Blockchain Security Firm CertiK Found an Infinite Loop Bug in Sui Network

Sui Foundation awarded $500,000 to smart-contract audit firm CertiK for discovering a potential attack vector on the Sui network.

The vulnerability was an infinite loop bug in the Sui code, which could be triggered by a malicious smart contract and cause the blockchain’s nodes to go on an endless circle, essentially paralyzing the network.

“Differing from traditional attacks that shut down chains by crashing nodes, the HamsterWheel attack traps all nodes in a state of ceaseless operation without processing new transactions, as if they were running on a hamster wheel. This strategy can cripple entire networks, effectively rendering them inoperable,” CertiK said in a press release on Monday.

According to the Sui Foundation, once the bug was identified, a team of developers installed “two key measures that would reduce the potential impact of a similar issue in the future.” CertiK confirmed that fixes for the bug have already been rolled out and promised to publish a full technical report later.

“We are extremely pleased that the program resulted in finding and fixing this bug well before Sui went live,” Darius Goore, head of communications at Sui Foundation, told CoinDesk.

“Due to the bug bounty program, but also a robust third-party audits program, and thorough internal testing, the first six weeks of Sui mainnet have been remarkably smooth from an operational and security perspective,” he added.

“The discovery of the HamsterWheel attack demonstrates the evolving sophistication of threats to blockchain networks,” Kang Li, chief security officer at CertiK, said in a written statement.

Read more: Sui Mainnet Goes Live as Crypto Project Takes on Aptos and DeFi Giants