Learn

Introduction to Sui

Key features

Move

Inherently secure programming language

zkLogin

Authentication with web credentials

Kiosk

Customizable trade and transfer policies

View all features

Use cases

Gaming

Tradable in-game assets

Finance

Low fees and near-instant settlement

Commerce

Greater customer engagement and value

Research

Mysticeti

DAG-based consensus for extremely low latency

Pilotfish

Distributed deterministic execution engine

Sui Lutris

Consensusless agreement integrated with consensus protocol

View all research

Sui Blog

Sui's leading technology results in a stunning first year

Featured

Mysticeti

A consensus protocol that achieves the lowest end-to-end latency in blockchain

Build

Developer portal

Core Resources

Docs

Guides and concepts to get started

Reference code

Code for the Sui JSON-RPC API

Courses

Classes on the fundamentals of Sui

Tutorials

Lessons to start building on Sui

Funding

Overview

Opportunities for ecosystem funding

Request for proposals

Funds to build specific project ideas

Technical Support

Engineering office hours

1:1 support from the core team

Developer forum

Knowledge base for Sui developers

SUBSCRIBE TO DEV NEWSLETTER

I agree to receive marketing communications from Sui Foundation.

Thank you! Your submission has been received!

Oops! Something went wrong while submitting the form.

I agree to receive marketing communications from Sui Foundation

Read past dev newsletters

Featured

Sui Overflow

Sui's first global virtual hackaton

Connect

Community hub

INItIATIVES

Events

In-person and virtual gatherings

Community programs

Opportunities to support the Sui community

University partnerships

Research partnerships with leading universities

ecosystem resources

Job board

Available jobs in the Sui ecosystem

Directory

Self-submitted catalog of projects building on Sui

Research awards

Funds for studies to push innovation

SUBSCRIBE TO SUI NEWSLETTER

I agree to receive marketing communications from Sui Foundation.

Thank you! Your submission has been received!

Oops! Something went wrong while submitting the form.

I agree to receive marketing communications from Sui Foundation

Connect

Get started

Learn

Intro to Sui

Cutting edge experience

Secure development for building at scale

Transformational products

Digital ownership across industries

Breakthrough innovations

Unique features only available on Sui

Pioneering research

Trailblazing discoveries applied to Sui

Key Features

Move

Inherently secure programming language

zkLogin

Authentication with web credentials

Kiosk

Customizable trade and transfer policies

Use cases

Gaming

Tradable in-game assets

Finance

Low fees and near-instant settlement

Commerce

Authentic Interactions, Verifiable Assets

Introduction to Sui

Key features

Move

Inherently secure programming language

zkLogin

Authentication with web credentials

Kiosk

Customizable trade and transfer policies

View all features

Use cases

Gaming

Tradable in-game assets

Finance

Low fees and near-instant settlement

Commerce

Greater customer engagement and value

Research

Mysticeti

DAG-based consensus for extremely low latency

Pilotfish

Distributed deterministic execution engine

Sui Lutris

Consensusless agreement integrated with consensus protocol

View all research

Sui Blog

Sui's leading technology results in a stunning first year

Featured

Mysticeti

A consensus protocol that achieves the lowest end-to-end latency in blockchain

Build

Get started

Developer Portal

Collection of resources for builders

Docs

Guides and concepts to get started

Reference code

Code for the Sui JSON-RPC API

SDKs

Typescript and Rust SDKs for Sui API

Learning resources

Courses

Classes on the fundamentals of Sui

Tutorials

Lessons to start building on Sui

Videos

Resource library for video courses

Non-English

Resources for non-English speakers

Grants

Request for proposals

Funds to build specific project ideas

Research

Academic studies to push innovation

Education

Teach people how to build on Sui

Support

Engineering office hours

1:1 support from the core team

Developer forum

Knowledge base for Sui developers

Suinami Riders

Technical channel for developers

Developer portal

Core Resources

Docs

Guides and concepts to get started

Reference code

Code for the Sui JSON-RPC API

Courses

Classes on the fundamentals of Sui

Tutorials

Lessons to start building on Sui

funding

Overview

Opportunities for ecosystem funding

Request for proposals

Funds to build specific project ideas

Technical Support

Engineering office hours

1:1 support from the core team

Developer forum

Knowledge base for Sui developers

Subscribe to dev newsletter

I agree to receive marketing communications from Sui Foundation.

