Firm Belief After the Security Crisis: Why SUI Still Has Long-term Rise Potential?

TL;DR

1. The Cetus vulnerability originates from the contract implementation, rather than from SUI or the Move language itself:

The essence of this attack lies in the lack of boundary checks in the arithmetic functions of the Cetus protocol------logical vulnerabilities caused by overly wide masks and shift overflows, which are unrelated to the resource security model of the SUI chain or the Move language. The vulnerability can be fixed with "a line of boundary check" and does not affect the core security of the entire ecosystem.

2. The "reasonable centralization" in the SUI mechanism shows its value in times of crisis:

Although SUI exhibits a slight tendency towards centralization with features such as DPoS validator rounds and blacklisting, this has proven useful in the response to the CETUS incident: validators quickly synchronized malicious addresses to the Deny List, refusing to package related transactions, resulting in the immediate freezing of over $160 million in funds. This essentially represents an active form of "on-chain Keynesianism," where effective macro-control has a positive effect on the economic system.

3. Reflections and Suggestions on Technical Security:

Mathematics and boundary checking: introduce upper and lower limit assertions for all critical arithmetic operations (such as shifts, multiplication, and division), and conduct extreme value fuzzing and formal verification. In addition, auditing and monitoring need to be enhanced: beyond general code auditing, increase the involvement of a specialized mathematical audit team and real-time on-chain transaction behavior detection to catch anomalies like unusual splits or large flash loans early.

4. Summary and Suggestions for the Fund Security Mechanism:

In the Cetus incident, SUI collaborated efficiently with the project team, successfully freezing over 160 million USD in funds and promoting a 100% compensation plan, demonstrating strong on-chain adaptability and ecological responsibility. The SUI Foundation also added 10 million USD for auditing funds to strengthen the safety defense line. In the future, it can further advance on-chain tracking systems, community-built safety tools, decentralized insurance, and other mechanisms to improve the fund security system.

5. The diverse expansion of the SUI ecosystem

SUI has rapidly transitioned from "new chain" to "strong ecosystem" in less than two years, building a diversified ecological landscape that includes stablecoins, DEX, infrastructure, DePIN, gaming, and other tracks. The total scale of stablecoins has surpassed 1 billion USD, providing a solid liquidity foundation for DeFi modules; the TVL ranks 8th globally, with trading activity ranking 5th in the world and 3rd among non-EVM networks (only behind Bitcoin and Solana), demonstrating strong user participation and asset retention capabilities.

1. A chain reaction triggered by an attack

On May 22, 2025, the leading AMM protocol Cetus deployed on the SUI network suffered a hacker attack. The attackers exploited a logical vulnerability related to the "integer overflow issue" to carry out precise manipulation, resulting in the loss of over $200 million in assets. This incident is not only one of the largest security incidents in the DeFi space so far this year but also the most destructive hacker attack since the launch of the SUI mainnet.

According to DefiLlama data, the total value locked (TVL) on the SUI blockchain plummeted by more than $330 million on the day of the attack, with the Cetus protocol's locked amount evaporating by 84% in an instant, dropping to $38 million. As a result, several popular tokens on SUI (including Lofi, Sudeng, Squirtle, etc.) fell by 76% to 97% within just one hour, triggering widespread concern in the market regarding the security and ecological stability of SUI.

However, after this wave of impact, the SUI ecosystem has demonstrated strong resilience and recovery capacity. Although the Cetus event brought fluctuations in confidence in the short term, on-chain funds and user activity have not experienced a sustained decline; instead, it has significantly heightened the entire ecosystem's attention to security, infrastructure development, and project quality.

Klein Labs will analyze the reasons behind this attack event, the consensus mechanism of SUI nodes, the security of the MOVE language, and the ecological development of SUI, to outline the current ecological landscape of this public chain, which is still in its early stages of development, and discuss its future development potential.

2. Analysis of the Causes of the Cetus Incident Attack

2.1 Attack Implementation Process

According to the technical analysis of the Cetus attack event by the Slow Mist team, the hacker successfully exploited a critical arithmetic overflow vulnerability in the protocol, using flash loans, precise price manipulation, and contract flaws to steal over $200 million in digital assets in a short period. The attack path can be roughly divided into the following three stages:

①Initiate flash loans, manipulate prices

Hackers first took advantage of the maximum slippage to flash swap 10 billion haSUI through a flash loan, borrowing a large amount of funds to manipulate the price.

Flash loans allow users to borrow and repay funds within the same transaction, requiring only a fee, characterized by high leverage, low risk, and low cost. Hackers exploited this mechanism to temporarily lower market prices and precisely control them within a very narrow range.

Then the attacker prepared to create an extremely narrow liquidity position, precisely setting the price range between the lowest quote of 300,000 and the highest price of 300,200, with a price width of only 1.00496621%.

By using the above methods, the hackers successfully manipulated the haSUI price with a sufficient amount of tokens and massive liquidity. Subsequently, they targeted several tokens with no actual value for manipulation.

②Add liquidity

The attacker creates a narrow liquidity position, claims to add liquidity, but due to a vulnerability in the checked_shlw function, ultimately only receives 1 token.

Essentially due to two reasons:

1. The mask setting is too broad: equivalent to a huge liquidity addition limit, rendering the contract's validation of user input ineffective. Hackers bypassed the overflow detection by setting abnormal parameters, constructing inputs that are always less than this limit.

