- Sui awarded CertiK for identifying a vulnerability dubbed “HamsterWheel” on Sui Blockchain.
- The “HamsterWheel” vulnerability traps nodes in an endless loop similar to hamsters jogging on a wheel.
- HamsterWheel attack demonstrates the evolving sophistication of threats to blockchain networks.
Sui Blockchain has awarded the blockchain security company CertiK a $500,000 bounty for identifying a threat that could have brought down the entire Sui layer-1 blockchain.
The identified vulnerability is called “HamsterWheel” and the CertiK team explained that the vulnerability was distinct from more conventional attacks that aim to crash nodes and bring down blockchains.
HamsterWheel attack details
Similar to hamsters running on a wheel, the HamsterWheel attack traps nodes and allows them to carry out operations without processing new transactions. The attack has the power to paralyze networks and render them unusable.
Certick identified the HamsterWheel vulnerability before Sui’s mainnet launch at the beginning of May 2023. Sui then went ahead and implemented fixes in response to the security threat to guard against the potential harm that an attack could cause to the blockchain.
Sui gave CertiK a $500,000 bounty as a thank-you for their efforts; emphasizing the value of bug bounty programs and preventative security measures.
Blockchain security
According to CertiK’s chief security officer Kang Li, threats to blockchain networks are constantly changing. Li stated that “the HamsterWheel attack’s discovery demonstrates the evolving sophistication of threats to blockchain networks.”
CerticK’s announcement states that additional technical information will be released and made accessible soon. Additionally, once all mitigations have been implemented and thoroughly tested, complete reports will be made public.