The Sui network has awarded CertiK with a generous bounty of $500,000. CertiK, a popular blockchain security company, had detected and reported a significant threat that had the potential to cause disruption to Sui’s complete layer-1 blockchain.

The CertiK team emphasized that the vulnerability called ‘’HamsterWheel’’ diverged from conventional attacks that aim to disable blockchains by crashing nodes. This vulnerability involved an infinite loop flaw in the Sui code, which a malicious smart contract could activate. 

The attack could lead to the blockchain’s nodes perpetually circulating in a never-ending loop and effectively immobilizing the network.

In contrast to conventional attacks that incapacitate blockchain networks by causing nodes to crash, the HamsterWheel attack ensnares all nodes in a perpetual state of operation. These nodes would be devoid of processing new transactions, resembling the ceaseless running on a hamster wheel. Employing this approach, entire networks can be crippled, effectively rendering them nonfunctional.

Darius Goore, the Head of Communications of Sui Foundation, stated about this circumstance:

“We are extremely pleased that the program resulted in finding and fixing this bug well before Sui went live. Due to the bug bounty program, but also a robust third-party audits program, and thorough internal testing, the first six weeks of Sui mainnet have been remarkably smooth from an operational and security perspective.” 

The HamsterWheel attack keeps nodes constantly busy, unable to process new transactions.
The HamsterWheel attack keeps nodes constantly busy, unable to process new transactions.

The leading Web3 security provider discovered and promptly reported the vulnerability to Sui before its mainnet launch. Sui Foundation acted upon identifying the bug by implementing two crucial measures. These would minimize the potential consequences of similar issues in the future. CertiK has verified the implementation of bug fixes. Furthermore, the security firm has released a comprehensive technical report.

Kang Li, CertiK’s Chief Security Officer, acknowledged the perpetual evolution of threats faced by blockchain networks. He noted the progressive sophistication revealed through the identification of the HamsterWheel attack.

Sui acknowledged CertiK’s endeavours by granting a $500,000 reward to the security firm. This action underscores the significance of bug bounty programs and preemptive security initiatives, as stated by CertiK.