跳到主要内容

Types of Wallet Contracts

You may have heard about different versions of wallets on the TON Blockchain. But what do these versions actually mean, and how do they differ?

In this article, we’ll explore the various versions and modifications of TON wallets.

信息

Before we start, there are some terms and concepts that you should be familiar with to fully understand the article:

Common concept

To break the tension, we should first understand that wallets are not a specific entity in the TON ecosystem. They are still just smart contracts consisting of code and data, and, in that sense, are equal to any other actor (i.e., smart contract) in TON.

Like your own custom smart contract, or any other one, wallets can receive external and internal messages, send internal messages and logs, and provide "get" methods. So the question is: what functionality do they provide and how it differs between versions?

You can consider each wallet version as a smart-contract implementation providing a standard external interface, allowing different external clients to interact with the wallets in the same way. You can find these implementations in FunC and Fift languages in the main TON monorepo:

Basic wallets

Wallet V1

This is the simplest one. It only allows you to send four transactions at a time and doesn't check anything besides your signature and seqno.

Wallet source code:

This version isn’t even used in regular apps because it has some major issues:

  • No easy way to retrieve the seqno and public key from the contract.
  • No valid_until check, so you can't be sure that the transaction won't be confirmed too late.

The first issue was fixed in V1R2 and V1R3. The R stands for "revision". Usually, revisions are just small updates that only add get methods; you can find all of those in the changes history of new-wallet.fif. Hereinafter, we will consider only the latest revisions.

Nevertheless, because each subsequent version inherits the functionality of the previous one, we should still stick to it, as this will help us with later versions.

Persistent memory layout

  • seqno: 32-bit long sequence number.
  • public-key: 256-bit long public key.

External message body layout

  1. Data:
    • signature: 512-bit long ed25519 signature.
    • msg-seqno: 32-bit long sequence number.
    • (0-4)mode: up to four 8-bit long integer's defining sending mode for each message.
  2. Up to 4 references to cells containing messages.

As you can see, the main functionality of the wallet is to provide a safe way to communicate with the TON blockchain from the outside world. The seqno mechanism protects against replay attacks, and the Ed25519 signature provides authorized access to wallet functionality. We will not dwell in detail on each of these mechanisms, as they are described in detail in the external message documentation page and are quite common among smart contracts receiving external messages. The payload data consists of up to 4 references to cells and the corresponding number of modes, which will be directly transferred to the send_raw_message(cell msg, int mode) method.

警告

Note that the wallet doesn't provide any validation for internal messages you send through it. It is the programmer's (i.e., the external client’s) responsibility to serialize the data according to the internal message layout.

Exit codes

Exit codeDescription
0x21seqno check failed, reply protection accured
0x22Ed25519 signature check failed
0x0Standard successful execution exit code.
信息

Note that TVM has standart exit codes (0x0 - is one of them), so you can get one of them too, if you run out of gas, for example, you will get 0xD code.

Get methods

  1. int seqno() returns current stored seqno.
  2. int get_public_key returns current stored public key.

Wallet V2

Wallet source code:

This version introduces the valid_until parameter, which is used to set a time limit for a transaction in case you don't want it to be confirmed too late. This version also does not have the get-method for the public key, which was added in V2R2.

All differences compared to the previous version are a consequence of adding the valid_until functionality. A new exit code was added: 0x23, marking the failure of the valid_until check. Additionally, a new UNIX-time field has been added to the external message body layout, setting the time limit for the transaction. All get methods remain the same.

External message body layout

  1. Data:
    • signature: 512-bit long ed25519 signature.
    • msg-seqno: 32-bit long sequence number.
    • valid-until: 32-bit long Unix-time integer.
    • (0-4)mode: up to four 8-bit long integer's defining sending mode for each message.
  2. Up to 4 references to cells containing messages.

Wallet V3

This version introduces the subwallet_id parameter, which allows you to create multiple wallets using the same public key (so you can have only one seed phrase and multiple wallets). As before, V3R2 only adds the get-method for the public key.

