In 2024, the surging momentum of Sui has ignited the first spark in the Move ecosystem.
Firstly, a nearly 70% surge in the past week has brought attention back to this shining star in the Move ecosystem. According to DefiLlama data, Suiâs Total Value Locked (TVL) has reached $327 million, with a 6.76% increase in the last 24 hours and a remarkable 73.19% surge in the past 7 days. The current top three protocols by on-chain TVL are Cetus ($62.44 million), NAVI Protocol ($61.42 million), and Scallop Lend ($54.96 million).
As a key player in the Move ecosystem, Sui is committed to promoting the security, interoperability, and sustainable development of digital assets. The Beosin research team will once again explore the opportunities for Sui in 2024 from a security perspective.
Is the Strong Momentum of Sui a Solana Killer or ETH Killer?
Sui, created by Mysten Labs, is a high-performance blockchain that enables developers to build low-latency, high-throughput applications on Sui. Mysten Labs, founded by Evan Cheng, former head of Facebookâs Novi project, raised $36 million in December 2021 and secured a valuation of over $2 billion with a $300 million funding round in September 2022.
Suiâs distinctive feature is its object-centric data model. Each object stores a global, unique ID, metadata of the owner, a version number (increments with each object call), and Binary Canonical Serialization data, as shown in the diagram below:
Due to the object-based data model, Sui can group transactions based on the interdependence of objects in different transactions. This allows for parallel processing of multiple transactions on different nodes.
Sui categorizes objects into owned objects and shared objects.
For transactions containing only owned objects (e.g., tokens and NFTs), Sui uses the Byzantine Consistent Broadcast (BCB) consensus algorithm to confirm transactions. The BCB consensus algorithm involves validators voting on whether to package transactions, with the transaction initiator then tallying the votes. Validators subsequently verify the tally to decide whether to package the transactions. This algorithmâs advantage lies in the tally process being executed on the client side, reducing communication time between validator nodes and quickly confirming transactions.
For transactions involving shared objects, used in applications like DeFi, NFT trading markets, and games that require frequent user interactions, Sui utilizes the Narwhal and Bullshark protocols for sorting and verification. Narwhal serves as Suiâs transaction memory pool, responsible for checking pending transactions and generating a directed acyclic graph path traversal for these transactions. Bullshark reaches consensus on a specific directed acyclic graph traversal, thereby confirming the specific order of these transactions.
Based on this design, Sui has achieved a maximum tested Transactions Per Second (TPS) of 297,000, with transaction confirmation taking approximately 480 milliseconds, demonstrating excellent performance.
Advantages of Sui Compared to Solana and Ethereum
1. Safer Underlying Design
Sui supports Move smart contracts, which undergo byte verification before execution. Move language features a built-in bytecode verifier to check resource, type, and memory safety, helping prevent common errors and malicious code attacks before contract execution.
2. Native Resource Safety
Suiâs object-centric data model allows developers to set permissions and program resources using keywords like copy, drop, store, and key. In contrast, Solana lacks native resource safety, requiring individual contracts to implement resource safety.
3. Greater Emphasis on User Security
Sui provides transaction pre-execution services, allowing wallet service providers to inform users of contract execution results and permissions before transaction signing. This helps users clearly understand the potential consequences of transactions when interacting with dApps, significantly reducing fraud risks.
What Opportunities are there for the Top Three Projects on Sui to Participate?
Cetus
Cetus aims to develop a flexible and powerful primary liquidity network, facilitating asset trading for Aptos and Sui. The protocol focuses on liquidity with incentives and a range of interoperable operational modules to provide the best trading experience and efficiency for consumers in the DeFi ecosystem. Some liquidity pools in Cetus receive official liquidity incentives from Sui, offering CETUS rewards alongside SUI token rewards.
2. NAVI Protocol
NAVI Protocol offers lending services for mainstream tokens, stablecoins, and CETUS tokens. Innovative features like automatic leverage vaults and isolation mode enable users to leverage their assets with minimal risk for new trading opportunities. NAVI supports digital assets at different risk levels, and its advanced security features ensure fund protection and mitigate systemic risks. NAVI has collaborated with OKX DeFi to launch an additional yield service, offering users up to 35% APY for USDC deposits, with a total pool of 50,000 USDC and 100,000 CETUS.
