The Sui blockchain network quietly fixed a bug that could have put “billions of dollars” at risk, according to a May 16 announcement from Zellic, the security firm hired to audit the network’s security.
Loss of Funds Bug in Aptos and SuiQuick spotlight on an unpublished (but fixed) loss-of-funds bug in the move verifier that seems to have been found by @zellic_io.This would have allowed many types of exploits against Aptos or Sui based protocols.
The bug was in a dependency of the bytecode verifier, which ensures that the human-readable Move language used to write smart contracts on Sui is correctly transcribed into machine code during deployment. Had the bug not been fixed, it could have “allowed attackers to bypass multiple security properties, leading to potentially significant financial damages,” the announcement said.
According to the announcement, Sui developer Mysten Labs fixed the bug on March 30, in commit 8bddbe65, after Zellic informed them of its existence. The bug may have also been present in other Move-based networks, including Aptos and Starcoin. The Aptos version of the bug was eliminated with a patch on April 10, according to the Zellic team.
In a conversation with Cointelegraph, a representative from the Move-based 0L network stated that the bug does not affect its version of Move. On May 15, 0L added a series of tests to their GitHub, which it says proves the exploit is not possible on the 0L version.
Cointelegraph reached out to Aptos and Starcoin for comment but did not receive a response by publication.
A blockchain network developed by Mysten Labs, Sui was founded by former Meta Platforms engineers. It’s a fork of the open-source Libra project created by Facebook-parent Meta. Libra was shut down in
Read more on cointelegraph.com