. However, they are not designed to generate and send messages. # How to mint new jettons (/blockchain-basics/standard/tokens/jettons/mint) <Aside type="danger" title="Warning — funds at risk"> Minting and sending messages can move funds. Scope: your wallet and the target jetton contracts. Rollback: on-chain transfers are final; rotate keys if a mnemonic leaks. Do first (testnet): use a test wallet and testnet RPC before mainnet. </Aside> In order to mint new jettons, that particular Jetton must be mintable. Otherwise, it's impossible. Next, only mintable Jettons are considered. Minting is not a specified operation in any of the existing TEPs. Its implementation is left to the developer's choice. The following `typescript` code example is based on the minting implementation in [Notcoin jetton minter contract](https://github.com/OpenBuilders/notcoin-contract/blob/main/contracts/jetton-minter.fc). This example contains a manual assembly of all the necessary messages and is useful for studying their possible structure. ```typescript import { Address, beginCell, internal, toNano } from "@ton/core"; import { TonClient, WalletContractV4 } from "@ton/ton"; import { mnemonicToPrivateKey } from "@ton/crypto"; async function main() { const jettonMasterAddress = Address.parse('<JETTON_MASTER_ADDR>'); const receiverAddress = Address.parse('<RECEIVER_ADDR>'); const destinationAddress = Address.parse('<WALLET_ADDR>'); // let's add some forward_payload const forwardPayload = beginCell() .storeUint(0, 32) // 0 opcode means we have a comment .storeStringTail('Mint') .endCell(); // Forming the master message // internal transfer is also unspecified by the standard, but there is a suggested format in TEP 0074 const masterMessage = beginCell() .storeUint(0x178d4519, 32) // opcode for jetton transfer-internal .storeUint(0, 64) // query id .storeCoins(toNano(5)) // jetton amount, amount * 10^9. That is an amount we want to mint .storeAddress(jettonMasterAddress) // from_address. For minting could be any. The Jetton wallet will check from context that the sender is the Jetton master contract and accept the transfer. .storeAddress(destinationAddress) // response destination .storeCoins(toNano('0.02')) // forward_ton_amount - if >0, will send notification message .storeBit(1) // either forward_payload .storeRef(forwardPayload) // we have forward_payload, store it as a reference .endCell(); // forming the mint message const mintMessageBody = beginCell() .storeUint(0x642b7d07, 32) // opcode for mint .storeUint(0, 64) // query id .storeAddress(receiverAddress) // the user's regular wallet address .storeCoins(toNano(0.1)) // Toncoin intended to user's Jetton wallet .storeRef(masterMessage) // internal transfer message .endCell(); const mintMessage = internal({ to: jettonMasterAddress, value: toNano('0.1'), bounce: true, body: mintMessageBody }); // connect to your regular wallet const client = new TonClient({ endpoint: 'https://toncenter.com/api/v2/jsonRPC', }); const provider = client.provider(destinationAddress); const MNEMONIC = process.env.MNEMONIC; if (!MNEMONIC) throw new Error("Set MNEMONIC to a test mnemonic (testnet)."); const keyPair = await mnemonicToPrivateKey(MNEMONIC.split(" ")); const walletContract = WalletContractV4.create({ workchain: 0, publicKey: keyPair.publicKey, }); // send the mint message through your wallet const seqno = await walletContract.getSeqno(provider); await walletContract.sendTransfer(provider, { seqno: seqno, secretKey: keyPair.secretKey, messages: [ mintMessage, ], }); } void main(); ``` However, there is an [SDK](https://github.com/ton-community/assets-sdk) that allows you to avoid manually creating all the necessary messages. An example of how it can be used to send the mint message is provided below: ```typescript import { Address } from '@ton/core'; import { AssetsSDK, PinataStorageParams, createApi, createSender, importKey } from "@ton-community/assets-sdk"; async function main() { const NETWORK = 'testnet'; const api = await createApi(NETWORK); const keyPair = await importKey(process.env.MNEMONIC!); const sender = await createSender('highload-v2', keyPair, api); const storage: PinataStorageParams = { pinataApiKey: process.env.PINATA_API_KEY!, pinataSecretKey: process.env.PINATA_SECRET!, }; const sdk = AssetsSDK.create({ api: api, storage: storage, sender: sender, }); const JETTON_ADDRESS = Address.parse('MY_JETTON_ADDRESS'); const jetton = sdk.openJetton(JETTON_ADDRESS); const RECEIVER_ADDRESS = Address.parse('RECEIVER_ADDRESS'); await jetton.sendMint(sender, RECEIVER_ADDRESS, 1200000n); } void main(); ``` Finally, you can use web services as [TON MINTER](https://minter.ton.org/) and avoid writing code, just follow the guides. # Overview (/blockchain-basics/standard/tokens/jettons/overview) Jettons (TEP-74 standard) serve as TON's counterpart to Ethereum's [ERC-20 tokens](https://eips.ethereum.org/EIPS/eip-20), functioning as the primary means of representing monetary value and fungible assets within the TON ecosystem. These tokens embody the principle of fungibility, where each unit holds identical value and can be seamlessly exchanged with any other unit of the same token type. Use cases: * To represent currency on-chain, like USDT. Each Jetton can be arbitrary fraction (1 Jetton = 10<sup>-6</sup> USD) * To empower governance-like voting systems. Each Jetton equals a vote * To represent deposit size in Decentralized Finance The technical architecture of Jettons reflects TON's distributed design principles. Rather than storing all token information in a single contract, the system employs a distributed approach where each user maintains their own Jetton wallet contract. The main Jetton contract functions as a central registry, storing essential metadata and tracking total supply, while individual wallet contracts handle user-specific balances and execute transfer operations. This architecture enhances scalability and reduces congestion compared to centralized token models. Read more: * [Jetton standard comparison](/blockchain-basics/standard/tokens/jettons/comparison) * [TEP-74](https://github.com/ton-blockchain/TEPs/blob/0d7989fba6f2d9cb08811bf47263a9b314dc5296/text/0074-jettons-standard.md) # How to get jetton supply data (/blockchain-basics/standard/tokens/jettons/supply-data) To retrieve specific Jetton data, use the Jetton master contract's `get_jetton_data()` method. This method returns the following data: | Name | Type | Description | | -------------------- | ---------------- | ------------------------------------------------------------------------------------------------------------------------- | | `total_supply` | `VarUInteger 16` | the total number of issued jettons measured in indivisible units | | `mintable` | `Bool` | Indicates whether new jettons can be minted (-1 for true, 0 for false) | | `admin_address` | `Address` | admin's address | | `jetton_content` | `Cell` | data formatted according to [TEP-64](https://github.com/ton-blockchain/TEPs/blob/master/text/0064-token-data-standard.md) | | `jetton_wallet_code` | `Cell` | a code of the corresponding Jetton wallet | You can call the `get_jetton_data()` method from your favorite IDE: ```javascript import { TonClient, Address } from "@ton/ton" async function main() { const client = new TonClient({ endpoint: 'https://toncenter.com/api/v2/jsonRPC', }); const JettonMasterAddress = Address .parse('0:b113a994b5024a16719f69139328eb759596c38a25f59028b146fecdc3621dfe'); const data = await client.runMethod(JettonMasterAddress, 'get_jetton_data'); const Stack = data.stack; console.log(Stack.readNumber()); // Total supply console.log(Stack.readNumber()); // mintable console.log(Stack.readAddress().toString()); // Admin address console.log(Stack.readCell()); // jetton_content console.log(Stack.readCell()) // jetton_wallet_code } void main(); ``` Or call it through a web service, such as [Tonviewer](https://tonviewer.com/EQDmVdCZ2SALvyfCDVlPLr0hoPhUxgjNFtTAxemz9V_C5wbN?section=method): <Image src="/resources/images/tonviewer/jetton-data.png" darkSrc="/resources/images/tonviewer/jetton-data-dark.png" /> Finally, you can get this information using the [API](/applications/api/overview). # How to transfer jettons (/blockchain-basics/standard/tokens/jettons/transfer) [TEP-74](https://github.com/ton-blockchain/TEPs/blob/master/text/0074-jettons-standard.md#internal-message-handlers) standard specifies that Jetton wallets must support `transfer` operation. <Aside type="danger" title="Funds at risk"> Each jetton stores a `decimals` parameter in its metadata. Transferring without accounting for `decimals` can result in sending 1000 times the intended amount—irreversible on mainnet. Mitigation: Always retrieve and apply the correct `decimals` value. Test on testnet first. Read [decimals parameter](/blockchain-basics/standard/tokens/metadata#decimals) for details. </Aside> To attach a comment, the message has to encode it in `forward_payload` field, and `forward_ton_amount` is some amount of Toncoin attached to let the receiving wallet process the message. Format of `forward_payload` for comments and other kinds of attached data can be found in [the API section](https://github.com/ton-blockchain/TEPs/blob/master/text/0074-jettons-standard.md#forward_payload-format). If `forward_ton_amount` is `0`, `forward_payload` doesn't have to comply with the schema. A single manual transfer can be done with a web service (for example, [Minter](https://minter.ton.org/)). A programmatic transfer is usually done with an SDK (for example, [`assets-sdk`](https://github.com/ton-community/assets-sdk)) that handles low-level message serialization details. The provided example uses TON Center API that might [require a key](/applications/api/toncenter/get-api-key). Also you'll need a mnemonic of a wallet that will pay for the transfer. <Aside type="danger" title="Funds at risk"> Beware that API keys and mnemonic must not be committed or shared publicly. A better approach is to use a `.env` file that is excluded from repository with `.gitignore`. For GitHub CI purposes, consult [their documentation](https://docs.github.com/en/actions/how-tos/write-workflows/choose-what-workflows-do/use-secrets). </Aside> ```ts expandable import { Address, toNano, WalletContractV5R1, TonClient } from "@ton/ton"; import { mnemonicToPrivateKey } from "@ton/crypto"; import { AssetsSDK, createApi } from "@ton-community/assets-sdk"; const network = "testnet"; // a list of 24 space-separated words const mnemonic = "foo bar baz"; const apiKey = "<API_KEY>"; const jettonMasterAddress = Address.parse("<JETTON_MASTER_ADDR>"); const destinationRegularWalletAddress = Address.parse("<DESTINATION_WALLET_ADDR>"); async function main() { // create an RPC client that will send network requests const client = new TonClient({ endpoint: "https://toncenter.com/api/v2/jsonRPC", apiKey, }); // extract private and public keys from the mnemonic const keyPair = await mnemonicToPrivateKey(mnemonic.split(" ")); // create a client for TON wallet const wallet = WalletContractV5R1.create({ workchain: 0, // public key is required to deploy a new wallet // if it wasn't deployed yet publicKey: keyPair.publicKey, }); const provider = client.provider(wallet.address); // sender is an object used by assets-sdk to send messages // private key is used to sign messages sent to a wallet const sender = wallet.sender(provider, keyPair.secretKey); // create an assets-sdk client const api = await createApi(network); const sdk = AssetsSDK.create({ api, sender }); // create a client for interacting with jettons of a // certain type const jetton = await sdk.openJetton(jettonMasterAddress); // create a client for the sender's Jetton wallet const jettonWallet = await jetton.getWallet(sdk.sender!.address!); // tell sender's Jetton wallet to transfer Jettons await jettonWallet.send(sender, destinationRegularWalletAddress, toNano(10)); } void main(); ``` For reference, here's a low-level example of the process, where message serialization is done manually. ```ts expandable import { Address, beginCell, internal, SendMode, toNano } from "@ton/core"; import { TonClient, WalletContractV5R1, TupleItemSlice } from "@ton/ton"; import { mnemonicToPrivateKey } from "@ton/crypto"; // a list of 24 space-separated words const mnemonic = "foo bar baz"; const apiKey = "<API key>"; const jettonMasterAddress = Address.parse( "<Jetton master address>", ); const destinationRegularWalletAddress = Address.parse( "<destination wallet address>", ); async function main() { // connect to your regular walletV5 const client = new TonClient({ endpoint: "https://toncenter.com/api/v2/jsonRPC", apiKey, }); const keyPair = await mnemonicToPrivateKey(mnemonic.split(" ")); const walletContract = WalletContractV5R1.create({ workchain: 0, publicKey: keyPair.publicKey, }); const provider = client.provider(walletContract.address); // Find your Jetton wallet Address const walletAddressCell = beginCell() .storeAddress(walletContract.address) .endCell(); const el: TupleItemSlice = { type: "slice", cell: walletAddressCell, }; const data = await client.runMethod( jettonMasterAddress, "get_wallet_address", [el], ); const jettonWalletAddress = data.stack.readAddress(); // form the transfer message const forwardPayload = beginCell() .storeUint(0, 32) // 0 opcode means we have a comment .storeStringTail("for coffee") .endCell(); const messageBody = beginCell() // opcode for jetton transfer .storeUint(0x0f8a7ea5, 32) // query id .storeUint(0, 64) // jetton amount, amount * 10^9 .storeCoins(toNano(5)) // the address of the new jetton owner .storeAddress(destinationRegularWalletAddress) // response destination (in this case, the destination wallet) .storeAddress(destinationRegularWalletAddress) // no custom payload .storeBit(0) // forward amount - if >0, will send notification message .storeCoins(toNano("0.02")) // store forwardPayload as a reference .storeBit(1) .storeRef(forwardPayload) .endCell(); const transferMessage = internal({ to: jettonWalletAddress, value: toNano("0.1"), bounce: true, body: messageBody, }); // send the transfer message through your wallet const seqno = await walletContract.getSeqno(provider); await walletContract.sendTransfer(provider, { seqno: seqno, secretKey: keyPair.secretKey, messages: [transferMessage], sendMode: SendMode.PAY_GAS_SEPARATELY, }); } void main(); ``` # How to get jetton wallet data (/blockchain-basics/standard/tokens/jettons/wallet-data) To retrieve the Jetton wallet's account jetton amount, owner identification information, and other details related to a specific Jetton wallet contract, use the `get_wallet_data()` [get method](/blockchain-basics/primitives/messages/overview) within the Jetton wallet contract. This method returns the following data: | Name | Type | Description | | ----------------------- | ---------------- | ---------------------------------------------- | | `balance` | `VarUInteger 16` | the amount of nano tokens on the Jetton wallet | | `owner` | `MsgAddress` | the address of owner's regular wallet | | `jetton_master_address` | `MsgAddress` | the address of the Jetton master contract | | `jetton_wallet_code` | `Cell` | a code of the Jetton wallet | You can call the `get_wallet_data()` method from your favorite IDE: ```javascript import { Address, TonClient } from "@ton/ton"; async function main() { const client = new TonClient({ endpoint: "https://toncenter.com/api/v2/jsonRPC", }); const JettonwalletAddress = Address.parse( "EQDmVdCZ2SALvyfCDVlPLr0hoPhUxgjNFtTAxemz9V_C5wbN", ); const data = await client.runMethod(JettonwalletAddress, "get_wallet_data"); const Stack = data.stack; console.log("Balance in nano tokens: ", Stack.readNumber()); // wallet address console.log("Owner: ", Stack.readAddress().toString({ bounceable: false })); console.log("Jetton Master address: ", Stack.readAddress().toString()); // default BoC encoding in viewers console.log("Jetton Wallet code: ", Stack.readCell().toBoc().toString('hex')); } void main(); ``` Or call it through a web service, such as [Tonviewer](https://tonviewer.com/EQDmVdCZ2SALvyfCDVlPLr0hoPhUxgjNFtTAxemz9V_C5wbN?section=method): <Image src="/resources/images/tonviewer/get-wallet-data.png" darkSrc="/resources/images/tonviewer/get-wallet-data-dark.png" /> Finally, you can get this information using the [API](https://toncenter.com/api/v3/jetton/wallets). # NFT interface: messages and get methods (/blockchain-basics/standard/tokens/nft/api) NFT messages and methods specified in TEPs. ## [TEP-62](https://github.com/ton-blockchain/TEPs/blob/1fbc23cac69723c53251f686ec90d81bf0e83443/text/0062-nft-standard.md) [#tep-62] ### NFT Item [#nft-item] #### Transfer message layout [#transfer-message-layout] | Field | Type | Description | | ---------------------- | ------------------- | ------------------------------------------------------------------------ | | `transfer` | `uint32` | tag equal to `0x5fcc3d14` | | `query_id` | `uint64` | arbitrary request number | | `new_owner` | `MsgAddress` | address of the new owner of the NFT item | | `response_destination` | `MsgAddress` | optional address to receive excess Toncoin, usually the sender's address | | `custom_payload` | `Maybe ^Cell` | optional custom data | | `forward_amount` | `VarUInteger 16` | the amount of Toncoin to be sent to the new owner | | `forward_payload` | `Either Cell ^Cell` | optional data that should be forwarded to the new owner | #### Forward payload formats [#forward-payload-formats] To send a simple comment in the `forward_payload`, the `forward_payload` must start with `0x00000000` (32-bit unsigned integer equal to zero); the remainder of the `forward_payload` contains the comment. If the comment does not begin with the byte `0xff`, the comment is a text one; it can be displayed "as is" to the end user of a wallet (after filtering invalid and control characters and checking that it is a valid UTF-8 string). For instance, users may indicate the purpose ("for coffee") of a simple transfer from their wallet to the wallet of another user in this text field. On the other hand, if the comment begins with the byte `0xff`, the remainder is a "binary comment", which should not be displayed to the end user as text (only as a hex dump if necessary). The intended use of "binary comments" is, e.g., to contain a purchase identifier for payments in a store, to be automatically generated and processed by the store's software. If the `forward_payload` contains a binary message for interacting with the destination smart contract (for example, with DEX), then there are no prefixes. #### Ownership assigned message layout [#ownership-assigned-message-layout] | Field | Type | Description | | -------------------- | ------------------- | ---------------------------------------------- | | `ownership_assigned` | `uint32` | tag equal to `0x05138d91` | | `query_id` | `uint64` | should be equal to request's `query_id` | | `prev_owner` | `MsgAddress` | address of the previous owner of this NFT item | | `forward_payload` | `Either Cell ^Cell` | should be equal to request's `forward_payload` | #### Excesses message layout [#excesses-message-layout] | Field | Type | Description | | ---------- | -------- | --------------------------------------- | | `excesses` | `uint32` | tag equal to `0xd53276db` | | `query_id` | `uint64` | should be equal to request's `query_id` | #### Get static data message layout [#get-static-data-message-layout] | Field | Type | Description | | ----------------- | -------- | ------------------------- | | `get_static_data` | `uint32` | tag equal to `0x2fcb26a2` | | `query_id` | `uint64` | arbitrary request number | #### Report static data message layout [#report-static-data-message-layout] | Field | Type | Description | | -------------------- | ------------ | ------------------------------------------------------------------------- | | `report_static_data` | `uint32` | tag equal to `0x8b771735` | | `query_id` | `uint64` | should be equal to request's `query_id` | | `index` | `uint256` | numerical index of this NFT in the collection | | `collection` | `MsgAddress` | address of the smart contract of the collection to which this NFT belongs | <Aside type="caution"> Verify that item belongs to collection via [get method in collection](/blockchain-basics/standard/tokens/nft/api#get-nft-address-by-index) , see more [here](/blockchain-basics/standard/tokens/nft/verify) </Aside> #### get\_nft\_data() [#get_nft_data] No arguments. Outputs: | Field | Type | Description | | -------------------- | ------------ | ------------------------------------------------------------------------- | | `init?` | `int` | if not zero, then this NFT is fully initialized and ready for interaction | | `index` | `int` | numerical index of this NFT in the collection | | `collection_address` | `MsgAddress` | address of the smart contract of the collection to which this NFT belongs | | `owner_address` | `MsgAddress` | address of the current owner of this NFT | | `individual_content` | `Cell` | individual NFT content in any format | <Aside type="caution"> Verify that item belongs to collection via [get method in collection](/blockchain-basics/standard/tokens/nft/api#get-nft-address-by-index) , see more [here](/blockchain-basics/standard/tokens/nft/verify) </Aside> ### NFT Collection [#nft-collection] #### get\_collection\_data() [#get_collection_data] No arguments. Outputs: | Field | Type | Description | | -------------------- | ------------ | -------------------------------------------------------- | | `next_item_index` | `int` | the count of currently deployed NFT items in collection | | `collection_content` | `Cell` | collection content in a format that complies with TEP-64 | | `owner_address` | `MsgAddress` | collection owner address, zero address if no owner | #### get\_nft\_address\_by\_index() [#get_nft_address_by_index] Argument: `index` as `int`. Output: `address` as `MsgAddress`. #### get\_nft\_content() [#get_nft_content] Arguments: * `index` as `int` * `individual_content` as `Cell` Output: `full_content` as `Cell`. ## [TEP-66](https://github.com/ton-blockchain/TEPs/blob/c5bfe285ef91810fab02c5352593f5a1455458bf/text/0066-nft-royalty-standard.md) [#tep-66] ### Get royalty params message layout [#get-royalty-params-message-layout] | Field | Type | Description | | -------------------- | -------- | ------------------------- | | `get_royalty_params` | `uint32` | tag equal to `0x693d3950` | | `query_id` | `uint64` | arbitrary request number | ### Report royalty params message layout [#report-royalty-params-message-layout] | Field | Type | Description | | ----------------------- | ------------ | --------------------------------------- | | `report_royalty_params` | `uint32` | tag equal to `0xa8cb00ad` | | `query_id` | `uint64` | should be equal to request's `query_id` | | `numerator` | `uint16` | royalty numerator | | `denominator` | `uint16` | royalty denominator | | `destination` | `MsgAddress` | address to send royalty | ### royalty\_params() [#royalty_params] No arguments. Outputs: | Field | Type | Description | | ------------- | ------------ | -------------------------------- | | `numerator` | `int` | royalty numerator (e.g., 11) | | `denominator` | `int` | royalty denominator (e.g., 1000) | | `destination` | `MsgAddress` | address to send royalty | Royalty share is `numerator / denominator`. For example, if `numerator = 11` and `denominator = 1000`, then royalty share is `11 / 1000 * 100% = 1.1%`. ## [TEP-85](https://github.com/ton-blockchain/TEPs/blob/c5bfe285ef91810fab02c5352593f5a1455458bf/text/0085-sbt-standard.md) [#tep-85] ### SBT Item [#sbt-item] #### Prove ownership message layout [#prove-ownership-message-layout] | Field | Type | Description | | ----------------- | ------------ | ---------------------------------------------------------------------- | | `prove_ownership` | `uint32` | tag equal to `0x04ded148` | | `query_id` | `uint64` | arbitrary request number | | `destination` | `MsgAddress` | address of the contract to which the ownership should be proven | | `forward_payload` | `^Cell` | any data for sending to the destination address from SBT | | `with_content` | `Bool` | if true, SBT's individual content cell will be included in the message | <Aside type="caution"> Should be rejected if sender address is not the owner's address. </Aside> #### Request owner message layout [#request-owner-message-layout] | Field | Type | Description | | ----------------- | ------------ | ---------------------------------------------------------------------- | | `request_owner` | `uint32` | tag equal to `0xd0c3bfea` | | `query_id` | `uint64` | arbitrary request number | | `destination` | `MsgAddress` | address of the contract to which the ownership should be proven | | `forward_payload` | `^Cell` | any data for sending to the destination address from SBT | | `with_content` | `Bool` | if true, SBT's individual content cell will be included in the message | #### Destroy message layout [#destroy-message-layout] | Field | Type | Description | | ---------- | -------- | ------------------------- | | `destroy` | `uint32` | tag equal to `0x1f04537a` | | `query_id` | `uint64` | arbitrary request number | <Aside type="caution"> Should be rejected if sender address is not the owner's address. Sets the owner's address and authority to null, and sends an excesses message with the contract's balance. </Aside> #### Revoke message layout [#revoke-message-layout] | Field | Type | Description | | ---------- | -------- | ------------------------- | | `revoke` | `uint32` | tag equal to `0x6f89f5e3` | | `query_id` | `uint64` | arbitrary request number | <Aside type="caution"> Should be rejected if sender address is not the authority's address or if already revoked. Sets `revoked_at` to current unix time. </Aside> #### Ownership proof message layout [#ownership-proof-message-layout] | Field | Type | Description | | -------------------- | ------------- | ---------------------------------------------------------------- | | `ownership_proof` | `uint32` | tag equal to `0x0524c7ae` | | `query_id` | `uint64` | should be equal to request's `query_id` | | `item_id` | `uint256` | ID of an SBT | | `owner` | `MsgAddress` | SBT owner's address | | `data` | `^Cell` | data cell passed in `prove_ownership` | | `revoked_at` | `uint64` | unix time when SBT was revoked, 0 if it was not | | `individual_content` | `Maybe ^Cell` | SBT's individual content if `with_content` was true, null if not | #### Owner info message layout [#owner-info-message-layout] | Field | Type | Description | | ------------ | ------------- | ----------------------------------------------------- | | `owner_info` | `uint32` | tag equal to `0x0dd607e3` | | `query_id` | `uint64` | should be equal to request's `query_id` | | `item_id` | `uint256` | ID of an SBT | | `initiator` | `MsgAddress` | address of request initiator | | `owner` | `MsgAddress` | SBT owner's address | | `data` | `^Cell` | data cell equal to request's `forward_payload` | | `revoked_at` | `uint64` | unix time when SBT was revoked, 0 if it was not | | `content` | `Maybe ^Cell` | SBT's content if `with_content` was true, null if not | #### get\_nft\_data() [#get_nft_data-1] Same as [NFT standard](/blockchain-basics/standard/tokens/nft/api#get-nft-data). No arguments. Outputs: | Field | Type | Description | | -------------------- | ------------ | ------------------------------------------------------------------------- | | `init?` | `int` | if not zero, then this SBT is fully initialized and ready for interaction | | `index` | `int` | numerical index of this SBT in the collection | | `collection_address` | `MsgAddress` | address of the smart contract of the collection to which this SBT belongs | | `owner_address` | `MsgAddress` | SBT owner's address | | `individual_content` | `Cell` | individual SBT content in any format | #### get\_authority\_address() [#get_authority_address] No arguments. Outputs: | Field | Type | Description | | ----------- | ------- | ------------------------------------------------------------------------------------------ | | `authority` | `slice` | authority's address that can revoke SBT, returns `addr_none` (2 zero bits) if no authority | <Aside type="note"> This method is mandatory for SBT. If there is no authority it should return `addr_none` (2 zero bits). </Aside> #### get\_revoked\_time() [#get_revoked_time] No arguments. Outputs: | Field | Type | Description | | ------------ | ----- | ----------------------------------------------------- | | `revoked_at` | `int` | unix time of when SBT was revoked, 0 when not revoked | # NFT implementations comparison (/blockchain-basics/standard/tokens/nft/comparison) This page compares the available standards for each layer of the NFT protocol on TON. The protocol has two layers — `Collection` and `Item` — and you can mix standards between layers since they are independent of each other. <Aside type="note" title="Scope"> This page focuses on high‑level capabilities and typical trade‑offs. For low‑level details, see [How it Works](/blockchain-basics/standard/tokens/nft/how-it-works). </Aside> ## Collection [#collection] Short overview: * Default Collection: canonical implementation. * cNFT (compressed NFT): optimized for mass distribution. | Capability | Default Collection | cNFT Collection | | ---------------------------- | -------------------------------------------------------------- | -------------------------------------------------------------- | | Deployment & minting flow | Items are minted by the creator | Any user with a valid proof can deploy their item | | Who pays for item deployment | Creator in most flows | Costs shifted to the audience | | Eligibility/allowlist | Custom off‑chain/on‑chain logic, usually controlled by creator | On‑chain Merkle allowlist, root readable via `get_merkle_root` | | Minting permissions | Typically restricted to the creator | Open to any user who provides a valid Merkle proof | | Typical use cases | Curated drops, controlled minting | Mass airdrops, growth campaigns, very large audiences | | Key trade‑offs | Creator bears mint costs; tighter control | Lower creator cost; proof UX and distribution setup required | ### cNFT [#cnft] A cNFT (compressed NFT) combines a [standard NFT](/blockchain-basics/standard/tokens/nft/overview) with an [airdrop‑style distribution](/blockchain-basics/standard/tokens/airdrop), optimized for large distributions and for shifting minting costs from the creator to end users via [Merkle‑proof](/blockchain-basics/primitives/serialization/merkle)‑based self‑deployment. NFT items are self‑deployed by users using Merkle proofs instead of [airdrop markers](/blockchain-basics/standard/tokens/airdrop#markers). ### Additional: Royalty [#additional-royalty] Royalty is defined at the collection level and exposed via `get_royalty_params` ([TEP‑66](https://github.com/ton-blockchain/TEPs/blob/1e5b2c4c8290d88d6bc3ddc4729812e3ac232c00/text/0066-nft-royalty-standard.md)). Any collection implementation can follow this model. Marketplaces can rely on this model and pay royalties to the collection creator regardless of how the collection was deployed. ## Item [#item] Short overview: * Default Item: fully transferable NFT item that implements the standard transfer operation. * SBT (Soulbound Token): a non‑transferable NFT bound to a specific owner by design. | Capability | Default Item | SBT (Soulbound Token) | | ----------------- | ----------------------------------------- | ------------------------------------------------------------ | | Transferability | ✅ Yes | ❌ No | | Typical use cases | Art, collectibles, tickets, gaming assets | Identity, credentials, achievements, non‑transferable badges | ### SBT [#sbt] An SBT inherits the uniqueness and metadata model of NFTs but disables transfer operations, binding the token permanently to the recipient's address after mint. This makes SBTs well‑suited for identity and credentials: attendance records, participation proofs, and non‑transferable achievements. It also has an on‑chain API to prove ownership of an SBT item. #### Core functionality [#core-functionality] SBTs provide several key operations that enable secure credential management: * *Ownership binding* - the owner is set at mint time and never changes, ensuring permanent association with the recipient. * *Ownership proof* - allows the owner to request the SBT to send a proof to a target contract confirming ownership, with optional content attachment. * *Owner information requests* - any party can request current owner information and optional content from the SBT. * *SBT destruction* - the owner can destroy the SBT contract, clearing ownership and authority fields. * *Revocation mechanism* - the authority can mark the SBT as revoked, preventing further use while maintaining historical records. ## Single NFT (no collection) [#single-nft-no-collection] A Single NFT is an item contract deployed without an associated collection. It keeps the same ownership semantics but omits shared collection metadata and indexing. * When to use: one‑off assets, experimental pieces, or cases where collection‑level coordination is unnecessary. * Metadata: stored entirely on the item. * Discoverability: there is no collection index; external indexers or explicit links are used to surface the item. * Trade‑offs: simpler setup but fewer shared features (no collection‑wide royalty/config, no batch queries by index). # How to deploy an NFT item (/blockchain-basics/standard/tokens/nft/deploy) The creator sends a message to the collection contract, which deploys a new NFT item with the specified data: the initial owner and the item-specific content. The [NFT standard](/blockchain-basics/standard/tokens/nft/overview) does not prescribe how this data must be supplied; implementations may vary. Typically, the creator provides the initial owner and item-specific content for each NFT, or this information is derived from the collection itself. <Image src="/resources/images/nft/nft_deploy.svg" alt="Diagram of an NFT item deployment from a collection contract" /> Since the deployment process is not specified by the standard, logic can vary, and the recipes on this page might not apply to every contract. The [reference NFT implementation](/blockchain-basics/standard/tokens/nft/nft-reference#deploy-single-item) and most modifications follow the same path: the collection owner sends a message with deploy parameters to the collection, and the collection deploys the item. ## Deploy an item with a wallet [#deploy-an-item-with-a-wallet] To deploy an item from a [wallet](/blockchain-basics/standard/wallets/how-it-works), send a message from the wallet to the collection contract. ### Prerequisites [#prerequisites] * [Node.js](https://nodejs.org/en/download) 22+ * Packages: [`@ton/ton`](https://github.com/ton-org/ton), [`@ton/core`](https://github.com/ton-org/ton-core), [`@ton/crypto`](https://github.com/ton-org/ton-crypto) * A funded Testnet wallet mnemonic in the `MNEMONIC` environment variable * The sending wallet must be the collection owner; otherwise the collection rejects deployments <Aside type="danger" title="Funds and secrets"> This procedure spends funds, uses a wallet mnemonic, and interacts with a collection contract. Run it on Testnet first to test the desired behavior. </Aside> The following example uses the `@ton/ton` stack for TypeScript. These libraries provide interfaces to work with wallet contracts and compose messages. ```ts expandable import { Address, beginCell, internal, toNano } from "@ton/core"; import { TonClient, WalletContractV5R1, SendMode } from "@ton/ton"; import { mnemonicToPrivateKey } from "@ton/crypto"; const collectionAddress = Address.parse("<COLLECTION_ADDRESS>"); const recipientAddress = Address.parse("<RECIPIENT_ADDRESS>"); const itemContent = "<ITEM_CONTENT>"; async function main() { // Toncenter endpoint (Testnet) const client = new TonClient({ endpoint: "https://testnet.toncenter.com/api/v2/jsonRPC", }); // Obtain the next item index const nextItemIndex = ( await client.runMethod( collectionAddress, "get_collection_data", ) ).stack.readBigNumber(); // Read the next item index. See the explanation after the code. // individual content const content = beginCell() .storeStringTail(itemContent) .endCell(); const body = beginCell() // deploy opcode .storeUint(1, 32) // query id .storeUint(0, 64) .storeUint(nextItemIndex, 64) // Forwarded to the new item as its initial balance. // Ensure `value` >= this amount + all fees. .storeCoins(toNano("0.005")) .storeRef( beginCell() .storeAddress(recipientAddress) .storeRef(content) .endCell(), ) .endCell(); // Compose deploy message const msg = internal({ to: collectionAddress, // Total attached to the collection. Must cover // the forwarded amount below (0.005) plus // execution/storage fees; // keep a safety margin (e.g., 0.01-0.02 TON) value: toNano("0.01"), bounce: true, body, }); // Initialize wallet const mnemonic = process.env.MNEMONIC; if (!mnemonic) { throw new Error("Set MNEMONIC"); } const keyPair = await mnemonicToPrivateKey( mnemonic.split(" ") ); const walletContract = client.open( WalletContractV5R1.create({ workchain: 0, // basechain publicKey: keyPair.publicKey, }), ); // Send the mint message through the wallet const seqno = await walletContract.getSeqno(); await walletContract.sendTransfer({ seqno: seqno, secretKey: keyPair.secretKey, // Good practice to use these modes for // regular wallet transfers sendMode: SendMode.IGNORE_ERRORS | SendMode.PAY_GAS_SEPARATELY, messages: [msg], }); } void main(); ``` Where * `<COLLECTION_ADDRESS>` — the collection contract address. * `<RECIPIENT_ADDRESS>` — the initial owner address for the new item. * `<ITEM_CONTENT>` — item-specific content path or key (for example, `0.json`). Explanation of body cell composition: * `.storeUint(1, 32)` — operation code `1` selects "deploy single item" in the [reference collection contract](/blockchain-basics/standard/tokens/nft/nft-reference#deploy-single-item). [TEP-62](https://github.com/ton-blockchain/TEPs/blob/f10a373fcb9276ba92b225f294998a43af53dcbf/text/0062-nft-standard.md) does not specify this opcode, so in custom implementations, this can differ. * `.storeUint(0, 64)` — `query_id`. Used for correlating responses with requests. It has