- Problems found even before the launch of the mainnet Sui mainnet
- The company paid $500,000 for finding the error
Blockchain security company CertiK has discovered a bug in the Sui blockchain. The vulnerability that posed a threat was an “infinite loop” in the blockchain code, “long before the launch of the network.” A malicious smart contract could have caused this error by causing the nodes of the blockchain to move in an endless circle, essentially paralyzing the network.
In a statement, CertiK writes:
“An attack called HamsterWheel manipulates all nodes in such a way that they continue to work continuously, but do not process new transactions. And traditional attacks simply lead to stopping the chains by destroying the nodes. This strategy can lead to paralysis of the entire network, depriving it of serviceability.
The Sui Foundation said that immediately after the discovery of the attack vector, they took two key measures that will reduce the potential impact of similar problems in the future. CertiK has confirmed the implementation of bug fixes and promised to publish a full technical report in the future.
Darius Gur, Head of Communications at the Sui Foundation, said:
“Thanks to the bug bounty program, as well as robust third-party audit programs and rigorous internal testing, the first six weeks of Sui mainnet operation have been very successful in terms of operation and security.”