Firm Belief After the Security Crisis: Why SUI Still Has Long-term Rise Potential?

TL;DR

1. The Cetus vulnerability originates from the contract implementation, not from SUI or the Move language itself:

The essence of this attack lies in the missing boundary checks in the arithmetic functions of the Cetus protocol------logical vulnerabilities caused by overly broad masks and shift overflows, which are unrelated to the resource security model of the SUI chain or the Move language. The vulnerability can be fixed with "a single line of boundary checks" and does not affect the core security of the entire ecosystem.

2. The "reasonable centralization" in the SUI mechanism reveals its value during crises:

Although SUI has a slight tendency towards centralization with features like DPoS validator rounds and blacklist freezing, this proved useful during the CETUS incident response: validators quickly synchronized malicious addresses to the Deny List, refusing to package related transactions, resulting in the immediate freezing of over $160 million in funds. This is essentially a form of positive "on-chain Keynesianism," where effective macro-control plays a positive role in the economic system.

3. Reflections and Suggestions on Technical Security:

Mathematics and boundary verification: Introduce upper and lower bound assertions for all critical arithmetic operations (such as shifts, multiplication, and division), and conduct extreme value fuzzing and formal verification. In addition, there is a need to enhance auditing and monitoring: beyond general code audits, add a specialized mathematical audit team and real-time on-chain transaction behavior detection to capture abnormal splits or large flash loans early.

4. Summary and Recommendations on the Capital Guarantee Mechanism:

In the Cetus incident, SUI efficiently collaborated with the project party to successfully freeze over $160 million in funds and promote a 100% compensation plan, demonstrating strong on-chain resilience and ecological responsibility. The SUI Foundation also added $10 million in audit funds to strengthen the security line. In the future, further mechanisms such as on-chain tracking systems, community-built security tools, and decentralized insurance can be advanced to improve the fund protection system.

5. The diverse expansion of the SUI ecosystem

SUI has rapidly transitioned from "new chain" to "strong ecosystem" in less than two years, building a diversified ecological landscape that includes stablecoins, DEX, infrastructure, DePIN, games, and more. The total scale of stablecoins has surpassed 1 billion USD, providing a solid liquidity foundation for the DeFi module; it ranks 8th globally in TVL, 5th in trading activity, and 3rd among non-EVM networks (only behind Bitcoin and Solana), demonstrating strong user participation and asset accumulation capability.

1. A chain reaction triggered by an attack

On May 22, 2025, the leading AMM protocol Cetus deployed on the SUI network suffered a hacker attack. The attacker exploited a logical vulnerability related to the "integer overflow issue" to launch a precise manipulation, resulting in a loss of over $200 million in assets. This incident is not only one of the largest security incidents in the DeFi space so far this year but also the most destructive hacker attack since the launch of the SUI mainnet.

According to DefiLlama data, the total value locked (TVL) of SUI across the entire chain plummeted by more than $330 million on the day of the attack, while the locked amount of the Cetus protocol evaporated by 84% in an instant, dropping to $38 million. As a result, several popular tokens on SUI (including Lofi, Sudeng, Squirtle, etc.) fell sharply by 76% to 97% within just one hour, raising widespread concerns in the market about the security and ecological stability of SUI.

However, after this shock wave, the SUI ecosystem has shown strong resilience and recovery ability. Although the Cetus incident caused fluctuations in confidence in the short term, on-chain funds and user activity did not experience sustained decline; instead, it significantly prompted the entire ecosystem to pay more attention to security, infrastructure development, and project quality.

Klein Labs will analyze the reasons behind this attack event, the node consensus mechanism of SUI, the security of the MOVE language, and the ecological development of SUI, outlining the current ecological landscape of this public chain, which is still in its early development stages, and discussing its future development potential.

2. Analysis of the Causes of the Cetus Incident Attack

2.1 Attack Implementation Process

According to the technical analysis of the Cetus attack incident by the Slow Fog team, the hacker successfully exploited a critical arithmetic overflow vulnerability in the protocol, using flash loans, precise price manipulation, and contract flaws to steal over $200 million in digital assets in a short period of time. The attack path can be roughly divided into the following three stages:

①Initiate flash loans, manipulate prices

Hackers first utilized a maximum slippage flash swap of 10 billion haSUI flash loans to borrow a large amount of funds for price manipulation.

Flash loans allow users to borrow and repay funds in a single transaction, requiring only a fee, characterized by high leverage, low risk, and low cost. Hackers exploited this mechanism to drive down market prices in a short period and precisely controlled them within a very narrow range.

The attacker then prepares to create an extremely narrow liquidity position, precisely setting the price range between the lowest quote of 300,000 and the highest price of 300,200, with a price width of only 1.00496621%.

By using the above method, hackers successfully manipulated the haSUI price with a sufficient number of tokens and massive liquidity. Subsequently, they targeted several tokens with no actual value for manipulation.

②Add liquidity

Attackers create narrow liquidity positions, claiming to add liquidity, but due to a vulnerability in the checked_shlw function, ultimately only receive 1 token.

Essentially due to two reasons:

1. The mask setting is too wide: equivalent to a very large liquidity addition limit, resulting in the validation of user inputs in the contract being virtually meaningless. Hackers bypassed overflow detection by setting abnormal parameters, constructing inputs that are always less than this limit.