no impact on deployment logic and `0` is a commonly used placeholder in cases where no extra logic relies on it. * `.storeUint(nextItemIndex, 64)` — `item_index`. Index of the item to deploy, obtained from the collection's `get_collection_data` get-method. See [Return collection data](/blockchain-basics/standard/tokens/nft/nft-reference#return-collection-data). * `.storeCoins(toNano("0.005"))` — amount forwarded to the new item at deployment to cover its initial balance/fees. Adjust if extra item contract logic requires more. TL-B for the reference implementation ```tlb deploy_nft#00000001 query_id:uint64 item_index:uint64 amount:Coins content:^Cell = InternalMsgBody; ``` In the [reference contract](/blockchain-basics/standard/tokens/nft/nft-reference#deploy-single-item), the body for `op=1` consists of `query_id`, `item_index`, `amount`, and a reference to `content`. See the [TL-B overview](/blockchain-basics/languages/tl-b/overview). ### Verify [#verify] * In a block explorer, confirm the transaction for `<COLLECTION_ADDRESS>` succeeded and inspect the transaction trace to see the internal message that deployed the item. * To verify via code: call [`get_nft_address_by_index(<INDEX>)`](/blockchain-basics/standard/tokens/nft/nft-reference#return-item-address-by-index) — where `<INDEX>` is the item index used in the deploy message (the `next_item_index` read from `get_collection_data`) — on the collection to obtain the item address; then call [`get_nft_data`](/blockchain-basics/standard/tokens/nft/nft-reference#return-item-data) on the item and check that the owner is `<RECIPIENT_ADDRESS>` and the content is `<ITEM_CONTENT>`. ## Deploy an item with a smart contract [#deploy-an-item-with-a-smart-contract] To deploy an item from a smart contract, send a message from the contract to the collection contract. ### Prerequisites [#prerequisites-1] * Enough Testnet funds on the calling contract to cover fees and attached value (for example, ≥ 0.02 TON) * `<COLLECTION_ADDRESS>`, `<RECIPIENT_ADDRESS>`, `<INDEX>`, `<ITEM_CONTENT>` * The calling contract must be the collection owner; otherwise the collection rejects deployments <Aside type="danger" title="Funds and secrets"> This smart contract interacts with a collection contract. Run it on Testnet first to test the desired behavior. </Aside> The following example is a minimal smart contract that only implements the item deployment logic. In real deployments, this is integrated into a larger flow. ```tolk title="Tolk" // SnakeString describes a (potentially long) string inside a cell; // short strings are stored as-is, like "my-picture.png"; // long strings are nested refs, like "xxxx".ref("yyyy".ref("zzzz")) type SnakeString = slice fun SnakeString.unpackFromSlice(mutate s: slice) { // SnakeString can only be the last: it's "the remainder"; // for correctness, it's better to validate it has no more refs: assert (s.remainingRefsCount() <= 1) throw 5; val snakeRemainder = s; s = createEmptySlice(); // no more left to read return snakeRemainder } fun SnakeString.packToBuilder(self, mutate b: builder) { b.storeSlice(self) } struct NftItemInitAtDeployment { recipientAddress: address content: Cell<SnakeString> } struct (0x00000001) DeployNft { queryId: uint64 itemIndex: uint64 attachTonAmount: coins initParams: Cell<NftItemInitAtDeployment> } fun onInternalMessage(in: InMessage) { // The whole logic will be in `onInternalMessage` // for demonstration purposes. In real deployments this should // usually be gated behind authorization and other checks. val deploy = DeployNft { queryId: 0, itemIndex: <INDEX>, // will be sent to the item contract on deployment attachTonAmount: ton("0.005"), initParams: NftItemInitAtDeployment { recipientAddress: address("<RECIPIENT_ADDRESS>"), content: ("<ITEM_CONTENT>" as SnakeString).toCell() }.toCell() }; val msg = createMessage({ bounce: true, dest: address("<COLLECTION_ADDRESS>"), value: ton("0.01"), body: deploy }); msg.send(SEND_MODE_PAY_FEES_SEPARATELY); } ``` Where * `<COLLECTION_ADDRESS>` — the collection contract address. * `<RECIPIENT_ADDRESS>` — the initial owner address for the new item. * `<INDEX>` — item's index. Note that obtaining the actual index on-chain is [not possible](/overview/learn-more/from-ethereum#on-chain-get-methods), so a smart contract that performs these deployments should handle that logic itself (for example, store the latest used index and increment it on each deployment). * `<ITEM_CONTENT>` — item-specific content path or key (for example, `0.json`). The top of the snippet defines structs for the deploy message and can be modified depending on the NFT implementation specifics. The sending logic lives in `onInternalMessage` for simplicity. It composes a message with hard-coded example values and sends that message to the collection contract. ### Verify [#verify-1] * In a block explorer, confirm the transaction from the calling contract to `<COLLECTION_ADDRESS>` succeeded and inspect the transaction trace to see the internal message that deployed the item. * To verify via code: call [`get_nft_address_by_index(<INDEX>)`](/blockchain-basics/standard/tokens/nft/nft-reference#return-item-address-by-index) on the collection to obtain the item address, then call [`get_nft_data`](/blockchain-basics/standard/tokens/nft/nft-reference#return-item-data) on the item and check that the owner is `<RECIPIENT_ADDRESS>` and the content is `<ITEM_CONTENT>`. # NFT: How it works (/blockchain-basics/standard/tokens/nft/how-it-works) Core concepts and processes behind Non‑Fungible Tokens (NFTs) in the TON Blockchain, aligned with [TEP‑62](https://github.com/ton-blockchain/TEPs/blob/1fbc23cac69723c53251f686ec90d81bf0e83443/text/0062-nft-standard.md). ## Related smart contracts [#related-smart-contracts] Standardized NFTs on TON are implemented using a set of smart contracts, including: * NFT collection smart contract * NFT item smart contract The NFT standard provides only a general interaction scheme, leaving specific implementation details to developers. <Image src="/resources/images/nft/collection_light.png" darkSrc="/resources/images/nft/collection_dark.png" alt="NFT collection" /> ### NFT collection [#nft-collection] The collection is the source of truth for items. It should provide each NFT item's address, its own collection metadata, and, given an index and individual item metadata, can provide full item metadata. ### NFT item [#nft-item] Following TON's [contract sharding](/blockchain-basics/contract-dev/techniques/contract-sharding) approach, each NFT item is its own smart contract account. It provides the collection address, index, current owner, and individual metadata. On a valid transfer from the current owner, it updates the owner, optionally notifies the new owner, and returns excess Toncoin to the specified address. <Aside type="caution"> Not every NFT that stores a collection address actually belongs to that collection. [Verify](/blockchain-basics/standard/tokens/nft/verify) that the collection returns the item's address for the item's index. </Aside> ## Transfer NFT item [#transfer-nft-item] The current owner sends a transfer message to the NFT item contract. The item updates its owner field and, optionally, sends a notification and/or excess Toncoin to the specified addresses. <Mermaid chart="flowchart TD A[Current Owner sends<br/>transfer request] --> B[NFT item updates owner field] B --> C{forward_amount > 0?} C -->|Yes| D[Send ownership_assigned to <br/> new owner] C -->|No| E[Skip notification] D --> F[Send excesses to <br/> response_destination] E --> F" /> Transfer message body contains the following data: | Field | Type | Description | | ---------------------- | ------------------- | ------------------------------------------------------------------------ | | `transfer` | `uint32` | tag equal to `0x5fcc3d14` | | `query_id` | `uint64` | arbitrary request number | | `new_owner` | `MsgAddress` | address of the new owner of the NFT item | | `response_destination` | `MsgAddress` | optional address to receive excess Toncoin, usually the sender's address | | `custom_payload` | `Maybe ^Cell` | optional custom data | | `forward_amount` | `VarUInteger 16` | the amount of Toncoin to be sent to the new owner | | `forward_payload` | `Either Cell ^Cell` | optional data that should be forwarded to the new owner | ```tlb TL-B transfer#5fcc3d14 query_id:uint64 new_owner:MsgAddress response_destination:MsgAddress custom_payload:(Maybe ^Cell) forward_amount:(VarUInteger 16) forward_payload:(Either Cell ^Cell) = InternalMsgBody; ``` Ownership notification message body (`ownership_assigned`) contains the following data: | Field | Type | Description | | -------------------- | ------------------- | ---------------------------------------------- | | `ownership_assigned` | `uint32` | tag equal to `0x05138d91` | | `query_id` | `uint64` | should be equal to request's `query_id` | | `prev_owner` | `MsgAddress` | address of the previous owner of this NFT item | | `forward_payload` | `Either Cell ^Cell` | should be equal to request's `forward_payload` | ```tlb TL-B ownership_assigned query_id:uint64 prev_owner:MsgAddress forward_payload:(Either Cell ^Cell) = InternalMsgBody; ``` Excess message body (`excesses`) contains the following data: | Field | Type | Description | | ---------- | -------- | --------------------------------------- | | `excesses` | `uint32` | tag equal to `0xd53276db` | | `query_id` | `uint64` | should be equal to request's `query_id` | ```tlb TL-B excesses query_id:uint64 = InternalMsgBody; ``` The transfer must be rejected if: 1. The inbound message is not from the current owner. 2. There are not enough coins (considering storage fee guidelines) to process the operation and send `forward_amount`. ## Get static data [#get-static-data] Anyone can send a `get_static_data` message to an NFT item to request its static data (index and collection address). The item responds with `report_static_data` message using [send mode `64`](/blockchain-basics/primitives/messages/modes) (return message amount except gas fees). Get static data message body contains the following data: | Field | Type | Description | | ----------------- | -------- | ------------------------- | | `get_static_data` | `uint32` | tag equal to `0x2fcb26a2` | | `query_id` | `uint64` | arbitrary request number | ```tlb TL-B get_static_data#2fcb26a2 query_id:uint64 = InternalMsgBody; ``` Report static data message body contains the following data: | Field | Type | Description | | -------------------- | ------------ | ------------------------------------------------------------------------- | | `report_static_data` | `uint32` | tag equal to `0x8b771735` | | `query_id` | `uint64` | should be equal to request's `query_id` | | `index` | `uint256` | numerical index of this NFT in the collection | | `collection` | `MsgAddress` | address of the smart contract of the collection to which this NFT belongs | ```tlb TL-B report_static_data#8b771735 query_id:uint64 index:uint256 collection:MsgAddress = InternalMsgBody; ``` ## Best practices [#best-practices] * Metadata referenced by each link should be permanent. If you need to change it, send a transaction that updates the reference. * Be mindful of TON’s asynchronous nature: on‑chain “current owner” reads may become stale by the time you act on them. # How to get NFT item metadata (/blockchain-basics/standard/tokens/nft/metadata) NFT [metadata](/blockchain-basics/standard/tokens/metadata) is split into two parts: the collection stores collection-wide data, and the item stores item-specific data, which may not include the full metadata. <Image src="/resources/images/nft/nft_metadata_light.png" darkSrc="/resources/images/nft/nft_metadata_dark.png" alt="Diagram showing how NFT metadata is divided between collection and item contracts" /> ### High level [#high-level] There is a TON Center [API method](/applications/api/toncenter/v3/accounts/metadata) that retrieves NFT metadata. ### Low level [#low-level] To get full NFT metadata manually: 1. If it is not known, resolve the NFT item address by its index from the collection using [`get_nft_address_by_index(index)`](/blockchain-basics/standard/tokens/nft/api#get-nft-address-by-index). 2. Get the individual content from the item contract using [`get_nft_data()`](/blockchain-basics/standard/tokens/nft/api#get-nft-data). 3. Get the full metadata from the collection contract using [`get_nft_content(index, individual_content)`](/blockchain-basics/standard/tokens/nft/api#get-nft-content). # NFT: reference implementation (/blockchain-basics/standard/tokens/nft/nft-reference) The NFT standard ([TEP-62](https://github.com/ton-blockchain/TEPs/blob/0d7989fba6f2d9cb08811bf47263a9b314dc5296/text/0062-nft-standard.md)) describes the required messages and get-methods. The NFT royalty standard ([TEP-66](https://github.com/ton-blockchain/TEPs/blob/0d7989fba6f2d9cb08811bf47263a9b314dc5296/text/0066-nft-royalty-standard.md)) describes a standard way to implement royalty information for NFT sales. The token data standard ([TEP-64](https://github.com/ton-blockchain/TEPs/blob/0d7989fba6f2d9cb08811bf47263a9b314dc5296/text/0064-token-data-standard.md)) describes available formats for metadata of tokens. A widely used [reference implementation](https://github.com/ton-blockchain/token-contract/tree/1182ad99413242f09925d50e70ccb7e0e09f94d4/nft) follows these standards for simple NFTs with only the essential mechanics. This page explains the reference implementation, what you can extend, and what must remain unchanged. The [nft-contract repository](https://github.com/ton-blockchain/nft-contract) contains multiple smart contracts written in [FunC](/blockchain-basics/languages/func/overview) language, including additional ones for NFT sales. This page describes the collection and item smart contracts, as they are the only necessary ones per standard. ## Collection [#collection] The full source code is in [nft-collection.fc](https://github.com/ton-blockchain/token-contract/blob/1182ad99413242f09925d50e70ccb7e0e09f94d4/nft/nft-collection.fc) file. The TEP-62 standard only requires the implementation of get‑methods: `get_collection_data()`, `get_nft_address_by_index(int index)`, and `get_nft_content(int index, cell individual_content)`. The TEP‑66 standard also adds the `royalty_params()` get‑method, a `get_royalty_params` message for requesting royalty parameters on‑chain, and a `report_royalty_params` message for the response containing these parameters. All other behavior is implementation‑specific. This includes any kind of modifications to the logic of minting new items, managing ownership of the collection, changing metadata, and other features. The reference implementation, for example, implements the ownership management feature and two ways of minting items: singular and batched. Both of these are outside the scope of the standards but are common and needed in most cases. These features are optional and can be removed or replaced. | Capability | Requirement | | -------------------------------------------------------------------- | ---------------------------------------------- | | `get_collection_data` (get-method) | Required by TEP-62 | | `get_nft_address_by_index` (get-method) | Required by TEP-62 | | `get_nft_content` (get-method) | Required by TEP-62, data format follows TEP-64 | | `royalty_params` (get-method) | Required by TEP-66 | | `get_royalty_params` (inbound internal message) | Required by TEP-66 | | `report_royalty_params` (outbound internal message) | Required by TEP-66 | | Deploy single item, `op=1` (inbound internal message, owner-only) | Optional | | Deploy batch of items, `op=2` (inbound internal message, owner-only) | Optional | | Change owner, `op=3` (inbound internal message, owner-only) | Optional | Here, `op` means a 32‑bit operation code placed at the start of an internal message body. Contracts use it to dispatch messages to different handlers. The numeric values are local to this contract; they just need to be unique within its dispatcher. See the [Messages overview](/blockchain-basics/primitives/messages/overview) for more background. ### Storage [#storage] The storage scheme itself is not defined by these standards, so it can be arbitrary. The reference collection contract contains 5 fields: `owner_address`, `next_item_index`, `content`, `nft_item_code`, and `royalty_params`. Some of them are self‑explanatory, while `content` and `royalty_params` need additional explanation below. Storage loading and saving is implemented with simple functions `load_data` and `save_data`: ```func (slice, int, cell, cell, cell) load_data() inline { var ds = get_data().begin_parse(); return (ds~load_msg_addr(), ;; owner_address ds~load_uint(64), ;; next_item_index ds~load_ref(), ;; content ds~load_ref(), ;; nft_item_code ds~load_ref() ;; royalty_params ); } () save_data(slice owner_address, int next_item_index, cell content, cell nft_item_code, cell royalty_params) impure inline { set_data(begin_cell() .store_slice(owner_address) .store_uint(next_item_index, 64) .store_ref(content) .store_ref(nft_item_code) .store_ref(royalty_params) .end_cell()); } ``` The `content` [cell](/blockchain-basics/primitives/serialization/cells) in this contract contains 2 cells in [references](/blockchain-basics/primitives/serialization/cells): `collection_content` containing metadata of the collection itself, and `common_content` containing the common prefix for individual items' metadata. The `royalty_params` cell contains 3 values: `royalty_factor` which is a numerator, `royalty_base` which is a denominator, and `royalty_address` which is the address where royalties are sent. ### Child contracts [#child-contracts] The collection and item contracts implement a classic [parent–child pattern](/blockchain-basics/contract-dev/techniques/contract-sharding), where the collection acts as the parent and items are children. Therefore, the collection implements functionality to deploy its children, and the contract keeps the `nft_item_code` field in storage. The contract uses helper functions to compose [`StateInit`](/blockchain-basics/primitives/messages/deploy) — roughly, the package that holds a contract’s initial code and data used to derive its address and deploy it — calculate addresses, and send deploy messages for NFT items. First, `calculate_nft_item_state_init` composes a `StateInit` cell of an NFT item with a given `item_index`. It composes a data cell following the expected storage schema of the item contract. Then the data and code cells are placed in a final `StateInit` cell following the format required by the TON blockchain. It uses the `store_dict` builder to encode optional references; it does not store dictionaries. This can be replaced with a more self‑explanatory [`store_maybe_ref`](/blockchain-basics/languages/func/stdlib#store-maybe-ref) builder which does the same thing. It stores a single bit `0` in a builder if the cell is null, otherwise bit `1` and a cell as a reference. ```func cell calculate_nft_item_state_init(int item_index, cell nft_item_code) { cell data = begin_cell().store_uint(item_index, 64).store_slice(my_address()).end_cell(); return begin_cell().store_uint(0, 2).store_dict(nft_item_code).store_dict(data).store_uint(0, 1).end_cell(); } ``` The `calculate_nft_item_address` function takes `state_init` composed by `calculate_nft_item_state_init`, along with `wc` (the [workchain](/foundations/glossary#workchain) for the resulting address). It calculates the address by hashing the `StateInit` and composing a [`MsgAddressInt`](/blockchain-basics/primitives/addresses/overview#internal-addresses) slice according to the format required by the TON blockchain. ```func slice calculate_nft_item_address(int wc, cell state_init) { return begin_cell().store_uint(4, 3) .store_int(wc, 8) .store_uint(cell_hash(state_init), 256) .end_cell() .begin_parse(); } ``` `deploy_nft_item` builds the `StateInit`, derives the address, and sends the deploy message. It calls `calculate_nft_item_state_init` to compose the `StateInit`, then `calculate_nft_item_address` with `workchain()` to derive the contract's workchain (reference implementation uses `0` for [basechain](/blockchain-basics/primitives/addresses/overview#workchain-id)), and finally composes and sends the deploy message with the `StateInit` and content (using [`send_raw_message`](/blockchain-basics/languages/func/stdlib#send-raw-message)). ```func () deploy_nft_item(int item_index, cell nft_item_code, int amount, cell nft_content) impure { cell state_init = calculate_nft_item_state_init(item_index, nft_item_code); slice nft_address = calculate_nft_item_address(workchain(), state_init); var msg = begin_cell() .store_uint(0x18, 6) .store_slice(nft_address) .store_coins(amount) .store_uint(4 + 2 + 1, 1 + 4 + 4 + 64 + 32 + 1 + 1 + 1) .store_ref(state_init) .store_ref(nft_content); send_raw_message(msg.end_cell(), 1); ;; pay transfer fees separately, revert on errors } ``` Note on `.store_uint(0x18, 6)` and `.store_uint(0x10, 6)`: * These 6 leading bits encode the start of `CommonMsgInfo` for an internal message: `int_msg_info$0 ihr_disabled:Bool bounce:Bool bounced:Bool src:MsgAddress …` (see [message layout](/blockchain-basics/whitepapers/tblkch#3-1-7-message-layout)). Concretely, the 6 bits are: * `tag` = `0` — selects `int_msg_info$0` (internal message info). * `ihr_disabled` — set to `1` to disable IHR (Instant Hypercube Routing). IHR is a legacy delivery mode and is not used in TON; contracts should always keep it disabled. See [Hypercube routing](/blockchain-basics/primitives/shards). * `bounce` — if `1`, the message will bounce back on errors during compute/action phases; if `0`, it will not bounce. We use `bounce=1` (0x18) for deploys to child items so the collection gets its funds back on failure, and `bounce=0` (0x10) for royalty replies to avoid bounces and ensure crediting wallets/uninitialized addresses. See [Bounce phase](/blockchain-basics/primitives/phases#bounce-phase). * `bounced` — set to `0` in outbound messages you build. This bit is meaningful only for inbound messages: when the blockchain generates a bounce, the inbound copy has `bounced=1`. Validators construct such bounce messages themselves; your outbound value does not make a message “bounced”. In normal sends, keep it `0`. * `src` — we serialize `addr_none` (the `00` tag). Validators replace it with the current contract address during the action phase, so you don’t need to spend bits storing the full source address. See [`send_raw_message`](/blockchain-basics/languages/func/stdlib#send-raw-message). Therefore: * `.store_uint(0x18, 6)` → `011000`: `ihr_disabled=1`, `bounce=1` (bounceable), `bounced=0`, `src=addr_none`. Used for deploy messages to child items. * `.store_uint(0x10, 6)` → `010000`: `ihr_disabled=1`, `bounce=0` (non‑bounceable), `bounced=0`, `src=addr_none`. Used for replies like `report_royalty_params` to avoid bounces. The destination comes next (`.store_slice(nft_address)`), followed by `value`, fees, timestamps, and optionally `StateInit` and body, as detailed below. Note on `.store_uint(4 + 2 + 1, 1 + 4 + 4 + 64 + 32 + 1 + 1 + 1)`: * The right‑hand argument (bit width) is the total size of the remaining header fields we serialize in one shot, in this order (mapped to the TL‑B schema): * `1` — `ExtraCurrencyCollection` presence bit inside `value:CurrencyCollection` (see [`CurrencyCollection`](/blockchain-basics/whitepapers/tblkch#3-1-6-representing-collections-of-arbitrary-currencies) and the [credit phase](/blockchain-basics/whitepapers/tblkch#4-3-4-description-of-a-credit-phase)). * `4` — length prefix for `ihr_fee:Grams` (encoded as `VarUInteger 16`: 4‑bit length `len` then `len` bytes; writing `0000` here encodes zero). See [`LDGRAMS`](/blockchain-basics/tvm/instructions#fa00-ldgrams). * `4` — length prefix for `fwd_fee:Grams` (same `VarUInteger 16` rule; `0000` means zero). See [`LDGRAMS`](/blockchain-basics/tvm/instructions#fa00-ldgrams). * `64` — `created_lt:uint64` from `CommonMsgInfo` (we write `0`; validators rewrite the actual logical time). See [message layout](/blockchain-basics/whitepapers/tblkch#3-1-7-message-layout). * `32` — `created_at:uint32` from `CommonMsgInfo` (we write `0`; validators rewrite the block Unix time). See [message layout](/blockchain-basics/whitepapers/tblkch#3-1-7-message-layout). * `1` — `init:(Maybe (Either StateInit ^StateInit))` presence flag (0 = no `StateInit`, 1 = present). See [message layout](/blockchain-basics/whitepapers/tblkch#3-1-7-message-layout). * `1` — selector for the `Either` inside `init` (0 = inline `StateInit` follows, 1 = `^StateInit` by reference). In our case it is `1`, and `.store_ref(state_init)` follows. See [message layout](/blockchain-basics/whitepapers/tblkch#3-1-7-message-layout). * `1` — selector for `body:(Either X ^X)` (0 = inline body follows, 1 = body is provided by reference). In our case it is `1`, and `.store_ref(nft_content)` follows. See [message layout](/blockchain-basics/whitepapers/tblkch#3-1-7-message-layout). * The left‑hand value `4 + 2 + 1` sets the three one‑bit selectors at the end of this header block to `1` (while earlier bits remain `0`). In order, they encode: * `init` is present (`Maybe …` = 1), * `init` is stored by reference (`Either StateInit ^StateInit` = 1), * body is stored by reference (`Either X ^X` = 1). See [message layout](/blockchain-basics/whitepapers/tblkch#3-1-7-message-layout). This idiom is a terse way to zero‑initialize the residual CommonMsgInfo/Message fields and set only the required selector bits, instead of writing several consecutive `.store_uint(0, …)` calls followed by individual one‑bit writes. These three functions are used for minting new items and returning item addresses in get‑methods. ### Internal messages [#internal-messages] NFT standards only require one message to be processed in a specific way: `get_royalty_params`. All other logic for processing incoming messages can be arbitrary, but this reference contract shows a good example of how it can be organized for NFTs. The `recv_internal` function starts with incoming message parsing boilerplate: ```func () recv_internal(cell in_msg_full, slice in_msg_body) impure { if (in_msg_body.slice_empty?()) { ;; ignore empty messages return (); } slice cs = in_msg_full.begin_parse(); int flags = cs~load_uint(4); ;; the `int_msg_info$0 ihr_disabled:Bool bounce:Bool bounced:Bool` part of CommonMsgInfo if (flags & 1) { ;; ignore all bounced messages by checking last bit of `flags` variable return (); } slice sender_address = cs~load_msg_addr(); ;; the `src:MsgAddressInt` part of CommonMsgInfo ;; ... } ``` Then it parses `op` and `query_id` from incoming message body, and loads the storage data: ```func () recv_internal(cell in_msg_full, slice in_msg_body) impure { ;; ... int op = in_msg_body~load_uint(32); int query_id = in_msg_body~load_uint(64); var (owner_address, next_item_index, content, nft_item_code, royalty_params) = load_data(); ;; ... } ``` #### Request royalty parameters [#request-royalty-parameters] The `get_royalty_params` message is the only inbound message handling required by TEP-66. On receipt, the contract sends a `report_royalty_params` message back to the sender with the `royalty_params` field from storage. The helper `send_royalty_params` is mostly boilerplate: it sends a [non‑bounceable](/blockchain-basics/primitives/addresses/formats) message (see [bounce behavior](/blockchain-basics/primitives/phases#bounce-phase)) with a body following the standard and carries the value of the incoming message. Why non‑bounceable? The reply can go to any sender, including wallets or even uninitialized accounts. Making the response non‑bounceable ensures the value forwarded with `mode = 64` credits the requester even if it cannot execute code. It also avoids accidental bounces. ```func () send_royalty_params(slice to_address, int query_id, slice data) impure inline { var msg = begin_cell() .store_uint(0x10, 6) ;; nobounce - int_msg_info$0 ihr_disabled:Bool bounce:Bool bounced:Bool src:MsgAddress .store_slice(to_address) .store_coins(0) .store_uint(0, 1 + 4 + 4 + 64 + 32 + 1 + 1) .store_uint(op::report_royalty_params(), 32) ;; opcode required by standard .store_uint(query_id, 64) ;; same query_id as request .store_slice(data); send_raw_message(msg.end_cell(), 64); ;; carry all the remaining value of the inbound message } () recv_internal(cell in_msg_full, slice in_msg_body) impure { ;; ... if (op == op::get_royalty_params()) { send_royalty_params(sender_address, query_id, royalty_params.begin_parse()); return (); } ;; ... } ``` The contract implements several owner-only features and verifies ownership first: ```func () recv_internal(cell in_msg_full, slice in_msg_body) impure { ;; ... throw_unless(401, equal_slices(sender_address, owner_address)); ;; ... } ``` Then there are 3 features: deploy single item (opcode `1`), deploy a batch of items (opcode `2`), and change owner (opcode `3`). The chosen opcodes are arbitrary. #### Deploy single item [#deploy-single-item] It parses the incoming message and expects it to contain 3 values: `item_index:uint64`, `amount:Coins`, and `content:^Cell` ([TL‑B](/blockchain-basics/languages/tl-b/overview) notation — the `^` means this field is stored in a separate referenced cell, i.e., the message carries a reference to a child [cell](/blockchain-basics/primitives/serialization/cells) that contains the content). It checks the item index to be less than or equal to the `next_item_index` from storage. Then it calls a helper function `deploy_nft_item`, which deploys the new NFT item. Lastly, if the item index equals `next_item_index`, it increments `next_item_index` to update the last item index. ```func () recv_internal(cell in_msg_full, slice in_msg_body) impure { ;; ... if (op == 1) { ;; deploy new nft int item_index = in_msg_body~load_uint(64); throw_unless(402, item_index <= next_item_index); var is_last = item_index == next_item_index; deploy_nft_item(item_index, nft_item_code, in_msg_body~load_coins(), in_msg_body~load_ref()); if (is_last) { next_item_index += 1; save_data(owner_address, next_item_index, content, nft_item_code, royalty_params); } return (); } ;; ... } ``` #### Batch deploy items [#batch-deploy-items] This feature is useful when you need to deploy many NFTs at once, for example when minting some initial items. It takes a single `deploy_list` dictionary from the message where keys are item indices and values are cells containing amounts of TON to attach to deployment, and content cells, similar to the values parsed by the singular deploy feature above. It traverses the dictionary in ascending order of indices and limits the batch to ≤249 items to stay comfortably under the [action list limit](/blockchain-basics/primitives/limits#message-and-transaction-limits) of 255 actions per transaction. This reference contract chooses a lower cap than the maximum as a safety margin. The logic is straightforward. The loop uses [`~udict::delete_get_min(64)`](/blockchain-basics/languages/func/stdlib#dict-delete-get-min) to get and delete the item with the minimum unsigned 64‑bit key. It does that on each iteration and increments `counter` each iteration to avoid exceeding the action list limit. The deployment logic is the same as for the singular deployment feature above. ```func () recv_internal(cell in_msg_full, slice in_msg_body) impure { ;; ... if (op == 2) { ;; batch deploy of new nfts int counter = 0; cell deploy_list = in_msg_body~load_ref(); do { var (item_index, item, f?) = deploy_list~udict::delete_get_min(64); if (f?) { counter += 1; if (counter >= 250) { ;; Limit due to action list size throw(399); } throw_unless(403 + counter, item_index <= next_item_index); deploy_nft_item(item_index, nft_item_code, item~load_coins(), item~load_ref()); if (item_index == next_item_index) { next_item_index += 1; } } } until ( ~ f?); save_data(owner_address, next_item_index, content, nft_item_code, royalty_params); return (); } ;; ... } ``` #### Change owner [#change-owner] The last incoming message handler is for changing ownership of the collection. It parses the `new_owner` address from the incoming message body and saves contract storage with it instead of the previous `owner`. ```func () recv_internal(cell in_msg_full, slice in_msg_body) impure { ;; ... if (op == 3) { ;; change owner slice new_owner = in_msg_body~load_msg_addr(); save_data(new_owner, next_item_index, content, nft_item_code, royalty_params); return (); } ;; ... } ``` Finally, if none of the conditions above are met, which means that the opcode provided in the message does not match any of the expected ones, it throws `0xffff`, which is a common exit code for unknown‑opcode errors: ```func () recv_internal(cell in_msg_full, slice in_msg_body) impure { ;; ... throw(0xffff); } ``` ### Get-methods [#get-methods] The collection contract implements only the get‑methods required by the standards: `get_collection_data`, `get_nft_address_by_index`, `royalty_params`, and `get_nft_content`. #### Return collection data [#return-collection-data] The get‑method `get_collection_data` returns `next_item_index` (typically the number minted if minted sequentially), collection content, and an owner address. It loads the contract storage, loads the first reference from the `content` cell (which contains the collection content), and returns those values. ```func (int, cell, slice) get_collection_data() method_id { var (owner_address, next_item_index, content, _, _) = load_data(); slice cs = content.begin_parse(); return (next_item_index, cs~load_ref(), owner_address); } ``` #### Return item address by index [#return-item-address-by-index] The get‑method `get_nft_address_by_index` takes an item index and returns the item's address. It uses helper functions `calculate_nft_item_state_init` and `calculate_nft_item_address` to calculate the address. ```func slice get_nft_address_by_index(int index) method_id { var (_, _, _, nft_item_code, _) = load_data(); cell state_init = calculate_nft_item_state_init(index, nft_item_code); return calculate_nft_item_address(workchain(), state_init); } ``` #### Return royalty parameters [#return-royalty-parameters] The get‑method `royalty_params` returns royalty parameters: `numerator`, `denominator`, and `destination`, as required by the standard. These values are stored in a `royalty` cell in data, which this method parses and returns. ```func (int, int, slice) royalty_params() method_id { var (_, _, _, _, royalty) = load_data(); slice rs = royalty.begin_parse(); return (rs~load_uint(16), rs~load_uint(16), rs~load_msg_addr()); } ``` #### Compose full item content [#compose-full-item-content] The get‑method `get_nft_content` takes an item index and item content, and returns full content of the item. It composes and returns a cell following the off‑chain format for metadata from the TEP‑64 standard. This reference implementation works with an off‑chain metadata format, joining a common prefix stored in the collection contract with individual item content from the item contract. The specific way of composing the full item's content is not forced by the standard, and can be implemented in any way. Since item content in the off‑chain format is a URL pointing to a JSON with all the metadata fields, the common prefix is usually a URL to the endpoint for getting metadata for each item or a directory with all the JSON documents, for example `https://example-collection.com/items/`. Then each item can contain just the suffix of the full URL, such as `123.json`. Composing a full URL means joining these two strings, which this method does. This is the most common approach, but it's possible to implement any custom logic for composing item content, like calculating the suffix right in the get‑method from the index and allowing items to not hold any additional content. The common prefix for content is stored as a second reference in the `content` cell from the collection's contract storage. The resulting cell is then composed with an off‑chain tag `0x01`, followed by a common prefix joined with individual content in [snake format](/blockchain-basics/standard/tokens/metadata#snake-data-encoding). ```func cell get_nft_content(int index, cell individual_nft_content) method_id { var (_, _, content, _, _) = load_data(); slice cs = content.begin_parse(); cs~load_ref(); slice common_content = cs~load_ref().begin_parse(); return (begin_cell() .store_uint(1, 8) ;; offchain tag .store_slice(common_content) .store_ref(individual_nft_content) .end_cell()); } ``` ## Item [#item] The full source code is in [nft-item.fc](https://github.com/ton-blockchain/token-contract/blob/1182ad99413242f09925d50e70ccb7e0e09f94d4/nft/nft-item.fc) file. The TEP‑62 standard defines `transfer` and `get_static_data` messages that must be processed by the item contract, and a single `get_nft_data` get‑method that it must implement. In this contract, the reference implementation does not go beyond the requirements and only implements these three core features. | Capability | Requirement | | ------------------------------------------------------------- | ---------------------------------------------- | | `get_nft_data` (get-method) | Required by TEP-62, data format follows TEP-64 | | `transfer` (inbound internal message) | Required by TEP-62 | | `excesses`, `ownership_assigned` (outbound internal messages) | Required by TEP-62 | | `get_static_data`, `report_static_data` (internal messages) | Required by TEP-62 | ### Storage [#storage-1] Same as for the collection, the storage schema itself is not defined by the standard and it can be arbitrary. This contract stores only the essentials: the `index` of the item, `collection_address`, `owner_address`, and `content` with individual item content. An important consideration with this contract is that it has two states: initialized or not initialized. It is made this way to properly support deployments only by the collection contract. When the item is not initialized yet, it only has an index and collection address. Below are `load_data` and `store_data` for the item contract. Note that `load_data` also returns as the first value the boolean initialization flag, equal to `-1` if the item is initialized and `0` if not. ```func (int, int, slice, slice, cell) load_data() { slice ds = get_data().begin_parse(); var (index, collection_address) = (ds~load_uint(64), ds~load_msg_addr()); if (ds.slice_bits() > 0) { ;; initialized return (-1, index, collection_address, ds~load_msg_addr(), ds~load_ref()); } else { ;; not initialized return (0, index, collection_address, null(), null()); ;; nft not initialized yet } } () store_data(int index, slice collection_address, slice owner_address, cell content) impure { set_data( begin_cell() .store_uint(index, 64) .store_slice(collection_address) .store_slice(owner_address) .store_ref(content) .end_cell() ); } ``` ### Internal messages [#internal-messages-1] There is a boilerplate helper function for sending messages in this contract, for convenience. It composes and sends a message by taking high‑level arguments like `op` and `payload`: ```func () send_msg(slice to_address, int amount, int op, int query_id, builder payload, int send_mode) impure inline { var msg = begin_cell() .store_uint(0x10, 6) ;; nobounce - int_msg_info$0 ihr_disabled:Bool bounce:Bool bounced:Bool src:MsgAddress .store_slice(to_address) .store_coins(amount) .store_uint(0, 1 + 4 + 4 + 64 + 32 + 1 + 1) .store_uint(op, 32) .store_uint(query_id, 64); if (~ builder_null?