The Sui Foundation recently awarded $500,000 to smart-contract audit firm CertiK for discovering a potential attack vector on the Sui network. The vulnerability was an infinite loop bug in the Sui code, which could be triggered by a malicious smart contract and cause the blockchain’s nodes to go on an endless circle, essentially paralyzing the network. CertiK referred to this attack as the HamsterWheel attack, which traps all nodes in a state of ceaseless operation without processing new transactions, as if they were running on a hamster wheel. This strategy can cripple entire networks, effectively rendering them inoperable.
Once the bug was identified, a team of developers installed two key measures that would reduce the potential impact of a similar issue in the future. CertiK confirmed that fixes for the bug have already been rolled out and promised to publish a full technical report later. Darius Goore, head of communications at Sui Foundation, told journalists, We are extremely pleased that the program resulted in finding and fixing this bug well before Sui went live. Due to the bug bounty program, but also a robust third-party audits program, and thorough internal testing, the first six weeks of Sui mainnet have been remarkably smooth from an operational and security perspective. Kang Li, chief security officer at CertiK, added, The discovery of the HamsterWheel attack demonstrates the evolving sophistication of threats to blockchain networks.