Post
Share your knowledge.
What Are Common Security Pitfalls in Sui Move Development?
I’m auditing a Sui Move smart contract and want to avoid critical vulnerabilities. From reviewing past exploits, I’ve seen: access control issues, arithmetic overflows, reentrancy risks, frontrunning, improper object ownership
Questions:
What are the most critical Sui Move vulnerabilities to watch for?
How does Move’s ownership model prevent/differ from traditional reentrancy?
Are there Sui-specific attack vectors (e.g., object spoofing)?
- Sui
- Architecture
Answers
2Answer
1. Top 5 Security Pitfalls in Sui Move
Improper Access Control
Risk: Functions that should be restricted are callable by anyone.
Example:
move
public fun admin_withdraw(signer: &signer) { // No check!
withdraw_coins(signer, ...);
}
Fix:
move
public fun admin_withdraw(signer: &signer, admin_cap: &AdminCap) {
assert!(address_of(signer) == admin_cap.admin, EUnauthorized);
}
Key Insight: Use capability patterns (AdminCap, OwnerCap) to gate sensitive ops.
Arithmetic Overflows/Underflows
Risk: u64 math wraps around silently (e.g., balances going to 0 → 2^64-1).
Example:
move
let total = user_balance + deposit_amount; // Overflow possible
Fix:
move
use sui::math;
let total = math::checked_add(user_balance, deposit_amount)?;
Pro Tip: Always use:
math::checked_* (add/sub/mul/div)
balance::join()/split() for coins.
Shared Object Race Conditions
Risk: Concurrent modifications to shared objects (e.g., AMM pools) leading to corrupted state.
Example:
move
// Two TXNs read pool.reserves simultaneously → bad swap rates
Fix:
Use &mut exclusively where possible.
For shared objects, design idempotent operations (e.g., require TXN digests as nonces).
Sui Advantage: Move’s type system prevents reentrancy (unlike Solidity), but shared objects can still race.
Frontrunning and MEV
Risk: Miners reordering TXNs to extract value (e.g., sandwich attacks).
Example:
move
// AMM swap with no slippage check:
let dy = reserve_y * dx / reserve_x; // Miner can manipulate `reserve_x/y`
Fix:
Require min_received parameters:
move
assert!(dy >= min_dy, EInsufficientOutput);
Use deadline checks:
move
assert!(tx_context::epoch(ctx) <= deadline, EExpired);
Phantom Type Confusion
Risk: Using the wrong type parameter (e.g., mixing Coin<USD> and Coin<USDC>).
Example:
move
public fun merge_coins<C>(a: Coin<C>, b: Coin<C>) { ... }
// Can be called with `Coin<USD>` and `Coin<USDC>` if `C` isn’t constrained!
Fix:
move
constraint C: store + drop; // Restrict valid types
2. Sui-Specific Attack Vectors
Object Spoofing Risk: Fake objects injected via malicious RPC calls. Defense:
Always verify object ownership (has key and owner field).
Use object ID whitelists for critical operations.
Dynamic Field Hijacking Risk: Attacker adds malicious dynamic fields to your object. Defense:
Mark objects with store only if necessary.
Use private wrappers for sensitive data.
There are article about Security Best Practices for Building on Sui. It's awesome to check this https://blog.sui.io/security-best-practices/
Do you know the answer?
Please log in and share it.
Sui is a Layer 1 protocol blockchain designed as the first internet-scale programmable blockchain platform.
- Why does BCS require exact field order for deserialization when Move structs have named fields?53
- Multiple Source Verification Errors" in Sui Move Module Publications - Automated Error Resolution42
- Sui Transaction Failing: Objects Reserved for Another Transaction24
- How do ability constraints interact with dynamic fields in heterogeneous collections?04