The bug, named “HamsterWheel,” was found during the investigation of a series of denial-of-service vulnerabilities.
As an expert in blockchain security, CertiK focuses on auditing and securing blockchain and smart contract platforms. Their services include security audits, penetration testing, code reviews, and vulnerability assessments. CertiK’s primary goal is to ensure the integrity and safety of various blockchain projects.
Certik employs a team of security experts who analyze the code and architecture of blockchain platforms, searching for vulnerabilities, bugs, and potential security risks.
Their objective is to identify and address any weaknesses or flaws that attackers could exploit. By conducting comprehensive security assessments, Certik aims to enhance the trust and reliability of blockchain systems.
Sui is a Layer 1 blockchain and smart contract platform designed to provide fast, private, secure, and accessible digital asset ownership. It utilizes an object-centric model based on the Move programming language, enabling parallel execution, sub-second finality, and support for rich on-chain assets.
Sui offers horizontally scalable processing and storage capabilities, facilitating high-speed and cost-effective applications. The founders of Sui are the team behind Mysten Labs, with extensive experience in blockchain.
They were involved in developing the Diem blockchain and Move programming language at Meta’s Novi Research.
The recently discovered “HamsterWheel” bug had the potential to completely disable the Sui network, rendering it unable to process any transactions. According to Certik, this attack was distinct from previously known attacks, as it could trigger an infinite loop in the validator node with a small payload of around 100 bytes.
Sui bounty program
Delving deeper into the issue, Certik shed light on the actions taken following the discovery of the bug. They promptly reported it to Sui through the Sui Bounty Program—an initiative designed to incentivize ethical hackers for identifying vulnerabilities on the Sui network. This not only ensures the enhanced security of the blockchain but also showcases the vigilance of the system.
According to Certik, the seriousness of the vulnerability was acknowledged, and immediate measures were taken to rectify the problem well in advance of the network’s mainnet launch.
The Sui blockchain proactively implemented additional security measures to mitigate any potential impact resulting from the security breach.