Security lives at the heart of Sui

From the ground up, every layer of Sui is designed to protect users, developers, and assets.

Hardened by design

[ → ]

High-velocity finance demands a high standard of security. Sui is built to meet that standard:

Move: No reentrancy attacks

Move requires all function calls to be statically known, making contract behavior predictable and closing the door on dynamic dispatch exploits.

Move: Native access control

Ownership is managed at the protocol level through object metadata, so unauthorized modifications are structurally impossible without relying on manual checks.

Proactive auditing

Sui partners with leading security firms to audit the network and affiliated products continuously. Findings and remediation steps are shared openly to maintain transparency and community trust.

Future-forward defense

From quantum-resistant cryptography research to AI-powered vulnerability detection, the team actively explores emerging threats, staying ahead of the curve.

Build secure from your first line of code

[ → ]

Start with security best practices, written by the people who designed the network, and then dig into developer resources and code quality checklists for every stage of your build.

Security best practices

Explore developer resources

Code quality checklist

Get audited and verified

Work with trusted security partners to secure your product. Explore the directory:

Asymptotic
Formal Verification

A specialized partner focusing on Move-based smart contracts. They provide deep-tier formal verification to prove the mathematical correctness of core protocol logic (e.g., accounting and liquidations).

Certora
Formal Verification

A technology-first firm that provides the "Certora Prover," an automated formal verification tool. They allow developers to write custom security rules (specifications) that the system mathematically validates against the code.

Trail of Bits

A security research firm that conducts deep architectural reviews and threat modeling. They are known for building their own security tooling and focusing on long-term system resilience beyond a simple code audit.

OtterSec

A research-driven firm with deep expertise in modern runtimes like Move. They pair manual auditing with custom-built fuzzing tools and a white-hat attacker mindset to surface complex, non-obvious vulnerabilities.

Movebit

A security firm dedicated to the Move ecosystem. They provide a mix of manual audits and proprietary static analysis tools (like the Move Analyzer) specifically designed to catch Move-specific logic errors.

Zellic

Zellic provides high-end, manual security assessments with a focus on complex cryptography and protocol design. Their Zenith arm is specialized for rapid, high-coverage reviews for projects moving toward launch.

Pashov Audit Group

A collective of high-ranked independent security researchers. They specialize in "time-boxed" manual reviews, where a team of top-tier auditors aggressively hunts for vulnerabilities within a concentrated window.

Recent reports on Sui

Bella Ciao Move VM Rewrite Security Assessment

Zellic reviewed the code for the "Bella Ciao" Move VM rewrite, assessing its modernized package-centric architecture and arena-based memory management to ensure performance optimizations do not introduce security vulnerabilities or design weaknesses.

December 9, 2025
Deepbook Margin Smart Contract Security Assessment

Zellic reviewed Deepbook Margin’s code for security vulnerabilities, design issues, and general weaknesses in security posture to ensure the protocol correctly handles leveraged trading on-chain.

November 12, 2025
Mysten Sui Adapter Security Assessment

OtterSec conducted a security assessment of the Sui Adapter to verify its ability to statically load and verify programmable transactions while enforcing strict safety invariants.

October 30, 2025
Mysten Move VM Security Assessment

OtterSec assessed the Move VM rewrite, focusing on performance and memory efficiency, to identify potential vulnerabilities within the refactored interpreter and execution layers.

July 24, 2025
Mysten Walrus Smart Contract Security Assessment

OtterSec reviewed the Walrus smart contracts to ensure the secure management of storage, payments, and governance metadata on the Sui blockchain.

March 3, 2025
Sui Wallet (zkLogin Components)

Critical Section Security audited new features on Sui Wallet related to zkLogin.

October 11, 2023
Rust Multisig SDK Audit

Blaize.Security examined the security of the Sui multisig rust implementation.

October 9, 2023
zkLogin Circuits and Ceremony

zkSecurity conducted an audit of Sui's zkLogin primitive, consisting of Circom circuits, typescript files, and ceremony code on top of snarkjs..

September 11, 2023
TS SDK Audit

Blaize.Security examined the security of the Sui TypeScript SDK that provides multisig functionality.

August 31, 2023
Secp256r1 Implemention

Common Prefix conducted an audit of the ECDSA implementation within Sui's fastcrypto library.

June 8, 2023
Sui-System

FYEO conducted a security assessment of sui-system, the staking code in Move.

June 2023
Move and Sui Security Assessmen

Zellic reviewed Move and Sui Security Assessment’s code for security vulnerabilities, design issues, and general weaknesses in security posture.

May 8, 2023
BLS12381

Common Prefix conducted an audit of the BLS12381 implementation within Sui's fastcrypto library.

April 2023
Secp256k1 Implementation

Common Prefix conducted an audit of the Elliptic Curve Digital Signature Algorithm (ECDSA) sec256k1 implementation within Sui's fastcrypto library.

April 2023
ECVRF and Ristretto255

Common Prefix conducted an audit of the Elliptic Curve Verifiable Random Function and Ristretto255 implementations within Sui's fastcrypto library.

April 2023
Miscellaneous Audits

OtterSec performed an assessment of sui-verifier, sui-framework, sui-governance, sui-json-rpc, sui-adapter, collectibe, kiosk, suifrens, suins and sui.id programs.

Mixed duration
DeepBook CLOB

Zellic reviewed DeepBook’s code for security vulnerabilities, design issues, and general weakness in security posture.

April 26, 2023
Sui Core L

Halborn conducted a security audit on Sui with the goal of ensuring it operated as intended and identifying potential security issues with the codebase.

April 21, 2023
Denial-of-Service Security Assessment

Halborn conducted a DoS security audit to identify if there was any risk of DoS conditions on nodes that may result from custom transactions and signatures.

April 14, 2023
JSON-RPC Audit WebApp Pentest

Halborn conducted a security audit on the JSON-RPC API.

March 31, 2023
Groth16 Verifier API

Halborn conducted a security audit of the Groth16 verifier API to ensure the smart contract functions as intended and identify potential security issues.

December 9, 2022
Sui Adapter & Verifier

Halborn conducted a security audit of Sui’s smart contracts to ensure they operate as intended and to identify any potential security issues.

October 14, 2022
Sui Typescript SDK

Halborn conducted a security audit of the Sui Typescript SDK in order to improve the quality of the systems reviewed and to target sufficient remediation to help protect users.

October 6, 2022
View More
Resources

Developer resources

Get involved

Bug bounty program

Report a security issue

Join Discord

Follow

Platform/

Solutions/

Developers/

Community/

Resources/

About/

©2026 Copyright Sui Foundation. All rights reserved