Firm Belief After the Security Crisis: Why SUI Still Has Long-term Rise Potential?

TL;DR

1. The Cetus vulnerability originates from the contract implementation, not from SUI or the Move language itself:

The essence of this attack lies in the lack of boundary checks in the arithmetic functions of the Cetus protocol, unrelated to the resource security model of the SUI chain or the Move language. The vulnerability can be fixed with "one line of boundary checks" and does not affect the core security of the entire ecosystem.

2. The value of "reasonable centralization" in the SUI mechanism emerges during crises:

Although SUI adopts features such as DPoS validator rounds and blacklist freezing, which exhibit a slight tendency towards centralization, this is precisely useful in the CETUS incident response: validators quickly synchronized malicious addresses to the Deny List, refusing to package related transactions, resulting in the instant freezing of over 160 million dollars in funds. This essentially represents a proactive form of "on-chain Keynesianism," where effective macroeconomic regulation plays a positive role in the economic system.

3. Reflections and Suggestions on Technical Security:

Mathematics and boundary verification: introduce upper and lower limit assertions for all key arithmetic operations, and conduct extreme value fuzzing and formal verification. In addition, there is a need to enhance auditing and monitoring: beyond general code auditing, add a specialized mathematical auditing team and real-time on-chain transaction behavior detection, to capture abnormal splits or large flash loans early.

4. Summary and Suggestions for the Capital Security Mechanism:

In the Cetus incident, SUI efficiently collaborated with the project party, successfully freezing over 160 million USD in funds, and promoted a 100% compensation plan, demonstrating strong on-chain resilience and ecological responsibility. The SUI Foundation also added 10 million USD in audit funds to strengthen the security defenses. In the future, further mechanisms such as on-chain tracking systems, community-built security tools, and decentralized insurance can be advanced to improve the funding guarantee system.

5. The diverse expansion of the SUI ecosystem

SUI has quickly achieved a leap from "new chain" to "strong ecosystem" in less than two years, building a diversified ecological landscape that covers multiple tracks including stablecoins, DEX, infrastructure, DePIN, and gaming. The total scale of stablecoins has surpassed 1 billion USD, providing a solid liquidity foundation for the DeFi module; TVL ranks 8th globally, with trading activity ranked 5th globally and 3rd among non-EVM networks, demonstrating strong user participation and asset accumulation capability.

1. A chain reaction triggered by an attack

On May 22, 2025, the leading AMM protocol Cetus deployed on the SUI network was hacked. The attacker exploited a logical vulnerability related to the "integer overflow issue" to carry out precise manipulation, resulting in losses of over $200 million in assets. This incident is not only one of the largest security incidents in the DeFi space so far this year but also the most destructive hacker attack since the launch of the SUI mainnet.

According to the data, the TVL of the entire SUI chain plummeted by over $330 million on the day of the attack, and the locked amount of the Cetus protocol evaporated by 84% in an instant, dropping to $38 million. As a result, several popular tokens on SUI plummeted by 76% to 97% within just one hour, triggering widespread concern in the market regarding the safety and ecological stability of SUI.

But after this shockwave, the SUI ecosystem has demonstrated strong resilience and recovery ability. Although the Cetus incident caused fluctuations in confidence in the short term, on-chain funds and user activity did not experience a sustained decline; instead, it significantly prompted the entire ecosystem to enhance its focus on security, infrastructure development, and project quality.

Klein Labs will analyze the reasons behind this attack event, the consensus mechanism of SUI nodes, the security of the MOVE language, and the ecological development of SUI, to outline the current ecological landscape of this public chain that is still in its early stages of development, and discuss its future development potential.

2. Analysis of the Causes of the Cetus Incident Attack

2.1 Attack Implementation Process

According to the technical analysis of the Cetus attack incident by the Slow Mist team, the hacker successfully exploited a critical arithmetic overflow vulnerability in the protocol, using flash loans, precise price manipulation, and contract flaws to steal over $200 million in digital assets within a short period. The attack path can be roughly divided into the following three stages:

①Initiate flash loans, manipulate prices

Hackers first utilized a maximum slippage flash swap of 10 billion haSUI flash loans, borrowing a large amount of funds to manipulate prices.

Flash loans allow users to borrow and repay funds in a single transaction, requiring only a fee, and feature high leverage, low risk, and low cost. Hackers exploited this mechanism to quickly drive down market prices and precisely control them within a very narrow range.

The attacker then prepares to create a very narrow liquidity position, precisely setting the price range between the lowest quote of 300,000 and the highest price of 300,200, with a price width of only 1.00496621%.

By using the above method, the hackers successfully manipulated the haSUI price with a sufficient amount of tokens and huge liquidity. Subsequently, they targeted several tokens with no actual value for manipulation.

②Add liquidity

The attacker creates a narrow liquidity position, claiming to add liquidity, but due to a vulnerability in the checked_shlw function, ultimately only receives 1 token.

This is essentially due to two reasons:

1. The mask setting is too wide: equivalent to a huge liquidity addition limit, resulting in the validation of user input in the contract being virtually non-existent. Hackers bypassed the overflow detection by setting abnormal parameters, constructing inputs that are always less than this limit.

