Sui (SUI), a blockchain platform for decentralized applications, has awarded CertiK, a leading cryptocurrency security firm, with a $500,000 reward for finding and disclosing a critical vulnerability in the altcoin network.
The vulnerability, dubbed "HamsterWheel" by CertiK's Skyfall team, could have caused the Sui network to stop processing new transactions and data, effectively stopping the network. The attack involved sending a small payload of about 100 bytes that would trigger an endless loop at the validator nodes, the computers that run and secure the network.
The attack would also cause permanent damage that would persist even after the network was restarted.
CertiK reported the vulnerability to Sui responsibly through its bug bounty program prior to the network's mainnet launch. Sui quickly confirmed and fixed the issue and took additional action to prevent similar attacks in the future.
CertiK said the following about the vulnerability in its press release:
“Unlike traditional attacks, which stop chains by crashing nodes, the HamsterWheel attack locks all nodes in a non-stop state of operation, as if they were running on a hamster wheel. This strategy can paralyze entire networks, rendering them inoperable effectively.”
.@SuiNetwork awarded CertiK a $500K bounty for the discovery of a critical vulnerability.
For more technical details on this bug bounty, check out our blog on the HamsterWheel attack, ⬇️https://t.co/C0Bc6QVmjP#CertiK #SuiNetwork #sui
— CertiK (@CertiK) June 19, 2023
CertiK's Skyfall team is a dedicated unit that performs advanced security audits and penetration testing on blockchain projects. The team had previously found and disclosed numerous high-level vulnerabilities in other blockchain platforms.
*Not investment advice.