Share this article
Blockchain Security Firm CertiK Found an Infinite Loop Bug in Sui Network
The bug was found before Sui mainnet was live and the foundation granted a $500,000 award for the discovery.
Updated Jun 19, 2023, 5:03 p.m. Published Jun 19, 2023, 5:03 p.m.
Sui Foundation awarded $500,000 to smart-contract audit firm CertiK for discovering a potential attack vector on the Sui network.
The vulnerability was an infinite loop bug in the Sui code, which could be triggered by a malicious smart contract and cause the blockchain’s nodes to go on an endless circle, essentially paralyzing the network.
STORY CONTINUES BELOW
“Differing from traditional attacks that shut down chains by crashing nodes, the HamsterWheel attack traps all nodes in a state of ceaseless operation without processing new transactions, as if they were running on a hamster wheel. This strategy can cripple entire networks, effectively rendering them inoperable,” CertiK said in a press release on Monday.
According to the Sui Foundation, once the bug was identified, a team of developers installed “two key measures that would reduce the potential impact of a similar issue in the future.” CertiK confirmed that fixes for the bug have already been rolled out and promised to publish a full technical report later.
“We are extremely pleased that the program resulted in finding and fixing this bug well before Sui went live,” Darius Goore, head of communications at Sui Foundation, told CoinDesk.
“Due to the bug bounty program, but also a robust third-party audits program, and thorough internal testing, the first six weeks of Sui mainnet have been remarkably smooth from an operational and security perspective,” he added.
“The discovery of the HamsterWheel attack demonstrates the evolving sophistication of threats to blockchain networks,” Kang Li, chief security officer at CertiK, said in a written statement.
Read more: Sui Mainnet Goes Live as Crypto Project Takes on Aptos and DeFi Giants
More For You
What to know:
- As of October 2025, GoPlus has generated $4.7M in total revenue across its product lines. The GoPlus App is the primary revenue driver, contributing $2.5M (approx. 53%), followed by the SafeToken Protocol at $1.7M.
- GoPlus Intelligence's Token Security API averaged 717 million monthly calls year-to-date in 2025 , with a peak of nearly 1 billion calls in February 2025. Total blockchain-level requests, including transaction simulations, averaged an additional 350 million per month.
- Since its January 2025 launch , the $GPS token has registered over $5B in total spot volume and $10B in derivatives volume in 2025. Monthly spot volume peaked in March 2025 at over $1.1B , while derivatives volume peaked the same month at over $4B.
More For You
NFT Project Pudgy Penguins Takes Over Las Vegas Sphere in Holiday Campaign
The NFT brand’s animated segments will air on the Sphere across Christmas week, signaling the crypto company's move into real-world consumer markets.
What to know:
- Pudgy Penguins will run an ad campaign at the Las Vegas Sphere during Christmas week, one of the few crypto brands to secure a spot at the high-profile venue.
- The NFT project, which launched on Ethereum in 2021, has expanded into physical toys and digital gaming as part of a broader consumer push.
- Pudgy Penguins briefly overtook Bored Apes in floor price earlier this year and recently launched its PENGU token on Solana, now trading on major exchanges.
Top Stories