(payload)) { msg = msg.store_builder(payload); } send_raw_message(msg.end_cell(), send_mode); } ``` The `recv_internal` function begins with boilerplate code for parsing flags, the sender address, and estimating the forward fee. The forward fee estimation assumes that all outbound messages will not be larger than the inbound message, and calculates the original forward fee of the inbound message as an upper bound. The `muldiv` operation multiplying the `fwd_fee` by 3 and dividing by 2 is an outdated way of doing that, as there exists a `get_original_fwd_fee` function which mostly does the same thing (see [TVM instructions → `GETORIGINALFWDFEE`](/blockchain-basics/tvm/instructions#f83a-getoriginalfwdfee)). ```func () recv_internal(int my_balance, int msg_value, cell in_msg_full, slice in_msg_body) impure { if (in_msg_body.slice_empty?()) { ;; ignore empty messages return (); } slice cs = in_msg_full.begin_parse(); int flags = cs~load_uint(4); ;; the `int_msg_info$0 ihr_disabled:Bool bounce:Bool bounced:Bool` part of CommonMsgInfo if (flags & 1) { ;; ignore all bounced messages by checking last bit of `flags` variable return (); } slice sender_address = cs~load_msg_addr(); ;; the `src:MsgAddressInt` part of CommonMsgInfo cs~load_msg_addr(); ;; skip `dest:MsgAddressInt` cs~load_coins(); ;; skip `grams:Grams` from `value:CurrencyCollection` cs~skip_bits(1); ;; skip `other:ExtraCurrencyCollection` from `value:CurrencyCollection` cs~load_coins(); ;; skip ihr_fee:Grams int fwd_fee = muldiv(cs~load_coins(), 3, 2); ;; use the inbound message's fwd_fee to estimate an upper bound for outbound messages ;; ... } ``` Load the data and handle the uninitialized state by checking that the sender is the collection contract. If so, parse the message body and save the new `content` and `owner_address`: ```func () recv_internal(int my_balance, int msg_value, cell in_msg_full, slice in_msg_body) impure { ;; ... (int init?, int index, slice collection_address, slice owner_address, cell content) = load_data(); if (~ init?) { throw_unless(405, equal_slices(collection_address, sender_address)); store_data(index, collection_address, in_msg_body~load_msg_addr(), in_msg_body~load_ref()); return (); } ;; ... } ``` Parse `op` and `query_id` from the incoming message body: ```func () recv_internal(int my_balance, int msg_value, cell in_msg_full, slice in_msg_body) impure { ;; ... int op = in_msg_body~load_uint(32); int query_id = in_msg_body~load_uint(64); ;; ... } ``` And then there are two conditions for opcodes, processing either `transfer` or `get_static_data` messages required by the standard. #### Transfer ownership [#transfer-ownership] The `transfer` message's structure is defined by the standard. It must contain, apart from the opcode and `query_id`: `new_owner` (the destination address of the item transfer), `response_destination` (an address where the contract should send the remaining TON left after the transfer along with a confirmation message), `custom_payload` for extensions of the standard and additional custom logic, `forward_amount` (amount of TON to send to a new owner with the item transfer), and `forward_payload` (a cell for any arbitrary data to send to a new owner with the item transfer). The `transfer` message handler checks whether the `sender_address` equals `owner_address`, then parses fields from the message. While parsing, it checks them for validity. The new owner's address must have a workchain equal to a constant specified in source code. This is a safety measure made to prevent troubles with differences in transaction fees between workchains. Then it checks all the TON amounts to make sure it has enough balance to complete the transfer. After that it finally completes the transfer by updating the `owner_address` field in storage. It also sends from 0 to 2 messages, depending on whether a response is required and whether there is any `forward_amount`. The `custom_payload` is ignored in this implementation. The response message has the `excesses` opcode and only contains the original `query_id`, with its only purpose being forwarding the remaining TON value of the transfer message to some address, usually the sender address. The `ownership_assigned` message is sent only if `forward_amount` is greater than 0. It has the `ownership_assigned` opcode and includes `query_id`, previous `owner_address`, and the `forward_payload`, which at this point in code is the only thing left in `in_msg_body` from the original transfer message. This message is often used for processing item transfers in destination smart contracts, as well as attaching comments to transfers, and attaching any TON value by specifying `forward_amount`. ```func () transfer_ownership(int my_balance, int index, slice collection_address, slice owner_address, cell content, slice sender_address, int query_id, slice in_msg_body, int fwd_fees) impure inline { throw_unless(401, equal_slices(sender_address, owner_address)); slice new_owner_address = in_msg_body~load_msg_addr(); force_chain(new_owner_address); slice response_destination = in_msg_body~load_msg_addr(); in_msg_body~load_int(1); ;; this nft don't use custom_payload int forward_amount = in_msg_body~load_coins(); throw_unless(708, slice_bits(in_msg_body) >= 1); int rest_amount = my_balance - min_tons_for_storage(); if (forward_amount) { rest_amount -= (forward_amount + fwd_fees); } int need_response = response_destination.preload_uint(2) != 0; ;; if NOT addr_none: 00 if (need_response) { rest_amount -= fwd_fees; } throw_unless(402, rest_amount >= 0); ;; base nft spends fixed amount of gas, will not check for response if (forward_amount) { send_msg(new_owner_address, forward_amount, op::ownership_assigned(), query_id, begin_cell().store_slice(owner_address).store_slice(in_msg_body), 1); ;; paying fees, revert on errors } if (need_response) { force_chain(response_destination); send_msg(response_destination, rest_amount, op::excesses(), query_id, null(), 1); ;; paying fees, revert on errors } store_data(index, collection_address, new_owner_address, content); } () recv_internal(int my_balance, int msg_value, cell in_msg_full, slice in_msg_body) impure { ;; ... if (op == op::transfer()) { transfer_ownership(my_balance, index, collection_address, owner_address, content, sender_address, query_id, in_msg_body, fwd_fee); return (); } ;; ... } ``` #### Report static data [#report-static-data] On `get_static_data`, respond with `report_static_data` containing the item's `index` and `collection` address. This handler composes and sends a message with the index and collection address in the body. ```func () recv_internal(int my_balance, int msg_value, cell in_msg_full, slice in_msg_body) impure { ;; ... if (op == op::get_static_data()) { send_msg(sender_address, 0, op::report_static_data(), query_id, begin_cell().store_uint(index, 256).store_slice(collection_address), 64); ;; carry all the remaining value of the inbound message return (); } ;; ... } ``` Finally, if none of the conditions above are met, which means that the opcode provided in the message does not match any of the expected ones, it throws `0xffff`, which is a common exit code for unknown‑opcode errors: ```func () recv_internal(int my_balance, int msg_value, cell in_msg_full, slice in_msg_body) impure { ;; ... throw(0xffff); } ``` ### Get-methods [#get-methods-1] The standard only requires the `get_nft_data` get‑method. #### Return item data [#return-item-data] The get‑method `get_nft_data` returns the `init?` flag (whether the item is initialized), `index`, `collection_address`, `owner_address`, and `individual_content`. In this implementation, it returns all the values from `load_data` as is, including the logic for setting the `init?` flag. Importantly, the `content` returned by this contract follows the format required by the collection contract, where it only includes the suffix of the URL pointing to an off‑chain JSON with metadata. But this is not forced by the standard, and the format can be arbitrary. The only requirements are that the collection's `get_nft_content` must return full content following TEP‑64, and that if the item has no collection it must return full content right away at this point, but the latter is out of scope here. ```func (int, int, slice, slice, cell) get_nft_data() method_id { (int init?, int index, slice collection_address, slice owner_address, cell content) = load_data(); return (init?, index, collection_address, owner_address, content); } ``` # NFT: Non-fungible token (/blockchain-basics/standard/tokens/nft/overview) Non‑fungible tokens (NFTs), defined in [TEP‑62](https://github.com/ton-blockchain/TEPs/blob/0d7989fba6f2d9cb08811bf47263a9b314dc5296/text/0062-nft-standard.md), represent the digital embodiment of uniqueness within the TON ecosystem. Unlike their fungible counterparts, each NFT possesses distinct characteristics that make it irreplaceable and non‑interchangeable. This fundamental property of uniqueness enables NFTs to serve as digital certificates of authenticity for a wide array of digital and physical assets. NFTs can verify ownership of digital assets using blockchain technology. Each token carries a unique identifier and associated metadata that distinguish it from every other token. This uniqueness makes NFTs particularly valuable for representing assets where individual characteristics matter. Use cases: * Digital art * Real-world assets * Access rights The technical implementation of NFTs in TON mirrors the distributed architecture philosophy found in [Jettons](/blockchain-basics/standard/tokens/jettons/overview). Individual item contracts represent each NFT, while collection contracts manage overall collection metadata and coordinate minting processes. This distributed approach ensures that NFT operations remain efficient and scalable even as collections grow to encompass thousands or millions of individual tokens. ## Architecture and smart contracts [#architecture-and-smart-contracts] NFTs in TON are built using a distributed smart contract architecture consisting of: * NFT collection contracts – serve as the source of truth for items, providing addresses, collection metadata, and coordinating the overall collection. * NFT item contracts – each NFT is represented by its own smart contract account, storing the collection address, index, current owner, and individual metadata. This architecture ensures that each NFT operates independently while maintaining a connection to its collection. ## Transfer mechanism [#transfer-mechanism] The current owner sends a transfer message to the NFT item contract, which updates the owner field and optionally sends notifications to the new owner along with any excess Toncoin. [This transfer flow](/blockchain-basics/standard/tokens/nft/how-it-works#transfer-nft-item) ensures atomicity while maintaining flexibility for ownership notifications and handling remaining funds. ## Marketplace-ready templates [#marketplace-ready-templates] To deploy NFTs compatible with existing TON marketplaces, use contract implementations that follow the [NFT standard](/blockchain-basics/standard/tokens/nft/how-it-works). Implementations include: * [TON reference NFT contracts](https://github.com/ton-blockchain/nft-contract) – reference implementation of the TON NFT standard. * [Getgems NFT contracts](https://github.com/getgems-io/nft-contracts) – NFT contracts used by the Getgems marketplace. # SBT: How it works (/blockchain-basics/standard/tokens/nft/sbt) Soul-Bound Tokens (SBTs) represent non-transferable digital credentials in the TON ecosystem. Unlike standard NFTs, SBTs are permanently bound to their owner and cannot be transferred to another address after minting. The canonical specification is defined in [TEP-85](https://github.com/ton-blockchain/TEPs/blob/c5bfe285ef91810fab02c5352593f5a1455458bf/text/0085-sbt-standard.md). The SBT standard provides a general interaction scheme while leaving the specific implementation of related contracts to developers. ## Contract data storage [#contract-data-storage] The SBT standard defines what data must be stored in the contract. Each SBT contract must store the following fields: | Field | Type | Description | | -------------------- | ------------ | ----------------------------------------------------- | | `index` | `uint256` | SBT identifier | | `collection_address` | `MsgAddress` | Collection address | | `owner` | `MsgAddress` | Owner address | | `content` | `Cell` | SBT content/metadata | | `authority` | `MsgAddress` | Authority address that can revoke the SBT | | `revoked_at` | `uint64` | Revocation time in Unix format, or `0` if not revoked | <Aside type="note"> The standard defines **what** must be stored in the contract, but does not specify **how** exactly this data should be structured in storage. Developers are free to choose their own implementation. </Aside> ## Message layouts [#message-layouts] Interactions with SBT contracts, which are most often encountered by users and developers, are: * prove ownership: sending proof of SBT ownership to a destination contract. * request current owner: requesting current owner information from SBT. * destroy SBT: destroying the SBT contract and returning remaining balance. * revoke SBT: marking the SBT as revoked by authority. <Aside type="note"> All message schemes include the `query_id` field. This field is primarily used for off-chain parsing and linking request-response pairs. The protocol itself does not require it for on-chain logic. </Aside> ## Bound to single owner [#bound-to-single-owner] The `owner` field is set during minting and remains immutable. The following sections describe the key operations and their message flows. ## Prove ownership [#prove-ownership] <Mermaid chart="sequenceDiagram participant U as Owner participant S as SBT participant D as Destination U->>S: prove_ownership alt owner S->>D: ownership_proof else not owner S-->>U: reject end" /> This message flow allows the `owner` to ask the SBT to send a proof to a destination contract confirming that they own this SBT. May include arbitrary `forward_payload` and optionally attach `content`. ### Prove ownership message (inbound to SBT) [#prove-ownership-message-inbound-to-sbt] ```tlb title="TL-B" ;; Inbound message to SBT prove_ownership#04ded148 query_id:uint64 destination:MsgAddress forward_payload:^Cell with_content:Bool = InternalMsgBody; ``` | Name | Type | Description | | ----------------- | ------------ | --------------------------------------------------------- | | `query_id` | `uint64` | Arbitrary identifier to link request and response. | | `destination` | `MsgAddress` | Address of the destination contract to receive the proof. | | `forward_payload` | `Cell` | Arbitrary data forwarded to the destination contract. | | `with_content` | `Bool` | If `true`, attach SBT `content` to the proof. | ### Ownership proof message (SBT -> destination contract) [#ownership-proof-message-sbt---destination-contract] ```tlb title="TL-B" ;; SBT response to the destination contract (if checks pass) ownership_proof#0524c7ae query_id:uint64 item_id:uint256 owner:MsgAddress data:^Cell revoked_at:uint64 content:(Maybe ^Cell) = InternalMsgBody; ``` | Name | Type | Description | | ------------ | ------------ | -------------------------------------------------- | | `query_id` | `uint64` | Matches the `query_id` from the request. | | `item_id` | `uint256` | Identifier of the SBT item. | | `owner` | `MsgAddress` | Current owner address. | | `data` | `Cell` | Equals `forward_payload` from the request. | | `revoked_at` | `uint64` | Revoke time if SBT is revoked, `0` otherwise. | | `content` | `Maybe Cell` | SBT content if requested with `with_content=true`. | The transaction is rejected if the sender is not the `owner`. ## Request current owner [#request-current-owner] This message flow allows any initiator to ask the SBT to send the current `owner` (and optionally the `content`) to a destination contract. <Mermaid chart="sequenceDiagram participant I as Initiator participant S as SBT participant D as Destination I->>S: request_owner S->>D: owner_info" /> ### Request owner message (inbound to SBT) [#request-owner-message-inbound-to-sbt] ```tlb title="TL-B" ;; Inbound message to SBT request_owner#d0c3bfea query_id:uint64 destination:MsgAddress forward_payload:^Cell with_content:Bool = InternalMsgBody; ``` | Name | Type | Description | | ----------------- | ------------ | -------------------------------------------------------- | | `query_id` | `uint64` | Arbitrary identifier to link request and response. | | `destination` | `MsgAddress` | Address of the destination contract to receive the info. | | `forward_payload` | `Cell` | Arbitrary data forwarded to the destination contract. | | `with_content` | `Bool` | If `true`, attach SBT `content` in the response. | ### Owner info message (SBT -> destination contract) [#owner-info-message-sbt---destination-contract] ```tlb title="TL-B" ;; SBT response to the destination contract owner_info#0dd607e3 query_id:uint64 item_id:uint256 initiator:MsgAddress owner:MsgAddress data:^Cell revoked_at:uint64 content:(Maybe ^Cell) = InternalMsgBody; ``` | Name | Type | Description | | ------------ | ------------ | ------------------------------------------ | | `query_id` | `uint64` | Matches the `query_id` from the request. | | `item_id` | `uint256` | Identifier of the SBT item. | | `initiator` | `MsgAddress` | Address of the requester. | | `owner` | `MsgAddress` | Current owner address. | | `data` | `Cell` | Equals `forward_payload` from the request. | | `revoked_at` | `uint64` | Revoke time if revoked, `0` otherwise. | | `content` | `Maybe Cell` | SBT content if requested. | ## Destroy [#destroy] This message flow allows the `owner` to destroy the SBT contract. This clears the `owner` and `authority` fields, and sends remaining balance back to the sender via an `excesses` message. <Mermaid chart="sequenceDiagram participant U as Owner participant S as SBT U->>S: destroy(query_id) alt owner S->>S: owner = null, authority = null S-->>U: excesses(query_id) else not owner S-->>U: reject end" /> ### Destroy message (inbound to SBT) [#destroy-message-inbound-to-sbt] ```tlb title="TL-B" ;; Internal message to SBT destroy#1f04537a query_id:uint64 = InternalMsgBody; ``` | Name | Type | Description | | ---------- | -------- | -------------------------------------------------- | | `query_id` | `uint64` | Arbitrary identifier to link request and response. | ### Excesses message (SBT -> sender) [#excesses-message-sbt---sender] ```tlb title="TL-B" ;; Excess returned to the sender excesses#d53276db query_id:uint64 = InternalMsgBody; ``` | Name | Type | Description | | ---------- | -------- | ---------------------------------------- | | `query_id` | `uint64` | Matches the `query_id` from the request. | The transaction is rejected if the sender is not the `owner`. ## Revoke SBT [#revoke-sbt] This message flow allows the `authority` to mark the SBT as revoked. Revoking twice is disallowed. <Mermaid chart="sequenceDiagram participant A as Authority participant S as SBT A->>S: revoke(query_id) alt A == authority and not revoked S->>S: revoked_at = now else not authority or already revoked S-->>A: reject end" /> ### Revoke message (inbound to SBT) [#revoke-message-inbound-to-sbt] ```tlb title="TL-B" ;; Inbound message to SBT revoke#6f89f5e3 query_id:uint64 = InternalMsgBody; ``` | Name | Type | Description | | ---------- | -------- | ------------------------------------------- | | `query_id` | `uint64` | Arbitrary identifier for off-chain parsing. | The transaction is rejected if: * the sender is not the `authority`; * the SBT was already revoked. # How to transfer an NFT item (/blockchain-basics/standard/tokens/nft/transfer) NFT transfer is an operation specified in [TEP 0062](/blockchain-basics/standard/tokens/nft/how-it-works#transfer-nft-item). Its implementation must comply with this standard, and NFT item contracts must support the logic described there. The NFT transfer message is also specified and must comply with the corresponding [TL-B scheme](/blockchain-basics/standard/tokens/nft/how-it-works#transfer-nft-item). This scheme involves, among other things, * `forward_amount`: the amount of nanotons to be sent to the destination address; * `forward_payload`: optional custom data that should be sent to the destination address. For the `forward_payload` field there are specific requirements: * In the case of a simple comment, `forward_payload` must starts with `0x00000000` and the comment must be contained in the remainder of the `forward_payload`. In turn, if the comment * begins with the byte `0xff`, the remainder is a "binary comment", which should not be displayed to the end user as text (only as hex dump if necessary). The intended use of "binary comments" is, e.g., to contain a purchase identifier for payments in a store, to be automatically generated and processed by the store's software. * does not begin with the byte `0xff`, the comment is a text one; it can be displayed "as is" to the end user of a wallet. * If `forward_payload` contains a binary message for interacting with the destination smart contract, then there are no prefixes. Use a wallet app that supports NFTs (for example, [Tonkeeper](https://tonkeeper.helpscoutdocs.com/article/47-how-to-send-nft-to-another-wallet)) and follow its guide. Alternatively, perform the transfer manually. The example below illustrates a programmatic transfer: <Aside type="danger" title="Funds at risk"> Beware that API keys and mnemonic must not be committed or shared publicly. A better approach is to use a `.env` file that is excluded from repository with `.gitignore`. For GitHub CI purposes, consult [their documentation](https://docs.github.com/en/actions/how-tos/write-workflows/choose-what-workflows-do/use-secrets). </Aside> ```typescript import { WalletContractV5R1, TonClient, Address, toNano } from "@ton/ton"; import { mnemonicToPrivateKey } from "@ton/crypto"; import { AssetsSDK, createApi } from "@ton-community/assets-sdk"; async function main() { const client = new TonClient({ endpoint: "https://toncenter.com/api/v2/jsonRPC", }); const MNEMONIC = process.env.MNEMONIC as string; // set via environment const keyPair = await mnemonicToPrivateKey(MNEMONIC.split(" ")); const wallet = WalletContractV5R1.create({ workchain: 0, publicKey: keyPair.publicKey, }); const provider = client.provider(wallet.address); const sender = wallet.sender(provider, keyPair.secretKey); const NETWORK = "testnet"; const api = await createApi(NETWORK); const sdk = AssetsSDK.create({ api, sender, }); const NFT_ADDRESS = Address.parse("<NFT_ITEM_ADDR>"); const nftItem = await sdk.openNftItem(NFT_ADDRESS); const RECEIVER_ADDRESS = Address.parse("<RECEIVER_ADDR>"); await nftItem.send(sender, RECEIVER_ADDRESS, { value: toNano(10) }); } void main(); ``` where: * `<NFT_ITEM_ADDR>` — the address of the NFT item to be transferred. * `<RECEIVER_ADDR>` — the address of the recipient. # How to verify an NFT item (/blockchain-basics/standard/tokens/nft/verify) Because the collection is the source of truth, verification goes through it: 1. Read the NFT item index from the item contract via [get\_nft\_data()](/blockchain-basics/standard/tokens/nft/api#get-nft-data). 2. Query the collection with [get\_nft\_address\_by\_index(index)](/blockchain-basics/standard/tokens/nft/api#get-nft-address-by-index). 3. If the returned address equals the NFT item address, the item belongs to the collection. ### High level [#high-level] There is an [API method](/applications/api/toncenter/v3/nfts/get-nft-items) that performs this verification off‑chain with a single request. Provide the addresses of the NFT item and NFT collection: ```ts TypeScript async function main() { const itemAddress = "EQD3LzasMd4GAmhIEkCQ4k6LnziTqNZ6VPtRfeZKHu0Fmkho"; const collectionAddress = "EQCOtGTvX-RNSaiUavmqNcDeblB3-TloZpvYuyGOdFnfy-1N"; const url = `https://toncenter.com/api/v3/nft/items?limit=1&address=${itemAddress}&collection_address=${collectionAddress}`; const options = { method: "GET", body: undefined }; try { const response = await fetch(url, options); const data = await response.json(); if (data["nft_items"].length > 0) { console.log("✅ item in collection"); } else { console.log("❌ item not in collection"); } } catch (error) { console.error(error); } } main(); ``` ### Low level [#low-level] First, read the NFT item index. If the collection returns the same NFT item address for that index, the item belongs to the collection. ```ts TypeScript import { Address, Cell } from "@ton/ton"; async function main() { const itemAddress = "EQD3LzasMd4GAmhIEkCQ4k6LnziTqNZ6VPtRfeZKHu0Fmkho"; const collectionAddress = "EQCOtGTvX-RNSaiUavmqNcDeblB3-TloZpvYuyGOdFnfy-1N"; const url = "https://toncenter.com/api/v2/runGetMethod"; const itemPayload = { address: itemAddress, stack: [] as any[], method: "get_nft_data", }; const headers = { "Content-Type": "application/json", }; try { const itemResp = await fetch(url, { method: "POST", headers, body: JSON.stringify(itemPayload), }); if (!itemResp.ok) { throw new Error( `Item request failed: ${itemResp.status} ${itemResp.statusText}`, ); } const itemJson: any = await itemResp.json(); const itemStack = itemJson?.result?.stack; if (!Array.isArray(itemStack) || !Array.isArray(itemStack[1])) { throw new Error("Unexpected item stack format"); } const hex = String(itemStack[1][itemStack[1].length - 1] ?? ""); const itemIndex = Number.parseInt( hex.startsWith("0x") ? hex.slice(2) : hex, 16, ); const collectionPayload = { address: collectionAddress, stack: [["int", itemIndex]], method: "get_nft_address_by_index", }; await new Promise((resolve) => setTimeout(resolve, 2000)); const colResp = await fetch(url, { method: "POST", headers, body: JSON.stringify(collectionPayload), }); if (!colResp.ok) { throw new Error( `Collection request failed: ${colResp.status} ${colResp.statusText}`, ); } const realAddress = await colResp.json(); console.log("itemIndex:", itemIndex); const b64 = realAddress?.result?.stack?.[0][1].bytes as string; const boc = Buffer.from(b64, "base64"); const cell = Cell.fromBoc(boc)[0]; const slice = cell.beginParse(); const resAddress = slice.loadAddress(); if (resAddress.toString() == Address.parse(itemAddress).toString()) { console.log("✅ item in collection"); } else { console.log("❌ item not in collection"); } } catch (error) { console.error(error); } } main(); ``` # Highload wallets (/blockchain-basics/standard/wallets/highload/overview) Highload Wallets are specialized wallet contracts designed for services that need to send hundreds of transactions per second, such as cryptocurrency exchanges, payment processors, and high-volume trading platforms. ## What makes them different [#what-makes-them-different] Unlike standard wallets (v3, v4, v5) that use sequential processing with a `seqno` counter, Highload Wallets (v2 and v3) store processed request identifiers in a dictionary, enabling **parallel transaction submission** without blocking. <Aside> **`seqno`** (sequence number) is a counter that increments with each transaction. Standard wallets use it for [replay protection](/blockchain-basics/standard/wallets/how-it-works#how-replay-protection-works) — each transaction must match the current `seqno` value. </Aside> **Standard wallet limitation:**\ Each transaction must wait for the previous one to complete. If you send 100 transactions, they must process sequentially: transaction 2 waits for transaction 1, transaction 3 waits for transaction 2, and so on. **Highload Wallet advantage:**\ You can send 100, 1,000, or 100,000 transactions simultaneously. Each transaction uses a unique `query_id` instead of a sequential `seqno`, allowing parallel processing without conflicts. ## Version history [#version-history] ### Highload Wallet v1 [#highload-wallet-v1] The first highload wallet, using a simple `seqno` counter: * **Simple seqno-based:** Sequential processing like standard wallets * **Batch support:** Could send up to 255 messages per transaction * **Replay protection rollback:** If the action phase failed, replay protection would roll back ([learn about](#replay-protection-rollback)) <Aside type="danger"> **Legacy contracts:** Highload Wallet v1 and v2 are deprecated. Use Highload Wallet v3 for all new deployments. </Aside> ### Highload Wallet v2 [#highload-wallet-v2] Improved version with dictionary-based replay protection: * **Fund locking risk:** Under certain conditions, the contract could enter a state where funds become inaccessible * **High gas costs:** Storage updates and cleanup operations consumed excessive gas * **Replay protection rollback:** If the action phase failed, replay protection would roll back ([learn about](#replay-protection-rollback)) <Aside type="danger"> **Legacy contracts:** Highload Wallet v1 and v2 are deprecated. Use Highload Wallet v3 for all new deployments. </Aside> ### Highload Wallet v3 [#highload-wallet-v3] The current recommended version, redesigned to solve all previous architectural problems: * **More requests:** Up to 8,380,416 unique query IDs with efficient rotation * **Lower gas costs:** Optimized cleanup and storage operations * **Maximum safety:** Architectural design prevents fund locking; bulletproof * **Guaranteed replay protection:** Unlike v1, v2, and standard wallets v1-v4, replay protection **never rolls back** even if the action phase fails. The two-transaction pattern ensures the `query_id` is always committed before attempting to send messages. ## Highload Wallet version comparison [#highload-wallet-version-comparison] | Feature | v1 | v2 | v3 | | ------------------------------------- | ------------------ | --------------------- | ------------------------------ | | **Replay rollback on action failure** | ⚠️ Yes | ⚠️ Yes | ✅ No (two-transaction pattern) | | **Fund locking risk** | ✅ No | ⚠️ Yes | ✅ No | | **Gas efficiency** | Not optimized | ⚠️ High cleanup costs | ✅ Optimized | | **Max batch size** | 255 messages | 255 messages | 254 messages | | **Replay protection** | Simple seqno | Query ID dictionary | Dual dictionary + timestamp | | **Transaction pattern** | Single transaction | Single transaction | Two-transaction pattern | | **Query ID space** | Sequential seqno | \~32,000 | 8,380,416 unique IDs | | **Parallel submissions** | ❌ Sequential only | ✅ Supported | ✅ Supported | | **Status** | ⚠️ Deprecated | ⚠️ Deprecated | ✅ Recommended | ## Replay protection rollback [#replay-protection-rollback] Standard wallets (v1-v4) and Highload wallets (v1-v2) share a fundamental problem: if the action phase fails (e.g., insufficient funds), the entire transaction rolls back, including [replay protection](/blockchain-basics/standard/wallets/how-it-works#how-replay-protection-works) marks. This causes lite-servers to retry the same message repeatedly, burning gas for a long time. **Highload v3's solution:** Uses a [two-transaction pattern](/blockchain-basics/standard/wallets/highload/v3/specification#why-internal-messages-to-self%3F) where replay protection is committed in the first transaction, and actions are performed in a separate internal transaction. This guarantees replay protection **never rolls back**, even if sending messages fails. ## See also [#see-also] * [Highload Wallet v3](/blockchain-basics/standard/wallets/highload/v3/specification) — complete technical reference and how-to guides * [Highload Wallet v2](/blockchain-basics/standard/wallets/highload/v2/specification) — legacy version (deprecated) * [Highload Wallet v1](https://github.com/ton-blockchain/ton/blob/4ebd7412c52248360464c2df5f434c8aaa3edfe1/crypto/smartcont/highload-wallet-code.fc) — legacy version (deprecated) # How to interact with preprocessed wallet v2 (/blockchain-basics/standard/wallets/preprocessed-v2/interact) <Aside type="caution" title="Community implementation"> This wallet is a community-created implementation. Use at your own risk. Always test thoroughly on testnet before using with real funds. </Aside> <Aside type="danger" title="Funds at risk"> This guide sends real TON. Test on testnet first. Double-check recipient addresses — blockchain transactions cannot be reversed. </Aside> This guide shows how to deploy Preprocessed Wallet V2 and send transfers. <Aside type="tip"> For technical details, see [Preprocessed Wallet V2 specification](/blockchain-basics/standard/wallets/preprocessed-v2/specification). </Aside> ## Objective [#objective] By the end of this guide, you will: * Create a Preprocessed Wallet V2 instance from scratch * Deploy the wallet on-chain * Send single and batch transfers ## Prerequisites [#prerequisites] * Node.js 18+ or TypeScript environment * `@ton/ton`, `@ton/core`, `@ton/crypto` packages installed * Preprocessed Wallet V2 wrapper and compiled contract code This guide uses TypeScript with the official wrapper. The same logic applies to other SDKs (Go/Python): generate or load a mnemonic, derive a keypair, and calculate the address. ## Step 1: Set up dependencies [#step-1-set-up-dependencies] Install required packages: ```bash npm install @ton/ton @ton/core @ton/crypto ``` Copy the wrapper and contract code from the [official repository](https://github.com/pyAndr3w/ton-preprocessed-wallet-v2): ```bash # Clone the repository or download this file: # - typescript/wrappers/PreprocessedWalletV2.ts ``` <Aside type="note" title="Why copy wrappers?"> The official `@ton/ton` SDK does not include Preprocessed Wallet V2 wrappers yet. Copy `PreprocessedWalletV2.ts` from the repository until SDK support is added. </Aside> ## Step 2: Generate or load a mnemonic [#step-2-generate-or-load-a-mnemonic] A mnemonic is your wallet's master secret. It derives the private key used to sign all transactions. ### Generate a new mnemonic [#generate-a-new-mnemonic] ```typescript import { mnemonicNew } from '@ton/crypto'; const mnemonic = await mnemonicNew(24); // Array of 24 words ``` ### Load an existing mnemonic [#load-an-existing-mnemonic] ```typescript const mnemonic = 'word1 word2 word3 ... word24'.split(' '); ``` <Aside type="danger" title="Protect your mnemonic"> Anyone with access to your mnemonic can control your wallet and all funds. Store it securely (password manager, hardware wallet, encrypted storage). Never commit it to version control. </Aside> ## Step 3: Derive the keypair [#step-3-derive-the-keypair] Convert the mnemonic to an Ed25519 keypair: ```typescript import { mnemonicToPrivateKey } from '@ton/crypto'; const keyPair = await mnemonicToPrivateKey(mnemonic); // keyPair.publicKey — used in contract state // keyPair.secretKey — used to sign external messages ``` ## Step 4: Create the wallet instance [#step-4-create-the-wallet-instance] Create a Preprocessed Wallet V2 contract instance: ```typescript import { TonClient } from '@ton/ton'; import { Cell } from '@ton/core'; import { Wallet, walletCode } from './wrappers/PreprocessedWalletV2'; // Compiled contract code (BoC) const CODE = walletCode; // Already included in the wrapper const client = new TonClient({ endpoint: 'https://testnet.toncenter.com/api/v2/jsonRPC', // This is TESTNET endpoint // apiKey: 'your-api-key' // Optional: get from @tonapibot or @tontestnetapibot }); const wallet = client.open( Wallet.createFromPublicKey(keyPair.publicKey) ); ``` ## Step 5: Get the wallet address [#step-5-get-the-wallet-address] Calculate the wallet's address: ```typescript // Get non-bounceable address for funding const address = wallet.address.toString({ bounceable: false, testOnly: true }); console.log('Wallet address:', address); // Example (truncated): 0Q... (non-bounceable, testnet) ``` This address is deterministic: it depends only on `CODE` and `publicKey`. The same parameters always produce the same address. <Aside type="tip" title="Why non-bounceable?"