Post
Share your knowledge.
Sui Move Security Tip: Don't Drop the Hot Potato
In Sui, every asset is an object and every object is a little state machine.
One common enforcement pattern is the Hot Potato: a struct with no abilities, which must be consumed before the transaction ends or the whole thing aborts.
Flash loans often rely on this. A Receipt is returned to the borrower and must be returned to the protocol to prove repayment.
❌Add drop to the Receipt ✅You’ve just introduced a critical vuln
Now the borrower can drop the potato and walk away without repaying.
Move’s drop ability lets anyone destroy the object unless you intentionally prevent it by omitting the drop ability.
Pro Tip: audit every struct in your protocol.
🔴If it represents an obligation (like a flash loan receipt), remove drop 🟢If it shouldn’t be copied, remove copy 🔵If it shouldn’t be global, remove store
Sui Move gives you low-level control over asset semantics. Misuse even one ability, and enforcement breaks.
Handle objects carefully. Don’t drop the hot potato
- SDKs and Developer Tools
- Transaction Processing
Answers
1If Hot Potato is a struct without abilities, why would anyone add a drop? By definition, it shouldn't have drop or any other abilities. :)
Also, I think it would be better to have extra fields for Receipt, like the amount that was borrowed, and match against it rather than hardcoding 10 MIST. This would better illustrate how a Receipt could be used.
Do you know the answer?
Please log in and share it.
Sui is a Layer 1 protocol blockchain designed as the first internet-scale programmable blockchain platform.
- Why does BCS require exact field order for deserialization when Move structs have named fields?53
- Multiple Source Verification Errors" in Sui Move Module Publications - Automated Error Resolution43
- Sui Transaction Failing: Objects Reserved for Another Transaction25
- How do ability constraints interact with dynamic fields in heterogeneous collections?05