refactor(ton-vault): Removed admin address from state init, fixed security issue when forwarding user's payload

[Shvandre]

Big thanks to @Gosunov for finding that security issue

[Copilot]

Pull Request Overview

This PR refactors the TON Vault contract to remove the admin address from its initialization and addresses a security issue by encapsulating forwarded user payloads in a dedicated message type.

• Removed admin parameter from TonVault.fromInit and contract definition
• Introduced PayoutFromTonVault message in the interface and updated handlePayout to use it
• Updated environment helpers, deployment script, and tests to match the new initialization and cover payload forwarding

Reviewed Changes

Copilot reviewed 5 out of 5 changed files in this pull request and generated 2 comments.

Show a summary per file

File	Description
sources/utils/environment.ts	Updated createTonVault to call fromInit() without args
sources/tests/ton-vault.spec.ts	Added payload-forwarding test and adjusted imports
sources/scripts/deploy.ts	Changed deployment to use fromInit() without admin arg
sources/contracts/vaults/vault-interface.tact	Added PayoutFromTonVault message definition
sources/contracts/vaults/ton-vault.tact	Removed admin in contract signature and updated payout logic

Comments suppressed due to low confidence (2)

sources/contracts/vaults/vault-interface.tact:54

• [nitpick] Consider adding a brief comment above this message definition to explain the purpose of PayoutFromTonVault and its body field.

message(0x2d8b123a) PayoutFromTonVault {

sources/contracts/vaults/ton-vault.tact:42

• [nitpick] The indentation for the PayoutFromTonVault body block is slightly different from surrounding code; aligning it with existing style would improve readability.

            body: PayoutFromTonVault {

[Kaladin13]

Great fix