> When funding a `nonexist` account, use the non-bounceable format to prevent funds from bouncing back if the account doesn't exist yet. See [Address formats](/blockchain-basics/primitives/addresses/formats) for details. </Aside> **Account status: [`nonexist`](/blockchain-basics/primitives/status#status-variety)** The calculated address exists only as a deterministic value. No account exists on the blockchain yet — no balance, no code, no data. *** ## Step 6: Fund the wallet [#step-6-fund-the-wallet] <Aside type="danger" title="Funds at risk"> You will send TON to this address. Test on testnet first. Verify the wallet address carefully — blockchain transactions cannot be reversed. </Aside> **Required before deployment:** Send TON to your wallet address (from Step 5) to prepare it for deployment. External messages (which deploy the wallet) require gas to execute. By funding the address, you transition the account from `nonexist` to `uninit` status and provide the balance needed for deployment. See [Account statuses](/blockchain-basics/primitives/status) for details on how account states work. Send TON using a faucet (testnet) or from another wallet (mainnet). After funding, the account transitions to `uninit` status — it has a balance and can accept external messages, but no code or data yet. *** ## Step 7: Send messages [#step-7-send-messages] <Aside type="note" title="Automatic deployment"> The wallet will auto-deploy on the first external message. No separate deployment step is needed. </Aside> ### Send single transfers [#send-single-transfers] ```typescript import { Address, toNano } from '@ton/ton'; import { beginCell } from '@ton/core'; // Get current sequence number const currentSeqno = Number(await wallet.getSeqno()); // Send a single transfer await wallet.sendTransfers(keyPair, [{ to: Address.parse('EQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAM9c'), // Zero address for testing value: toNano('0.01'), bounce: false }], currentSeqno); console.log('Transfer sent'); ``` ### Send batch transfers [#send-batch-transfers] ```typescript import { Address, toNano, comment } from '@ton/ton'; // Get current sequence number const currentSeqno = Number(await wallet.getSeqno()); // Create multiple transfers with similar structure const transfers = []; for (let i = 0; i < 5; i++) { transfers.push({ to: Address.parse('EQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAM9c'), value: toNano('0.01'), body: comment(`#${i}`) }); } // Send batch transfers await wallet.sendTransfers(keyPair, transfers, currentSeqno); console.log('Batch transfers sent'); ``` <Aside type="note" title="Maximum actions"> reprocessed Wallet V2 supports up to 255 actions per transaction. This is the maximum number of out actions supported by TON blockchain. </Aside> # Preprocessed wallet v2: Specification (/blockchain-basics/standard/wallets/preprocessed-v2/specification) <Aside type="caution" title="Community implementation"> This wallet is a community-created implementation. Use at your own risk. Always test thoroughly on testnet before using with real funds. </Aside> This page provides a complete technical specification for Preprocessed Wallet V2, covering storage structure, message formats, replay protection, limitations, and implementation details. ## Objective [#objective] Understand the internal architecture, data structures, and operational mechanics of Preprocessed Wallet V2. This reference page explains how the wallet processes batch transactions efficiently with minimal gas consumption. <Aside type="tip"> For practical usage, see [How-to guides](/blockchain-basics/standard/wallets/preprocessed-v2/interact). </Aside> ## What is Preprocessed Wallet V2? [#what-is-preprocessed-wallet-v2] Preprocessed Wallet V2 is a wallet smart contract designed for efficiency with minimal code complexity. It provides low transaction costs while maintaining the ability to send up to 255 actions in a single transaction. **Key difference from standard wallets:**\ Preprocessed V2 enables batch transaction processing with up to 255 actions per message, making it suitable for services that need to send multiple payments efficiently. **Optimization focus:**\ Preprocessed V2 prioritizes gas efficiency and simplicity, making it suitable for applications that need batch processing with minimal overhead. **Gas consumption:**\ The wallet consumes 1537 gas units per transaction. ## TL-B schema [#tl-b-schema] [TL-B (Type Language - Binary)](/blockchain-basics/languages/tl-b/overview) is a domain-specific language designed to describe data structures in TON. The schemas below define the binary layout of the contract's storage and external messages. ### Storage structure [#storage-structure] ```tlb storage$_ pub_key:bits256 seq_no:uint16 = Storage; ``` ### External message structure [#external-message-structure] ```tlb _ {n:#} valid_until:uint64 seq_no:uint16 actions:^(OutList n) { n <= 255 } = MsgInner n; msg_body$_ {n:#} sign:bits512 ^(MsgInner n) = ExtInMsgBody n; ``` <Aside type="note"> The canonical TL-B schemas are maintained in the [ton-preprocessed-wallet-v2 repository](https://github.com/pyAndr3w/ton-preprocessed-wallet-v2). </Aside> Below, each field is explained in detail. ## Storage structure [#storage-structure-1] The Preprocessed Wallet V2 contract stores two persistent fields: ### `pub_key` (256 bits) [#pub_key-256-bits] **Purpose:**\ An Ed25519 public key is used to verify signatures on incoming external messages. **How it works:**\ When the wallet receives an external message, it verifies that the 512-bit signature was created by the holder of the private key corresponding to this public key. <Aside type="caution"> The public key is not the wallet address. The address is [derived](/blockchain-basics/primitives/addresses/derive) from the contract's [`StateInit`](/blockchain-basics/primitives/messages/deploy). </Aside> ### `seq_no` (16 bits) [#seq_no-16-bits] **Purpose:**\ Prevents replay attacks by ensuring each message has a unique sequence number. **How it works:**\ Each external message must contain the correct `seq_no` that matches the current value stored in the contract. After successful processing, the sequence number is incremented (with modulo 2^16 to prevent overflow). **Range:** 0 to 65535 (wraps from 65535 to 0) **Size optimization:**\ The sequence number is limited to 16 bits (instead of 32 bits used in other wallets) to minimize storage size and message size, reducing gas costs. **Protection mechanism:**\ Even if an attacker intercepts an old message, they cannot replay it because the sequence number will no longer match the current value in storage. **Wrap‑around note:**\ See [Replay protection mechanism](#replay-protection-mechanism) for guidance on wrap‑around and `valid_until` windows. ## External message structure [#external-message-structure-1] External messages sent to Preprocessed Wallet V2 have a specific layout. ### Message layout [#message-layout] ```text sign:bits512 ^[ valid_until:uint64 seq_no:uint16 actions:^(OutList n) ] ``` **Key point:**\ The signature is in the root cell (512 bits); all other parameters are in a reference cell (`MsgInner`). <Aside type="tip" title="Gas optimization"> This structure saves gas units during signature verification. If the signature were in the same cell as the message body, the contract would need to use `slice_hash()` (which rebuilds the cell internally, costing extra gas) instead of simply taking `cell_hash()` of the reference. </Aside> *** ### `sign` (512 bits) [#sign-512-bits] **Type:**\ Ed25519 signature (512 bits). **What is signed:**\ The hash of the reference cell (`MsgInner`) containing `valid_until`, `seq_no`, and `actions`. **Validation:**\ The contract verifies the signature using: ```func check_signature(hash(ref_cell), signature, public_key) ``` **On failure:**\ Exit code `35`. **Link:** [Ed25519 signature scheme](https://en.wikipedia.org/wiki/EdDSA#Ed25519) *** ### `valid_until` (64 bits) [#valid_until-64-bits] **Purpose:**\ Unix timestamp (seconds) when the external message expires. **Validation:**\ The contract performs a single check: ```func now() > valid_until // Message expired ``` **On failure:**\ Exit code `34`. **Why it matters:**\ Prevents replay of expired messages. If `now() > valid_until`, the message is considered expired and rejected. **Recommendation:**\ Set `valid_until` to 1 minute (60 seconds) from message creation time. *** ### `seq_no` (16 bits) [#seq_no-16-bits-1] **Purpose:**\ Expected sequence number for this message. **Validation:**\ Must match the current `seq_no` stored in contract storage. **On mismatch:**\ Exit code `33`. ### `actions` (reference cell) [#actions-reference-cell] **Structure:**\ A serialized `OutList` containing up to 255 actions to execute. **Validation:**\ No validation. **Supported actions:** All standard TVM actions are supported without restrictions: * `action_send_msg` — Send messages * `action_set_code` — Update contract code * `action_reserve_currency` — Reserve currency * `action_change_library` — Change library <Aside type="danger" title="Critical security warning"> Preprocessed Wallet V2 does not protect against `action_set_code` actions. If you accidentally include a `set_code` action in your message, the wallet contract code will be changed, potentially making your funds inaccessible. Always verify your action lists before sending. </Aside> **Maximum actions:** 255 (maximum number of out actions in TON) ## Replay protection mechanism [#replay-protection-mechanism] Preprocessed Wallet V2 uses sequence numbers and time-based expiration to prevent replay attacks. ### Sequence number protection [#sequence-number-protection] **How it works:** 1. Each message must contain the correct `seq_no` 2. After successful processing, `seq_no` is incremented 3. Old messages with incorrect sequence numbers are rejected **Overflow protection:** * Uses modulo 2^16 operation: `(seq_no + 1) % 65536` * Wraps from 65535 to 0 ### Time-based expiration [#time-based-expiration] **How it works:** 1. Each message includes `valid_until` timestamp 2. Messages are rejected if `now() > valid_until` 3. Prevents replay of expired messages **Recommended expiration:** * 1 minute (60 seconds) for most use cases * Shorter for high-frequency operations * Longer for batch operations with network delays ### Wrap‑around and validity window [#wraparound-and-validity-window] When `seq_no` wraps (65535 → 0), previously sent messages that used the same numeric `seq_no` remain non‑applicable if their `valid_until` has already expired. Safety relies on the dual check: current `seq_no` equality and unexpired `valid_until`. Do not set `valid_until` excessively far in the future. A very long validity window increases the chance that, after wrap‑around, an old message with the same `seq_no` is still valid. Keep the window short (for example, ≤ 60 seconds) unless you have a specific operational reason. ### Signature verification [#signature-verification] **How it works:** 1. All messages must be signed with the wallet's private key 2. Signature covers the entire message content (hash of `MsgInner`) 3. Prevents unauthorized message creation ## Exit codes [#exit-codes] | Exit code | Name | Description | How to fix | | --------- | ------------------------- | -------------------------------------------------- | ------------------------------------------------------------------------------- | | `0` | Success | Message processed successfully | — | | `33` | Incorrect sequence number | The `seq_no` in the message does not match storage | Use the correct `seq_no` from contract storage | | `34` | Message expired | The `valid_until` timestamp has passed | Ensure `valid_until >= now()` when creating the message | | `35` | Invalid signature | Ed25519 signature verification failed | Check that the private key is correct and the message hash is computed properly | ## Limitations and constraints [#limitations-and-constraints] ### Maximum actions per transaction [#maximum-actions-per-transaction] **Limitation:**\ Each external message can trigger up to 255 actions. **Why this limitation?**\ 255 is the maximum number of out actions supported by TON blockchain. This is a fundamental limitation of the TVM execution environment. **Impact:**\ Suitable for batch operations with up to 255 actions per transaction. <Aside type="note" title="Sequential processing"> Preprocessed Wallet V2 uses sequential `seq_no` processing. This means you must wait for each transaction to complete before sending the next one. </Aside> ## Implementation [#implementation] ### Source code [#source-code] * Repository: - [pyAndr3w/ton-preprocessed-wallet-v2](https://github.com/pyAndr3w/ton-preprocessed-wallet-v2) ## See also [#see-also] * [How to interact with Preprocessed Wallet V2](/blockchain-basics/standard/wallets/preprocessed-v2/interact) # Telegram alerting (/blockchain-basics/nodes/cpp/mytonctrl/alerting) **MyTonCtrl Private Alerting Bot** is a tool for receiving notifications about node status via Telegram Bot. The bot is designed to send notification messages to Telegram only. It **does not** manage the validator or process any commands. This bot is part of the MyTonCtrl toolset and is compatible with both validators and liteservers. Create a separate private bot in Telegram and configure it within MyTonCtrl. You can use one bot to monitor multiple nodes. ## Setup [#setup] To set up the MyTonCtrl Alerting Bot, follow these steps: ### Prepare a bot [#prepare-a-bot] 1. Visit [@BotFather](https://t.me/BotFather) and create a bot by using the command `/newbot`. After creating a bot, copy the bot token under the "Use this token to access the HTTP API:" line. 2. Go to the bot and press the `Start` button. This action will allow the bot to send messages. 3. The bot can send messages to either private messages or groups. To receive messages from the bot in a group chat, make sure to add the bot to that group. 4. Visit [`@getmyid_bot`](https://t.me/getmyid_bot) and press the **Start** button. The bot will reply with a chat ID; use this ID to receive messages from the bot. To receive messages in a group, add [`@getmyid_bot`](https://t.me/getmyid_bot) to the group, and it will provide the chat ID of this group. ### Activate the alert bot in MyTonCtrl [#activate-the-alert-bot-in-mytonctrl] 1. Enable the `alert-bot` using the following command: ```bash MyTonCtrl> enable_mode alert-bot ``` 2. Execute the command: ```bash MyTonCtrl> setup_alert_bot <bot_token> <chat_id> ``` In case of a successful setup, the bot sends a welcome message listing all available alerts. ## Operational notes [#operational-notes] * Alerts cover wallet balance thresholds, database usage, validator efficiency/blocks, synchronization, ADNL health, stake acceptance, slashes, and other key metrics. * Each alert has an associated cooldown (`timeout`) to prevent spam. Info-level ok alerts reset state without sound notifications. * The bot requires network access to the Telegram API. Ensure outbound HTTPS is permitted from the server. * When validator mode is enabled, the alert bot automatically includes wallet and ADNL context in messages. In collator-only or other modes, some alerts may be skipped because prerequisites are missing. ## setup\_alert\_bot [#setup_alert_bot] **Purpose:** Configure the alert bot with the Telegram bot token and chat ID, then start sending events. **Syntax** ```mytonctrl setup_alert_bot <bot_token> <chat_id> ``` **Behavior** * Takes the Telegram bot token and chat ID as positional parameters. Run it right after enabling `alert-bot` mode. * Immediately attempts to send the welcome message that lists every alert. Success proves the bot has permission to write to the chat. * On success, saves `BotToken` and `ChatId` in the local database (`myLocal.db`) so the scheduler can emit alerts. On failure, logs the Telegram error (and hints if the bot is missing from the chat). ## list\_alerts [#list_alerts] **Purpose:** Show all predefined alerts and whether they are currently enabled. **Syntax** ```mytonctrl list_alerts ``` **Behavior** * Lists every alert key (for example: `low_wallet_balance`, `db_usage_80`, `out_of_sync`) along with the enabled flag and the UNIX timestamp when it was last sent. * Helps you audit which alerts are muted and whether recent warnings have fired. ## enable\_alert [#enable_alert] **Purpose:** Re-enable a previously muted alert. **Syntax** ```mytonctrl enable_alert <alert_name> ``` **Behavior** * Accepts any alert key defined in the alert module (for example: `low_efficiency`, `service_down`, `validator_slashed`). * Sets the alert’s `enabled` flag to `true` so future events can trigger notifications. **Example** ```mytonctrl enable_alert low_wallet_balance ``` ## disable\_alert [#disable_alert] **Purpose:** Temporarily suppress a specific alert. **Syntax** ```mytonctrl disable_alert <alert_name> ``` **Behavior** * Marks the alert as disabled; the scheduler skips sending messages for it until re-enabled. * Use when you expect noisy conditions (e.g., during planned maintenance) but still want other alerts to deliver. **Example** ```mytonctrl disable_alert service_down ``` ## test\_alert [#test_alert] **Purpose:** Send a simple message through the configured alert channel to verify connectivity. **Syntax** ```mytonctrl test_alert ``` **Behavior** * Requires successful initialization (bot token and chat ID saved). If initialization hasn’t run yet, the command triggers it. * Sends `Test alert` with `info` severity so you can confirm the chat receives notifications. ### Available alerts [#available-alerts] * `low_wallet_balance`: Validator wallet balance below 10 TON while the node is working and in sync. * `low_wallet_balance_ok`: Balance recovered to ≥10 TON after a low-balance alert. * `db_usage_80`: TON database usage exceeded 80% (but ≤95%). * `db_usage_95`: TON database usage exceeded 95%. * `db_usage_ok`: Database usage dropped back below 80% after a high-usage alert. * `low_efficiency`: Validator efficiency fell below 90% once ≥80% of the round elapsed. * `out_of_sync`: Node stayed more than 20 seconds behind the masterchain while otherwise running. * `sync_ok`: Node resynced to less than 20 seconds lag after an out-of-sync alert. * `service_down`: Validator service stopped reporting as working (outside of initial sync). * `service_down_ok`: Validator service resumed normal operation after downtime. * `adnl_connection_failed`: Remote ADNL connectivity checks failed for all probe hosts. * `adnl_connection_ok`: ADNL check succeeded again after a failure. * `zero_block_created`: No blocks produced in roughly the last half validation period (\~8h on mainnet). * `zero_block_created_ok`: Block production resumed after a zero-block alert. * `validator_slashed`: Validator was slashed in the previous validation round. * `stake_not_accepted`: Election stake submission was rejected (validator missing from the current validator list). * `stake_accepted`: Election stake was accepted (validator present in the current validator list). * `stake_returned`: Elector returned the stake during the post-freeze payout window. * `stake_not_returned`: Stake was not returned during the expected post-freeze payout window. * `voting`: Governance offers with ≥50% approval remain unvoted by this validator. * `voting_ok`: All actionable governance offers have been voted on (no outstanding votes). * `initial_sync_completed`: Initial blockchain sync finished successfully. * `shard_collators_offline`: All registered collators for at least one shard are offline. * `shard_collators_ok`: Collators for previously offline shards reported back online. # Backup (/blockchain-basics/nodes/cpp/mytonctrl/backups) <Aside type="caution"> Exporting and restoring backups exposes private keys and validator configuration. Keep backups securely. </Aside> ## Operational notes [#operational-notes] * Backups capture MyTonCtrl data, validator config, and keyring files. Always store backup archives securely (they contain private keys). * Restoration overwrites existing configuration. Ensure the donor node is offline before restoring its backup to avoid data divergence. * Both scripts expect `sudo` or equivalent privileges when manipulating system files. Use the `-u` flag to match the original install user if necessary. ## Validator automated backups [#validator-automated-backups] To enable automated backups (only in `validator` mode), call `set auto_backup true` on the MyTonCtrl console. These backups will be performed immediately after the node participates in the elections, ensuring that all data needed for the upcoming validation cycle is preserved. By default, automated backups are saved to `/tmp/mytoncore/auto_backups/`. Call `set auto_backup_path <path>` to change this path. Automated backups older than 7 days are deleted automatically. ## Standby node [#standby-node] It is recommended to maintain at least one standby node that can take over validation duties if the main machine fails. The standby machine should be hosted at a different physical location/ISP. It should have MyTonCtrl installed in full node mode and be synchronized with the TON Blockchain network. Hardware sizing should match main validator configuration. Use `create_backup` and `restore_backup` commands described below to transfer validator config to the standby machine. Before transferring the validator configuration to the standby machine, make sure to stop or disable the TON node on the donor machine for approximately 20 minutes. Failure to follow this step may lead to connectivity issues and crashes on both the donor and target machines. Create and retain a backup of standby node's original configuration before applying or restoring a backup package from another machine. This backup is needed to revert the standby node back to standby mode. ## create\_backup [#create_backup] **Purpose:** Generate a compressed archive containing MyTonCtrl configuration, keyring, and validator data. **Syntax** ```mytonctrl create_backup [filename] [-u <user>] ``` **Behavior** * Creates a snapshot of the following data: * Node configuration file located at (`/var/ton-work/db/config.json`) * Node keyring found in (`/var/ton-work/db/keyring`) * Node liteserver and console keys stored in (`/var/ton-work/keys`) * MyTonCtrl configuration database and related files located at (`~/.local/share/mytoncore`) * Wallet and pool data * Validates the snapshot (ensures the config and database files deserialize) before compressing it into a `.tar.gz`; defaults to `mytonctrl_backup_<hostname>_<timestamp>.tar.gz` unless `filename` specified. * Sets archive ownership back to the requested user (`-u`) and removes the temporary snapshot when done, printing `create_backup - OK` or `... - Error` based on the helper script exit code. **Examples** ```mytonctrl create_backup create_backup mynode-backup-2024-05-01.tar -u validator ``` ## restore\_backup [#restore_backup] **Purpose:** Restore a previously created backup archive into the current node environment. **Syntax** ```mytonctrl restore_backup <filename> [-y] [--skip-create-backup] [-u <user>] ``` **Behavior** * Requires the backup archive filename. Optional flags: * `-y` skips the interactive confirmation prompt. * `--skip-create-backup` prevents MyTonCtrl from making a safety backup of the current state before restoring. * `-u <user>` runs the restore operations as the specified system user (defaults to the current user). * Unless `--skip-create-backup` passed, first runs `create_backup` so the state can be rolled back if the restore fails. * Stops `validator` and `mytoncore` services, and restores data from the backup, except for IP address, which will be updated accordingly. * On success, reloads MyTonCtrl’s local database, reinstalls BTC Teleport if validator mode is active, prints `restore_backup - OK`, and exits so MyTonCtrl can be restarted with the restored state. **Examples** ```mytonctrl restore_backup mynode-backup-2024-05-01.tar restore_backup mynode-backup-2024-05-01.tar -y --skip-create-backup -u validator ``` # BTC Teleport (/blockchain-basics/nodes/cpp/mytonctrl/btc-teleport) ## Operational notes [#operational-notes] * Teleport installation happens automatically when validator mode is enabled unless `btcTeleportDisabled` is set. Use these commands to check governance participation or clean up. * Voting attaches 1.5 TON from the validator wallet. Ensure the wallet has sufficient balance before sending votes. * The module caches proposals it has voted on (`saveOffersBtcTeleport`) to avoid duplicate submissions. ## `remove_btc_teleport` [#remove_btc_teleport] **Purpose:** Uninstall the Teleport binaries, keystore, and system service. **Syntax** ```mytonctrl remove_btc_teleport [--force] ``` <Caution> `--force` removes Teleport binaries and service configuration. Risk: loss of Teleport state; service downtime. Scope: this node’s Teleport installation (binaries, keystore, systemd unit). Rollback/Mitigation: reinstall Teleport or restore from a backup of `/usr/src/ton-teleport-btc-periphery` and related configs. Environment: applies to both TON Testnet and TON Mainnet nodes. </Caution> **Behavior** * Runs `scripts/remove_btc_teleport.sh` to delete the Teleport repository (`/usr/src/ton-teleport-btc-periphery`), keystore, and systemd service. * By default, it refuses to run if the validator is currently a masterchain participant. Use `--force` only when the node is not producing masterchain blocks or after exiting the validator set. * Prints an error if the removal script fails. **Example** ```mytonctrl remove_btc_teleport --force ``` # Collator (/blockchain-basics/nodes/cpp/mytonctrl/collator) ## Operational notes [#operational-notes] * Collator mode cannot be enabled while validator mode is active (`enable_mode collator` requires `disable_mode validator` first). * `setup_collator` relies on validator-console RPCs and the underlying node arguments; ensure `mytoninstaller` utilities are present and the node runs with permissions to edit `/etc/ton/validator-engine.conf`. * Shard identifiers follow TON conventions: `workchain` is `-1` for masterchain or `0` for basechain, and `<SHARD_HEX>` must be a 16-character hex prefix (e.g., `2000000000000000`). * Keep your validator wallet and ADNL keys backed up. Removing collators will delete console mappings, but does not revoke keys created with `CreateNewKey`. ## Collator lifecycle commands [#collator-lifecycle-commands] ### `setup_collator` [#setup_collator] **Purpose:** Register a local collator for one or more shards and update node arguments accordingly. **Syntax** ```mytonctrl setup_collator [--force] [--adnl <ADNL_ID>] <WORKCHAIN>:<SHARD_HEX> [<ADDITIONAL_SHARDS>...] ``` **Behavior** * Requires at least one shard identifier in `<WORKCHAIN>:<SHARD_HEX>` format (for example `0:2000000000000000`). * Creates a new ADNL key automatically unless you pass an existing one with `--adnl` (value must be base64 as returned by `newkey`). * Ensures `--add-shard` entries exist in the validator-engine arguments. When the node already monitors shards and `-M` is enabled, the command verifies coverage. Use `--force` to bypass this safety check if you intentionally widen monitoring. * Calls the validator console (`add-collator`) for each shard and appends the necessary node arguments via `mytoninstaller set_node_argument`. * Logs follow-up commands (`add_collator <ADNL> <SHARD>`) that validators should run to accept the collator. **Example** ```mytonctrl setup_collator 0:2000000000000000 0:4000000000000000 ``` ### `stop_collator` [#stop_collator] **Purpose:** Remove one collator or all local collators from validator-console tracking. **Syntax** ```mytonctrl stop_collator stop_collator <ADNL_HEX> <WORKCHAIN>:<SHARD_HEX> ``` **Behavior** * Without arguments: prompts for confirmation, then deletes every local collator by iterating over the validator configuration. * With specific arguments, targets a single collator. `<ADNL_HEX>` must be the hex-encoded ADNL ID (as shown by `print_local_collators`). * Issues `del-collator` commands to the validator console and reports errors if any removal fails. **Examples** ```mytonctrl stop_collator stop_collator 2F3C7A...B91 0:2000000000000000 ``` ### `print_local_collators` [#print_local_collators] **Purpose:** List the collators currently registered on this node. **Syntax** ```mytonctrl print_local_collators ``` **Behavior** * Reads the validator configuration and prints a table with each collator’s ADNL (hex) and shard identifier. * Returns “No collators found” when none are configured. ## Collation allowlist management [#collation-allowlist-management] ### `add_validator_to_collation_wl` [#add_validator_to_collation_wl] **Purpose:** Enable and populate the validator allowlist that is allowed to receive collated blocks. **Syntax** ```mytonctrl add_validator_to_collation_wl <ADNL_HEX> [<ADDITIONAL_ADNL>...] ``` **Behavior** * Ensures the allowlist is active (`collator-whitelist-enable 1`) and then adds each ADNL (hex) via `collator-whitelist-add`. * Throws an error if the validator console rejects any entry. * Accepts one or more ADNL IDs in a single invocation. **Example** ```mytonctrl add_validator_to_collation_wl 2F3C7A...B91 6AD1CE...004 ``` ### `delete_validator_from_collation_wl` [#delete_validator_from_collation_wl] **Purpose:** Remove validators from the allowlist. **Syntax** ```mytonctrl delete_validator_from_collation_wl <ADNL_HEX> [<ADDITIONAL_ADNL>...] ``` **Behavior** * Calls `collator-whitelist-del` for each provided ADNL (hex) and raises an error if any deletion fails. * Does not disable the allowlist itself; use `disable_collation_wl` for that. **Example** ```mytonctrl delete_validator_from_collation_wl 6AD1CE...004 ``` ### `disable_collation_wl` [#disable_collation_wl] **Purpose:** Turn off the allowlist, allowing any validator to accept blocks. **Syntax** ```mytonctrl disable_collation_wl ``` **Behavior** * Sends `collator-whitelist-enable 0` to the validator console. * Requires no arguments; prints an error if the console command fails. ### `print_collation_whitelist` [#print_collation_whitelist] **Purpose:** Show the current contents of the collation allowlist as reported by the validator console. **Syntax** ```mytonctrl print_collation_whitelist ``` **Behavior** * Runs `collator-whitelist-show` and outputs the raw console response, including whether the allowlist is enabled and the listed ADNL IDs. ## Collator configuration JSON commands [#collator-configuration-json-commands] ### `set_collation_config` [#set_collation_config] **Purpose:** Store the preferred collator options JSON location and apply it to the validator console. **Syntax** ```mytonctrl set_collation_config <PATH_OR_URL> ``` **Behavior** * Accepts either a local filesystem path or an HTTP(S) URL returning JSON. * Fetches and validates the document, saves the location to the MyTonCtrl database, and calls `setcollatoroptionsjson` on the validator console using a temporary file. * Reports detailed errors if the file cannot be loaded or the console rejects the update. **Example** ```mytonctrl set_collation_config https://raw.githubusercontent.com/ton-blockchain/ton-blockchain.github.io/main/default_collator_options.json ``` ### `update_collation_config` [#update_collation_config] **Purpose:** Reapply the stored collator options without changing the source location. **Syntax** ```mytonctrl update_collation_config ``` **Behavior** * Reads the previously saved location (defaulting to `https://raw.githubusercontent.com/ton-blockchain/ton-blockchain.github.io/main/default_collator_options.json` if none was set). * Downloads the JSON again and calls `setcollatoroptionsjson` so changes on the remote source take effect. ### `print_collation_config` [#print_collation_config] **Purpose:** Display the current collator options location and the validator console’s active configuration. **Syntax** ```mytonctrl print_collation_config ``` **Behavior** * Prints the remembered location, fetches the live configuration with `getcollatoroptionsjson`, and shows the JSON payload formatted for readability. * Useful for verifying whether a recent `set_collation_config` or `update_collation_config` call succeeded. # Core (/blockchain-basics/nodes/cpp/mytonctrl/core) ## about [#about] **Purpose:** Show a mode's description, whether it is currently enabled, and the settings that belong to the mode. **Syntax** ```mytonctrl about <mode_name> ``` **Behavior** * Accepts exactly one mode name from: `validator`, `nominator-pool`, `single-nominator`, `liquid-staking`, `liteserver`, `collator`, `alert-bot`, `prometheus`. * Fails with a clear message if the mode name is unknown. * Prints a header, the human-readable mode description, and the current enablement status. * Lists every setting attached to the mode, including a short description and the default value. When a mode has no dedicated settings, the command explicitly states that. **Available modes** | Mode | Description | | ------------------ | ---------------------------------------------------------------------- | | `validator` | Validator functions. Activates participating in elections and staking. | | `nominator-pool` | Standard nominator pools. | | `single-nominator` | Orbs' single nominator pools. | | `liquid-staking` | Liquid staking controllers. | | `liteserver` | For liteserver usage only without validator. | | `collator` | Blocks collator-only module. | | `alert-bot` | Telegram bot alerts | | `prometheus` | Prometheus format data exporter | **Example** ```mytonctrl about validator ``` ## benchmark [#benchmark] **Purpose:** Measure local disk performance to verify the node meets TON validator requirements. **Syntax** ```mytonctrl benchmark ``` **Behavior** * Runs a bundled benchmark script with elevated privileges. The script executes two I/O scenarios (random 4K with queue depths 64 and 1) and a RocksDB stress test. * The run takes up to \~200 seconds; the console blocks until completion. * Results are printed as a table with read/write throughput, IOPS, and RocksDB random operations. On failure, the command prints the captured error log. ## disable\_mode [#disable_mode] **Purpose:** Deactivate one of the pluggable modes (validator, nominator-pool, single-nominator, liquid-staking, liteserver, collator, alert-bot, prometheus). **Syntax** ```mytonctrl disable_mode <mode_name> ``` **Behavior** * Turns the selected mode off and persists the change immediately. Valid mode names: `validator`, `nominator-pool`, `single-nominator`, `liquid-staking`, `liteserver`, `collator`, `alert-bot`, `prometheus`. * Refuses to run when the mode name is unknown or when the mode’s own safety checks disallow disabling it (for example, modules may prevent leaving the validator network while critical processes are active). * After a successful change, the console session exits so that dependent services can restart with the new configuration. **Example** ```mytonctrl disable_mode liteserver ``` ## enable\_mode [#enable_mode] **Purpose:** Activate a mode that is currently disabled. **Syntax** ```mytonctrl enable_mode <mode_name> ``` **Behavior** * Validates the requested mode, enforces dependency rules, and enables supplementary components when required. Valid mode names: `validator`, `nominator-pool`, `single-nominator`, `liquid-staking`, `liteserver`, `collator`, `alert-bot`, `prometheus`. Examples: enabling `validator` forces `liteserver` to be disabled first; enabling `liquid-staking` makes sure the TON HTTP API is configured; enabling `validator` automatically installs BTC Teleport unless you disabled it via settings. * Persists the change right away and terminates the console session once the command finishes. **Example** ```mytonctrl enable_mode validator ``` ## Settings commands [#settings-commands] **Purpose:** Manage MyTonCtrl configuration values and review their current state. ### `get` [#get] **Syntax** ```mytonctrl get <setting-name> ``` **Behavior** * Reads the requested setting from the local database and prints it as pretty-printed JSON. * Accepts any supported setting key (see list below); unknown keys return `null`. * Strings, numbers, booleans, and objects are displayed exactly as stored. **Example** ```mytonctrl get sendTelemetry ``` ### `set` [#set] **Syntax** ```mytonctrl set <setting-name> <setting-value> [--force] ``` **Behavior** * Updates a stored setting. Values are parsed as JSON when possible; otherwise, the raw string is saved. * Validates that the key exists and that its parent mode is enabled. Use `--force` to bypass these checks when preparing a configuration ahead of enabling a mode or when intentionally writing custom keys. * Rejects deprecated aliases such as `usePool` and `useController` and points you to `enable_mode` instead. * Saves immediately and backs up the database on each change. **Examples** ```mytonctrl set auto_backup true set liquid_pool_addr "0:abc123..." set auto_backup_path /mnt/backups --force ``` ### `status_settings` [#status_settings] **Syntax** ```mytonctrl status_settings ``` **Behavior** * Prints a table listing every supported setting alongside its description, owning mode, default value, and the active value stored in the local database. * Useful for auditing overrides before upgrades or for verifying configuration after scripted changes. ### Supported settings [#supported-settings] * **`stake`** (mode `validator`, default `null`) — Stake amount submitted during elections when defined. * **`stakePercent`** (mode `validator`, default `99`) — Percentage of the validator wallet to stake when `stake` is not provided. * **`isSlashing`** (mode `validator`, default `null`) — Enables automatic complaint submission against misbehaving validators. * **`validatorWalletName`** (mode `validator`, default `wallet_001`) — Local wallet identifier used for validator operations. * **`maxFactor`** (mode `validator`, default `null`) — Overrides the `maxFactor` sent to the Elector; falls back to config 17 when unset. * **`participateBeforeEnd`** (mode `validator`, default `null`) — Seconds before the round end when the validator should join elections. * **`liquid_pool_addr`** (mode `liquid-staking`, default `null`) — Address of the liquid staking pool used for controller operations. * **`min_loan`** (mode `liquid-staking`, default `41000`) — Minimum loan size in nanoTON for liquid staking borrowing. * **`max_loan`** (mode `liquid-staking`, default `43000`) — Maximum loan size in nanoTON for liquid staking borrowing. * **`max_interest_percent`** (mode `liquid-staking`, default `10`) — Interest ceiling (percent) applied to liquid staking loans. * **`duplicateSendfile`** (mode `null`, default `true`) — Duplicates external messages to public lite servers for redundancy. * **`sendTelemetry`** (mode `null`, default `true`) — Enables periodic telemetry submission to TON community services. * **`telemetryLiteUrl`** (mode `null`, default `https://telemetry.toncenter.com/report_status`) — Endpoint used when telemetry is enabled. * **`overlayTelemetryUrl`** (mode `null`, default `https://telemetry.toncenter.com/report_overlays`) — Endpoint for overlay network telemetry reports. * **`duplicateApi`** (mode `null`, default `sendTelemetry`) — Controls whether to forward external messages via TON Center; default follows the `sendTelemetry` flag. * **`duplicateApiUrl`** (mode `null`, default `https://[testnet.]toncenter.com/api/v2/sendBoc`) — API endpoint used when `duplicateApi` is