Wallet source code:

Essentially, subwallet_id is just a number added to the contract state when it’s deployed. Since the contract address in TON is a hash of its state and code, the wallet address will change with a different subwallet_id. This version is the most widely used right now. It covers most use cases and remains clean, simple, and mostly the same as previous versions. All get methods remain the same.

Persistent Memory Layout

  • seqno: 32-bit sequence number.
  • subwallet: 32-bit subwallet ID.
  • public-key: 256-bit public key.

External Message Layout

  1. Data:
    • signature: 512-bit ed25519 signature.
    • subwallet-id: 32-bit subwallet ID.
    • msg-seqno: 32-bit sequence number.
    • valid-until: 32-bit UNIX time integer.
    • (0-4)mode: Up to four 8-bit integers defining the sending mode for each message.
  2. Up to 4 references to cells containing messages.

Exit Codes

Exit CodeDescription
0x23valid_until check failed; transaction confirmation attempted too late
0x23Ed25519 signature check failed
0x21seqno check failed; reply protection triggered
0x22subwallet-id does not match the stored one
0x0Standard successful execution exit code.

Wallet V4

This version retains all the functionality of the previous versions but also introduces something very powerful: plugins.

Wallet source code:

This feature allows developers to implement complex logic that works in tandem with a user's wallet. For example, a DApp may require a user to pay a small amount of coins every day to use certain features. In this case, the user would need to install the plugin on their wallet by signing a transaction. The plugin would then send coins to the destination address daily when requested by an external message.

Plugins

Plugins are essentially other smart contracts on TON that developers are free to implement as they wish. In relation to the wallet, they are simply addresses of smart contracts stored in a dictionary in the wallet's persistent memory. These plugins are allowed to request funds and remove themselves from the "allowed list" by sending internal messages to the wallet.

Persistent memory layout

  • seqno: 32-bit long sequence number.
  • subwallet-id: 32-bit long subwallet-id.
  • public-key: 256-bit long public key.
  • plugins: dictionary containing plugins(may be empty)

Receiving internal messages

All previous versions of wallets had a straightforward implementation for receiving internal messages. They simply accepted incoming funds from any sender, ignoring the internal message body if present, or in other words, they had an empty recv_internal method. However, as mentioned earlier, the fourth version of the wallet introduces two additional available operations. Let's take a look at the internal message body layout:

  • op-code?: 32-bit long operation code. This is an optional field; any message containing less than 32 bits in the message body, an incorrect op-code, or a sender address that isn't registered as a plugin will be considered as simple transfer, similar to previous wallet versions.
  • query-id: 64-bit long integer. This field has no effect on the smart contract's behavior; it is used to track chains of messages between contracts.
  1. op-code = 0x706c7567, request funds operation code.
    • toncoins: VARUINT16 amount of requested toncoins.
    • extra_currencies: Dictionary containing the amount of requested extra currencies (may be empty).
  2. op-code = 0x64737472, request removal of plugin-sender from the "allowed list".

External message body layout

  • signature: 512-bit long ed25519 signature.
  • subwallet-id: 32-bit long subwallet ID.
  • valid-until: 32-bit long Unix-time integer.
  • msg-seqno: 32-bit long sequence integer.
  • op-code: 32-bit long operation code.
  1. op-code = 0x0, simple send.
    • (0-4)mode: up to four 8-bit long integer's defining sending mode for each message.
    • (0-4)messages:Up to four references to cells containing messages.
  2. op-code = 0x1, deploy and install plugin.
    • workchain: 8-bit long integer.
    • balance: VARUINT16 toncoins amount of initial balance.
    • state-init: Cell reference containing plugin initial state.
    • body: Cell reference containing body.
  3. op-code = 0x2/0x3, install plugin/remove plugin.
    • wc_n_address: 8-bit long workchain_id + 256-bit long plugin address.
    • balance: VARUINT16 toncoins amount of initial balance.
    • query-id: 64-bit long integer.