Thank you! Your submission has been received!

Oops! Something went wrong while submitting the form.

I agree to receive marketing communications from Sui Foundation

Read past dev newsletters

Featured

Sui Overflow

Sui’s first global virtual hackathon

Connect

Get involved

Global events

In-person and virtual gatherings

Community programs

Grow and educate the Sui community

Ecosystem

Job board

Job listings for Sui projects

Find Bugs.
Earn Bounties.

Earn up to $500K by finding protocol bugs and vulnerabilities

Learn More

Submit report

As the Sui ecosystem evolves, the potential for bugs and vulnerabilities arises. The bug bounty program incentivizes white hat hackers to report issues, helping maintain a secure and stable platform while rewarding responsible disclosure.

Impacts in Scope

The following impacts are accepted within this bug bounty program--refer to Sui's HackenProof Bug Bounty Program Page for an official and up-to-date listing. All other impacts are considered out-of-scope and ineligible for payout.

Critical - $500,000 USD

Exceeding the maximum supply of 10 billion SUI + allowing the attacker to claim the excess funds
‍
Loss of Funds which includes:
- Unauthorized creation, copying, transfer or destruction of objects via bypass of or exploit of bugs in the Move or Sui bytecode verifier

- Address Collision – creating two distinct authentication schemes that hash to the same SUI address in a manner that lead to significant loss of funds

- Object ID collision — creating two distinct objects with the same ID in a manner that leads to significant loss of funds.

- Unauthorized use of an owned object as a transaction input, resulting in significant loss of funds due to the inability to verify ownership and permission to transfer

- Dynamically loading an object that is not directly or transitively owned by the transaction sender, in a manner that leads to significant loss of funds

- Unauthorized upgrade of a Move package, in a manner that leads to significant loss of funds

- Stealing staking rewards that belong to another user, or claiming more than a user’s share of staking rewards, not including rounding errors that result in a minor, financially insignificant discrepancy
‍
Violating BFT assumptions, acquiring voting power vastly disproportionate to stake, or any other issue that can meaningfully compromise the integrity of the blockchain’s proof of stake governance does not include the following:

- Voting power that is redistributed because one or more other validators already has max voting power

- Rounding errors that result in minor voting power discrepancies
‍
Network not being able to confirm new transactions (total network shutdown) requiring a hard fork to resolve
Arbitrary, non-Move remote code execution on unmodified validator software

High - $50,000 USD

Temporary total network shutdown or unintended chain split (duration greater than 10 minutes)

Medium - $10,000 USD

A bug that results in unintended and harmful smart contract behavior with no concrete funds at direct risk
Unintended, permanent burning of SUI under the max cap.
Shutdown of greater than or equal to 30% of network processing nodes without brute force actions, but does not shut down the network

Low - $5,000 USD

Sending a transaction that triggers invariant violation error code in unmodified validator software
A remote call that crashes a Sui full node

Frequently asked questions

Where can I find more information on the bug bounty program?

All of the program details along with a link to the dashboard to report a bug are available on HackenProof’s bounty program page for Sui.

How do I join the program?

If you find a bug or vulnerability, report it using the HackenProof dashboard. You should receive an acknowledgement of your report within 48 hours for critical vulnerabilities and 96 hours for all other vulnerabilities.

Where can I get technical questions answered?

Sui and HackenProof will be conducting Office Hours to answer questions. A date will be announced on Twitter by @SuiNetwork. If you are not able to attend, you can email questions to [email protected].

Who is behind this program?

The program is funded and managed by the Sui Foundation, in partnership with HackenProof.

Learn

Introduction to Sui Move Use cases Research Network status Network information Token schedule

Build

Developer portal Docs Courses Request for proposals Tutorials Github Whitepaper Developer forum

Connect

Events Community programs Job board Directory Sui University Initiative

About

Security Sui Foundation Careers Press center Media kit Blog Trademark Policy Bug Bounty Program Privacy Policy

Find Bugs.Earn Bounties.

Impacts in Scope

Frequently asked questions

Find Bugs.
Earn Bounties.