active. * **`checkAdnl`** (mode `null`, default `sendTelemetry`) — Checks local UDP port and ADNL connectivity; default follows the `sendTelemetry` flag. * **`liteclient_timeout`** (mode `null`, default `3`) — Default timeout, in seconds, for lite-client calls. * **`console_timeout`** (mode `null`, default `3`) — Default timeout, in seconds, for validator console interactions. * **`fift_timeout`** (mode `null`, default `3`) — Default timeout, in seconds, for Fift executions. * **`useDefaultCustomOverlays`** (mode `null`, default `true`) — Joins the predefined custom overlays when the node is eligible. * **`defaultCustomOverlaysUrl`** (mode `null`, default `https://ton-blockchain.github.io/fallback_custom_overlays.json`) — Source for the fallback custom overlay configuration. * **`debug`** (mode `null`, default `false`) — Enables verbose console debugging with Python tracebacks. * **`subscribe_tg_channel`** (mode `validator`, default `false`) — Suppresses reminders about subscribing to the TON STATUS Telegram channel. * **`auto_backup`** (mode `validator`, default `null`) — Enables automatic validator backups every election when set truthy. * **`auto_backup_path`** (mode `validator`, default `/tmp/mytoncore/auto_backups/`) — Destination folder for automatic backups. * **`prometheus_url`** (mode `prometheus`, default `null`) — Pushgateway URL for Prometheus metrics. * **`onlyNode`** (mode `null`, default `null`) — When true, restricts MyTonCtrl to telemetry collection without elections. * **`importGc`** (mode `null`, default `null`) — When enabled, removes imported archive block files after use; requires MyTonCtrl restart. * **`btcTeleportDisabled`** (mode `validator`, default `false`) — Prevents automatic BTC Teleport installation during validator setup. ## installer [#installer] **Purpose:** Launch the MyTonInstaller utility from inside MyTonCtrl. **Syntax** ```mytonctrl installer installer <installer_command> [installer_args...] ``` **Behavior** * With no arguments, opens the interactive MyTonInstaller console so you can walk through node provisioning tasks. * When you pass arguments, MyTonCtrl forwards them to MyTonInstaller’s `-c` command mode. This lets you trigger individual installer actions without entering the interactive shell. Arguments are concatenated into a single command string and executed exactly as if you had typed them into MyTonInstaller. * Common quick commands include `installer clcf` (create a local config file), `installer status`, or `installer enable JR` (enable JSON-RPC support). **Examples** ```mytonctrl installer installer clcf installer enable THA ``` ## rollback [#rollback] **Purpose:** Revert MyTonCtrl to the legacy `MTC1` configuration format. **Syntax** ```mytonctrl rollback ``` **Behavior** * Prompts for confirmation before running because the operation is destructive and intended for recovery scenarios only. * Restores the old `usePool`/`useController` flags in the local database, removes the new `modes` map, and runs the bundled rollback migration script. * On success, the console exits so you can restart MyTonCtrl with the downgraded layout. ## status [#status] **Purpose:** Display a full health report for the node. **Syntax** ```mytonctrl status status fast ``` **Behavior** * Without arguments, the command aggregates live data from the validator, lite-client, system metrics, and Git repositories. It prints: * Network overview: network name, validator participation counts, shard count, outstanding offers/complaints, current election status. * Local node metrics: validator index and efficiency, ADNL addresses, wallet balances, CPU/memory/swap/disk utilization, network throughput, service uptimes (mytoncore, validator, `btc_teleport` when applicable), virtualization detection, version information for MyTonCtrl, TON binaries, and optional BTC Teleport. * Additional election metadata for validator nodes, including config parameters and the expected validation/election timeline. * `status fast` skips remote calls that enumerate validators and offers, which is useful on constrained connections or when you only need the local section. * If the node is out of sync, the report focuses on local health and prints warnings instead of global network data. **Examples** ```mytonctrl status status fast ``` ## status\_modes [#status_modes] **Purpose:** Review the enablement state of every mode. **Syntax** ```mytonctrl status_modes ``` **Behavior** * Prints a table with mode names, whether each is enabled, and a one-line description. Modes reported: `validator`, `nominator-pool`, `single-nominator`, `liquid-staking`, `liteserver`, `collator`, `alert-bot`, `prometheus`. * Covers core modes (validator, liteserver, nominator-pool, single-nominator) and optional services (alert-bot, prometheus, collator, liquid-staking) so you can review the full stack at once. * Handy for auditing which modules are active before enabling or disabling more features. ## update [#update] **Purpose:** Update the MyTonCtrl codebase. **Syntax** ```mytonctrl update update <branch> update https://github.com/<author>/<repo>/tree/<branch> update https://github.com/<author>/<repo>/tree/<branch> <branch> ``` **Behavior** * With no arguments, pulls the latest commits for the repository and branch currently checked out under `/usr/src/mytonctrl`. * Supplying a branch name switches the update target to that branch on the existing remote. * Supplying a full GitHub URL lets you update from a different fork or repository. You can add a trailing branch argument to override the branch parsed from the URL. * The command validates that the requested branch exists remotely before running. If you are already tracking a non-standard origin or branch, MyTonCtrl asks you to specify the remote explicitly. * Runs the bundled `update.sh` script with root privileges and exits the console when it completes. Success and failure are clearly reported. **Examples** ```mytonctrl update update develop update https://github.com/example/mytonctrl/tree/feature-x feature-x ``` ## upgrade [#upgrade] **Purpose:** Update TON node binaries and supporting components. **Syntax** ```mytonctrl upgrade [<branch>] upgrade --btc-teleport [<branch>] [-u <user>] ``` **Behavior** * By default, upgrades the TON sources located in `/usr/src/ton` to the specified branch (or the currently checked-out branch when none is provided). The command fixes legacy file paths, updates lite-client and validator-console settings, checks your installed Clang version, and warns if it is older than 16 before continuing. * After the TON build completes, validator nodes automatically refresh the BTC Teleport service unless you disabled it through settings. * The `--btc-teleport` variant reinstalls or updates only the BTC Teleport service. You can optionally provide a branch to fetch (defaults to `master`) and `-u <user>` to control which system user owns the service. * All operations run through the `upgrade.sh` helper with elevated privileges. The command prints `Upgrade - OK` or `Upgrade - Error` based on the exit status. **Examples** ```mytonctrl upgrade upgrade develop upgrade --btc-teleport upgrade --btc-teleport release-2024-05 -u teleport ``` # Custom overlays (/blockchain-basics/nodes/cpp/mytonctrl/custom-overlays) ## Operational notes [#operational-notes] * Overlays require MyTonCtrl to run in `validator` mode with an accessible validator console; the commands rely on console RPCs (`addcustomoverlay`, `showcustomoverlays`, `delcustomoverlay`). * Keep ADNL IDs in the configuration consistent with the node’s current validator keys. The helper refuses to deploy static overlays when the node lacks the necessary IDs. * Dynamic overlays are re-evaluated each election. MyTonCtrl automatically removes stale overlays tied to old election IDs and creates new ones as rounds roll over. ## add\_custom\_overlay [#add_custom_overlay] **Purpose:** Register a custom overlay configuration and deploy it to the validator console. **Syntax** ```mytonctrl add_custom_overlay <overlay-name> <path-to-config> ``` **Behavior** * `<overlay-name>` is an arbitrary label used inside MyTonCtrl and as the validator-console overlay name. * `<path-to-config>` must point to a JSON file describing overlay nodes. Each key is an ADNL address (hex) and each value specifies whether the node is a `block_sender` or `msg_sender` (`msg_sender` entries may include a `msg_sender_priority`). * Configuration files can include an `@validators` key to denote dynamic overlays. In that case, MyTonCtrl stores the config and schedules validator-console updates for the current and next election rounds. * Static overlays are converted immediately via `addcustomoverlay` and require that your node owns the listed ADNL IDs; otherwise, the command prints an error. * MyTonCtrl caches the config in its database, so overlays persist across restarts. **Example** ```mytonctrl add_custom_overlay telemetry-overlay /etc/mytonctrl/overlays/telemetry.json ``` ### Sample config structure [#sample-config-structure] ```json { "3b53...d1": { "block_sender": true }, "@validators": ["0a1f...bc", "292e...7a"], "7c9d...4e": { "msg_sender": true, "msg_sender_priority": 5 } } ``` * Keys other than `@validators` must be ADNL IDs in hex form. * For `msg_sender` entries, set `msg_sender` to `true` and optionally include `msg_sender_priority` (higher numbers mean higher priority). * Include `@validators` only when you want the overlay to track the current validator set automatically. ## list\_custom\_overlays [#list_custom_overlays] **Purpose:** Inspect every overlay definition stored by MyTonCtrl. **Syntax** ```mytonctrl list_custom_overlays ``` **Behavior** * Prints each overlay name and the JSON configuration saved in the local database. * Highlights whether an overlay is dynamic (`@validators` present) or static. * Helpful for auditing definitions before deploying them on another node. ## delete\_custom\_overlay [#delete_custom_overlay] **Purpose:** Remove a stored overlay and, when possible, detach it from the validator console. **Syntax** ```mytonctrl delete_custom_overlay <overlay-name> ``` **Behavior** * Deletes `<overlay-name>` from the MyTonCtrl database. * If the overlay was dynamic (tracked via `@validators`), the validator console updates within \~1 minute to remove it automatically. * For static overlays, MyTonCtrl issues `delcustomoverlay <overlay-name>` so the validator console stops broadcasting it immediately. If the console rejects the operation, the command reports an error so you can intervene manually. **Example** ```mytonctrl delete_custom_overlay telemetry-overlay ``` # Installer (/blockchain-basics/nodes/cpp/mytonctrl/installer) Run these commands from the installer context of mytonctrl: ```mytonctrl MyTonCtrl> installer Installer> ``` ## status [#status] **Purpose:** Inspect whether required TON services and credentials are in place, and review the current node arguments. **Syntax** ```mytonctrl status ``` **Behavior** * Checks for the presence of validator, mytoncore, console, and liteserver artifacts under `/var/ton-work` and reports each as enabled/disabled. * Loads the active node argument list (from `set_node_argument`) and prints every flag with its stored values. * Does not modify any files, making it safe to rerun as a health check. ## set\_node\_argument [#set_node_argument] **Purpose:** Add, update, or remove TON validator/validator-engine command-line arguments. **Syntax** ```mytonctrl set_node_argument <arg-name> [arg-value] [-d] ``` **Behavior** * Requires at least the argument name (for example, `--archive-ttl`, `-M`, `--add-shard`). * When additional values are provided, they are concatenated and passed to the helper script `set_node_argument.py`, which edits `/etc/ton/validator-engine.conf`-style settings. * Use `-d` as the final flag to delete the argument instead of setting a value. * Runs with root privileges to ensure the validator configuration is writable. **Examples** ```mytonctrl set_node_argument --archive-ttl 86400 set_node_argument --add-shard 0:2000000000000000 0:a000000000000000 set_node_argument --archive-ttl -d ``` ## enable [#enable] **Purpose:** Provision or activate bundled components such as the validator console, liteserver, or auxiliary services. **Syntax** ```mytonctrl enable <code> ``` **Behavior** * Accepts one of the codes listed below and invokes the corresponding setup routine through `mytoninstaller -e enable<code>`. * If you enable the TON HTTP API (`THA`), the installer first generates a local liteserver config by running `clcf` automatically. * All routines run with elevated privileges because they create system users, service units, configuration files, or keys. **Supported codes** | Code | Component | Purpose | Key tasks | | ----- | -------------------- | ------------------------------------------------------------------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | `FN` | First node bootstrap | Prepare a fresh validator environment so MyTonCtrl can manage a node end-to-end. | Creates the validator system user, installs the validator engine as a systemd service, generates the initial `config.json`, downloads blockchain dumps, and performs the first validator start. | | `VC` | Validator console | Provide secure CLI access to the validator engine for MyTonCtrl and operators. | Generates server/client key pairs, wires them into `validator.config.json`, updates MyTonCore with console credentials, and restarts validator + MyTonCore to apply. | | `LS` | liteserver | Enable the local liteserver endpoint used by tooling and APIs. | Creates liteserver keys, registers them in `validator.config.json`, updates MyTonCore’s lite-client section, and restarts services to expose the port locally. | | `DS` | DHT server | Run a standalone DHT node so the validator can advertise itself through the ADNL network. | Installs and enables the TON DHT service, provisions keys, selects public ports, generates/prints the ADNL address list, and starts the daemon under systemd. | | `JR` | JSON-RPC frontend | Install [MyTonCtrl’s JSON-RPC bridge](https://github.com/igroman787/mtc-jsonrpc) for programmatic control. | Executes `jsonrpcinstaller.sh` with root privileges to deploy the service, wiring it for the current node user. | | `THA` | TON HTTP API | Expose the [TON HTTP API](https://github.com/toncenter/ton-http-api) backed by the local liteserver for REST-like access. | Generates a fresh liteserver config when needed and runs `ton_http_api_installer.sh` to install and configure the HTTP API service. | | `LSP` | ls-proxy | Proxy the liteserver connection for safer remote access and load balancing. | Installs the ls-proxy binary, creates a systemd unit, bootstraps the config with local liteserver credentials, and starts the proxy service. | | `TS` | TON Storage | Provide local TON Storage capabilities for block archives and state downloads. | Deploys `tonutils-storage`, configures public UDP/API ports and external IP, persists the config, registers connectivity details in MyTonCore, and starts the storage daemon. | **Example** ```mytonctrl enable FN ``` ## update [#update] **Purpose:** Rerun enablement routines for installed components to pull updates or repair their configuration. **Syntax** ```mytonctrl update <code> ``` **Behavior** * Shares the same code list and internal handler as `enable`, but intended for repeat executions when you need to refresh binaries or regenerate configs (for example, after package updates). * `update JR` is the common shorthand for reinstalling or updating the JSON-RPC service. * Requires the same elevated privileges as `enable` because it delegates to the same installer events. **Example** ```mytonctrl update JR ``` ## plsc [#plsc] **Purpose:** Print the current liteserver configuration JSON. **Syntax** ```mytonctrl plsc ``` **Behavior** * Reads the configuration produced by `GetLiteServerConfig` (typically `/usr/bin/ton/local.config.json`) and prints it as pretty JSON. * Useful for verifying that liteserver keys, ports, and peers match expectations after running `enable LS` or `clcf`. ## clcf [#clcf] **Purpose:** Create or refresh the liteserver local configuration file. **Syntax** ```mytonctrl clcf [-u <user>] ``` **Behavior** * Fetches the latest init block via TON API; if unavailable, falls back to the bundled `global.config.json`. * Base64-encodes the init block and invokes `mytoninstaller -e clc -i <base64>` under the specified user (defaults to the installer’s current user). * Writes `/usr/bin/ton/local.config.json` and related liteserver files so that services like TON HTTP API can start. **Examples** ```mytonctrl clcf clcf -u validator ``` ## print\_ls\_proxy\_config [#print_ls_proxy_config] **Purpose:** Display the active ls-proxy configuration file. **Syntax** ```mytonctrl print_ls_proxy_config ``` **Behavior** * Reads `/var/ls_proxy/ls-proxy-config.json` (via `get_ls_proxy_config`) and prints it in formatted JSON. * Allows quick inspection of proxy targets after running `enable LSP`. ## create\_ls\_proxy\_config\_file [#create_ls_proxy_config_file] **Purpose:** Placeholder for generating an ls-proxy config file. **Syntax** ```mytonctrl create_ls_proxy_config_file ``` **Behavior** * Outputs `TODO` because the implementation is not there yet. * Use `print_ls_proxy_config` or edit `/var/ls_proxy/ls-proxy-config.json` manually until this command is implemented. ## `drvcf` [#drvcf] **Purpose:** Rebuild `config.json` for the validator engine using existing key material (dangerous recovery). **Syntax** ```mytonctrl drvcf ``` **Behavior** * Calls `DangerousRecoveryValidatorConfigFile`, which scans `/var/ton-work/db/keyring`, recent election dumps, and mytoncore settings to reconstruct validator, liteserver, control, DHT, and ADNL entries. * Prints the reconstructed configuration and any unused keys so you can review the output before applying it manually. * Intended for disaster recovery scenarios; it does not overwrite files automatically. ## setwebpass [#setwebpass] **Purpose:** Set or change the password for the MyTonCtrl web administration (JSON-RPC) interface. **Syntax** ```mytonctrl setwebpass ``` **Behavior** * Runs `/usr/src/mtc-jsonrpc/mtc-jsonrpc.py -p`, prompting for the new password and updating the credential store. * No arguments are accepted; rerun whenever you need to rotate web admin credentials. # Liquid staking (/blockchain-basics/nodes/cpp/mytonctrl/liquid-staking) ## Operational notes [#operational-notes] * Liquid staking controllers rely on the validator wallet and liquid pool contracts. Keep the wallet funded and the pool address (`liquid_pool_addr`) set via `set liquid_pool_addr <address>` before deploying controllers. * Pending withdrawals are stored in the local database when a controller is busy (non-zero `state`). MyTonCtrl processes them automatically as soon as the controller returns to the ready state. * The jetton pool contracts must be available under `/usr/src/mytonctrl/contracts/jetton_pool/`. The first run of `create_controllers` downloads them if necessary. * Commands interacting with the TON HTTP API assume the service listens on `127.0.0.1:8801` (the default when this mode is enabled). ## Controller deployment and discovery [#controller-deployment-and-discovery] ### `create_controllers` [#create_controllers] **Purpose:** Deploy the two standard controllers for the configured liquid staking pool if they are missing or outdated. **Syntax** ```mytonctrl create_controllers ``` **Behavior** * Compares the controller addresses returned by the pool (`GetControllers`) with the addresses stored in the local database. * If they differ, downloads the jetton pool deployment scripts (on first run), signs the deployment BoCs with the validator wallet, and sends them to the liquid pool with a small attach value. * Stores the newly active controllers under `using_controllers` so subsequent staking and voting commands target the fresh contracts. ### `update_controllers` [#update_controllers] **Purpose:** Re-run the controller deployment workflow to synchronize with changes on the pool side. **Syntax** ```mytonctrl update_controllers ``` **Behavior** * Alias for `create_controllers`; useful after pool upgrades or migration, forcing MyTonCtrl to redeploy controllers when the contract-address mapping changes. ### `controllers_list` [#controllers_list] **Purpose:** Inspect every controller list tracked locally. **Syntax** ```mytonctrl controllers_list ``` **Behavior** * Prints tables for the active (`using`), newly detected, previously used (`old`), and user-specified controller lists. * Each entry includes address, on-chain status, balance, approval flag, and controller state as reported by `get_validator_controller_data`. * Allows operators to verify whether a controller is approved, funded, or stopped. ### `add_controller` [#add_controller] **Purpose:** Mark an additional controller address as user-managed so MyTonCtrl considers it for operations. **Syntax** ```mytonctrl add_controller <controller-addr> ``` **Behavior** * Adds `<controller-addr>` to the `user_controllers` list and removes it from the stop list if present, enabling future staking or updates through MyTonCtrl. * Accepts base64 controller addresses. **Example** ```mytonctrl add_controller EQDf...9A ``` ## Funding and withdrawals [#funding-and-withdrawals] ### `deposit_to_controller` [#deposit_to_controller] **Purpose:** Top up a controller contract with Toncoin from the validator wallet. **Syntax** ```mytonctrl deposit_to_controller <controller-addr> <amount-ton> ``` **Behavior** * Signs the `top-up.boc` script with the validator wallet and sends `<amount-ton>` TON to `<controller-addr>`. * Use decimal TON amounts; the command handles the nanoTON conversion internally. **Example** ```mytonctrl deposit_to_controller EQDf...9A 2000 ``` ### `withdraw_from_controller` [#withdraw_from_controller] **Purpose:** Withdraw funds from a controller back to the validator wallet. **Syntax** ```mytonctrl withdraw_from_controller <controller-addr> [amount-ton] ``` **Behavior** * Requests an immediate withdrawal when the controller state permits it; otherwise, it queues a pending withdrawal that is handled automatically later. * If `[amount-ton]` is omitted, MyTonCtrl withdraws nearly the entire balance (leaving \~10 TON to cover rent). **Examples** ```mytonctrl withdraw_from_controller EQDf...9A withdraw_from_controller EQDf...9A 750 ``` ### `stop_controller` [#stop_controller] **Purpose:** Flag a controller so MyTonCtrl stops using it for future staking operations. **Syntax** ```mytonctrl stop_controller <controller-addr> ``` **Behavior** * Adds `<controller-addr>` to the local stop list and removes it from the user or active lists. The contract remains on-chain but is ignored by automated workflows. **Example** ```mytonctrl stop_controller EQDf...9A ``` ### `stop_and_withdraw_controller` [#stop_and_withdraw_controller] **Purpose:** Stop a controller and withdraw its funds in a single step. **Syntax** ```mytonctrl stop_and_withdraw_controller <controller-addr> [amount-ton] ``` **Behavior** * Flags the controller as stopped (same as `stop_controller`). * Triggers a withdrawal for `[amount-ton]` TON; when omitted, withdraws almost the full balance (balance minus \~10.1 TON to keep the contract alive). **Example** ```mytonctrl stop_and_withdraw_controller EQDf...9A ``` ## Validator-set maintenance [#validator-set-maintenance] ### `controller_update_validator_set` [#controller_update_validator_set] **Purpose:** Refresh the validator set stored on a controller contract. **Syntax** ```mytonctrl controller_update_validator_set <controller-addr> ``` **Behavior** * Calls the controller’s `update_validator_set` method so it picks up the latest validator ADNL IDs from the pool. * Use after elections or whenever the pool indicates mismatched validator sets. **Example** ```mytonctrl controller_update_validator_set EQDf...9A ``` ### `check_liquid_pool` [#check_liquid_pool] **Purpose:** Scan recent liquid pool transactions and update controller validator sets automatically. **Syntax** ```mytonctrl check_liquid_pool ``` **Behavior** * Looks through the liquid pool’s account history, detects controller addresses interacting with the pool, and calls `controller_update_validator_set` for each detected controller. * Useful as a catch-up step after manual interventions or pool upgrades. ## Controller diagnostics [#controller-diagnostics] ### `get_controller_data` [#get_controller_data] **Purpose:** Dump the full controller status JSON for inspection. **Syntax** ```mytonctrl get_controller_data <controller-addr> ``` **Behavior** * Runs the controller’s `get_validator_controller_data` method and prints the resulting fields (for example: state, approval, borrowed amount, and stake timing). * Ideal for debugging controllers stuck in a non-zero state or verifying approval. **Example** ```mytonctrl get_controller_data EQDf...9A ``` ### `calculate_annual_controller_percentage` [#calculate_annual_controller_percentage] **Purpose:** Convert the per-round interest rate into an annualized percentage. **Syntax** ```mytonctrl calculate_annual_controller_percentage [percent-per-round] ``` **Behavior** * Uses the validators' election cycle length from config 15 to compute how many rounds fit into a year, and then scales the provided (or configured `max_interest_percent`) rate. * Prints intermediate values and the final yearly percentage. **Examples** ```mytonctrl calculate_annual_controller_percentage calculate_annual_controller_percentage 1.25 ``` ### `test_calculate_loan_amount` [#test_calculate_loan_amount] **Purpose:** Test the on-chain helper that calculates controller loan amounts. **Syntax** ```mytonctrl test_calculate_loan_amount ``` **Behavior** * Sends a local HTTP request to the TON HTTP API (`/runGetMethod`) using the configured loan parameters (`min_loan`, `max_loan`, `max_interest_percent`). * Prints the raw response (nanoTON value) used to size controller loans. # Overview (/blockchain-basics/nodes/cpp/mytonctrl/overview) MyTonCtrl is a tool to run and maintain a TON node (validators and liteservers). ## Install MyTonCtrl [#install-mytonctrl] Run the installer as the non-root operator who will manage the node. The command below fetches dependencies, downloads the script, and starts the interactive setup wizard: ```bash sudo apt update sudo apt install -y curl wget git ca-certificates python3-pip wget https://raw.githubusercontent.com/ton-blockchain/mytonctrl/master/scripts/install.sh sudo bash install.sh ``` The wizard walks you through hardware validation, TON binary installs, and MyTonCtrl configuration. Use flags to pre-select options or automate deployments: | Flag | What it does | Typical use | | ------------------------------------------------------------------------------------------------------------ | --------------------------------------------------------------- | ---------------------------------------------------------------------- | | `-d`, `--dump` | Downloads a packaged blockchain dump before first start. | Speeds up the initial sync (omit to sync from peers only). | | `-m`, `--mode validator\|liteserver\|collator` | Pre-enables the target mode. | Skip switching modes manually after install. | | `-n`, `--network mainnet\|testnet` | Switches global config URL and minimum hardware thresholds. | Point the node to testnet without editing configs later. | | `-t`, `--telemetry` | Disables telemetry uploads during install. | Comply with policies that forbid sharing validator stats. | | `-i`, `--ignore-reqs` | Ignores the CPU/RAM minimum check. | Lab hardware or cloud instances that fall below defaults. | | `-c <PATH>`, `--config <PATH>` | Supplies a custom `config.json` for TON installer steps. | Use a vetted mirror instead of the default URL. | | `-g <URL>`, `--node-repo <URL>` | Points the TON node build to a different Git repository. | Test patched node sources or mirror Git access. | | `-v <VERSION>`, `--node-version <VERSION>` | Pins the TON node to a branch, tag, or commit. | Lock to a specific release when validating upgrades. | | `-u <USER>`, `--user <USER>` | Forces the operator account that owns MyTonCtrl. | Keep ownership correct when running the script from automation. | | `-e <PATH>`, `--env-file <PATH>` | Loads installer parameters (see below) from an env file. | Pre-seed values like `ARCHIVE_TTL`, shard lists, or ports for CI jobs. | | `-a <AUTHOR>`, `--author <AUTHOR>`<br />`-r <REPO>`, `--repo <REPO>`<br />`-b <BRANCH>`, `--branch <BRANCH>` | Override the Git source for MyTonCtrl and installer scripts. | Test forks or feature branches. | | `-p <FILE>`, `--backup <FILE>` | Restore from a MyTonCtrl backup archive. | Reinstall on fresh hardware using an existing backup. | | `-o`, `--only-mtc` | Install only MyTonCtrl assets (requires `-p`). | Use to interact with a node remotely. | | `-l`, `--only-node` | Install only the TON node binaries and services. | Pair a fresh node with an existing MyTonCtrl instance elsewhere. | | `--print-env` | Prints the resolved install command and env values, then exits. | Dry-runs CLI answers before performing a real install. | | `-h`, `--help` | Prints installer help and exits. | Basic check of available options. | Leaving out `-m` and `-p` the installer in the interactive CLI, which prompts for network selection, telemetry, and mode enablement. ### Environment variables [#environment-variables] Set these variables before running `install.sh` (for example, `ARCHIVE_TTL=864000 sudo bash install.sh`) to preconfigure node behavior: | Variable | Effect | Notes | | ---------------- | ------------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------- | | `ARCHIVE_TTL` | Overrides the retention (in seconds) passed to `--archive-ttl`. | Defaults to `2592000` for liteserver mode and `86400` otherwise; set `-1` for effectively permanent retention. | | `STATE_TTL` | Sets `--state-ttl` and shortens the archive TTL by the same amount. | Use with `ARCHIVE_TTL` to keep a smaller state cache. | | `ADD_SHARD` | Adds one or more `--add-shard` arguments. | Provide shard IDs separated by spaces (for example `0:2000000000000000 0:a000000000000000`). | | `ARCHIVE_BLOCKS` | Downloads archive data via TON Storage during bootstrap. | Accepts a single block/UTC date or a range (`<from> <to>`); dates must be `YYYY-MM-DD`. | | `COLLATE_SHARD` | Configures collator shards during `collator` mode installs. | Space-separated shard IDs; defaults to `0:8000000000000000` if unset. | ## Command reference [#command-reference] | Reference | What it covers | | --------------------------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------- | | [Core Commands](/blockchain-basics/nodes/cpp/mytonctrl/core) | Everyday console operations: updating MyTonCtrl, enabling modes, viewing status, and managing settings. | | [Installer Commands](/blockchain-basics/nodes/cpp/mytonctrl/installer) | Running the MyTonInstaller module to configure node services, enable components, and adjust node arguments. | | [Wallet Commands](/blockchain-basics/nodes/cpp/mytonctrl/wallet) | Creating, importing, exporting, and funding wallets managed by MyTonCtrl. | | [Validator Commands](/blockchain-basics/nodes/cpp/mytonctrl/validator) | Election voting, complaint handling, efficiency checks, and collator registry management for validators. | | [Collator Commands](/blockchain-basics/nodes/cpp/mytonctrl/collator) | Configuring collator shards, allowlists, and JSON options when operating in collator mode. | | [Pool Commands](/blockchain-basics/nodes/cpp/mytonctrl/pools) | Deploying and operating nominator pools or Orbs single-nominator pools. | | [Liquid Staking Commands](/blockchain-basics/nodes/cpp/mytonctrl/liquid-staking) | Managing liquid staking controllers, validator-set refreshes, and loan calculations. | | [Custom Overlay Commands](/blockchain-basics/nodes/cpp/mytonctrl/custom-overlays) | Adding, listing, and removing custom overlays for validator-console telemetry. | | [Utilities Commands](/blockchain-basics/nodes/cpp/mytonctrl/utilities) | Account inspection, bookmark management, governance offer utilities, and validator list reporting. | | [Alerting Commands](/blockchain-basics/nodes/cpp/mytonctrl/alerting) | Configuring the MyTonCtrl alert bot, toggling alert keys, and testing notifications. | | [Backups Commands](/blockchain-basics/nodes/cpp/mytonctrl/backups) | Creating and restoring configuration backups, including keyring exports. | | [BTC Teleport Commands](/blockchain-basics/nodes/cpp/mytonctrl/btc-teleport) | Reviewing Teleport proposals, voting, and uninstalling the Teleport bundle. | ## Pick the right guide [#pick-the-right-guide] * **Provisioning a new node?** Start with [Setup MyTonCtrl](/blockchain-basics/nodes/cpp/setup-mytonctrl) and then use the [Core](/blockchain-basics/nodes/cpp/mytonctrl/core) and [Installer](/blockchain-basics/nodes/cpp/mytonctrl/installer) references for ongoing maintenance. * **Operating pools or liquid staking?** Combine the [Pools](/blockchain-basics/nodes/cpp/mytonctrl/pools) or [Liquid Staking](/blockchain-basics/nodes/cpp/mytonctrl/liquid-staking) guides with the relevant validator or wallet sections. * **Keeping eyes on production nodes?