As you can see, the fourth version still provides standard functionality through the 0x0 op-code, similar to previous versions. The 0x2 and 0x3 operations allow manipulation of the plugins dictionary. Note that in the case of 0x2, you need to deploy the plugin with that address yourself. In contrast, the 0x1 op-code also handles the deployment process with the state_init field.

提示

If state_init doesn't make much sense from its name, take a look at the following references:

Exit Codes

Exit CodeDescription
0x24valid_until check failed, transaction confirmation attempted too late
0x23Ed25519 signature check failed
0x21seqno check failed, reply protection triggered
0x22subwallet-id does not match the stored one
0x27Plugins dictionary manipulation failed (0x1-0x3 recv_external op-codes)
0x50Not enough funds for the funds request
0x0Standard successful execution exit code.

Get methods

  1. int seqno() returns current stored seqno.
  2. int get_public_key() returns current stored public key.
  3. int get_subwallet_id() returns current subwallet ID.
  4. int is_plugin_installed(int wc, int addr_hash) checks if plugin with defined workchain ID and address hash is installed.
  5. tuple get_plugin_list() returns list of plugins.

Wallet V5

It is the most modern wallet version at the moment, developed by the Tonkeeper team, aimed at replacing V4 and allowing arbitrary extensions.

The V5 wallet standard offers many benefits that improve the experience for both users and merchants. V5 supports gas-free transactions, account delegation and recovery, subscription payments using tokens and Toncoin, and low-cost multi-transfers. In addition to retaining the previous functionality (V4), the new contract allows you to send up to 255 messages at a time.

Wallet source code:

TL-B scheme:

警告

In contrast to previous wallet version specifications, we will rely on TL-B scheme, due to the relative complexity of this wallet version's interface implementation. We will provide some description for each of those. Nevertheless, a basic understanding is still required, in combination with the wallet source code, it should be enough.

Persistent memory layout

contract_state$_ 
is_signature_allowed:(## 1)
seqno:#
wallet_id:(## 32)
public_key:(## 256)
extensions_dict:(HashmapE 256 int1) = ContractState;

As you can see, the ContractState, compared to previous versions, hasn't undergone major changes. The main difference is the new is_signature_allowed 1-bit flag, which restricts or allows access through the signature and stored public key. We will describe the importance of this change in later topics.

Authentification process

signed_request$_             // 32 (opcode from outer)
wallet_id: # // 32
valid_until: # // 32
msg_seqno: # // 32
inner: InnerRequest //
signature: bits512 // 512
= SignedRequest; // Total: 688 .. 976 + ^Cell

internal_signed#73696e74 signed:SignedRequest = InternalMsgBody;

internal_extension#6578746e
query_id:(## 64)
inner:InnerRequest = InternalMsgBody;

external_signed#7369676e signed:SignedRequest = ExternalMsgBody;

Before we get to the actual payload of our messages — InnerRequest — let's first look at how version 5 differs from previous versions in the authentication process. The InternalMsgBody combinator describes two ways to access wallet actions through internal messages. The first method is one we are already familiar with from version 4: authentication as a previously registered extension, the address of which is stored in extensions_dict. The second method is authentication through the stored public key and signature, similar to external requests.

At first, this might seem like an unnecessary feature, but it actually enables requests to be processed through external services (smart contracts) that are not part of your wallet's extension infrastructure—a key feature of V5. Gas-free transactions rely on this functionality.

Note that simply receiving funds is still an option. Practically, any received internal message that doesn't pass the authentication process will be considered as transfer.

