The Sui Foundation awarded blockchain security firm CertiK $500,000 for the discovery and disclosure of a new type of threat that may have brought the Sui blockchain to a halt.
The so-called “HamsterWheel” attack traps the network’s nodes in an indefinite loop of checking previous transactions without processing any new ones.
“This strategy can cripple entire networks, effectively rendering them inoperable,” CertiK said in a press release on Monday.
.@SuiNetwork awarded CertiK a $500K bounty for the discovery of a critical vulnerability.
For more technical details on this bug bounty, check out our blog on the HamsterWheel attack, ⬇️https://t.co/C0Bc6QVmjP#CertiK #SuiNetwork #sui
— CertiK (@CertiK) June 19, 2023
CertiK alerted the Sui team to the vulnerability ahead of its mainnet launch through the bug bounty program and said the developers behind the blockchain were prompt and efficient in their response. In addition to fixing the issue at hand, Sui’s developers also implemented preventative measures to limit the damage caused by a potential exploit.
At the time of writing, the Sui blockchain had $11.9 million in Total Value Locked (TVL), according to data from DeFiLlama, while the network’s native token SUI had a market cap of $400 million.
The discovery and management of the threat before the network went live is not only a crucial win for Sui, but also CertiK, which recently faced criticism from blockchain proponents over its audit of zkSync decentralized exchange Merlin. At the time of its audit, CertiK awarded Merlin a high security score of 90 and found no critical issues with the project’s code, effectively signaling the project was safe to invest in. However, the project appeared to “rug pull” its investors shortly after launching its public token sale, making off with $1.8 million worth of user funds.
