The Sui Foundation has granted $500,000 to CertiK, a smart-contract audit firm, for their identification of a potential attack vector on the Sui network. The vulnerability discovered was an infinite loop bug within the Sui code, which had the potential to be exploited by a malicious smart contract, leading the blockchain’s nodes to enter an endless cycle, effectively paralyzing the network.
CertiK referred to this type of attack as the “HamsterWheel attack,” highlighting its distinction from traditional attacks that crash nodes and instead keep all nodes continuously operational without processing new transactions, similar to running on a hamster wheel. This attack strategy can severely disrupt entire networks, rendering them non-functional.
Sui Network takes immediate measures
The Sui Foundation reported that after the bug was identified, a team of developers implemented two important measures to mitigate the potential impact of similar issues in the future. CertiK confirmed that fixes for the bug have already been deployed, and they have plans to release a comprehensive technical report.
Darius Goore, head of communications at the Sui Foundation, expressed satisfaction with the bug bounty program’s success in identifying and resolving the bug well before the launch of Sui. He attributed the smooth operation and security of the Sui mainnet in its initial six weeks to the bug bounty program, robust third-party audits, and rigorous internal testing.
Kang Li, chief security officer at CertiK, emphasized that the discovery of the HamsterWheel attack underscores the increasing sophistication of threats targeting blockchain networks, acknowledging the evolving nature of these security challenges.