2. Data overflow was truncated: When performing the shift operation n << 64 on the numeric value n, data truncation occurred due to the shift exceeding the effective bit width of the uint256 data type (256 bits). The high-order overflow part was automatically discarded, resulting in a calculation far below expectations, leading the system to underestimate the amount of haSUI required for the exchange. The final calculation result was approximately less than 1, but since it was rounded up, the final result equaled 1, meaning the hacker only needed to add 1 token to exchange for a huge amount of liquidity.

③Withdraw liquidity

Repay the flash loan while retaining huge profits. Ultimately withdraw token assets worth hundreds of millions of dollars from multiple liquidity pools.

The situation of fund losses is serious, and the attack resulted in the following assets being stolen:

• 12.9 million SUI (approximately 54 million USD)

• 60 million USDC

• 4.9 million USD Haedal Staked SUI

• 19.5 million USD TOILET

• Other tokens such as HIPPO and LOFI have dropped 75--80%, and liquidity has dried up.

2.2 Causes and Characteristics of This Vulnerability

The vulnerability of Cetus has three characteristics:

1. Extremely low repair cost: On one hand, the root cause of the Cetus incident was a flaw in the Cetus math library, not an error in the protocol's pricing mechanism or underlying architecture. On the other hand, the vulnerability is limited to Cetus itself and is unrelated to the SUI code. The root of the vulnerability lies in a boundary condition check, and it can be completely eliminated by modifying just two lines of code; once the repair is completed, it can be immediately deployed to the mainnet to ensure the completeness of subsequent contract logic and eliminate the vulnerability.

2. High Concealment: The contract has been running smoothly for two years with zero faults. The Cetus Protocol has undergone multiple audits, but no vulnerabilities were found. The main reason is that the Integer_Mate library used for mathematical calculations was not included in the scope of the audits.

Hackers use extreme values to precisely construct trading intervals, creating extremely rare scenarios with extremely high liquidity that trigger abnormal logic, indicating that such issues are difficult to detect through ordinary testing. These types of problems often reside in blind spots within people's vision, which is why they remain hidden for a long time before being discovered.

3. Not an issue unique to Move:

Move excels in resource safety and type checking over various smart contract languages, with built-in native detection for integer overflow issues in common scenarios. This overflow occurred because, when adding liquidity, the wrong value was initially used for the upper limit check, and bitwise operations were used instead of conventional multiplication. In Move, if conventional addition, subtraction, multiplication, or division operations are used, overflow situations are automatically checked, avoiding such high-bit truncation problems.

Similar vulnerabilities have also appeared in other languages (such as Solidity and Rust), and they are even easier to exploit due to the lack of integer overflow protection; prior to the version updates in Solidity, the checks for overflow were very weak. Historically, there have been issues such as addition overflow, subtraction overflow, and multiplication overflow, all directly caused by the results of operations exceeding the range. For example, the vulnerabilities in the BEC and SMT smart contracts in the Solidity language were exploited by carefully crafted parameters, bypassing the detection statements in the contract to carry out excessive transfers.

3. The consensus mechanism of SUI

3.1 Introduction to the SUI Consensus Mechanism

Overview:

SUI adopts a Delegated Proof of Stake framework (DeleGated Proof of Stake, abbreviated as DPoS)). Although the DPoS mechanism can increase transaction throughput, it cannot provide the extremely high level of decentralization like PoW (Proof of Work). Therefore, the level of decentralization of SUI is relatively low, and the governance threshold is relatively high, making it difficult for ordinary users to directly influence network governance.

• Average number of validators: 106

• Average Epoch Cycle: 24 hours

Mechanism process:

• Equity Delegation: Ordinary users do not need to run nodes themselves; they can participate in network security assurance and reward distribution by staking SUI and delegating it to candidate validators. This mechanism lowers the participation threshold for ordinary users, allowing them to engage in network consensus by "hiring" trusted validators. This is also a significant advantage of DPoS over traditional PoS.

• Representative round of block production: A small number of selected validators produce blocks in a fixed or random order, which improves confirmation speed and increases TPS.

• Dynamic Election: After each voting cycle ends, a dynamic rotation is conducted based on voting weight to re-elect the Validator set, ensuring node vitality, interest consistency, and decentralization.

Advantages of DPoS:

• High efficiency: With a controllable number of block-producing nodes, the network can complete confirmations in milliseconds, meeting high TPS requirements.

• Low cost: Fewer nodes participating in the consensus significantly reduce the network bandwidth and computing resources required for information synchronization and signature aggregation. As a result, hardware and operational costs decrease, the requirements for computing power decrease, and costs are lower. Ultimately achieving lower user transaction fees.

• High security: The staking and delegation mechanisms amplify the cost and risk of attacks; combined with on-chain confiscation mechanisms, they effectively suppress malicious behavior.

At the same time, the consensus mechanism of SUI adopts a BFT (Byzantine Fault Tolerance) based algorithm, which requires more than two-thirds of the votes from validators to reach consensus in order to confirm a transaction. This mechanism ensures that even if a minority of nodes act maliciously, the network can still maintain security and operate efficiently. Any upgrades or major decisions also require more than two-thirds of the votes to be implemented.

Essentially, DPoS is a compromise solution to the impossible triangle.