2. Data overflow was truncated: When performing the shift operation n << 64 on the numeric value n, data truncation occurred because the shift exceeded the effective bit width of the uint256 data type (256 bits). The overflow portion was automatically discarded, resulting in a computation outcome far below expectations, causing the system to underestimate the amount of haSUI required for the exchange. The final calculated result was approximately less than 1, but due to rounding up, the final result equaled 1, allowing the hacker to add just 1 token to exchange for a substantial amount of liquidity.

③Withdraw liquidity

Repay the flash loan while retaining huge profits. Ultimately withdraw token assets worth hundreds of millions of dollars from multiple liquidity pools.

The situation of fund loss is serious, and the attack has resulted in the following assets being stolen:

• 12.9 million SUI (approximately 54 million USD)

• 60 million USDC

• 4.9 million USD Haedal Staked SUI

• 19.5 million USD TOILET

• Other tokens like HIPPO and LOFI have fallen by 75--80%, and liquidity has dried up.

2.2 Causes and Characteristics of This Vulnerability

The vulnerability of Cetus has three characteristics:

1. The cost of fixing is extremely low: On one hand, the root cause of the Cetus incident was a flaw in the Cetus math library, rather than an error in the protocol's pricing mechanism or underlying architecture. On the other hand, the vulnerability was limited to Cetus itself and had nothing to do with the SUI code. The root of the vulnerability lies in a boundary condition check, and it can be completely eliminated by modifying just two lines of code; after the fix is completed, it can be immediately deployed to the mainnet to ensure that subsequent contract logic is complete and to eliminate this vulnerability.

2. High Concealment: The contract has been running smoothly with zero faults for two years since its launch. The Cetus Protocol has undergone multiple audits, but no vulnerabilities were found, mainly because the Integer_Mate library used for mathematical calculations was not included in the audit scope.

Hackers exploit extreme values to precisely construct trading intervals, creating extremely rare scenarios with extremely high liquidity that trigger abnormal logic, indicating that such issues are difficult to detect through ordinary testing. These issues often lie in blind spots within people's perception, which is why they remain hidden for a long time before being discovered.

3. Not an issue exclusive to Move:

Move excels in resource safety and type checking compared to various smart contract languages, and it has native detection for integer overflow issues in common scenarios. This overflow occurred because an incorrect value was used for the upper limit check when calculating the required token amount during liquidity addition, and bitwise operations were used instead of conventional multiplication. If conventional addition, subtraction, multiplication, and division were used, Move would automatically check for overflow, preventing such high-bit truncation issues.

Similar vulnerabilities have also appeared in other languages (such as Solidity and Rust), and they are even more easily exploited due to the lack of integer overflow protection; prior to the update of the Solidity version, overflow checks were very weak. Historically, there have been addition overflows, subtraction overflows, multiplication overflows, etc., all directly caused by the computation results exceeding the range. For example, the vulnerabilities in the BEC and SMT smart contracts of the Solidity language were both exploited by carefully constructed parameters that bypassed the detection statements in the contract, resulting in excess transfers to carry out attacks.

3. The consensus mechanism of SUI

3.1 Introduction to SUI Consensus Mechanism

Overview:

SUI adopts a Delegated Proof of Stake framework (DeleGated Proof of Stake, referred to as DPoS)). Although the DPoS mechanism can increase transaction throughput, it cannot provide the high level of decentralization that PoW (Proof of Work) can. Therefore, the level of decentralization in SUI is relatively low, and the governance threshold is relatively high, making it difficult for ordinary users to directly influence network governance.

• Average number of validators: 106

• Average Epoch Duration: 24 hours

Mechanism Process:

• Delegated staking: Ordinary users do not need to run nodes themselves; they can participate in network security guarantees and reward distribution by staking and delegating SUI to candidate validators. This mechanism lowers the participation threshold for ordinary users, allowing them to engage in network consensus by "hiring" trusted validators. This is also a significant advantage of DPoS compared to traditional PoS.

• Representative round of block production: A few selected validators produce blocks in a fixed or random order, which enhances confirmation speed and increases TPS.

• Dynamic Election: At the end of each voting period, a dynamic rotation is conducted based on voting weight to re-elect the Validator set, ensuring node vitality, interest consistency, and decentralization.

Advantages of DPoS:

• High efficiency: With a controllable number of block-producing nodes, the network can achieve confirmation in milliseconds, meeting high TPS demands.

• Low cost: Fewer nodes participate in the consensus, significantly reducing the network bandwidth and computing resources required for information synchronization and signature aggregation. As a result, hardware and operation and maintenance costs decrease, the requirements for computing power are lowered, and costs are further reduced. Ultimately, this leads to lower user transaction fees.

• High security: The staking and delegation mechanisms amplify the cost and risk of attacks simultaneously; combined with the on-chain confiscation mechanism, it effectively suppresses malicious behavior.

At the same time, the consensus mechanism of SUI employs a BFT (Byzantine Fault Tolerance) based algorithm, requiring that more than two-thirds of the votes among validators reach a consensus to confirm transactions. This mechanism ensures that even if a minority of nodes act maliciously, the network can still maintain secure and efficient operations. Any upgrades or major decisions also require more than two-thirds of the votes to be implemented.

Essentially, DPoS is a compromise solution to the "impossible triangle," balancing decentralization and efficiency. In the security-decentralization-scalability "impossible triangle," DPoS chooses to reduce the number of active block-producing nodes for higher performance, sacrificing a certain degree of complete decentralization compared to pure PoS or PoW, but significantly enhancing network throughput and transaction speed.

![Firm Faith After the Security Crisis: Why