2. Data overflow was truncated: When performing a shift operation of n << 64 on the numeric value n, data truncation occurred due to the shift exceeding the effective bit width of the uint256 data type. The overflow portion was automatically discarded, resulting in a computation outcome far below expectations, causing the system to underestimate the amount of haSUI required for the exchange. The final calculated result is slightly less than 1, but since it is rounded up, it ends up being equal to 1, meaning the hacker only needs to add 1 token to exchange for a large amount of liquidity.

③ Withdraw liquidity

Repay the flash loan and retain huge profits. Ultimately withdraw token assets worth hundreds of millions of dollars from multiple liquidity pools.

The situation of fund loss is serious, the attack resulted in the theft of the following assets:

• 12.9 million SUI

• 60 million USDC

• 4.9 million USD Haedal Staked SUI

• 19.5 million USD TOILET

• Other tokens like HIPPO and LOFI have fallen 75--80%, liquidity has dried up.

2.2 The causes and characteristics of this vulnerability

The vulnerability of Cetus has three characteristics:

1. The cost of fixing is extremely low: on one hand, the root cause of the Cetus incident was a flaw in the Cetus math library, not an error in the protocol's pricing mechanism or underlying architecture. On the other hand, the vulnerability is limited to Cetus itself and is unrelated to SUI's code. The root of the vulnerability lies in a boundary condition check, and only two lines of code need to be modified to completely eliminate the risk; once the fix is completed, it can be immediately deployed to the mainnet to ensure that subsequent contract logic is complete and to eliminate this vulnerability.

2. High concealment: The contract has been running smoothly for two years with zero faults. The Cetus Protocol has undergone multiple audits, but no vulnerabilities were found, mainly because the libraries used for mathematical calculations were not included in the audit scope.

Hackers use extreme values to precisely construct trading ranges, creating extremely rare scenarios that submit high liquidity, which triggers abnormal logic. This indicates that such issues are difficult to detect through ordinary testing. These problems often lie in blind spots within people's vision, which is why they remain hidden for a long time before being discovered.

3. Not a problem unique to Move:

Move outperforms various smart contract languages in resource security and type checking, with native detection for integer overflow issues in common scenarios. This overflow occurred because an incorrect value was first used for the upper limit check when calculating the required token amount during liquidity addition, and bitwise operations were used instead of conventional multiplication. In contrast, if conventional addition, subtraction, multiplication, and division are used in Move, overflow situations are automatically checked, preventing such high-bit truncation issues.

Similar vulnerabilities have also appeared in other languages, and they are even easier to exploit due to the lack of integer overflow protection; before the update of the Solidity version, the checks for overflow were very weak. Historically, there have been addition overflows, subtraction overflows, multiplication overflows, etc., all directly caused by the operation results exceeding the range. For example, the vulnerabilities in the BEC and SMT smart contracts of the Solidity language both bypassed the detection statements in the contracts through carefully constructed parameters to achieve attacks via excessive transfers.

3. The consensus mechanism of SUI

3.1 Introduction to SUI Consensus Mechanism

Overview:

SUI adopts a Delegated Proof of Stake framework (DeleGated Proof of Stake, abbreviated as DPoS)). Although the DPoS mechanism can increase transaction throughput, it cannot provide the extremely high level of decentralization like PoW (Proof of Work). Therefore, the degree of decentralization of SUI is relatively low, and the governance threshold is relatively high, making it difficult for ordinary users to directly influence network governance.

• Average number of validators: 106

• Average Epoch cycle: 24 hours

Mechanism Process:

• Equity Delegation: Ordinary users do not need to run nodes themselves; they can participate in network security assurance and reward distribution by staking SUI and delegating it to candidate validators. This mechanism lowers the participation threshold for ordinary users, allowing them to engage in network consensus by "hiring" trusted validators. This is also a significant advantage of DPoS compared to traditional PoS.

• Represents round block generation: A small number of selected validators generate blocks in a fixed or random order, which enhances confirmation speed and increases TPS.

• Dynamic Election: At the end of each voting cycle, based on voting weight, dynamically rotate and re-elect the Validator set to ensure node vitality, interest consistency, and decentralization.

Advantages of DPoS:

• High efficiency: With a controllable number of block nodes, the network can achieve confirmation in milliseconds, meeting high TPS requirements.

• Low cost: Fewer nodes participate in the consensus, significantly reducing the network bandwidth and computing resources required for information synchronization and signature aggregation. This leads to lower hardware and operational costs, decreased demands on computing power, and lower costs overall. Ultimately, this results in lower user transaction fees.

• High security: The staking and delegation mechanisms amplify the cost and risk of attacks synchronously; combined with the on-chain confiscation mechanism, it effectively suppresses malicious behavior.

At the same time, the consensus mechanism of SUI adopts a BFT (Byzantine Fault Tolerance)-based algorithm, requiring more than two-thirds of the votes among validators to reach consensus in order to confirm a transaction. This mechanism ensures that even if a minority of nodes act maliciously, the network can maintain secure and efficient operation. Any upgrades or major decisions also require more than two-thirds of the votes to be implemented.

Essentially, DPoS is a compromise solution to the impossible triangle, balancing decentralization and efficiency. In the security-decentralization-scalability "impossible triangle," DPoS chooses to reduce the number of active block-producing nodes in exchange for higher performance. Compared to pure PoS or PoW, it sacrifices a certain degree of complete decentralization but significantly enhances network throughput and transaction speed.

![Steadfast Belief After the Security Crisis: Why SUI Still Has Long-Term Rise Potential?](