Actions

The first thing that we should notice is InnerRequest, which we have already seen in the authentication process. In contrast to the previous version, both external and internal messages have access to the same functionality, except for changing the signature mode (i.e., the is_signature_allowed flag).

out_list_empty$_ = OutList 0;
out_list$_ {n:#}
prev:^(OutList n)
action:OutAction = OutList (n + 1);

action_send_msg#0ec3c86d mode:(## 8) out_msg:^(MessageRelaxed Any) = OutAction;

// Extended actions in V5:
action_list_basic$_ {n:#} actions:^(OutList n) = ActionList n 0;
action_list_extended$_ {m:#} {n:#} action:ExtendedAction prev:^(ActionList n m) = ActionList n (m+1);

action_add_ext#02 addr:MsgAddressInt = ExtendedAction;
action_delete_ext#03 addr:MsgAddressInt = ExtendedAction;
action_set_signature_auth_allowed#04 allowed:(## 1) = ExtendedAction;

actions$_ out_actions:(Maybe OutList) has_other_actions:(## 1) {m:#} {n:#} other_actions:(ActionList n m) = InnerRequest;

We can consider InnerRequest as two lists of actions: the first, OutList, is an optional chain of cell references, each containing a send message request led by the message mode. The second, ActionList, is led by a one-bit flag, has_other_actions, which marks the presence of extended actions, starting from the first cell and continuing as a chain of cell references. We are already familiar with the first two extended actions, action_add_ext and action_delete_ext, followed by the internal address that we want to add or delete from the extensions dictionary. The third, action_set_signature_auth_allowed, restricts or allows authentication through the public key, leaving the only way to interact with the wallet through extensions. This functionality might be extremely important in the case of a lost or compromised private key.

信息

Note that the maximum number of actions is 255; this is a consequence of the realization through the c5 TVM register. Technically, you can make a request with empty OutAction and ExtendedAction, but in that case, it will be similar to just receiving funds.

Exit Codes

Exit CodeDescription
0x84Authentication attempt through signature while it's disabled
0x85seqno check failed, reply protection occurred
0x86wallet-id does not correspond to the stored one
0x87Ed25519 signature check failed
0x88valid-until check failed
0x89Enforce that send_mode has the +2 bit (ignore errors) set for external message.
0x8Aexternal-signed prefix doesn't correspond to the received one
0x8BAdd extension operation was not successful
0x8CRemove extension operation was not successful
0x8DUnsupported extended message prefix
0x8ETried to disable auth by signature while the extension dictionary is empty
0x8FAttempt to set signature to an already set state
0x90Tried to remove the last extension when signature is disabled
0x91Extension has the wrong workchain
0x92Tried to change signature mode through external message
0x93Invalid c5, action_send_msg verification failed
0x0Standard successful execution exit code.
危险

Note that the 0x8E, 0x90, and 0x92 wallet exit codes are designed to prevent you from losing access to wallet functionality. Nevertheless, you should still remember that the wallet doesn't check whether the stored extension addresses actually exist in TON. You can also deploy a wallet with initial data consisting of an empty extensions dictionary and restricted signature mode. In that case, you will still be able to access the wallet through the public key until you add your first extension. So, be careful with these scenarios.

Get methods

  1. int is_signature_allowed() returns stored is_signature_allowed flag.
  2. int seqno() returns current stored seqno.
  3. int get_subwallet_id() returns current subwallet ID.
  4. int get_public_key() returns current stored public key.
  5. cell get_extensions() returns extensions dictionary.

Preparing for Gasless Transactions

As was sad before v5 wallet smart contract allows the processing of internal messages signed by the owner. This also allows you to make gasless transactions, e.g., payment of network fees when transferring USDt in USDt itself. Common scheme looks like that:

image

提示

Consequently, there will be services (such as Tonkeeper's Battery) that provide this functionality: they pay the transaction fees in TONs on behalf of the user, but charge a fee in tokens.

Flow

  1. When sending USDt, the user signs one message containing two outgoing USDt transfers:
    1. USDt transfer to the recipient's address.
    2. Transfer of a small amount of USDt in favor of the Service.
  2. This signed message is sent off-chain by HTTPS to the Service backend. The Service backend sends it to the TON blockchain, paying Toncoins for network fees.

