Sui Blockchain awards CertiK $500K for flagging a threat.

  • Sui Blockchain has awarded CertiK for identifying a vulnerability called “HamsterWheel.”
  • The “HamsterWheel” vulnerability traps nodes in an endless loop, similar to hamsters jogging on a wheel.
  • The “HamsterWheel” attack demonstrates the increasing sophistication of threats to blockchain networks.

Sui Blockchain has given CertiK a $500,000 bounty for finding a threat that could have brought down the entire Sui layer-1 blockchain.

The “HamsterWheel” vulnerability is distinct from conventional attacks that aim to crash nodes and bring down blockchains, according to the CertiK team.

Details of the “HamsterWheel” attack

The “HamsterWheel” attack traps nodes similarly to hamsters running on a wheel, allowing them to perform operations without processing new transactions. The attack has the ability to immobilize networks and make them unusable.

Sui implemented repairs in response to the security threat to prevent the damage an attack could cause to the blockchain. CertiK identified the “HamsterWheel” vulnerability before Sui’s mainnet launch in May 2023.

In recognition of their efforts, Sui gave CertiK a $500,000 bounty, highlighting the importance of bug bounty programs and preventative security measures.

Blockchain security

According to Kang Li, CertiK’s chief security officer, threats to blockchain networks are constantly changing. Li stated that “the HamsterWheel attack’s discovery demonstrates the evolving sophistication of threats to blockchain networks.”

Additional technical information will be released and made available soon, according to CertiK’s announcement. Complete reports will be made public once all mitigations have been implemented and thoroughly tested.