Since August, the development of Sui ecosystem has been rapid. According to DefiLlama , Sui TVL has exceeded $1 billion, up 200% in the past two months, and currently the trading volume of Cetus, a Dex built on Sui, exceeds $160 million per day.

On October 9, Sui’s native USDC went on the mainnet, which will continue to attract more funds into the Sui ecosystem. As an important member of the Move Ecosystem, Sui is committed to providing fast and secure transaction services for a variety of blockchain application scenarios.

In this article, Beosin will help you understand the security challenges faced by Sui ecosystem users and developers with years of security audit experience.

Contract Security

Sui uses Move as its programming language for smart contracts. Move was designed to be an executable Bytecode language with built-in security algorithms and Bytecode verifier, and uses static calls when calling contracts.

This design allows Move to address common vulnerabilities in smart contracts, such as reentrancy attacks, integer overflows, double-spending, and potential compiler issues, but it is still possible for developers to inadvertently introduce vulnerabilities in contract development. In response, Beosin introduced Move Lint in 2023, a static detection tool that automates the detection of potential security risks in contracts and locates vulnerabilities.

In addition to detection tools, the following are security issues that developers need to pay additional attention to in the development of Move contracts to improve security:

1) Integer overflow

Compared with other smart contract languages, Move automatically checks for overflow problems by default when performing integer math operations, which can prevent a large number of overflow problems, but there are still two points to note:

Bit operations in the Move language do not automatically perform overflow checks because bit operations are essentially bit-level operations on data that behave differently from integer operations.

When the automatic overflow check of Move takes effect, the function execution throws an exception, which, if improperly designed, may cause the project business to fail to execute as expected, resulting in DoS attacks.

2) Permission and access controll

The passing of privileged objects and privileged function calls should be carefully authenticated, as these functions and objects are involved in funding security. In addition, the types of objects need to be checked to determine whether they are private or shared objects. If an object is incorrectly converted from a private object to a shared object, unauthorized users may be able to access the object, posing a potential security risk.

Developers can use Move Prover to verify that the program is enforcing an explicit access control policy. For example, in std::offer, we can see that the function is terminated when the recipient is not whitelisted:

3) Transaction order dependence problem

Transaction Ordering Dependence (TOD) refers to the fact that the behavior of a contract may have different results depending on the order in which the transactions are executed, especially in a decentralized environment where the miner or verifier can choose how the transactions are ordered. It may bring risks such as front-running attacks.

In Sui, it is still up to the block producer to execute the order of transactions, so MOVE contracts can still be affected by this problem if they are designed to depend on the order of transactions for state changes.

4) Gas consumption problem

On the Sui chain, the Gas problem of Move smart contracts is mainly reflected in the calculation and storage costs required for contract execution. With the increase of contract complexity and state changes, Gas consumption also rises accordingly. Developers need to focus on optimizing the contract logic, reducing unnecessary calculations and status updates to reduce transaction costs for users, and especially to avoid the situation of uncontrollable iterations in the contract, which may be due to insufficient gas and not be able to perform the business properly.

5) Calculation accuracy

At present, the numeric type supported by Move is unsigned integer, and does not support floating point, so the fractional part will be truncated and rounded down during division operations, which will lead to inaccurate calculation results, which may affect some key policies, lead to revenue loss, and even become a security vulnerability.

For this problem, the usual mitigation measure is to extend the accuracy, but it should be noted that the accuracy needs to be restored when the final result is obtained.

6) Object management

In Move smart contracts on the Sui blockchain, object management is a key challenge, covering multiple aspects of the object’s lifecycle, ownership, concurrent access, serialization, and storage costs. Developers need to precisely manage the creation, update, and destruction of objects to prevent resource waste and state inconsistency. At the same time, reasonable design of contract logic to control the ownership and access rights of objects, as well as dealing with multiple users accessing the same object concurrently, are important factors to ensure the safe and efficient operation of smart contracts.

7) Business logic design and implementation problems

For example, with the implementation of lightning loan in Sui DeFi project, attackers can use flash loan to carry out large funds attacks such as price manipulation.

In the common AMM token swapping feature, developers can use Move Prover to verify that the number of tokens has changed correctly:

For example, lending protocols should always be fully secured after a series of deposits, borrowings and withdrawals. In the case that the order book of the on-chain perpetual contract trading agreement is cancelled after the order is placed, there should be no changes in the ledger, etc., which need to be checked and verified by the developer.

Challenges in the Sui Ecosystem

At present, DeFi and Memecoins of Sui are blooming, and the trading volume and TVL have attracted explosive growth. Subsequently, there are more and more kinds of scams and spam tradings that users need to avoid.

Phishings

This year, an airdrop scam called Suisses appeared in Sui Eco, which allowed many users to have their assets stolen. When a user connects to a wallet on Suisses website and clicks Claim, a transaction request for the transfer of the user’s assets appears. If the user signs the transaction, they will find that all of their wallet’s assets have been transferred.

Because of the characteristics of Sui: everything is the object, not only the tokens in the user’s wallet, NFT is the object, but also the user’s participation in DeFi mining, liquidity pledge and other certificates. If a phishing attack occurs, all of a user’s assets within the Sui ecosystem may be transferred by the hacker at once.

Token Scams

There are many fake tokens and honeypots in the Sui ecosystem. In particular, when users trade memecoins in the Sui Ecosystem, they may be caught accidentally.

In creating tokens at Sui, as shown below, hackers can define the same icons and names as popular or major tokens, making them indistinguishable to general users. Therefore, users need to check whether the data format of the token is correct when purchasing the token.

In addition, hackers can also add a DenyList function to the token contract, so that users who buy the token cannot sell, causing losses to users.

MEV Challenge

MEV stands for maximum extractable value. MEV originally referred to Miner Extractable Value, where miners in the BTC network earn rewards beyond block and network fees by reordering transactions in blocks. MEV has nothing to do with the type of blockchain network. MEV exists in all blockchains, and Sui is no exception.

Sui uses Narwhal as a memory pool to assign unfinished transactions to nodes, and uses the Bullshark algorithm as a consensus engine to sort transactions.

The ordering rule of Sui for transactions is based on gas fees. In addition, since Sui adopts a transaction execution scheme combining parallel and sequential, transactions that share the same AMM transaction pool state can only be executed sequentially. Therefore, the sandwich attack / frontrunning transaction is feasible. An attacker can launch a sandwich attack through a higher gas fee, so that users participating in DeFi tradings suffer losses.

Disclaimer:

1. This article is reprinted from [beosin]. All copyrights belong to the original author [beosin]. If there are objections to this reprint, please contact the Gate Learn team, and they will handle it promptly.
2. Liability Disclaimer: The views and opinions expressed in this article are solely those of the author and do not constitute any investment advice.
3. Translations of the article into other languages are done by the Gate Learn team. Unless mentioned, copying, distributing, or plagiarizing the translated articles is prohibited.