Security is our top priority

Sui delivers the benefits of Web3 with the ease of Web2

The Sui ecosystem is constantly monitored for security threats targeting the community. Identified threats are rapidly investigated and remediated to ensure user safety.

The Sui network and affiliated products undergo regular third-party audits as part of a concerted effort to maintain the highest level of security possible. The findings of these reports and the actions taken as a response are shared in a timely manner.

Recent reports

Sui Core L1

Halborn conducted a security audit on Sui with the goal of ensuring it operated as intended and identifying potential security issues with the codebase.

Submitted on April 21, 2023

Move and Sui Security Assessment

Zellic reviewed Move and Sui Security Assessment’s code for security vulnerabilities, design issues, and general weaknesses in security posture.

Submitted on May 8, 2023

Sui Adapter & Verifier

Halborn conducted a security audit of Sui’s smart contracts to ensure they operate as intended and to identify any potential security issues.

Submitted on October 14, 2022

Deepbook Smart Contract Security Assessment

Zellic reviewed DeepBook’s code for security vulnerabilities, design issues, and general weaknesses in security posture.

Submitted on April 26, 2023

Groth16 Verifier API

Halborn conducted a security audit of the Groth16 Verifier API to ensure the smart contract functions as intended and identify potential security issues.

Submitted on Dec 9, 2022

Sui Typescript SDK

Halborn conducted a security audit of the SUi Typescript SDK in order to improve the quality of the systems reviewed and to target sufficient remediation to help protect users.

Submitted on Oct 6, 2022

Denial-of-Service Security Assessment

Halborn conducted a DoS security audit to identify if there was any risk of DoS conditions on nodes that may result from custom transactions and signatures.

Submitted on April 14, 2023

JSON-RPC Audit WebApp Pentest

Halborn conducted a security audit on the JSON-RPC API.

Submitted on Oct 6, 2022

Miscellaneous Audits

OtterSec performed an assessment of sui-verifier, sui-framework, sui-governance, sui-json-rpc, sui-adapter, collectibe, kiosk, suifrens, suins and sui.id programs.

June 2023

Sui-System

FYEO conducted a security assessment of sui-system, the staking code in Move.

June 2023

ECVRF and Ristretto255

Common Prefix conducted an audit of the Elliptic Curve Verifiable Random Function and Ristretto255 implementations within Sui's fastcrypto library.

Submitted on April 7, 2023

secp256k1

Common Prefix conducted an audit of the Elliptic Curve Digital Signature Algorithm (ECDSA) sec256k1 implementation within Sui's fastcrypto library.

Submitted on April 7, 2023

BLS12381

Common Prefix conducted an audit of the BLS12381 implementation within Sui's fastcrypto library.

Submitted on April 7, 2023

Secp256r1

Common Prefix conducted an audit of the ECDSA implementation within Sui's fastcrypto library.

Submitted on June 8, 2023

TS SDK Audit

Blaize.Security examined the security of the Sui TypeScript SDK that provides multisig functionality.

Submitted on August 31, 2023

zkLogin Circuits and Ceremony

zkSecurity conducted an audit of Sui's zkLogin primitive, consisting of Circom circuits, typescript files, and ceremony code on top of snarkjs..

Submitted on September 11, 2023

Rust Multisig SDK Audit

Blaize.Security examined the security of the Sui multisig rust implementation.

Submitted on October 9, 2023

Sui Wallet (zkLogin Components)

Critical Section Security audited new features on Sui Wallet related to zkLogin.

Submitted on October 11, 2023

Sui Bridge Audit v1 (First Pass)

Sui Bridge Audit v1 (Second Pass)

DeepBook V3

Questions and Resources

Report a security issue

Security documentation

Audit reports

Trademark usage policy