** Review [Alerting](/blockchain-basics/nodes/cpp/mytonctrl/alerting), [Backups](/blockchain-basics/nodes/cpp/mytonctrl/backups), and [Utilities](/blockchain-basics/nodes/cpp/mytonctrl/utilities) so you can monitor and recover your infrastructure quickly. ## Related resources [#related-resources] * [Setup MyTonCtrl](/blockchain-basics/nodes/cpp/setup-mytonctrl) * [Baseline install & sync checklist](/blockchain-basics/nodes/cpp/setup-mytonctrl#baseline-setup-install-and-sync) * [Official MyTonCtrl repository](https://github.com/ton-blockchain/mytonctrl) # Nominator pools (/blockchain-basics/nodes/cpp/mytonctrl/pools) ## Shared pool utilities [#shared-pool-utilities] ### `pools_list` [#pools_list] **Purpose:** Display every pool tracked locally along with its status on-chain. **Syntax** ```mytonctrl pools_list ``` **Behavior** * Queries the MyTonCtrl database for all pool descriptors stored under `/var/ton-work/pools`. * Resolves each pool’s smart-contract account status and balance; if an account is inactive, it falls back to the deployment (init) address. * Prints a table with columns `Name`, `Status`, `Balance`, `Version`, and `Address` so you can quickly audit which pools are deployed and funded. ### `import_pool` [#import_pool] **Purpose:** Register an existing pool by saving its address inside the local pools directory. **Syntax** ```mytonctrl import_pool <pool-name> <pool-addr> ``` **Behavior** * Accepts a local alias (`<pool-name>`) and the pool’s base64 (bounceable) smart-contract address. * Creates `<pool-name>.addr` in the pools directory so other commands (activation, deposits, withdrawals) can reference it. * Downloads the pool contract scripts on demand if they are not present yet. **Example** ```mytonctrl import_pool my-pool EQC02...fa8 ``` ### `delete_pool` [#delete_pool] **Purpose:** Remove the local metadata for a pool you no longer manage. **Syntax** ```mytonctrl delete_pool <pool-name> ``` **Behavior** * Deletes the BoC/address files created for `<pool-name>` from the pools directory; on-chain contracts remain untouched. * Useful when you migrate a pool to another host or retire a test deployment. **Example** ```mytonctrl delete_pool my-pool ``` ## Nominator pool operations (`nominator-pool` mode) [#nominator-pool-operations-nominator-pool-mode] ### `new_pool` [#new_pool] **Purpose:** Generate deployment artifacts for a standard nominator pool before broadcasting it. **Syntax** ```mytonctrl new_pool <pool-name> <validator-reward-share-percent> <max-nominators-count> <min-validator-stake-ton> <min-nominator-stake-ton> ``` **Behavior** * Creates `<pool-name>.addr` and `<pool-name>-query.boc` using the official nominator pool Fift scripts. * `<validator-reward-share-percent>` is the operator commission (e.g., `10.5` for 10.5%). * `<max-nominators-count>` is the maximum number of nominators the pool will accept. * `<min-validator-stake-ton>` and `<min-nominator-stake-ton>` define the minimum validator self-stake and delegator stake in TON (whole-ton values are expected; convert to nanoTON before use if you need fractional amounts). * Validates that no other local pool shares the same derived address. * Does not submit anything to the blockchain; run `activate_pool` afterward. **Example** ```mytonctrl new_pool mypool 12.5 100 300000 1000 ``` ### `activate_pool` [#activate_pool] **Purpose:** Deploy the nominator pool contract created via `new_pool` or `import_pool`. **Syntax** ```mytonctrl activate_pool <pool-name> ``` **Behavior** * Loads `<pool-name>-query.boc` and ensures the validator wallet is active. * If the pool account is still empty, it signs and broadcasts the deployment message; if it is already active, it logs a warning and exits without changes. * Leaves the deployment BoC in place so you can retry if the transaction fails. **Example** ```mytonctrl activate_pool mypool ``` ### `update_validator_set` [#update_validator_set] **Purpose:** Refresh the validator address list stored in the pool contract after elections or operator changes. **Syntax** ```mytonctrl update_validator_set <pool-addr> ``` **Behavior** * Uses the validator wallet to call the pool’s `update_validator_set` method. * `<pool-addr>` must be the pool’s bounceable address as reported by `pools_list` or `status`. * Typically run after activating the pool or when the validator ADNL set changes. **Example** ```mytonctrl update_validator_set EQB1e...6g ``` ### `deposit_to_pool` [#deposit_to_pool] **Purpose:** Stake Toncoin from the validator wallet into the pool contract. **Syntax** ```mytonctrl deposit_to_pool <pool-addr> <amount-ton> ``` **Behavior** * Builds a validator deposit query, signs it with the validator wallet, and sends it to `<pool-addr>`. * `<amount-ton>` is a TON-denominated float or integer. Internally, the command converts it to the correct nanoTON amount. * Useful for seeding the validator share or topping up the pool’s liquidity. **Example** ```mytonctrl deposit_to_pool EQB1e...6g 1000 ``` ### `withdraw_from_pool` [#withdraw_from_pool] **Purpose:** Withdraw Toncoin from a nominator pool back to the validator wallet. **Syntax** ```mytonctrl withdraw_from_pool <pool-addr> <amount-ton> ``` **Behavior** * Checks the pool state; if withdrawals are currently unlocked, it performs an immediate withdrawal, otherwise it submits a pending withdrawal request that will execute once the pool cycle allows it. * `<amount-ton>` is specified in TON. * Requires that the validator wallet has the authority to trigger the withdrawal. **Example** ```mytonctrl withdraw_from_pool EQB1e...6g 250 ``` ## Single nominator pool operations (`single-nominator` mode) [#single-nominator-pool-operations-single-nominator-mode] ### `new_single_pool` [#new_single_pool] **Purpose:** Prepare deployment assets for an Orbs single-nominator pool. **Syntax** ```mytonctrl new_single_pool <pool-name> <owner-address> ``` **Behavior** * Generates `<pool-name>.addr` and `<pool-name>-query.boc` using the bundled Orbs single-nominator contract templates. * `<owner-address>` is the delegator’s smart-contract or wallet address (bounceable base64 or workchain:hex format supported by TON tools). * The validator wallet address is embedded automatically as the operator. * Ensures no other local pool produces the same address. **Example** ```mytonctrl new_single_pool vip-client EQCrn...u3 ``` ### `activate_single_pool` [#activate_single_pool] **Purpose:** Broadcast the state-init produced by `new_single_pool` to deploy the contract. **Syntax** ```mytonctrl activate_single_pool <pool-name> ``` **Behavior** * Checks that `<pool-name>-query.boc` still exists (indicating the pool is not already active). * Signs the deploy message with the validator wallet and posts it to the network. * Warns and exits without changes if the BoC is missing because the pool was already activated. **Example** ```mytonctrl activate_single_pool vip-client ``` ### `withdraw_from_single_pool` [#withdraw_from_single_pool] **Purpose:** Withdraw Toncoin from a single-nominator pool back to the validator wallet or owner as configured. **Syntax** ```mytonctrl withdraw_from_single_pool <pool-addr> <amount-ton> ``` **Behavior** * Issues an immediate withdrawal request against `<pool-addr>` for `<amount-ton>` TON. * Uses `WithdrawFromPoolProcess`, which executes in the current cycle without creating a pending queue. * Primarily used to return delegated funds or distribute rewards. **Example** ```mytonctrl withdraw_from_single_pool EQCsd...9k 50 ``` ## Activation and funding prerequisites [#activation-and-funding-prerequisites] * Enable the appropriate mode (`enable_mode nominator-pool` or `enable_mode single-nominator`) before using these commands; each mode mounts its own command set. * Ensure your validator wallet is active and funded because deployment, deposits, and withdrawals all originate from it. * For new pools, review the generated `.addr` and `-query.boc` files and keep secure backups—deletion removes these local artifacts. # Utilities (/blockchain-basics/nodes/cpp/mytonctrl/utilities) ## Account inspection [#account-inspection] ### `vas` [#vas] **Purpose:** View the latest account status, code hash, and recent messages. **Syntax** ```mytonctrl vas <account-addr|bookmark> ``` **Behavior** * Resolves bookmarks automatically and fetches the account via the lite-client. * Prints a status table (address, state, balance, detected contract version), the raw code hash, and the last 10 inbound/outbound messages with relative timestamps. * Useful for verifying that deployments succeeded or funds arrived. **Example** ```mytonctrl vas EQBf...nw ``` ### `vah` [#vah] **Purpose:** Print a paginated message history for an account. **Syntax** ```mytonctrl vah <account-addr|bookmark> <limit> ``` **Behavior** * Shows the most recent `<limit>` messages, marking direction (`>>>` for outgoing, `<<<` for incoming), amount, and counterparty addresses in base64. * Handy when you need deeper history than the default `vas` preview. **Example** ```mytonctrl vah EQBf...nw 25 ``` ## Bookmark management [#bookmark-management] ### `nb` [#nb] **Purpose:** Create a bookmark for frequently used addresses. **Syntax** ```mytonctrl nb <bookmark-name> <account-addr> ``` **Behavior** * Validates that `<account-addr>` is a correct TON address and stores it under `<bookmark-name>` for future commands (e.g., `mg`, `vas`). **Example** ```mytonctrl nb treasury EQBf...nw ``` ### `bl` [#bl] **Purpose:** List all stored bookmarks. **Syntax** ```mytonctrl bl ``` **Behavior** * Prints a table with each bookmark name, address, and any cached metadata (balance or expiration date if available). ### `db` [#db] **Purpose:** Delete a bookmark by name. **Syntax** ```mytonctrl db <bookmark-name> ``` **Behavior** * Removes the bookmark from MyTonCtrl storage. Future commands must use the raw address unless you recreate the bookmark. **Example** ```mytonctrl db treasury ``` ## Governance and configuration helpers [#governance-and-configuration-helpers] ### `ol` [#ol] **Purpose:** Display open governance offers (configuration proposals). **Syntax** ```mytonctrl ol [--json] [hash] ``` **Behavior** * Without flags, prints a table showing hash (trimmed unless you pass the literal `hash` argument), config ID, votes, win/loss tally, approval percentage, and pass status. * `--json` outputs the raw offer list in JSON format. **Examples** ```mytonctrl ol ol --json ol hash ``` ### `od` [#od] **Purpose:** Diff a proposal’s configuration against the current config. **Syntax** ```mytonctrl od <offer-hash> ``` **Behavior** * Fetches the offer, runs lite-client commands to dump the proposed config, and shows a `diff` between the current value and the proposal. The `diff` utility must be available in the command shell to run this command. **Example** ```mytonctrl od xKF+2Cj4wP6w2y... ``` ### `cl` [#cl] **Purpose:** List validator complaints for the current or previous round. **Syntax** ```mytonctrl cl [past] [--json] [adnl] ``` **Behavior** * With no flags, prints complaint entries with election ID, validator ADNL (trimmed unless `adnl` is supplied), fine, vote count, approval percent, and pass status (color-coded). * `past` switches to the previous election round; `--json` dumps raw data. **Examples** ```mytonctrl cl cl past adnl cl --json ``` ## Election data [#election-data] ### `el` [#el] **Purpose:** Inspect election entries submitted by validators. **Syntax** ```mytonctrl el [past] [--json] [adnl] [pubkey] [wallet] ``` **Behavior** * The default view shows trimmed ADNL/pubkey/wallet values along with stake and max-factor. * Add `past` to see the previous round, `--json` for raw output, or the literals `adnl`, `pubkey`, `wallet` to disable trimming for those columns. **Examples** ```mytonctrl el el past adnl pubkey el --json ``` ## Validator roster [#validator-roster] ### `vl` [#vl] **Purpose:** Print the validator list with optional filters and formats. **Syntax** ```mytonctrl vl [past] [fast] [--json] [adnl] [pubkey] [wallet] [offline] ``` **Behavior** * Default view shows index, trimmed ADNL/pubkey/wallet, stake, efficiency, and online status (color-coded). * `past` loads the previous round; `fast` avoids extra lite-client calls for performance. * `--json` returns raw data. Passing `adnl`, `pubkey`, or `wallet` prevents trimming for those columns. `offline` filters to entries marked offline. **Examples** ```mytonctrl vl vl fast offline vl past --json adnl ``` ## Pool diagnostics [#pool-diagnostics] ### `get_pool_data` [#get_pool_data] **Purpose:** Retrieve detailed pool contract data by name or address. **Syntax** ```mytonctrl get_pool_data <pool-name|pool-addr> ``` **Behavior** * Accepts either a local pool alias (resolved via stored `.addr` file) or a base64 contract address. * Prints the JSON returned by `runmethodfull ... get_pool_data`, including stake, elector values, and state flags. **Example** ```mytonctrl get_pool_data mypool ``` # Validator (/blockchain-basics/nodes/cpp/mytonctrl/validator) ## Operational notes [#operational-notes] * These commands require `validator` mode to be enabled. They interact with the validator console and expect the validator wallet to be configured and funded. * Offer hashes, complaint hashes, and election identifiers come from `status`, lite-client, or governance dashboards. Use the exact strings reported there to avoid signature failures. * When managing collators, follow up with `setup_collator` (from collator mode) on the node that actually produces blocks. The validator-side registry maintained here determines which collators are accepted and how they behave during elections. ## Governance and elections [#governance-and-elections] ### `vo` [#vo] **Purpose:** Vote for one or more governance offers (configuration proposals) using the validator wallet. **Syntax** ```mytonctrl vo <offer-hash> [additional_offer_hashes...] ``` **Behavior** * Accepts one or more offer hashes exactly as reported by commands like `status` or `ol`. Hashes are typically base64 strings. * Fetches the full offer list, saves each voted offer locally for tracking, and submits signed votes through the validator wallet. * Skips unknown hashes and raises an error if the vote submission fails. **Example** ```mytonctrl vo xKF+2Cj4wP6w2y... xKF+2Cj4wP6w2y... ``` ### `ve` [#ve] **Purpose:** Cast the validator election entry for the upcoming round. **Syntax** ```mytonctrl ve ``` **Behavior** * Runs the `Elections` helper from `mytoncore`, which prepares and sends the election request using the validator wallet. * Reuses configuration stored in the local database (stake amount, elector parameters, etc.). * Prints `VoteElectionEntry - OK` when the elector accepts the query. ### `vc` [#vc] **Purpose:** Vote on a validator complaint by pairing the election round with the complaint hash. **Syntax** ```mytonctrl vc <election-id> <complaint-hash> ``` **Behavior** * `<election-id>` is the integer identifier of the round (from `status` or elector logs). * `<complaint-hash>` is usually base64 and matches the hash reported in complaint notifications. * Delegates to `VoteComplaint`, which signs and broadcasts the vote via the validator wallet. **Example** ```mytonctrl vc 345678901234567890 xFFmZ...Y ``` ## Performance diagnostics [#performance-diagnostics] ### `check_ef` [#check_ef] **Purpose:** Review validator efficiency for the previous and current validation rounds. **Syntax** ```mytonctrl check_ef ``` **Behavior** * Collects validator lists for the current and previous rounds, locates the local ADNL, and prints block production statistics. * Highlights time ranges for each round, shows created versus expected masterchain blocks, and colorizes efficiency percentages (green when ≥90%). * Warns when efficiency data is unavailable (e.g., when the validator joined as a shard-only participant or the round has just started). ## Local collator registry [#local-collator-registry] ### `add_collator` [#add_collator] **Purpose:** Add a collator entry to the validator console’s collator list and configure optional behaviors. **Syntax** ```mytonctrl add_collator <adnl-id> <workchain>:<shard_hex> [--self-collate true|false] [--select-mode random|ordered|round_robin] ``` **Behavior** * `<adnl-id>` accepts base64 or hex. Hex values are automatically converted to base64 before storing. * `<workchain>:<shard_hex>` identifies the shard (e.g., `0:2000000000000000`). Use the same format shown in the validator console output. * If the shard already exists in the collator list, the command appends the ADNL and optionally updates `self_collate` or `select_mode`. Otherwise, it creates a new shard entry using defaults (`self_collate=true`, `select_mode=random`). * Persists the updated list using `set-collators-list` so the validator console starts assigning work to the new collator. **Example** ```mytonctrl add_collator 2F3C7A...B91 0:2000000000000000 --self-collate true --select-mode ordered ``` ### `delete_collator` [#delete_collator] **Purpose:** Remove one or more collator entries from the validator console list. **Syntax** ```mytonctrl delete_collator [<workchain>:<shard_hex>] <adnl-id> ``` **Behavior** * Accepts an optional shard selector. When omitted, the ADNL is removed from every shard where it appears. * `<adnl-id>` can be base64 or hex; hex values are converted automatically. * After removal, the command cleans up empty shard sections in the stored collator list. **Examples** ```mytonctrl delete_collator 0:2000000000000000 2F3C7A...B91 delete_collator 2F3C7A...B91 ``` ### `print_collators` [#print_collators] **Purpose:** Inspect the current collator list and optional liveness information. **Syntax** ```mytonctrl print_collators [--json] ``` **Behavior** * By default, prints the human-readable output from `show-collators-list`, augmented with online/offline status when `collation-manager-stats` provides data. * With `--json`, returns the parsed collator list in JSON format, matching the structure passed to `set-collators-list`. **Examples** ```mytonctrl print_collators print_collators --json ``` ### `reset_collators` [#reset_collators] **Purpose:** Clear the entire collator list stored in the validator console. **Syntax** ```mytonctrl reset_collators ``` **Behavior** * Calls `clear-collators-list` and removes all shard/ADNL mappings. * Reports an error if the console rejects the reset; otherwise, prints `reset_collators - OK`. # Wallet (/blockchain-basics/nodes/cpp/mytonctrl/wallet) ## Operational notes [#operational-notes] * MyTonCtrl stores wallets under `/var/ton-work/wallets`. Back up `.pk` files securely before deleting or migrating wallets. * Generated wallet names follow the `wallet_###` pattern. Use `wl` to find the correct name before funding or exporting. * Bookmark support depends on entries configured via other modules (for example, utility commands that register shortcuts). * Transfers rely on the validator console and may require the wallet to be active with sufficient rent balance (>0.1 TON). ## Wallet lifecycle [#wallet-lifecycle] ### `nw` [#nw] **Purpose:** Create a new local wallet definition and show its deployment address. **Syntax** ```mytonctrl nw [<workchain-id> <wallet-name> [<version> <subwallet>]] ``` **Behavior** * With no arguments, autogenerates a name (`wallet_XXX`), uses workchain `0`, selects version `v1`, and derives subwallet `698983191 + workchain`. * When arguments are provided, you must supply the workchain and name; optional `version` (`v1`, `v2`, `v3`) and `subwallet` override defaults. * Writes `.addr`/`.pk` files under the wallets directory and prints a table with the new wallet address (state-init form). **Examples** ```mytonctrl nw nw 0 treasury v3 1001 ``` ### `aw` [#aw] **Purpose:** Deploy one wallet or all wallets that have unsigned deployment BoCs. **Syntax** ```mytonctrl aw [<wallet-name>|all] ``` **Behavior** * Without arguments, treats the request as `all` and scans every wallet for pending deployment BoCs, sending them if the target address still has a positive balance. * With a wallet name, activates that specific wallet using the stored deployment message. **Examples** ```mytonctrl aw aw wallet_005 ``` ### `wl` [#wl] **Purpose:** List every wallet known to MyTonCtrl along with its on-chain status. **Syntax** ```mytonctrl wl ``` **Behavior** * Prints Name, Status, Balance, Version, Workchain, and Address (current or init address if inactive). * Useful for auditing balances before elections or sweeping idle funds. ### `dw` [#dw] **Purpose:** Delete a wallet’s local files after operator confirmation. **Syntax** ```mytonctrl dw <wallet-name> ``` **Behavior** * Prompts `Are you sure you want to delete this wallet (yes/no):` and only proceeds on `yes`. * Removes the `.addr`, `.pk`, and cached query files for `<wallet-name>` but does not touch on-chain accounts. **Example** ```mytonctrl dw treasury ``` ## Importing, exporting, and metadata [#importing-exporting-and-metadata] ### `iw` [#iw] **Purpose:** Import an existing wallet by address and secret key. **Syntax** ```mytonctrl iw <wallet-addr> <wallet-secret-key-base64> ``` **Behavior** * Writes the provided address bytes and base64-encoded private key into a new local wallet (name auto-generated). * Prints the assigned wallet name for subsequent commands. **Example** ```mytonctrl iw EQDk...cQ KJ4Q... ``` ### `ew` [#ew] **Purpose:** Export a wallet’s address and secret key. **Syntax** ```mytonctrl ew <wallet-name> ``` **Behavior** * Reads the `.pk` file, base64-encodes it, and prints the address/key pair along with the wallet name. * Useful for backups or migration to hardware wallets. **Example** ```mytonctrl ew treasury ``` ### `swv` [#swv] **Purpose:** Update the recorded wallet version (v1/v2/v3) for an imported wallet. **Syntax** ```mytonctrl swv <wallet-addr> <wallet-version> ``` **Behavior** * Updates metadata so MyTonCtrl selects the correct Fift script when sending transactions. * Supply the wallet address exactly as stored (base64 or workchain:hex) and the version string. **Example** ```mytonctrl swv EQC0...FQ v3 ``` ## Fund transfers [#fund-transfers] ### `mg` [#mg] **Purpose:** Send Toncoin from a local wallet to a destination address or bookmark. **Syntax** ```mytonctrl mg <wallet-name> <account-addr|bookmark> <amount> [additional-flags...] ``` **Behavior** * `<amount>` accepts numeric TON values or the shortcuts `all` (sends balance minus fees) and `alld` (sends entire balance, including fees). * Automatically checks the source balance, destination bounceability, and wallet version. Add `-n` to force non-bounceable mode or other validator-console flags as needed. * Submits the signed transfer via the validator console; prints `MoveCoins - OK` on success. **Examples** ```mytonctrl mg treasury EQDv...Qw 1500 mg treasury bookmark_main all -n ``` ### `mgtp` [#mgtp] **Purpose:** Relay a payment through two temporary proxy wallets before reaching the destination. **Syntax** ```mytonctrl mgtp <wallet-name> <account-addr|bookmark> <amount> ``` **Behavior** * Creates two temporary wallets, hops the transfer through them (`wallet -> proxy1 -> proxy2 -> destination`), and cleans up afterward. * Ensures the final leg includes `-n` (non-bounceable) to safely reach inactive recipients. * Handy when the destination cannot accept a direct bounceable transfer. **Example** ```mytonctrl mgtp treasury EQC6...rA alld ``` # Avatar (/ecosystem/tma/telegram-ui/reference/avatar) <Stub /> Renders an image with specific styles for an avatar presentation, including optional acronym display and badge support. Utilizes the Image component for core functionality, enhancing it with avatar-specific features like acronyms and badges. * [External avatar documentation](https://tgui.xelene.me/?path=/docs/blocks-avatar--documentation) # applications/api/toncenter/v2/accounts/get-address-balance (/applications/api/toncenter/v2/accounts/get-address-balance) # applications/api/toncenter/v2/accounts/get-address-information (/applications/api/toncenter/v2/accounts/get-address-information) # applications/api/toncenter/v2/accounts/get-address-state (/applications/api/toncenter/v2/accounts/get-address-state) # applications/api/toncenter/v2/accounts/get-extended-address-information (/applications/api/toncenter/v2/accounts/get-extended-address-information) # applications/api/toncenter/v2/accounts/get-token-data (/applications/api/toncenter/v2/accounts/get-token-data) # applications/api/toncenter/v2/accounts/get-wallet-information (/applications/api/toncenter/v2/accounts/get-wallet-information) # applications/api/toncenter/v2/blocks/get-block-header (/applications/api/toncenter/v2/blocks/get-block-header) # applications/api/toncenter/v2/blocks/get-consensus-block (/applications/api/toncenter/v2/blocks/get-consensus-block) # applications/api/toncenter/v2/blocks/get-masterchain-block-signatures (/applications/api/toncenter/v2/blocks/get-masterchain-block-signatures) # applications/api/toncenter/v2/blocks/get-masterchain-info (/applications/api/toncenter/v2/blocks/get-masterchain-info) # applications/api/toncenter/v2/blocks/get-outbound-message-queue-size (/applications/api/toncenter/v2/blocks/get-outbound-message-queue-size) # applications/api/toncenter/v2/blocks/get-shard-block-proof (/applications/api/toncenter/v2/blocks/get-shard-block-proof) # applications/api/toncenter/v2/blocks/get-shards (/applications/api/toncenter/v2/blocks/get-shards) # applications/api/toncenter/v2/blocks/lookup-block (/applications/api/toncenter/v2/blocks/lookup-block) # applications/api/toncenter/v2/configuration/get-all-config-parameters (/applications/api/toncenter/v2/configuration/get-all-config-parameters) # applications/api/toncenter/v2/configuration/get-config-parameter (/applications/api/toncenter/v2/configuration/get-config-parameter) # applications/api/toncenter/v2/configuration/get-libraries (/applications/api/toncenter/v2/configuration/get-libraries) # applications/api/toncenter/v2/rpc/json-rpc-endpoint (/applications/api/toncenter/v2/rpc/json-rpc-endpoint) # applications/api/toncenter/v2/run-method/run-get-method-standard (/applications/api/toncenter/v2/run-method/run-get-method-standard) # applications/api/toncenter/v2/run-method/run-get-method (/applications/api/toncenter/v2/run-method/run-get-method) # applications/api/toncenter/v2/send/estimate-fee (/applications/api/toncenter/v2/send/estimate-fee) # applications/api/toncenter/v2/send/send-boc-return-hash (/applications/api/toncenter/v2/send/send-boc-return-hash) # applications/api/toncenter/v2/send/send-boc (/applications/api/toncenter/v2/send/send-boc) # applications/api/toncenter/v2/utils/detect-address (/applications/api/toncenter/v2/utils/detect-address) # applications/api/toncenter/v2/utils/detect-hash (/applications/api/toncenter/v2/utils/detect-hash) # applications/api/toncenter/v2/utils/pack-address (/applications/api/toncenter/v2/utils/pack-address) # applications/api/toncenter/v2/utils/unpack-address (/applications/api/toncenter/v2/utils/unpack-address) # applications/api/toncenter/v2/transactions/get-block-transactions-extended (/applications/api/toncenter/v2/transactions/get-block-transactions-extended) # applications/api/toncenter/v2/transactions/get-block-transactions (/applications/api/toncenter/v2/transactions/get-block-transactions) # applications/api/toncenter/v2/transactions/get-transactions-standard (/applications/api/toncenter/v2/transactions/get-transactions-standard) # applications/api/toncenter/v2/transactions/get-transactions (/applications/api/toncenter/v2/transactions/get-transactions) # applications/api/toncenter/v2/transactions/try-locate-result-transaction (/applications/api/toncenter/v2/transactions/try-locate-result-transaction) # applications/api/toncenter/v2/transactions/try-locate-source-transaction (/applications/api/toncenter/v2/transactions/try-locate-source-transaction) # applications/api/toncenter/v2/transactions/try-locate-transaction (/applications/api/toncenter/v2/transactions/try-locate-transaction) # applications/api/toncenter/v3/actions-and-traces/get-actions (/applications/api/toncenter/v3/actions-and-traces/get-actions) # applications/api/toncenter/v3/actions-and-traces/get-pending-actions (/applications/api/toncenter/v3/actions-and-traces/get-pending-actions) # applications/api/toncenter/v3/actions-and-traces/get-pending-traces (/applications/api/toncenter/v3/actions-and-traces/get-pending-traces) # applications/api/toncenter/v3/actions-and-traces/get-traces (/applications/api/toncenter/v3/actions-and-traces/get-traces) # applications/api/toncenter/v3/accounts/address-book (/applications/api/toncenter/v3/accounts/address-book) # applications/api/toncenter/v3/accounts/get-account-states (/applications/api/toncenter/v3/accounts/get-account-states) # applications/api/toncenter/v3/accounts/get-wallet-states (/applications/api/toncenter/v3/accounts/get-wallet-states) # applications/api/toncenter/v3/accounts/metadata (/applications/api/toncenter/v3/accounts/metadata) # applications/api/toncenter/v3/apiv2/estimate-fee (/applications/api/toncenter/v3/apiv2/estimate-fee) # applications/api/toncenter/v3/apiv2/get-address-information (/applications/api/toncenter/v3/apiv2/get-address-information) # applications/api/toncenter/v3/apiv2/get-wallet-information (/applications/api/toncenter/v3/apiv2/get-wallet-information) # applications/api/toncenter/v3/apiv2/run-get-method (/applications/api/toncenter/v3/apiv2/run-get-method) # applications/api/toncenter/v3/apiv2/send-message (/applications/api/toncenter/v3/apiv2/send-message) # applications/api/toncenter/v3/blockchain-data/get-adjacent-transactions (/applications/api/toncenter/v3/blockchain-data/get-adjacent-transactions) # applications/api/toncenter/v3/blockchain-data/get-blocks (/applications/api/toncenter/v3/blockchain-data/get-blocks) # applications/api/toncenter/v3/blockchain-data/get-masterchain-block-shard-state-1 (/applications/api/toncenter/v3/blockchain-data/get-masterchain-block-shard-state-1) # applications/api/toncenter/v3/blockchain-data/get-masterchain-block-shard-state (/applications/api/toncenter/v3/blockchain-data/get-masterchain-block-shard-state) # applications/api/toncenter/v3/blockchain-data/get-masterchain-info (/applications/api/toncenter/v3/blockchain-data/get-masterchain-info) # applications/api/toncenter/v3/blockchain-data/get-messages (/applications/api/toncenter/v3/blockchain-data/get-messages) # applications/api/toncenter/v3/blockchain-data/get-pending-transactions (/applications/api/toncenter/v3/blockchain-data/get-pending-transactions) # applications/api/toncenter/v3/blockchain-data/get-transactions-by-masterchain-block (/applications/api/toncenter/v3/blockchain-data/get-transactions-by-masterchain-block) # applications/api/toncenter/v3/blockchain-data/get-transactions-by-message (/applications/api/toncenter/v3/blockchain-data/get-transactions-by-message) # applications/api/toncenter/v3/blockchain-data/get-transactions (/applications/api/toncenter/v3/blockchain-data/get-transactions) # applications/api/toncenter/v3/dns/get-dns-records (/applications/api/toncenter/v3/dns/get-dns-records) # applications/api/toncenter/v3/jettons/get-jetton-burns (/applications/api/toncenter/v3/jettons/get-jetton-burns) # applications/api/toncenter/v3/jettons/get-jetton-masters (/applications/api/toncenter/v3/jettons/get-jetton-masters) # applications/api/toncenter/v3/jettons/get-jetton-transfers (/applications/api/toncenter/v3/jettons/get-jetton-transfers) # applications/api/toncenter/v3/jettons/get-jetton-wallets (/applications/api/toncenter/v3/jettons/get-jetton-wallets) # applications/api/toncenter/v3/multisig/get-multisig-orders (/applications/api/toncenter/v3/multisig/get-multisig-orders) # applications/api/toncenter/v3/multisig/get-multisig-wallets (/applications/api/toncenter/v3/multisig/get-multisig-wallets) # applications/api/toncenter/v3/nfts/get-nft-collections (/applications/api/toncenter/v3/nfts/get-nft-collections) # applications/api/toncenter/v3/nfts/get-nft-items (/applications/api/toncenter/v3/nfts/get-nft-items) # applications/api/toncenter/v3/nfts/get-nft-transfers (/applications/api/toncenter/v3/nfts/get-nft-transfers) # applications/api/toncenter/v3/utils/decode-opcodes-and-bodies-1 (/applications/api/toncenter/v3/utils/decode-opcodes-and-bodies-1) # applications/api/toncenter/v3/utils/decode-opcodes-and-bodies (/applications/api/toncenter/v3/utils/decode-opcodes-and-bodies) # applications/api/toncenter/v3/vesting/get-vesting-contracts (/applications/api/toncenter/v3/vesting/get-vesting-contracts) # applications/api/toncenter/v3/stats/get-top-accounts-by-balance (/applications/api/toncenter/v3/stats/get-top-accounts-by-balance) # How to deploy mintless jetton (/blockchain-basics/standard/tokens/jettons/mintless/deploy) ## Introduction [#introduction] Mintless jettons represent a revolutionary approach to token distribution on the TON blockchain. This guide provides a comprehensive walkthrough for deploying mintless jettons, from initial setup to production deployment and ongoing maintenance. <Aside> Before deploying a mintless jetton, ensure you understand the [basic concepts](/blockchain-basics/standard/tokens/jettons/mintless/overview) and have experience with standard jetton deployment. </Aside> **Prerequisites** Before starting the deployment process, ensure you have: * A TON wallet with sufficient funds for deployment * Understanding of Merkle trees and cryptographic proofs * Access to hosting infrastructure for off-chain data * List of airdrop recipients with their allocated amounts * Development environment set up for TON smart contracts ## Step-by-Step Deployment Guide [#step-by-step-deployment-guide] Deploying a mintless jetton involves several critical steps: ### 1. Prepare the Merkle Tree [#1-prepare-the-merkle-tree] The foundation of any mintless jetton is a properly constructed Merkle tree containing all airdrop data. #### Data Collection [#data-collection] * **Compile recipient list**: Gather all wallet addresses eligible for the airdrop * **Determine allocations**: Assign token amounts to each recipient based on your distribution criteria * **Set time constraints**: Define `start_from` and `expired_at` timestamps for claim availability #### Tree Generation Process [#tree-generation-process] ``` AirdropItem Structure: - amount: Coins (allocated tokens) - start_from: uint48 (Unix timestamp for claim start) - expired_at: uint48 (Unix timestamp for claim expiry) ``` * Generate a Merkle tree with all airdrop recipients and their respective amounts * Each leaf contains an `AirdropItem` with amount, start time, and expiry * Compute the root `merkle_hash` that will be stored on-chain #### Best Practices [#best-practices] * **Validate addresses**: Ensure all recipient addresses are valid TON addresses * **Check allocations**: Verify total allocation doesn't exceed intended supply * **Test tree generation**: Use small datasets first to validate your tree construction process ### 2. Deploy the Jetton Master Contract [#2-deploy-the-jetton-master-contract] The jetton master contract must be extended to support mintless functionality. #### Contract Requirements [#contract-requirements] * Include the `merkle_hash` in the contract's storage * Implement the `get_mintless_airdrop_hashmap_root` get-method * Ensure compatibility with [TEP-177](https://github.com/ton-blockchain/TEPs/pull/177) standard * Use the [mintless jetton standard implementation](https://github.com/ton-community/mintless-jetton) as a reference #### Storage Extensions [#storage-extensions] ``` Standard jetton storage + { merkle_hash: uint256 // Root hash of the Merkle tree } ``` #### Deployment Checklist [#deployment-checklist] * [ ] Contract includes merkle\_hash in storage * [ ] All standard jetton methods are implemented * [ ] Mintless-specific get-methods are available * [ ] Contract has been thoroughly tested * [ ] Deployment transaction has sufficient gas ### 3. Set Up Off-Chain Infrastructure [#3-set-up-off-chain-infrastructure] Mintless jettons require robust off-chain infrastructure to serve Merkle proofs and tree data. #### Merkle Tree Hosting [#merkle-tree-hosting] * **Storage options**: TON Storage, IPFS, AWS S3, or other reliable hosting * **File format**: Store complete tree as BoC (Bag of Cells) file * **Accessibility**: Ensure high availability and fast access times * **Redundancy**: Consider multiple hosting locations for reliability #### Custom Payload API Implementation [#custom-payload-api-implementation] Implement an API endpoint that provides: * Individual Merkle proofs for specific addresses * Initialization data for Jetton wallet deployment * Verification of claim eligibility **API Endpoints:** ``` GET /api/v1/proof/{address} Response: { "proof": "base64_encoded_merkle_proof", "init_data": "base64_encoded_init_data", "amount": "1000000000", "start_from": 1699123200, "expired_at": 1699209600 } ``` #### Performance Considerations [#performance-considerations] * **Caching**: Implement aggressive caching for frequently requested proofs * **Load balancing**: Use CDN or load balancers for high-traffic scenarios * **Rate limiting**: Protect against abuse while ensuring legitimate access ### 4. Configure Metadata [#4-configure-metadata] Update your jetton's metadata to include mintless-specific fields. #### Required Metadata Fields [#required-metadata-fields] According to the [metadata standard](https://github.com/ton-blockchain/TEPs/blob/master/text/0064-token-data-standard.md): ```json { "name": "Your Mintless Token", "symbol": "YMT", "decimals": "9", "description": "Description of your token", "image": "https://example.com/token-logo.png", "mintless_merkle_dump_uri": "https://example.com/merkle-tree.boc", "custom_payload_api_uri": "https://example.com/api/v1/" } ``` #### Key Considerations [#key-considerations] * **mintless\_merkle\_dump\_uri**: Direct link to the complete Merkle tree data * **custom\_payload\_api\_uri**: Base URL for the custom payload API * **Hosting reliability**: Ensure these URIs remain accessible long-term * **HTTPS requirement**: Use secure connections for all external resources ## Development Tools and Utilities [#development-tools-and-utilities] Several specialized tools can assist with mintless jetton development and auditing. ### mintless-proof-generator (TON Core) [#mintless-proof-generator-ton-core] Official utility from the TON blockchain core team for Merkle proof generation and verification. #### Installation [#installation] 1. **Clone and build**: ```bash git clone https://github.com/ton-blockchain/ton cd ton git checkout testnet mkdir build && cd build cmake ../ make mintless-proof-generator ``` The compiled utility is located at `build/crypto/mintless-proof-generator`. #### Usage [#usage] **Parse and verify Merkle tree:** ```bash build/crypto/mintless-proof-generator parse <input-boc> <output-file> ``` This command: * Prints the mintless Merkle dump cell hash * Stores the airdrop list in `<output-file>` * Format: `<address> <amount> <start_from> <expired_at>` (one per line) **Generate all Merkle proofs:** ```bash build/crypto/mintless-proof-generator make_all_proofs <input-boc> <output-file> ``` Use this for creating the complete proof set needed for `custom_payload_api_uri`. ### mintless-toolbox (Tonkeeper) [#mintless-toolbox-tonkeeper] Community-developed utility from the Tonkeeper team with additional features. #### Installation [#installation-1] ```bash git clone https://github.com/tonkeeper/mintless-toolbox.git cd mintless-toolbox make ``` #### Usage [#usage-1] **Dump airdrop data:** ```bash ./bin/mintless-cli dump <airdrop-filename> ``` This utility: * Reads airdrop files in various formats * Outputs data in CSV format: `address,amount,start_from,expired_at` * Provides additional validation and formatting options # Mintless jetton (/blockchain-basics/standard/tokens/jettons/mintless/overview) ## Introduction [#introduction] <Aside> To understand this document, you should be familiar with the other basic Jetton standards. </Aside> TON has introduced [Mintless Jettons](https://github.com/ton-community/mintless-jetton?tab=readme-ov-file), an innovative extension of the Jetton standard. Mintless extension adopts [Merkle proofs](/blockchain-basics/primitives/proofs/overview), using them to make airdrops without requiring traditional minting processes. In this article, we will explore how mintless jettons work and how to use them. ## Overview [#overview] Mintless jettons are an extension ([TEP-177](https://github.com/ton-blockchain/TEPs/pull/177) and [TEP-176](https://github.com/ton-blockchain/TEPs/pull/176)) of the standard Jetton implementation ([TEP-74](https://github.com/ton-blockchain/TEPs/blob/master/text/0074-jettons-standard.md)) on TON Blockchain. This implementation enables large-scale, decentralized airdrops to millions of users while minimizing costs and blockchain load. Note that to use a mintless jetton to its full extent, you will need to establish an off-chain architecture. ### Basic features [#basic-features] * **Scalability**: Traditional minting processes can be resource-intensive and costly when distributing tokens to a vast number of users. * **Efficiency**: By utilizing Merkle trees, mintless jettons store a single hash representing all airdropped amounts, reducing storage requirements. * **User-friendly airdrops**: No separate pre-claim: wallets attach a Merkle proof on first transfer, so users don't perform a manual claim action. Because mintless jettons extend the standard jettons, you can interact with them the same way as standard jettons — no additional steps required. ## How it works [#how-it-works] Mintless jettons leverage [Merkle trees](/blockchain-basics/primitives/proofs/overview) and cryptographic proofs to enable efficient, decentralized airdrops without traditional minting. Here's a detailed breakdown of the technical implementation: ### Merkle Tree foundation [#merkle-tree-foundation] The core innovation lies in representing all airdrop data as a single Merkle tree, where: * **Leaf nodes** contain airdrop information for individual addresses * **Internal nodes** store cryptographic hashes of their children * **Root hash** represents the entire airdrop dataset with a single 256-bit value This approach reduces storage from O(n) per recipient to O(1) for the entire airdrop. ### Data structures [#data-structures] Airdrop HashMap represents how we store individual users' airdrop information. ```tlb _ amount:Coins start_from:uint48 expired_at:uint48 = AirdropItem; _ _(HashMap 267 AirdropItem) = Airdrop; ``` Each airdrop entry contains: * `amount`: Number of tokens allocated to the recipient * `start_from`: Unix timestamp when claiming becomes available * `expired_at`: Unix timestamp when claiming expires The complete airdrop is stored as a HashMap where the key is a 267-bit internal TON account address and the value is an AirdropItem structure. For the Jetton Master contract, standard storage is extended with `merkle_hash`: 256-bit root hash of the Merkle tree containing all airdrop data. The standard wallet storage is extended with: * `merkle_hash`: Copy of the master's Merkle hash for validation * `already_claimed`: Boolean flag indicating whether the airdrop has been claimed ### Claiming mechanism [#claiming-mechanism] ```tlb merkle_airdrop_claim#0df602d6 