Join Sui Overflow, Sui's first global hackathon →
Learn
Build
Connect
Get started
Learn
Build
Connect

Security is our top priority

Sui delivers the benefits of Web3 with the ease of Web2

The Sui ecosystem is constantly monitored for security threats targeting the community. Identified threats are rapidly investigated and remediated to ensure user safety.

The Sui network and affiliated products undergo regular third-party audits as part of a concerted effort to maintain the highest level of security possible. The findings of these reports and the actions taken as a response are shared in a timely manner.

Recent reports

Sui Core L1

Halborn conducted a security audit on Sui with the goal of ensuring it operated as intended and identifying potential security issues with the codebase.

Submitted on April 21, 2023
Move and Sui Security Assessment

Zellic reviewed Move and Sui Security Assessment’s code for security vulnerabilities, design issues, and general weaknesses in security posture.

Submitted on May 8, 2023
Sui Adapter & Verifier

Halborn conducted a security audit of Sui’s smart contracts to ensure they operate as intended and to identify any potential security issues.

Submitted on October 14, 2022
Deepbook Smart Contract Security Assessment

Zellic reviewed DeepBook’s code for security vulnerabilities, design issues, and general weaknesses in security posture.

Submitted on April 26, 2023
Groth16 Verifier API

Halborn conducted a security audit of the Groth16 Verifier API to ensure the smart contract functions as intended and identify potential security issues.

Submitted on Dec 9, 2022
Sui Typescript SDK

Halborn conducted a security audit of the SUi Typescript SDK in order to improve the quality of the systems reviewed and to target sufficient remediation to help protect users.

Submitted on Oct 6, 2022
Denial-of-Service Security Assessment

Halborn conducted a DoS security audit to identify if there was any risk of DoS conditions on nodes that may result from custom transactions and signatures.

Submitted on April 14, 2023
JSON-RPC Audit WebApp Pentest

Halborn conducted a security audit on the JSON-RPC API.

Submitted on Oct 6, 2022
Miscellaneous Audits

OtterSec performed an assessment of sui-verifier, sui-framework, sui-governance, sui-json-rpc, sui-adapter, collectibe, kiosk, suifrens, suins and sui.id programs.

June 2023
Sui-System

FYEO conducted a security assessment of sui-system, the staking code in Move.

June 2023
ECVRF and Ristretto255

Common Prefix conducted an audit of the Elliptic Curve Verifiable Random Function and Ristretto255 implementations within Sui's fastcrypto library.

Submitted on April 7, 2023
secp256k1

Common Prefix conducted an audit of the Elliptic Curve Digital Signature Algorithm (ECDSA) sec256k1 implementation within Sui's fastcrypto library.

Submitted on April 7, 2023
BLS12381

Common Prefix conducted an audit of the BLS12381 implementation within Sui's fastcrypto library.

Submitted on April 7, 2023
Secp256r1

Common Prefix conducted an audit of the ECDSA implementation within Sui's fastcrypto library.

Submitted on June 8, 2023
TS SDK Audit

Blaize.Security examined the security of the Sui TypeScript SDK that provides multisig functionality.

Submitted on August 31, 2023
zkLogin Circuits and Ceremony

zkSecurity conducted an audit of Sui's zkLogin primitive, consisting of Circom circuits, typescript files, and ceremony code on top of snarkjs..

Submitted on September 11, 2023
Rust Multisig SDK Audit

Blaize.Security examined the security of the Sui multisig rust implementation.

Submitted on October 9, 2023
Sui Wallet (zkLogin Components)

Critical Section Security audited new features on Sui Wallet related to zkLogin.

Submitted on October 11, 2023

Questions and Resources

Report a security issue
Security documentation
Audit reports
Trademark usage policy