Beta version of the gasless backend API is available on tonapi.io/api-v2. If you are developing any wallet app and have feedback about these methods please share it ton @tonapitech chat.

Wallet source code:

Special wallets

Sometimes the functionality of basic wallets isn't enough. That's why there are several types of specialized wallet: high-load, lockup and restricted.

Let's have a look at them.

Highload Wallets

When working with many messages in a short period, there is a need for special wallet called Highload Wallet. Read the article for more information.

Lockup wallet

If you, for some reason, need to lock coins in a wallet for some time without the possibility to withdraw them before that time passes, have a look at the lockup wallet.

It allows you to set the time until which you won't be able to withdraw anything from the wallet. You can also customize it by setting unlock periods so that you will be able to spend some coins during these set periods.

For example: you can create a wallet which will hold 1 million coins with total vesting time of 10 years. Set the cliff duration to one year, so the funds will be locked for the first year after the wallet is created. Then, you can set the unlock period to one month, so 1'000'000 TON / 120 months = ~8333 TON will unlock every month.

Wallet source code:

Restricted wallet

This wallet's function is to act like a regular wallet, but restrict transfers to only one pre-defined destination address. You can set the destination when you create this wallet and then you'll be only able to transfer funds from it to that address. But note that you can still transfer funds to validation contracts so you can run a validator with this wallet.

Wallet source code:

Known op codes

信息

Also op-code, op::code and operational code

Contract typeHex codeOP::Code
Global0x00000000Text Comment
Global0xffffffffBounce
Global0x2167da4bEncrypted Comment
Global0xd53276dbExcesses
Elector0x4e73744bNew Stake
Elector0xf374484cNew Stake Confirmation
Elector0x47657424Recover Stake Request
Elector0x47657424Recover Stake Response
Wallet0x0f8a7ea5Jetton Transfer
Wallet0x235caf52Jetton Call To
Jetton0x178d4519Jetton Internal Transfer
Jetton0x7362d09cJetton Notify
Jetton0x595f07bcJetton Burn
Jetton0x7bdd97deJetton Burn Notification
Jetton0xeed236d3Jetton Set Status
Jetton-Minter0x642b7d07Jetton Mint
Jetton-Minter0x6501f354Jetton Change Admin
Jetton-Minter0xfb88e119Jetton Claim Admin
Jetton-Minter0x7431f221Jetton Drop Admin
Jetton-Minter0xcb862902Jetton Change Metadata
Jetton-Minter0x2508d66aJetton Upgrade
Vesting0xd372158cTop Up
Vesting0x7258a69bAdd Whitelist
Vesting0xf258a69bAdd Whitelist Response
Vesting0xa7733acdSend
Vesting0xf7733acdSend Response
Dedust0x9c610de3Dedust Swap ExtOut
Dedust0xe3a0d482Dedust Swap Jetton
Dedust0xea06185dDedust Swap Internal
Dedust0x61ee542dSwap External
Dedust0x72aca8aaSwap Peer
Dedust0xd55e4686Deposit Liquidity Internal
Dedust0x40e108d6Deposit Liquidity Jetton
Dedust0xb56b9598Deposit Liquidity all
Dedust0xad4eb6f5Pay Out From Pool
Dedust0x474а86саPayout
Dedust0xb544f4a4Deposit
Dedust0x3aa870a6Withdrawal
Dedust0x21cfe02bCreate Vault
Dedust0x97d51f2fCreate Volatile Pool
Dedust0x166cedeeCancel Deposit
StonFi0x25938561Swap Internal
StonFi0xf93bb43fPayment Request
StonFi0xfcf9e58fProvide Liquidity
StonFi0xc64370e5Swap Success
StonFi0x45078540Swap Success ref

Conclusion

As you see, there are many different versions of wallets in TON. But in most cases, you only need V3R2 or V4R2. You can also use one of the special wallets if you want to have some additional functionality like a periodic unlocking of funds.

See Also