proof:^Cell = CustomPayload; ``` The claiming process uses the `custom_payload` field in standard jetton transfers with: * `0x0df602d6`: Operation identifier for Merkle airdrop claims * `proof`: MerkleProof exotic cell containing the cryptographic proof ```tlb transfer#0f8a7ea5 query_id:uint64 amount:(VarUInteger 16) destination:MsgAddress response_destination:MsgAddress custom_payload:(Maybe ^Cell) forward_ton_amount:(VarUInteger 16) forward_payload:(Either Cell ^Cell) = InternalMsgBody; ``` The standard transfer message is enhanced by including the claim proof in `custom_payload`. ### Cryptographic proof validation [#cryptographic-proof-validation] When a jetton wallet receives a transfer with a claim payload, it performs these validation steps: 1. Merkle proof verification * Extracts the MerkleProof exotic cell from `custom_payload` * Verifies the proof's cryptographic integrity against the stored `merkle_hash` * Ensures the proof path leads to a valid `AirdropItem` for the sender's address 2. Timestamp validation * Checks that `now() >= start_from` (claiming period has begun) * Verifies that `now() <= expired_at` (claiming period hasn't expired) 3. Claim status check * Ensures `already_claimed == false` (prevents double-claiming) 4. Amount Validation * Extracts the airdrop amount from the validated AirdropItem * Credits this amount to the wallet's balance ### State transitions [#state-transitions] Before claim: ``` JettonWallet { balance: 0, already_claimed: false, merkle_hash: <root_hash> } ``` After successful claim: ``` JettonWallet { balance: <airdrop_amount>, already_claimed: true, merkle_hash: <root_hash> } ``` ### Off-chain infrastructure [#off-chain-infrastructure] #### Merkle Tree generation [#merkle-tree-generation] 1. **Data collection**: Gather all recipient addresses and their allocated amounts 2. **Tree construction**: Build a binary Merkle tree with AirdropItem structures as leaves 3. **Hash computation**: Calculate SHA-256 hashes recursively up to the root 4. **Proof generation**: Create individual Merkle proofs for each recipient #### Proof serving [#proof-serving] * **Static storage**: Host the complete Merkle tree data at `mintless_merkle_dump_uri` * **Dynamic API**: Implement `custom_payload_api_uri` to serve individual proofs on demand * **Caching**: Optimize proof retrieval with appropriate caching strategies ## Supporting mintless jettons in wallet applications [#supporting-mintless-jettons-in-wallet-applications] Wallet applications play a key role in improving the user experience with mintless jettons: * **Display unclaimed jettons**: Wallets should show users the jettons they are eligible to claim based on the Merkle tree data. * **Automated claim process**: When users initiate an outgoing transfer, wallets should automatically include the necessary Merkle proof in the transfer message's custom payload. Wallets can achieve this by: Integrating with the off-chain API specified in the [custom payload API](https://github.com/ton-blockchain/TEPs/blob/master/text/0064-token-data-standard.md#jetton-metadata-example-offchain): * Check if the jetton is mintless. * Verify whether the wallet owner has claimed it. * If unclaimed, retrieve data from the custom payload API and add the off-chain balance to the on-chain one. * If the user hasn’t claimed the airdrop, retrieve the custom payload and initialization data from the Custom Payload API and include it in the `transfer` message to the Jetton wallet. Using a custom API: * Download the airdrop tree from `mintless_merkle_dump_uri` in the jetton metadata. * Parse the data as explained in [Merkle tree generation](#merkle-tree-generation). * Make the parsed result available via API. <Aside> Wallets are not required to support mintless claims, including indexing airdrop trees. Wallet applications may charge the jetton issuer for this service. </Aside> ## Supporting mintless jettons in dApps [#supporting-mintless-jettons-in-dapps] Because wallet applications handle claims automatically, dApps like DEXes or lending platforms don’t need special logic for mintless jettons. DApps can use APIs, such as TonAPI or [TON Center](/applications/api/toncenter/introduction), to display unclaimed balances. To improve the user experience, DApps can check if the user's wallet application supports a specific mintless jetton. If unsupported, retrieve the airdrop proof and initialization data from the Jetton API and include it in the transfer message. ## See also [#see-also] * [Understanding mintless jettons: a comprehensive guide](https://gist.github.com/EmelyanenkoK/bfe633bdf8e22ca92a5138e59134988f) - the original post. * [Mintless jetton standard implementation](https://github.com/ton-community/mintless-jetton) * [Jetton offchain payloads TEP](https://github.com/ton-blockchain/TEPs/blob/master/text/0064-token-data-standard.md#jetton-metadata-example-offchain) * [Jetton metadata standard](https://github.com/ton-blockchain/TEPs/blob/master/text/0064-token-data-standard.md) # Highload wallet v2: Specification (/blockchain-basics/standard/wallets/highload/v2/specification) <Aside type="danger"> **Deprecated:** Highload Wallet v2 is a legacy contract. Use [Highload Wallet v3](/blockchain-basics/standard/wallets/highload/v3/specification) for new deployments. This specification is maintained for reference to support existing legacy systems. </Aside> This page provides a complete technical specification for Highload Wallet v2, covering storage structure, message formats, replay protection, and limitations. ## What is Highload Wallet v2? [#what-is-highload-wallet-v2] Highload Wallet v2 is a specialized wallet contract designed for services that need to send many transactions in a short time. It uses dictionary-based replay protection to enable parallel transaction submission. **Key difference from standard wallets:**\ Unlike seqno-based wallets that require sequential transaction processing, Highload v2 stores processed request identifiers in a dictionary, enabling parallel submissions. **Replaced by:** [Highload Wallet v3](/blockchain-basics/standard/wallets/highload/v3/specification) ## TL-B schema [#tl-b-schema] [TL-B (Type Language - Binary)](/blockchain-basics/languages/tl-b/overview) is a domain-specific language designed to describe data structures in TON. The schemas below define the binary layout of the contract's storage and external messages. ### Storage structure [#storage-structure] ```tlb storage$_ subwallet_id:uint32 last_cleaned:uint64 public_key:bits256 queries:(HashmapE 64 Cell) = Storage; ``` ### Query ID structure [#query-id-structure] ```tlb _ query_id:uint64 = QueryId; ``` ### External message structure [#external-message-structure] ```tlb _ mode:uint8 message:^Cell = OutListNode; msg_body$_ signature:bits512 subwallet_id:uint32 query_id:uint64 messages:(HashmapE 16 Cell) = ExternalInMsgBody; ``` ## Storage structure [#storage-structure-1] The Highload Wallet v2 contract stores four persistent fields (in this order): ### `subwallet_id` (32 bits) [#subwallet_id-32-bits] **Purpose:**\ Allows a single keypair to control multiple wallets with different addresses. **How it works:**\ The `subwallet_id` is part of the contract's initial state. Changing it produces a different contract address. Each external message must include the correct `subwallet_id`; mismatches result in transaction failure. *** ### `last_cleaned` (64 bits) [#last_cleaned-64-bits] **Purpose:**\ Timestamp (in query\_id format) of the oldest query that was kept during the last cleanup. **How it works:**\ During each transaction, the contract removes queries older than **64 seconds** from the `queries` dictionary. The `last_cleaned` field tracks the last query ID that was removed. **Cleanup logic:** ```func bound -= (64 << 32); // Clean up records expired more than 64 seconds ago ``` Queries with `query_id < (now() - 64) << 32` are removed from storage. <Aside type="caution"> **Gas costs:** Cleanup operations consume gas proportional to the number of expired queries. With many expired queries, cleanup can exceed the 1,000,000 gas limit, causing the transaction to fail. </Aside> *** ### `public_key` (256 bits) [#public_key-256-bits] **Purpose:**\ The Ed25519 public key is used to verify signatures on incoming external messages. **How it works:**\ When the wallet receives an external message, it verifies that the 512-bit signature was created by the holder of the private key corresponding to this public key. *** ### `queries` (HashmapE 64 Cell) [#queries-hashmape-64-cell] **Purpose:**\ Stores processed `query_id` values for replay protection. **Structure:** * **Key:** 64-bit `query_id` * **Value:** Cell containing metadata (typically the timestamp when processed) **How it works:**\ Before processing a message, the contract checks if `query_id` exists in `queries`. If found, the message is rejected (replay attack). If not found, the `query_id` is added to `queries`, and the message is processed. <Aside type="caution"> **Storage limit:** The `queries` dictionary cannot exceed 65,535 cells. If this limit is reached, the contract will fail during the action phase. </Aside> ## External message structure [#external-message-structure-1] ### Message layout [#message-layout] ```text signature:bits512 subwallet_id:uint32 query_id:uint64 messages:(HashmapE 16 Cell) ``` **Key point:**\ Unlike v3, in v2 the signature is in the **same cell** as the message body, not in a separate reference cell. ### `signature` (512 bits) [#signature-512-bits] **Type:**\ Ed25519 signature (512 bits). **What is signed:**\ The hash of the remaining slice after the signature, containing `subwallet_id`, `query_id`, and `messages`. **From source code:** ```func throw_unless(35, check_signature(slice_hash(in_msg), signature, public_key)); ``` The contract uses `slice_hash()` on the message body after loading the signature. *** ### `subwallet_id` (32 bits) [#subwallet_id-32-bits-1] **Purpose:**\ Identifies which subwallet this message targets. **Validation:**\ Must match the `subwallet_id` stored in contract storage. *** ### `query_id` (64 bits) [#query_id-64-bits] **Purpose:**\ Unique identifier for replay protection and timestamp validation. **Structure:**\ The 64-bit value is internally interpreted as a timestamped identifier: * High 32 bits: Unix timestamp (seconds) * Low 32 bits: counter within that second **Validation:**\ The contract checks `query_id >= now() << 32`, ensuring the query ID is not from the past (based on the current time shifted left by 32 bits). **Total unique IDs:**\ Approximately **32,000** unique query IDs (limited by the cleanup mechanism and the bitmap structure). *** ### `messages` (HashmapE 16) [#messages-hashmape-16] **Purpose:**\ Dictionary of messages to send in this transaction. **Structure:** * **Key:** `uint16` (message index, 0 to 65,535) * **Value:** `mode:uint8` + `^Cell` (reference to internal message) **How it works:**\ The contract iterates through the dictionary and sends each message with its corresponding [send mode](/blockchain-basics/primitives/messages/modes): ```func int i = -1; do { (i, var cs, var f) = dict.idict_get_next?(16, i); if (f) { var mode = cs~load_uint(8); send_raw_message(cs~load_ref(), mode); } } until (~ f); ``` **Max batch size:**\ Up to **255 messages** (limited by action list size, not dictionary structure). *** ## Replay protection mechanism [#replay-protection-mechanism] ### Validation sequence [#validation-sequence] 1. **Check query\_id timestamp:** `query_id >= now() << 32` (exit code `35` if too old) 2. **Check replay:** `query_id` must not be in `queries` (exit code `32` if already processed) 3. **Check subwallet:** `subwallet_id == stored_subwallet` (exit code `34` if mismatch) 4. **Verify signature:** Ed25519 signature verification (exit code `35` if invalid) 5. **Mark as processed:** Add `query_id` to `queries` 6. **Send messages:** Iterate through the message dictionary and send each message 7. **Cleanup:** Remove queries older than 64 seconds <Aside type="caution"> **Rollback issue:** Highload Wallet v2 does not use `commit()` to persist storage changes. If the compute phase fails after `accept_message()` (e.g., gas limit exceeded during cleanup) or if the action phase fails, **all changes roll back**, including replay protection. The `query_id` is not marked as processed, and lite-servers will retry the same message, burning gas repeatedly. Highload Wallet v3 solves this with `commit()` and a two-transaction pattern. See [Why internal messages to self?](/blockchain-basics/standard/wallets/highload/v3/specification#why-internal-messages-to-self) for details. </Aside> *** ## Exit codes [#exit-codes] | Exit code | Name | Description | How to fix | | --------- | ------------------------------ | --------------------------------------------------------------- | --------------------------------------------------------------- | | `0` | Success | Message processed successfully | — | | `32` | Query already executed | The `query_id` was already processed (found in `queries`) | Use a new, unique `query_id` | | `34` | Subwallet ID mismatch | The `subwallet_id` in the message does not match storage | Verify you are using the correct `subwallet_id` for this wallet | | `35` | Invalid signature or query\_id | Ed25519 signature verification failed, or `query_id` is too old | Check the private key and ensure `query_id >= now() << 32` | *** ## Limitations and constraints [#limitations-and-constraints] ### Storage size limit [#storage-size-limit] **Limit:**\ The `queries` dictionary cannot exceed **65,535 cells**. **What happens if exceeded:**\ An exception is thrown during the action phase, and the transaction fails. The failed transaction may be replayed, potentially locking funds. ### Gas limit for cleanup [#gas-limit-for-cleanup] **Limit:**\ Transaction gas limit is **1,000,000 gas**. **What happens if exceeded:**\ Cleanup operations that exceed this limit will fail, preventing the contract from processing new transactions. **Recommended limits:** * Queries within expiration window: ≤ 1,000 * Queries cleaned per transaction: ≤ 100 ### Query ID expiration [#query-id-expiration] **Expiration time:**\ Queries older than **64 seconds** are removed from storage during cleanup. **Effective limit:**\ With the 64-second expiration window and recommended limit of ≤1,000 queries per window, the effective query ID space is approximately **32,000** unique IDs before cleanup is required. *** ## Get methods [#get-methods] | Method | Returns | Description | | ---------------------- | ---------------- | ----------------------------------------------------------------------------------------- | | `processed?(query_id)` | `int` | Returns `-1` if processed, `0` if not processed, `1` if unknown (forgotten after cleanup) | | `get_public_key()` | `int` (256 bits) | Returns the Ed25519 public key | ### `processed?` method details [#processed-method-details] **Returns:** * `-1` (true) — the `query_id` was processed and is still stored in `queries` * `0` (false) — the `query_id` has not been processed yet * `1` (unknown) — the `query_id` is older than `last_cleaned` and was forgotten during cleanup *** ## Implementation [#implementation] **Source code:**\ [ton-blockchain/ton (highload-wallet-v2-code.fc)](https://github.com/ton-blockchain/ton/blob/4ebd7412c52248360464c2df5f434c8aaa3edfe1/crypto/smartcont/highload-wallet-v2-code.fc) **SDK wrappers:** * **Go:** [`tonutils-go`](https://github.com/xssnick/tonutils-go) — includes Highload v2 wrapper * **Python:** [`pytoniq`](https://github.com/yungwine/pytoniq) — includes Highload v2 wrapper For new projects, consider using [Highload Wallet v3](/blockchain-basics/standard/wallets/highload/v3/specification) instead. *** ## See also [#see-also] * [Highload Wallet v3 specification](/blockchain-basics/standard/wallets/highload/v3/specification) — recommended version * [Version comparison](/blockchain-basics/standard/wallets/highload/overview#version-comparison) — v1 vs v2 vs v3 # How to create a highload wallet v3 (/blockchain-basics/standard/wallets/highload/v3/create) This guide shows how to create a Highload Wallet v3 instance from scratch: choose configuration parameters, generate a mnemonic, and calculate the wallet address. ## Objective [#objective] By the end of this guide, you will have: * A 24-word mnemonic phrase (seed phrase) for your wallet * A calculated wallet address (but not yet deployed on-chain) * Configuration parameters: `subwalletId` and `timeout` ## Prerequisites [#prerequisites] * Node.js 18+ or TypeScript environment * `@ton/ton`, `@ton/core`, `@ton/crypto` packages installed * Highload Wallet v3 wrapper and compiled contract code <Aside type="note"> **No deployment yet:** Creating a wallet calculates its future address but does not deploy it. The wallet will auto-deploy on the first external message (when you send your first transfer). </Aside> This guide uses TypeScript with the official wrapper. The same logic applies to other SDKs (Go/Python): generate or load a mnemonic, derive a keypair, choose parameters, and calculate the address. ## Step 1: Set up dependencies [#step-1-set-up-dependencies] Install required packages: ```bash npm install @ton/ton @ton/core @ton/crypto ``` Copy the wrapper and contract code from the [official repository](https://github.com/ton-blockchain/highload-wallet-contract-v3): ```bash # Clone the repository or download these files: # - wrappers/HighloadWalletV3.ts # - wrappers/HighloadQueryId.ts # - Compiled contract BoC (from build/ or inline hex) ``` <Aside type="note"> **Why copy wrappers?** The official `@ton/ton` SDK does not include Highload Wallet v3 wrappers yet. Copy `HighloadWalletV3.ts` and `HighloadQueryId.ts` from the repository until SDK support is added. </Aside> ## Step 2: Choose configuration parameters [#step-2-choose-configuration-parameters] Highload Wallet v3 requires two configuration parameters at creation time: ### `timeout` [#timeout] **Type:** `uint22` (0 to 4,194,303 seconds)\ **Purpose:** Validity window for external messages and cleanup cycle duration The `timeout` determines: * How long a signed external message remains valid: `created_at` must be within `[now - timeout, now]` * When old processed messages rotate to `old_queries`: every `timeout` seconds * When `old_queries` is cleared: after `2 × timeout` **Choosing a value:** | Range | Use case | | ------------------ | ---------------------------------------------------------------------------------------------- | | Short (60–300s) | Fast certainty if message expires; lower storage costs; requires tight synchronization | | Medium (1–6 hours) | Balanced; suitable for most production use | | Long (24+ hours) | High tolerance for blockchain congestion; higher storage costs; slower certainty on expiration | <Aside type="caution"> **Cannot be changed later:** `timeout` is part of the contract's [initial configuration](/blockchain-basics/standard/wallets/highload/v3/specification#storage-structure). Changing it would change the wallet address entirely. </Aside> See [Timeout constraints](/blockchain-basics/standard/wallets/highload/v3/specification#timeout-constraints) in the specification for details. ### `subwalletId` [#subwalletid] **Type:** `uint32` (0 to 4,294,967,295)\ **Purpose:** Isolate multiple wallets derived from the same keypair A single mnemonic can generate multiple independent wallet addresses by varying `subwalletId`. Each wallet has its own balance, state, and transaction history. <Aside type="caution"> **Recommended value: `0x10ad` (4269).**\ Use a `subwalletId` different from other wallet types (standard wallets v3/v4/v5 or vesting wallets) derived from the same keypair. The value `0x10ad` is recommended in the [official repository](https://github.com/ton-blockchain/highload-wallet-contract-v3) to avoid conflicts with other contracts. </Aside> **Why this matters:** If you use the same `subwalletId` across different wallet types (e.g., Highload v3 and standard wallet v5), they might share the same address, causing conflicts. Using `0x10ad` ensures isolation from standard wallets. See [Storage structure](/blockchain-basics/standard/wallets/highload/v3/specification#storage-structure) in the specification for details. ## Step 3: Generate or load a mnemonic [#step-3-generate-or-load-a-mnemonic] A mnemonic is your wallet's master secret. It derives the private key used to sign all transactions. ### Generate a new mnemonic [#generate-a-new-mnemonic] ```typescript import { mnemonicNew } from '@ton/crypto'; const mnemonic = await mnemonicNew(24); // Array of 24 words ``` ### Load an existing mnemonic [#load-an-existing-mnemonic] ```typescript const mnemonic = 'word1 word2 word3 ... word24'.split(' '); ``` <Aside type="danger"> **Protect your mnemonic:** Anyone with access to your mnemonic can control your wallet and all funds. Store it securely (password manager, hardware wallet, encrypted storage). Never commit it to version control. </Aside> ## Step 4: Derive the keypair [#step-4-derive-the-keypair] Convert the mnemonic to an Ed25519 keypair: ```typescript import { mnemonicToPrivateKey } from '@ton/crypto'; const keyPair = await mnemonicToPrivateKey(mnemonic); // keyPair.publicKey — used in contract state // keyPair.secretKey — used to sign external messages ``` ## Step 5: Create the wallet instance [#step-5-create-the-wallet-instance] Create a Highload Wallet v3 contract instance with your chosen parameters: ```typescript import { TonClient } from '@ton/ton'; import { Cell } from '@ton/core'; import { HighloadWalletV3 } from './wrappers/HighloadWalletV3'; // Configuration const SUBWALLET_ID = 0x10ad; // Recommended for Highload Wallets const TIMEOUT = 60 * 60 * 24; // 24 hours // Compiled contract code (BoC) const CODE = Cell.fromBoc( Buffer.from( 'b5ee9c7241021001000228000114ff00f4a413f4bcf2c80b01020120020d02014803040078d020d74bc00101c060b0915be101d0d3030171b0915be0fa4030f828c705b39130e0d31f018210ae42e5a4ba9d8040d721d74cf82a01ed55fb04e030020120050a02027306070011adce76a2686b85ffc00201200809001aabb6ed44d0810122d721d70b3f0018aa3bed44d08307d721d70b1f0201200b0c001bb9a6eed44d0810162d721d70b15800e5b8bf2eda2edfb21ab09028409b0ed44d0810120d721f404f404d33fd315d1058e1bf82325a15210b99f326df82305aa0015a112b992306dde923033e2923033e25230800df40f6fa19ed021d721d70a00955f037fdb31e09130e259800df40f6fa19cd001d721d70a00937fdb31e0915be270801f6f2d48308d718d121f900ed44d0d3ffd31ff404f404d33fd315d1f82321a15220b98e12336df82324aa00a112b9926d32de58f82301de541675f910f2a106d0d31fd4d307d30cd309d33fd315d15168baf2a2515abaf2a6f8232aa15250bcf2a304f823bbf2a35304800df40f6fa199d024d721d70a00f2649130e20e01fe5309800df40f6fa18e13d05004d718d20001f264c858cf16cf8301cf168e1030c824cf40cf8384095005a1a514cf40e2f800c94039800df41704c8cbff13cb1ff40012f40012cb3f12cb15c9ed54f80f21d0d30001f265d3020171b0925f03e0fa4001d70b01c000f2a5fa4031fa0031f401fa0031fa00318060d721d300010f0020f265d2000193d431d19130e272b1fb00b585bf03', 'hex' ) )[0]; const client = new TonClient({ endpoint: 'https://testnet.toncenter.com/api/v2/jsonRPC', // This is TESTNET endpoint // apiKey: 'your-api-key' // Optional: get from @tonapibot or @tontestnetapibot }); const wallet = client.open( HighloadWalletV3.createFromConfig( { publicKey: keyPair.publicKey, subwalletId: SUBWALLET_ID, timeout: TIMEOUT, }, CODE ) ); ``` ## Step 6: Get the wallet address [#step-6-get-the-wallet-address] Calculate the wallet's address: ```typescript // Get non-bounceable address for funding const address = wallet.address.toString({ bounceable: false, testOnly: true }); console.log('Wallet address:', address); // Example (truncated): 0Q... (non-bounceable, testnet) ``` This address is deterministic: it depends only on `CODE`, `publicKey`, `subwalletId`, and `timeout`. The same parameters always produce the same address. <Aside type="tip"> **Why non-bounceable?** When funding a `nonexist` account, use the non-bounceable format to prevent funds from bouncing back if the account doesn't exist yet. See [Address formats](/blockchain-basics/primitives/addresses/formats) for details. </Aside> **Account status: [`nonexist`](/blockchain-basics/primitives/status#status-variety)** The calculated address exists only as a deterministic value. No account exists on the blockchain yet — no balance, no code, no data. ## Step 7: Fund the wallet [#step-7-fund-the-wallet] <Aside type="danger"> **Funds at risk:** You will send TON to this address. Test on testnet first. Verify the wallet address carefully — blockchain transactions cannot be reversed. </Aside> **Required before deployment:** Send TON to your wallet address (from Step 6) to prepare it for deployment. External messages (which deploy the wallet) require gas to execute. By funding the address, you transition the account from `nonexist` to `uninit` status and provide the balance needed for deployment. See [Account status](/blockchain-basics/primitives/status) for details on how account states work. Send TON using a faucet (testnet) or from another wallet (mainnet). After funding, the account transitions to `uninit` status — it has a balance and can accept external messages, but no code or data yet. ## Saving wallet data [#saving-wallet-data] For convenience, save your wallet configuration to reuse later: ```typescript import * as fs from 'fs'; const walletData = { mnemonic: mnemonic.join(' '), address: address, // From Step 6 subwalletId: SUBWALLET_ID, timeout: TIMEOUT, }; fs.writeFileSync('.wallet.json', JSON.stringify(walletData, null, 2)); console.log('Wallet saved to .wallet.json'); ``` <Aside type="danger"> **Never commit `.wallet.json`:** Add it to `.gitignore`. This file contains your mnemonic. </Aside> ## Next steps [#next-steps] Your wallet is ready for deployment. The wallet will auto-deploy on the first external message. # How to send a batch of transfers (/blockchain-basics/standard/wallets/highload/v3/send-batch-transfers) <Aside type="danger"> **Funds at risk:** This guide sends real TON. Test on testnet first. Double-check recipient addresses — blockchain transactions cannot be reversed. </Aside> This guide shows how to send multiple transfers in a single transaction using Highload Wallet v3. This is the main feature of the wallet, enabling up to 254 messages per transaction. ## Objective [#objective] By the end of this guide, you will: * Send multiple transfers (up to 254) in a single transaction * Understand the two-transaction flow for batch transfers * Know how to calculate the compute fees for the internal transaction ## Prerequisites [#prerequisites] * Completed [wallet creation](/blockchain-basics/standard/wallets/highload/v3/create) with funded balance and saved configuration in `.wallet.json` ## Step 1: Load wallet configuration [#step-1-load-wallet-configuration] Load the wallet data and create the wallet instance: ```typescript import { TonClient, internal, toNano, comment } from '@ton/ton'; import { mnemonicToPrivateKey } from '@ton/crypto'; import { Cell, SendMode } from '@ton/core'; import { HighloadWalletV3 } from './wrappers/HighloadWalletV3'; import { HighloadQueryId } from './wrappers/HighloadQueryId'; import * as fs from 'fs'; // Load wallet data const walletData = JSON.parse(fs.readFileSync('.wallet.json', 'utf-8')); const mnemonic = walletData.mnemonic.split(' '); const keyPair = await mnemonicToPrivateKey(mnemonic); const CODE = Cell.fromBoc(Buffer.from('b5ee9c7241021001000228000114ff00f4a413f4bcf2c80b01020120020d02014803040078d020d74bc00101c060b0915be101d0d3030171b0915be0fa4030f828c705b39130e0d31f018210ae42e5a4ba9d8040d721d74cf82a01ed55fb04e030020120050a02027306070011adce76a2686b85ffc00201200809001aabb6ed44d0810122d721d70b3f0018aa3bed44d08307d721d70b1f0201200b0c001bb9a6eed44d0810162d721d70b15800e5b8bf2eda2edfb21ab09028409b0ed44d0810120d721f404f404d33fd315d1058e1bf82325a15210b99f326df82305aa0015a112b992306dde923033e2923033e25230800df40f6fa19ed021d721d70a00955f037fdb31e09130e259800df40f6fa19cd001d721d70a00937fdb31e0915be270801f6f2d48308d718d121f900ed44d0d3ffd31ff404f404d33fd315d1f82321a15220b98e12336df82324aa00a112b9926d32de58f82301de541675f910f2a106d0d31fd4d307d30cd309d33fd315d15168baf2a2515abaf2a6f8232aa15250bcf2a304f823bbf2a35304800df40f6fa199d024d721d70a00f2649130e20e01fe5309800df40f6fa18e13d05004d718d20001f264c858cf16cf8301cf168e1030c824cf40cf8384095005a1a514cf40e2f800c94039800df41704c8cbff13cb1ff40012f40012cb3f12cb15c9ed54f80f21d0d30001f265d3020171b0925f03e0fa4001d70b01c000f2a5fa4031fa0031f401fa0031fa00318060d721d300010f0020f265d2000193d431d19130e272b1fb00b585bf03', 'hex'))[0]; const client = new TonClient({ endpoint: 'https://testnet.toncenter.com/api/v2/jsonRPC', // This is TESTNET endpoint // apiKey: 'your-api-key' // Optional: get from @tonapibot or @tontestnetapibot }); const wallet = client.open( HighloadWalletV3.createFromConfig( { publicKey: keyPair.publicKey, subwalletId: walletData.subwalletId, timeout: walletData.timeout, }, CODE ) ); ``` ## Step 2: Prepare the message batch [#step-2-prepare-the-message-batch] Create an array of messages to send: ```typescript const messages = []; for (let i = 1; i <= 10; i++) { messages.push({ type: 'sendMsg' as const, mode: SendMode.PAY_GAS_SEPARATELY, outMsg: internal({ to: 'EQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAM9c', // Zero address (for testing) value: toNano('0.001'), body: comment(`#${i}`), bounce: false, }), }); } ``` Each message in the batch: * **`type: 'sendMsg'`** — specifies that this is an outgoing message action * **`mode`** — [send mode](/blockchain-basics/primitives/messages/modes) for each individual message * **`outMsg`** — the internal message to send <Aside type="tip"> **Batch limit:** You can send up to **254 messages** per transaction. This limit exists because one action slot is reserved for [`set_code` protection](/blockchain-basics/standard/wallets/highload/v3/specification#protection-against-set-code). </Aside> ## Step 3: Send the batch [#step-3-send-the-batch] Send the batch using the `sendBatch` method: ```typescript const queryId = HighloadQueryId.fromSeqno(17n); // Use a specific seqno const createdAt = Math.floor(Date.now() / 1000) - 30; // 30 seconds ago const value = toNano('0.0007024'); // Compute fee for internal receiver await wallet.sendBatch( keyPair.secretKey, messages, walletData.subwalletId, queryId, walletData.timeout, createdAt, value ); console.log('Batch sent: 10 transfers'); console.log(`Query ID: ${queryId.toSeqno()}`); console.log(`Created At: ${createdAt}`); ``` <Aside type="note"> **Automatic deployment:** If your wallet is in `uninit` status (has a balance but no code), it will automatically deploy when processing this external message. The wallet transitions to `active` status, and the batch transfer is executed in the same transaction. </Aside> ### Parameter explanation [#parameter-explanation] **`queryId`** — Unique identifier for replay protection: * Each `query_id` can only be processed once within the protection window * `HighloadQueryId` is a wrapper class that represents the composite `query_id` as a sequential counter * Use `HighloadQueryId.fromSeqno(n)` to create a specific query ID * Provides `getNext()` method to increment to the next unique ID * Total range: 8,380,416 unique IDs * See [Query ID structure](/blockchain-basics/standard/wallets/highload/v3/specification#query-id-structure) for details **`createdAt`** — Message timestamp for expiration: * Set to 30 seconds **before** current time: `Math.floor(Date.now() / 1000) - 30` * Compensates for blockchain time lag (lite-servers use last block time, not current time) * See [Timestamp validation](/blockchain-basics/standard/wallets/highload/v3/specification#timestamp-validation) for why this is necessary **`value`** — Compute fee for the internal transaction: * The internal receiver (Transaction 2) consumes a fixed **1,756 gas** to process the action list * At current gas prices, this equals \~0.0007024 TON * This fee is sent to the wallet itself to cover internal message processing * If insufficient, the internal transaction may fail (but replay protection remains intact) <Aside type="caution"> **Compute fee requirement:** The `value` parameter covers gas for the internal transaction that processes the action list. This is in addition to the gas costs of the external message itself. </Aside> ## How it works [#how-it-works] Batch transfers use a two-transaction pattern: the external message marks the `query_id` as processed and sends an internal message to itself with the action list, then the internal transaction processes the actions and sends all outgoing messages. See [Message sending flow](/blockchain-basics/standard/wallets/highload/v3/specification#message-sending-flow) for the complete validation sequence. ## Next steps [#next-steps] You can send multiple batches in parallel, each with a unique `query_id`. To verify that your batch was fully processed, see [How to verify message is processed](/blockchain-basics/standard/wallets/highload/v3/verify-is-processed). # How to send a single transfer (/blockchain-basics/standard/wallets/highload/v3/send-single-transfer) <Aside type="danger"> **Funds at risk:** This guide sends real TON. Test on testnet first. Double-check recipient addresses — blockchain transactions cannot be reversed. </Aside> This guide shows how to send a single transfer from your Highload Wallet v3. ## Objective [#objective] By the end of this guide, you will: * Send a single TON transfer from your Highload Wallet v3 * Understand how `query_id`, `created_at`, and [send modes](/blockchain-basics/primitives/messages/modes) work ## Prerequisites [#prerequisites] * Completed [wallet creation](/blockchain-basics/standard/wallets/highload/v3/create) with funded balance and saved configuration in `.wallet.json` ## Step 1: Load wallet configuration [#step-1-load-wallet-configuration] Load the wallet data and create the wallet instance: ```typescript import { TonClient, internal, toNano } from '@ton/ton'; import { mnemonicToPrivateKey } from '@ton/crypto'; import { Cell, SendMode } from '@ton/core'; import { HighloadWalletV3 } from './wrappers/HighloadWalletV3'; import { HighloadQueryId } from './wrappers/HighloadQueryId'; import * as fs from 'fs'; // Load wallet data const walletData = JSON.parse(fs.readFileSync('.wallet.json', 'utf-8')); const mnemonic = walletData.mnemonic.split(' '); const keyPair = await mnemonicToPrivateKey(mnemonic); const CODE = Cell.fromBoc(Buffer.from('b5ee9c7241021001000228000114ff00f4a413f4bcf2c80b01020120020d02014803040078d020d74bc00101c060b0915be101d0d3030171b0915be0fa4030f828c705b39130e0d31f018210ae42e5a4ba9d8040d721d74cf82a01ed55fb04e030020120050a02027306070011adce76a2686b85ffc00201200809001aabb6ed44d0810122d721d70b3f0018aa3bed44d08307d721d70b1f0201200b0c001bb9a6eed44d0810162d721d70b15800e5b8bf2eda2edfb21ab09028409b0ed44d0810120d721f404f404d33fd315d1058e1bf82325a15210b99f326df82305aa0015a112b992306dde923033e2923033e25230800df40f6fa19ed021d721d70a00955f037fdb31e09130e259800df40f6fa19cd001d721d70a00937fdb31e0915be270801f6f2d48308d718d121f900ed44d0d3ffd31ff404f404d33fd315d1f82321a15220b98e12336df82324aa00a112b9926d32de58f82301de541675f910f2a106d0d31fd4d307d30cd309d33fd315d15168baf2a2515abaf2a6f8232aa15250bcf2a304f823bbf2a35304800df40f6fa199d024d721d70a00f2649130e20e01fe5309800df40f6fa18e13d05004d718d20001f264c858cf16cf8301cf168e1030c824cf40cf8384095005a1a514cf40e2f800c94039800df41704c8cbff13cb1ff40012f40012cb3f12cb15c9ed54f80f21d0d30001f265d3020171b0925f03e0fa4001d70b01c000f2a5fa4031fa0031f401fa0031fa00318060d721d300010f0020f265d2000193d431d19130e272b1fb00b585bf03', 'hex'))[0]; const client = new TonClient({ endpoint: 'https://testnet.toncenter.com/api/v2/jsonRPC', // This is TESTNET endpoint // apiKey: 'your-api-key' // Optional: get from @tonapibot or @tontestnetapibot }); const wallet = client.open( HighloadWalletV3.createFromConfig( { publicKey: keyPair.publicKey, subwalletId: walletData.subwalletId, timeout: walletData.timeout, }, CODE ) ); ``` ## Step 2: Prepare the transfer message [#step-2-prepare-the-transfer-message] Create an internal message with the transfer details: ```typescript const internalMessage = internal({ to: 'EQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAM9c', // Zero address (for testing) value: toNano('0.01'), bounce: false, }); ``` This example uses the zero address for testing. Replace it with your actual destination address. <Aside type="caution"> **No state-init support:** Highload Wallet v3 cannot send messages containing [`StateInit`](/blockchain-basics/primitives/messages/deploy) using this method. If you need to deploy a contract (send a message with `StateInit`), use [batch transfers](/blockchain-basics/standard/wallets/highload/v3/send-batch-transfers) with an action list instead. See [Limitations and constraints](/blockchain-basics/standard/wallets/highload/v3/specification#limitations-and-constraints) in the specification for details. </Aside> ## Step 3: Send the transfer [#step-3-send-the-transfer] Send the transfer using the `sendExternalMessage` method: ```typescript const createdAt = Math.floor(Date.now() / 1000) - 30; // 30 seconds ago const queryId = new HighloadQueryId(); // Represents query_id as a seqno await wallet.sendExternalMessage(keyPair.secretKey, { message: internalMessage, mode: SendMode.PAY_GAS_SEPARATELY, query_id: queryId, createdAt: createdAt, subwalletId: walletData.subwalletId, timeout: walletData.timeout, }); console.log('Transfer sent'); ``` <Aside type="note"> **Automatic deployment:** If your wallet is in `uninit` status (has a balance but no code), it will automatically deploy when processing this external message. The wallet transitions to `active` status, and the transfer is executed in the same transaction. </Aside> ### Parameter explanation [#parameter-explanation] **`query_id`** — Unique identifier for replay protection: * Each `query_id` can only be processed once within the protection window * `HighloadQueryId` is a wrapper class that represents the composite `query_id` as a sequential counter * Provides `getNext()` method to increment to the next unique ID * Total range: 8,380,416 unique IDs * See [Query ID structure](/blockchain-basics/standard/wallets/highload/v3/specification#query-id-structure) for details **`createdAt`** — Message