3. Scallop Lend
Scallop Lend is the largest lending protocol in the Sui ecosystem and the first DeFi protocol officially funded by the Sui Foundation. Similar to NAVI Protocol, Scallop Lend provides lending services for eight tokens and offers an SDK for professional traders. Scallop Lend completed its airdrop snapshot on January 1, 2024, initiating the first phase of the airdrop.
Users who missed the first phase of the airdrop can continue using Scallop Lendâs lending services to receive rewards in the second phase of the airdrop.
Beosin Launches Security Audit Services for Move Smart Contracts
Beosinâs collaboration with Sui began last year, and the Beosin security team discovered vulnerabilities in multiple public chains. One particularly interesting vulnerability, discovered in Suiâs p2p protocol, causing denial-of-service issues leading to node crashes due to memory exhaustion. This denial-of-service vulnerability, caused by an ancient attack method known as a âmemory bomb,â is detailed in Beosinâs discovery of a severe-level vulnerability in Move VM.
Potential Vulnerabilities in Move Contracts
Supply Chain Security Awareness: Developers using Aptos, Sui, or other frameworks based on Move should maintain a certain level of security awareness to ensure supply chain security.
Function Permission Issues: Careful delineation of permissions for function calls is crucial, especially for critical functions related to governance, as improper authorization can impact fund security.
Logic Issues in Design and Implementation: Attention should be paid to logical issues in business logic during design and code implementation. For example, Beosin conducted research on Moveâs version of flash loans, as detailed in Web3 Technical Research | Differences between Solidity Flash Loan Implementation and Move and Rust Flash Loan Implementation.
Module Upgrades: Move projects should be cautious when upgrading modules, as the code owner remains unchangeable after initial deployment, and the deployerâs address permanently holds upgrade permissions.
Move Contract Audit Service and Audit Items
Beosinâs security team launched a security audit service for Move smart contracts at the end of 2022, aiming to proactively identify and assist project teams in addressing security risks within their projects, ensuring the safety of both users and project assets. The main security audit items include:
Overflow vulnerabilities
Replay attacks
Insecure random number generation
Transaction order dependencies
Denial-of-service vulnerabilities
Access control issues
Improper permissions
Business design flaws
Business implementation issues
Manipulable token prices
Arbitrage attacks
Gas optimization
Security of third-party modules
Capability security
Resource security
Upgrade security
Centralization risks
For detailed information on Beosinâs Move smart contract security audit service, you can refer to âBeosin | Official Launch of Security Audit Service for Move Smart Contracts, Examining Move Language from a Security Perspective (Part 1)â.
In addition, Beosin introduced the Move Lint static analysis tool in 2023, aiding developers in automating the discovery of potential security vulnerabilities within contracts, pinpointing the origin of vulnerabilities, and enhancing the overall security of contracts. For more details, you can refer to âBeosin launched the Move Lint static detection tool to improve the security of Sui smart contract development through best practicesâ.
Will Sui Achieve Faster Growth in 2024?
The Move smart contract language is designed to be secure and reliable, aiming to avoid vulnerabilities and security risks present in traditional smart contract languages like Solidity. This design choice makes Suiâs contracts more trustworthy and secure, providing users with better assurance.
Sui is gearing up for growth in 2024, emphasizing ecosystem development as one of its strategies. With a Total Value Locked (TVL) of $327 million, Sui demonstrates user trust and engagement, indicating rapid growth in its ecosystem and a continuous increase in users. Additionally, Sui ranks among the top three in on-chain TVL for non-EVM chains, alongside protocols like Cetus, NAVI Protocol, and Scallop Lend, collectively propelling the development of the Move ecosystem.
Letâs eagerly anticipate Suiâs development in 2024.
Contact
If you need any blockchain security services, welcome to contact us:
Official Website Beosin EagleEye Twitter Telegram Linkedin