timestamp for expiration: * Set to 30 seconds **before** current time: `Math.floor(Date.now() / 1000) - 30` * Compensates for blockchain time lag (lite-servers use last block time, not current time) * See [Timestamp validation](/blockchain-basics/standard/wallets/highload/v3/specification#timestamp-validation) for why this is necessary ## Next steps [#next-steps] Your wallet is fully operational. You can send multiple transfers in parallel or batch multiple messages in one transaction. To verify that your message, see [How to verify message is processed](/blockchain-basics/standard/wallets/highload/v3/verify-is-processed). # Highload Wallet v3 — specification (/blockchain-basics/standard/wallets/highload/v3/specification) This page provides a complete technical specification for Highload Wallet v3, covering storage structure, message formats, replay protection, limitations, and security mechanisms. ## Objective [#objective] Understand the internal architecture, data structures, and operational mechanics of Highload Wallet v3. This reference page explains how the wallet processes high-throughput transaction flows securely. <Aside type="tip"> For practical usage, see [How-to guides](/blockchain-basics/standard/wallets/highload/v3/create). </Aside> ## What is Highload Wallet v3? [#what-is-highload-wallet-v3] Highload Wallet v3 is a specialized wallet smart contract designed for services that need to send many transactions in a short time (e.g., cryptocurrency exchanges, payment processors). **Key difference from standard wallets:**\ Unlike seqno-based wallets (v3, v4, v5) that require sequential transaction processing, Highload v3 stores processed request identifiers in a dictionary, enabling **parallel transaction submission** without blocking. **Compared to Highload v2:**\ v3 solves architectural issues that could lock funds in v2 and consumes less gas during operations. *** ## TL-B schema [#tl-b-schema] [TL-B (Type Language - Binary)](/blockchain-basics/languages/tl-b/overview) is a domain-specific language designed to describe data structures in TON. The schemas below define the binary layout of the contract's storage, external messages, and internal messages. ### Storage structure [#storage-structure] ```tlb storage$_ public_key:bits256 subwallet_id:uint32 old_queries:(HashmapE 13 ^Cell) queries:(HashmapE 13 ^Cell) last_clean_time:uint64 timeout:uint22 = Storage; ``` ### Query ID structure [#query-id-structure] ```tlb _ shift:uint13 bit_number:(## 10) { bit_number >= 0 } { bit_number < 1023 } = QueryId; ``` ### External message structure [#external-message-structure] ```tlb _ {n:#} subwallet_id:uint32 message_to_send:^Cell send_mode:uint8 query_id:QueryId created_at:uint64 timeout:uint22 = MsgInner; msg_body$_ {n:#} signature:bits512 ^(MsgInner) = ExternalInMsgBody; ``` ### Internal message structure (for batch transfers) [#internal-message-structure-for-batch-transfers] ```tlb internal_transfer#ae42e5a4 {n:#} query_id:uint64 actions:^(OutList n) = InternalMsgBody n; ``` <Aside type="note"> `internal_transfer` is used when the wallet sends a message to itself with an action list for batch transfers. The opcode `0xae42e5a4` is derived from `crc32('internal_transfer n:# query_id:uint64 actions:^OutList n = InternalMsgBody n')`. The canonical TL-B schemas are maintained in the [highload-wallet-contract-v3 repository](https://github.com/ton-blockchain/highload-wallet-contract-v3). </Aside> Below, each field is explained in detail. *** ## Storage structure [#storage-structure-1] The Highload Wallet v3 contract stores six persistent fields: ### `public_key` (256 bits) [#public_key-256-bits] **Purpose:**\ An Ed25519 public key is used to verify signatures on incoming external messages. **How it works:**\ When the wallet receives an external message, it verifies that the 512-bit signature was created by the holder of the private key corresponding to this public key. <Aside type="caution"> The public key is not the wallet address. The address is [derived](/blockchain-basics/primitives/addresses/derive) from the contract's [`StateInit`](/blockchain-basics/primitives/messages/deploy). </Aside> *** ### `subwallet_id` (32 bits) [#subwallet_id-32-bits] **Purpose:**\ Allows a single keypair to control multiple wallets with different addresses. **How it works:**\ The `subwallet_id` is part of the contract's initial state. Changing it produces a different contract address (because the address is a hash of code + data). Each external message must include the correct `subwallet_id`; mismatches result in exit code `34`. **Common use case:**\ One private key manages multiple "virtual" wallets for organizational or accounting purposes. **Recommendation:**\ Use `subwallet_id: 0x10ad` (4269) to avoid conflicts with other wallet types (standard wallets or vesting wallets) derived from the same keypair. See [How to create Highload Wallet v3](/blockchain-basics/standard/wallets/highload/v3/create) for details. *** ### `old_queries` (HashmapE 13 ^Cell) [#old_queries-hashmape-13-cell] **Purpose:**\ Stores previously processed `query_id` values during rotation cycles. **Structure:**\ Hashmap with 13-bit keys, where each key holds a bitmap of processed query IDs. **Usage:**\ Provides a second layer of replay protection. During cleanup, `queries` → `old_queries`, creating a double timeout window. **Details:** See [Replay protection mechanism](#replay-protection-mechanism). *** ### `queries` (HashmapE 13 ^Cell) [#queries-hashmape-13-cell] **Purpose:**\ Stores recently processed `query_id` values to prevent replay attacks. **Structure:**\ Hashmap with 13-bit keys, where each key holds a bitmap of processed query IDs. **Usage:**\ When a message arrives, the contract checks if its `query_id` is already marked in `queries` or `old_queries`. If found, the message is rejected as a replay attempt. **Details:** See [Replay protection mechanism](#replay-protection-mechanism). *** ### `last_clean_time` (64 bits) [#last_clean_time-64-bits] **Purpose:**\ Unix timestamp (in seconds) of the last cleanup operation. **Usage:**\ Tracks when the contract last rotated `queries` → `old_queries`. Cleanup triggers when `current_time >= last_clean_time + timeout`. **Details:** See [Replay protection mechanism](#replay-protection-mechanism). *** ### `timeout` (22 bits) [#timeout-22-bits] **Purpose:**\ Defines the validity window (in seconds) for external messages. **Usage:**\ Messages are valid if `created_at > now() - timeout` and `created_at <= now()`. If expired or from the future, the contract rejects them with exit code `35`. <Aside type="note"> 22 bits allows timeout values up to \~4,194,303 seconds (\~48.6 days). </Aside> **Details:** * [Replay protection mechanism](#replay-protection-mechanism) — how timeout is used * [Timeout constraints](#timeout-constraints) — choosing the right value *** ## Replay protection mechanism [#replay-protection-mechanism] Highload v3 uses a dual-hashmap system (`queries` and `old_queries`) combined with timestamps to prevent replay attacks. ### Storage structure for replay protection [#storage-structure-for-replay-protection] The contract stores processed `query_id` values in two hashmaps: **`old_queries` (HashmapE 13 ^Cell):** * Hashmap with 13-bit keys * Each key corresponds to `shift` (13 bits from query\_id) * Each value is a cell containing a bitmap of processed `bit_number` values * Stores previously processed query IDs from the last rotation cycle * Provides extended protection during rotation **`queries` (HashmapE 13 ^Cell):** * Same structure as `old_queries` — hashmap with 13-bit keys * Each key corresponds to `shift = query_id >> 10` * Each value is a cell containing a bitmap of processed `bit_number` values * Stores recently processed query IDs ### How query\_id is checked [#how-query_id-is-checked] When an external message arrives, the contract: 1. Extracts `query_id` from the message 2. Splits it into components: * `shift = query_id >> 10` (13 bits, range 0–8191) * `bit_number = query_id & 1023` (10 bits, range 0–1022) 3. Checks if bit `bit_number` is set in `queries[shift]`: * If found → reject with exit code `36` 4. Checks if bit `bit_number` is set in `old_queries[shift]`: * If found → reject with exit code `36` 5. If not found in either → mark the bit in `queries[shift]` and proceed **Why a hashmap structure?**\ Enables [parallel transaction submission](#what-is-highload-wallet-v3) — multiple messages can be sent simultaneously without waiting for sequential confirmation. ### Rotation mechanism [#rotation-mechanism] When `current_time >= last_clean_time + timeout`, the contract performs cleanup: 1. `old_queries := queries` — move current queries to old 2. `queries := {}` — clear current queries hashmap 3. `last_clean_time := current_time` — update timestamp **Additional cleanup:**\ If `current_time >= last_clean_time + (2 × timeout)` (i.e., no cleanup for twice the timeout period), the contract also clears `old_queries` completely to prevent unbounded storage growth. **Why two hashmaps?**\ This provides a **double timeout window** for replay protection: * A `query_id` is protected for at least `timeout` seconds in `queries` * After rotation, it remains in `old_queries` for another `timeout` period before deletion * Total protection window: between `timeout` and `2 × timeout` **Benefit:**\ Prevents replay attacks even if messages arrive near the rotation boundary. ### Timestamp validation [#timestamp-validation] The `created_at` timestamp combined with `timeout` ensures that even very old messages (beyond the rotation window) are rejected. This creates a time-based boundary for message validity: ```text The message is valid if: created_at > now() - timeout // Not too old created_at <= now() // Not from future Otherwise: reject with exit code 35 ``` <Aside type="caution"> **Time lag consideration:** When a lite-server receives an external message, the contract executes `now()` which returns the timestamp of the **last processed block**, not the current system time. Due to network latency and block processing time, this timestamp is typically 5-30 seconds behind your system clock. **Best practice:** Set `created_at` to 30-60 seconds **before** the current time to ensure the message passes validation: ```typescript const createdAt = Math.floor(Date.now() / 1000) - 30; // 30 seconds ago ``` If `created_at` equals your current system time, it may appear to be "from the future" when validated on-chain, causing the transaction to fail with exit code `35`. </Aside> ### Uniqueness guarantee [#uniqueness-guarantee] <Aside type="note"> Highload v3 will never execute multiple external messages containing the same `query_id` and `created_at` — by the time it forgets any given `query_id`, the `created_at` condition will prevent execution of such a message. This effectively makes `query_id` and `created_at` together the "primary key" of a transfer request for Highload v3. </Aside> ### Why internal messages to self? [#why-internal-messages-to-self] Highload v3 uses a unique **internal message to self** pattern for a critical security reason related to TON's transaction phases. **The problem with standard external message wallets:** In TON, transaction processing includes several phases. Two phases are critical for understanding this problem: 1. **Compute phase** — executes smart contract code, updates storage 2. **Action phase** — performs actions (sends messages) If the action phase fails (e.g., insufficient funds for outgoing messages), the **entire transaction is rolled back**, including all storage changes made in the compute phase. For standard wallets that process external messages and send outgoing messages directly, this creates a problem: if you mark a message as "processed" in the compute phase but the action phase then fails (e.g., due to insufficient balance or invalid message), the rollback will **undo the replay protection**. Since the message was never marked as processed, lite-servers will keep retrying the same external message again and again, **burning gas on each attempt** for a long time or until the wallet runs out of funds. **Highload v3's solution:** Highload v3 uses a two-step approach with **internal messages**: 1. **Transaction 1 (external message):** Only marks `query_id` as processed and sends an **internal message to itself** 2. **Transaction 2 (internal message):** Processes the internal message and sends actual outgoing transfers Even if Transaction 2 fails in the action phase, Transaction 1 has already succeeded, and its storage changes (replay protection) cannot be rolled back. The `query_id` remains marked as processed, preventing replay attacks. This architecture solves a fundamental problem present in all standard external message wallets, including seqno-based wallets and earlier highload designs. *** ## External message structure [#external-message-structure-1] External messages sent to Highload v3 have a specific layout. ### Message layout [#message-layout] ```text signature:bits512 ^[ subwallet_id:uint32 message_to_send:^Cell send_mode:uint8 query_id:QueryId created_at:uint64 timeout:uint22 ] ``` **Key point:**\ The signature is in the **root cell** (512 bits); all other parameters are in a **reference cell** (`MsgInner`). <Aside type="tip"> **Gas optimization:** This structure saves \~500 gas units during signature verification. If the signature were in the same cell as the message body, the contract would need to use `slice_hash()` (which rebuilds the cell internally, costing extra gas) instead of simply taking `cell_hash()` of the reference. </Aside> *** ### `signature` (512 bits) [#signature-512-bits] **Type:**\ Ed25519 signature (512 bits). **What is signed:**\ The hash of the reference cell (`MsgInner`) containing `subwallet_id`, `message_to_send`, `send_mode`, `query_id`, `created_at`, and `timeout`. **Validation:**\ The contract verifies the signature using: ```func check_signature(hash(ref_cell), signature, public_key) ``` **On failure:**\ Exit code `33`. **Link:** [Ed25519 signature scheme](https://en.wikipedia.org/wiki/EdDSA#Ed25519) *** ### `subwallet_id` (32 bits) [#subwallet_id-32-bits-1] **Purpose:**\ Identifies which subwallet this message targets. **Validation:**\ Must match the `subwallet_id` stored in contract storage. **On mismatch:**\ Exit code `34`. *** ### `query_id` (composite structure) [#query_id-composite-structure] The `query_id` follows the `QueryId` TL-B structure and is split into two parts: * **`shift`** (uint13, 13 bits): high-order bits (range 0 to 8191) * **`bit_number`** (## 10): low-order bits with constraints `{ bit_number >= 0 } { bit_number < 1023 }` (range 0 to 1022) **Total range:**\ `2^13 × 1023 = 8,380,416` possible unique query IDs. **How it maps to the hashmap:** ```text hashmap_key = shift (13 bits) bit_index = bit_number (10 bits) ``` The contract checks if bit `bit_number` is set in the cell stored at `hashmap[shift]`. **Recommendation:**\ Increment `query_id` sequentially using a counter-based strategy. *** ### `created_at` (64 bits) [#created_at-64-bits] **Purpose:**\ Unix timestamp (seconds) when the external message was created. **Validation:**\ The contract performs two checks: ```func created_at > now() - timeout // Message not too old created_at <= now() // Message not from future ``` **On failure:**\ Exit code `35`. **Why it matters:**\ Prevents replay of expired messages. Even if a `query_id` is eventually forgotten, stale messages are rejected based on `created_at`. See [Timestamp validation](#timestamp-validation) for important time lag considerations. *** ### `timeout` (22 bits) [#timeout-22-bits-1] **Purpose:**\ Defines the message validity window (in seconds). **Validation:**\ Must match the `timeout` value stored in contract storage. **On mismatch:**\ Exit code `38`. <Aside type="note"> 22 bits allows timeout values up to \~4.8 million seconds (\~55 days). </Aside> *** ### `send_mode` (8 bits) [#send_mode-8-bits] **Purpose:**\ Specifies the [send mode](/blockchain-basics/primitives/messages/modes) for the internal message. **Link:** [send\_raw\_message modes](/blockchain-basics/languages/func/stdlib#send-raw-message) *** ### `message_to_send` (reference cell) [#message_to_send-reference-cell] **Structure:**\ A serialized internal message stored in a reference cell. **Validation (exit code 37):** The contract validates `message_to_send` **after committing storage** to prevent action phase errors. The following checks are performed: 1. **Must be internal message:**\ First bit must be `0` (`int_msg_info$0`, not `ext_msg_info$10`) 2. **Source address must be none:**\ The `src` field must be `addr_none` (empty address) 3. **State-init must not be present:**\ State-init validation is too expensive in gas and is rarely needed. For contract deployment, use the [batch transfer pattern](/blockchain-basics/standard/wallets/highload/v3/send-batch-transfers) with an action list 4. **Bounced messages are ignored:**\ If the `bounced` flag is set, the message is silently ignored (no error) <Aside type="caution"> **Why validate after commit:**\ Validation occurs after `commit()` to ensure replay protection is saved even if the message structure is invalid. This prevents the same external message from being retried infinitely by lite-servers. </Aside> **Critical limitation:**\ Highload v3 can send **only ONE internal message** per external message. For batch transfers, use the [internal\_transfer pattern](#single-message-per-external) with an action list (up to 254 messages). *** ## Message sending flow [#message-sending-flow] Highload v3 uses a two-transaction pattern to safely send messages: <Image src="/resources/images/wallets/msg_flow_light.png" darkSrc="/resources/images/wallets/msg_flow_dark.png" alt="Message sending flow" /> <Aside type="note"> **Why two transactions?** This pattern ensures that replay protection is never rolled back, even if the actual message sending fails due to insufficient funds or other action phase errors. Transaction 1 commits the `query_id` to storage before any outgoing messages are attempted in Transaction 2. **Critical detail:** Message validation (step 9) happens **after commit** (step 8) to prevent infinite retries of invalid messages by lite-servers. </Aside> See [Single message per external](#single-message-per-external) for details on this limitation and the batch transfer workaround. *** ## Exit codes [#exit-codes] | Exit code | Name | Description | How to fix | | --------- | ---------------------- | -------------------------------------------------------------------------- | ------------------------------------------------------------------------------- | | `0` | Success | Message processed successfully | — | | `33` | Invalid signature | Ed25519 signature verification failed | Check that the private key is correct and the message hash is computed properly | | `34` | Subwallet ID mismatch | The `subwallet_id` in the message does not match storage | Verify you are using the correct `subwallet_id` for this wallet | | `35` | Invalid created\_at | Message timestamp is invalid (too old or from the future) | Ensure `created_at > now() - timeout` and `created_at <= now()` | | `36` | Query already executed | The `query_id` was already processed (found in `queries` or `old_queries`) | Use a new, unique `query_id` | | `37` | Invalid message | The `message_to_send` structure is invalid or cannot be processed | Verify the message cell structure and contents | | `38` | Invalid timeout | The `timeout` in the message does not match storage timeout | Verify you are using the correct `timeout` value for this wallet | *** ## Limitations and constraints [#limitations-and-constraints] ### Single message per external [#single-message-per-external] **Limitation:**\ Each external message can trigger **only one** outgoing internal message directly. **Why this limitation?**\ Manually validating message structure is expensive in gas costs. The contract validates only the single `message_to_send` reference to keep gas consumption predictable and low. **Why no state-init support?**\ State-init validation is complex and gas-intensive, while deploying contracts from a highload wallet is rarely needed. The feature was intentionally excluded to reduce gas costs. **Workaround for batch transfers:**\ Send an internal message to the wallet itself with opcode `0xae42e5a4` (`internal_transfer`) and an action list containing up to **254 outgoing messages** (not 255, because one action slot is reserved for [`set_code` protection](#protection-against-set-code)). **How to implement:** [Send batch transfers](/blockchain-basics/standard/wallets/highload/v3/send-batch-transfers) *** ### Query ID space limitations [#query-id-space-limitations] Highload v3 supports up to **8,380,416 unique query IDs** (see [`query_id` structure](#query-id-composite-structure) for details). **Impact on throughput:**\ If you send messages faster than `timeout`, you may exhaust available query IDs. After `timeout`, old IDs can be reused. **Recommended strategy:**\ Use a counter-based approach, incrementing `query_id` for each message. *** ### Timeout constraints [#timeout-constraints] The `timeout` value affects message validity, storage costs, and operational behavior: **Message validity:**\ Messages are valid for `timeout` seconds after `created_at`. Expired messages are rejected with exit code 35. **Storage costs:**\ Processed `query_id` values remain in storage for up to `2 × timeout` (across `queries` and `old_queries` hashmaps). Longer timeouts increase storage size and costs. **Operational impact:** * Short timeout (seconds/minutes): Fast expiration certainty, but messages may expire during network congestion * Long timeout (hours): Messages survive congestion, but slow failure detection and higher storage costs *** ### Gas consumption [#gas-consumption] Gas costs vary depending on the number of outgoing messages sent: | Operation | Transaction 1 (external) | Transaction 2 (internal) | Total | | ------------ | ------------------------ | ------------------------ | ----- | | 1 message | TBD | TBD | TBD | | 10 messages | TBD | TBD | TBD | | 254 messages | TBD | TBD | TBD | **What affects gas costs:** Gas consumption depends **only** on the number of entries in `queries` and `old_queries` hashmaps. Cleanup/rotation operations are highly optimized and add minimal overhead (unlike Highload v2). **Forward fees:** The two-transaction pattern means forward fees are spent **twice**: first when sending the external message (outside → external), then when the wallet sends an internal message to itself (external → internal). This makes Highload v3 approximately **2× more expensive in forward fees** compared to single-transaction wallets like v5. Forward fees scale with: * Number of outgoing messages * Size and complexity of message content *** ## Get methods [#get-methods] Highload Wallet v3 provides several read-only methods for monitoring and verification. | Method | Returns | Description | | ---------------------------------- | ---------------- | ----------------------------------------------------------------------------- | | `get_public_key()` | `int` (256 bits) | Returns the stored public key | | `get_subwallet_id()` | `int` (32 bits) | Returns the subwallet ID | | `get_timeout()` | `int` | Returns the current timeout value (stored as uint22) | | `get_last_clean_time()` | `int` (64 bits) | Returns the Unix timestamp of the last cleanup | | `processed?(query_id, need_clean)` | `(int, int)` | Checks if `query_id` was processed; optionally indicates if cleanup is needed | ### `processed?` method details [#processed-method-details] **Parameters:** * `query_id` (int): The query ID to check. * `need_clean` (int): If non-zero, also return whether cleanup is due. **Returns:** * First int: `-1` if processed, `0` if not. * Second int: `-1` if cleanup is needed, `0` otherwise. **Use case:**\ Before sending a message, check if a `query_id` was already used to avoid replay errors. **Link:** [How to verify if a message is processed](/blockchain-basics/standard/wallets/highload/v3/verify-is-processed) *** ## Protection against `set_code` [#protection-against-set_code] **Why this protection is needed:** The contract uses `set_actions(actions)` to execute arbitrary actions from the internal message (this allows sending batch transfers). However, leaving the ability to execute `set_code` actions would be unsafe — it creates a risk of **accidentally changing the contract code**. **How the protection works:** In `recv_internal` (Transaction 2), after extracting the action list from the internal message, the contract executes: ```func cell old_code = my_code(); set_actions(actions); // Apply action list from message set_code(old_code); // Immediately restore original code ``` This pattern **prevents any `set_code` action in the action list from taking effect**. Even if an action list accidentally contains a `set_code` instruction, the final `set_code(old_code)` call overwrites it, ensuring the contract code remains unchanged. **Action list limitation:**\ Because the contract calls `set_code(old_code)` as a protection mechanism, one action slot is consumed. This is why the maximum number of outgoing messages in a batch is **254** (not 255) — one slot is reserved for the `set_code` protection. *** ## Implementation [#implementation] **Source code:** [`ton-blockchain/highload-wallet-contract-v3`](https://github.com/ton-blockchain/highload-wallet-contract-v3) **SDK wrappers:** * **Go:** [`tonutils-go`](https://github.com/xssnick/tonutils-go) — includes Highload v3 wrapper * **Python:** [`pytoniq`](https://github.com/yungwine/pytoniq) — includes Highload v3 wrapper * **TypeScript/JavaScript:** Copy wrappers from the [official repository](https://github.com/ton-blockchain/highload-wallet-contract-v3/tree/main/wrappers) **Tests and examples:** See the [tests/](https://github.com/ton-blockchain/highload-wallet-contract-v3/tree/main/tests) directory in the repository for reference implementation and usage patterns. **Link:** [How-to guides](/blockchain-basics/standard/wallets/highload/v3/create) *** ## See also [#see-also] * [How to create Highload Wallet v3](/blockchain-basics/standard/wallets/highload/v3/create) * [How to send single transfer](/blockchain-basics/standard/wallets/highload/v3/send-single-transfer) * [How to send batch transfers](/blockchain-basics/standard/wallets/highload/v3/send-batch-transfers) * [How to verify if a message is processed](/blockchain-basics/standard/wallets/highload/v3/verify-is-processed) # How to verify that a message is processed (/blockchain-basics/standard/wallets/highload/v3/verify-is-processed) This guide shows how to verify that a transfer (single or batch) was fully processed across both transactions. ## Objective [#objective] By the end of this guide, you will: * Verify that both transactions (external and internal) succeeded * Calculate how many messages were successfully sent * Detect partial failures in batch transfers ## Prerequisites [#prerequisites] * Completed [wallet creation](/blockchain-basics/standard/wallets/highload/v3/create) with funded balance * Sent at least one transfer (single or batch) * Know the `query_id` and `created_at` values used in the transfer ## Verification overview [#verification-overview] Highload Wallet v3 uses a two-transaction pattern. To verify full processing, you need to check both transactions: 1. **External transaction (Transaction 1):** Validates the message and marks `query_id` as processed 2. **Internal transaction (Transaction 2):** Processes the action list and sends outgoing messages Even if `processed?` returns `true`, the internal transaction may have failed. Full verification requires checking both transactions. See [Message sending flow](/blockchain-basics/standard/wallets/highload/v3/specification#message-sending-flow) for the complete two-transaction pattern. ## Helper functions [#helper-functions] Create helper functions for transaction search and parsing: ```typescript import { TonClient } from '@ton/ton'; import { Cell, Transaction, Address } from '@ton/core'; // Retry helper for network requests async function retry<T>(fn: () => Promise<T>, options: { retries: number; delay: number }): Promise<T> { let lastError: Error | undefined; for (let i = 0; i < options.retries; i++) { try { return await fn(); } catch (e) { if (e instanceof Error) lastError = e; await new Promise((resolve) => setTimeout(resolve, options.delay)); } } throw lastError; } // Parse external message to extract query_id and created_at function parseExternalMessageBody(body: Cell) { try { const inner = body.refs[0]!.beginParse(); inner.skip(32 + 8); // Skip subwalletId and mode const queryId = inner.loadUintBig(23); const createdAt = inner.loadUint(64); return { queryId, createdAt }; } catch (e) { return null; } } // Generic transaction finder with pagination async function findTransaction( client: TonClient, address: Address, predicate: (tx: Transaction) => boolean ): Promise<Transaction | null> { let lt: string | undefined = undefined; let hash: string | undefined = undefined; while (true) { const transactions = await retry( () => client.getTransactions(address, { hash, lt, limit: 20, archival: true, }), { delay: 1000, retries: 3 } ); if (transactions.length === 0) return null; const found = transactions.find(predicate); if (found) return found; const last = transactions.at(-1)!; lt = last.lt.toString(); hash = last.hash().toString('base64'); } } ``` ## Step 1: Set up and check if processed [#step-1-set-up-and-check-if-processed] Load wallet configuration and check if the `query_id` was marked as processed: ```typescript import { mnemonicToPrivateKey } from '@ton/crypto'; import { HighloadWalletV3 } from './wrappers/HighloadWalletV3'; import { HighloadQueryId } from './wrappers/HighloadQueryId'; import * as fs from 'fs'; // Load wallet data const walletData = JSON.parse(fs.readFileSync('.wallet.json', 'utf-8')); const keyPair = await mnemonicToPrivateKey(walletData.mnemonic.split(' ')); const CODE = Cell.fromBoc(Buffer.from('b5ee9c7241021001000228000114ff00f4a413f4bcf2c80b01020120020d02014803040078d020d74bc00101c060b0915be101d0d3030171b0915be0fa4030f828c705b39130e0d31f018210ae42e5a4ba9d8040d721d74cf82a01ed55fb04e030020120050a02027306070011adce76a2686b85ffc00201200809001aabb6ed44d0810122d721d70b3f0018aa3bed44d08307d721d70b1f0201200b0c001bb9a6eed44d0810162d721d70b15800e5b8bf2eda2edfb21ab09028409b0ed44d0810120d721f404f404d33fd315d1058e1bf82325a15210b99f326df82305aa0015a112b992306dde923033e2923033e25230800df40f6fa19ed021d721d70a00955f037fdb31e09130e259800df40f6fa19cd001d721d70a00937fdb31e0915be270801f6f2d48308d718d121f900ed44d0d3ffd31ff404f404d33fd315d1f82321a15220b98e12336df82324aa00a112b9926d32de58f82301de541675f910f2a106d0d31fd4d307d30cd309d33fd315d15168baf2a2515abaf2a6f8232aa15250bcf2a304f823bbf2a35304800df40f6fa199d024d721d70a00f2649130e20e01fe5309800df40f6fa18e13d05004d718d20001f264c858cf16cf8301cf168e1030c824cf40cf8384095005a1a514cf40e2f800c94039800df41704c8cbff13cb1ff40012f40012cb3f12cb15c9ed54f80f21d0d30001f265d3020171b0925f03e0fa4001d70b01c000f2a5fa4031fa0031f401fa0031fa00318060d721d300010f0020f265d2000193d431d19130e272b1fb00b585bf03', 'hex'))[0]; const client = new TonClient({ endpoint: 'https://testnet.toncenter.com/api/v2/jsonRPC', // This is TESTNET endpoint // apiKey: 'your-api-key' // Optional: get from @tonapibot or @tontestnetapibot }); const highloadWallet = HighloadWalletV3.createFromConfig( { publicKey: keyPair.publicKey, subwalletId: walletData.subwalletId, timeout: walletData.timeout, }, CODE ); const wallet = client.open(highloadWallet); // The query_id and created_at from your transfer const queryId = HighloadQueryId.fromSeqno(17n); const createdAt = 1759878156; // Your actual created_at timestamp // Check if processed const isProcessed = await wallet.getProcessed(queryId); if (!isProcessed) { console.log('❌ Query not processed'); return; } console.log('✓ Query marked as processed'); ``` <Aside type="note"> **What `processed?` tells you:** This GET method only confirms that the `query_id` was marked as processed in the wallet's storage. It does **not** confirm that the internal transaction succeeded or that messages were sent. See [`processed?` method](/blockchain-basics/standard/wallets/highload/v3/specification#processed%3F-method-details) in the specification for details. </Aside> ## Step 2: Find and verify external transaction [#step-2-find-and-verify-external-transaction] Search transaction history to find the external transaction by `query_id` and `created_at`: ```typescript // Find external transaction by query_id + created_at async function findHighloadExternalTransaction( client: TonClient, walletAddress: Address, queryId: HighloadQueryId, createdAt: number ): Promise<Transaction | null> { const targetQueryId = queryId.getQueryId(); return findTransaction(client, walletAddress, (tx) => { if (tx.inMessage?.info.type !== 'external-in') return false; if (!tx.inMessage.body) return false; const parsed = parseExternalMessageBody(tx.inMessage.body); if (!parsed) return false; return parsed.queryId === targetQueryId && parsed.createdAt === createdAt; }); } const externalTx = await findHighloadExternalTransaction( client, highloadWallet.address, queryId, createdAt ); if (!externalTx) { console.log('❌ External transaction not found'); return; } // Verify external transaction compute phase if (externalTx.description.type !== 'generic') { console.log('❌ Invalid transaction'); return; } const externalCompute = externalTx.description.computePhase; if (!externalCompute.success || externalCompute.exitCode !== 0) { console.log(`❌ External transaction failed: exit code ${externalCompute.exitCode}`); return; } console.log('✓ External transaction succeeded'); ``` If the external transaction failed, see [Exit codes](/blockchain-basics/standard/wallets/highload/v3/specification#exit-codes) for troubleshooting. ## Step 3: Find and verify internal transaction [#step-3-find-and-verify-internal-transaction] Follow the transaction chain to find and verify Transaction 2: ```typescript // Find internal transaction by prevTransactionLt async function findHighloadInternalTransaction( client: TonClient, walletAddress: Address, externalLt: string ): Promise<Transaction | null> { return findTransaction(client, walletAddress, (tx) => tx.prevTransactionLt.toString() === externalLt ); } // Check for outgoing messages if (externalTx.outMessagesCount === 0) { console.log('❌ No outgoing messages from external transaction'); return; } // Find the internal transaction const internalTx = await findHighloadInternalTransaction( client, highloadWallet.address, externalTx.lt.toString() ); if (!internalTx || internalTx.description.type !== 'generic') { console.log('❌ Internal transaction not found'); return; } // Verify compute phase if (internalTx.description.computePhase.type !== 'vm') { console.log('❌ Compute phase skipped'); return; } const internalCompute = internalTx.description.computePhase; if (!internalCompute.success || internalCompute.exitCode !== 0) { console.log(`❌ Internal transaction failed: exit code ${internalCompute.exitCode}`); return; } // Verify action phase if (!internalTx.description.actionPhase) { console.log('❌ No action phase in internal transaction'); return; } const action = internalTx.description.actionPhase; if (!action.success) { console.log(`❌ Action phase failed: result code ${action.resultCode}`); return; } console.log('✓ Internal transaction succeeded'); ``` <Aside type="note"> **Transaction linking:** The external transaction creates an outgoing message with `outMsg.createdLt`. The internal transaction that processes this message has `prevTransactionLt` equal to the external transaction's `lt`. This creates a verifiable chain between the two transactions. </Aside> ## Step 4: Calculate sent messages [#step-4-calculate-sent-messages] Calculate how many messages were successfully sent: ```typescript // Calculate messages sent (total actions - 1 for set_code) const messageActions = action.totalActions - 1; const messagesSent = action.messagesCreated; const messagesFailed = action.skippedActions; if (messagesFailed > 0) { console.log(`✅ Sent ${messagesSent}/${messageActions} messages (${messagesFailed} failed)`); } else { console.log(`✅ Sent ${messagesSent}/${messageActions} messages`); } ``` <Aside type="caution"> **Partial failures:** Even if the action phase succeeds overall, some individual messages may fail. Check `skippedActions` to detect partial failures. If `skippedActions > 0`, some messages in the batch were not sent. The `totalActions - 1` calculation accounts for the [`set_code` protection](/blockchain-basics/standard/wallets/highload/v3/specification#protection-against-set-code) action. </Aside> ## Expected outputs [#expected-outputs] ### Full success [#full-success] ```text ✓ Query marked as processed ✓ External transaction succeeded ✓ Internal transaction succeeded ✅ Sent 10/10 messages ``` ### Partial success [#partial-success] ```text ✓ Query marked as processed ✓ External transaction succeeded ✓ Internal transaction succeeded ✅ Sent 8/10 messages (2 failed) ``` ### External transaction failure [#external-transaction-failure] ```text ✓ Query marked as processed ❌ External transaction failed: exit code 35 ``` The `query_id` is marked as processed, but the transaction failed during validation. See [Exit codes](/blockchain-basics/standard/wallets/highload/v3/specification#exit-codes) for troubleshooting. ### Internal transaction failure [#internal-transaction-failure] ```text ✓ Query marked as processed ✓ External transaction succeeded ❌ Internal transaction failed: exit code 9 ``` Transaction 1 succeeded (replay protection applied), but Transaction 2 failed. The `query_id` cannot be reused. ### Action phase failure [#action-phase-failure] ```text ✓ Query marked as processed ✓ External transaction succeeded ❌ Action phase failed: result code 37 ``` Both transactions were executed, but the action phase failed to send messages. ## Next steps [#next-steps] You can now verify any transfer to ensure it was fully processed. This is especially important for batch transfers where partial failures can occur.