Sui is a smart contract platform maintained by a permissionless set of
validators that play a role similar to validators or miners in other
blockchain systems.
- All submissions must go through the [HackenProof portal](https://hackenproof.com/programs/sui-protocol).
- **5 Antispam fee** on HackenProof required to submit.
- **KYC required** — you will be asked for KYC verification before payment.
- **PoC required** — all submissions must include a working proof of concept.
- Severity is **independently scored** using the matrix in this document —
reporter-claimed severity is treated as advisory only.
- Payouts are in USD. Sui is entitled to make payment in its native **SUI token**.
- Previous audits and known issues: https://github.com/sui-foundation/security-audits
Started date: 15 Sep 2023Last updated: 27 May 2026Submissions: 724
'%3e%3cpath%20d='M12.4997%201.33325C10.39%201.33325%208.32772%201.95884%206.5736%203.13091C4.81947%204.30298%203.4523%205.96888%202.64496%207.91796C1.83763%209.86704%201.62639%2012.0118%202.03797%2014.0809C2.44955%2016.15%203.46545%2018.0506%204.95721%2019.5424C6.44897%2021.0342%208.34959%2022.0501%2010.4187%2022.4616C12.4878%2022.8732%2014.6326%2022.662%2016.5816%2021.8546C18.5307%2021.0473%2020.1966%2019.6801%2021.3687%2017.926C22.5408%2016.1719%2023.1663%2014.1096%2023.1663%2011.9999C23.1663%209.17094%2022.0425%206.45783%2020.0422%204.45745C18.0418%202.45706%2015.3287%201.33325%2012.4997%201.33325ZM12.4997%2021.3333C10.6537%2021.3333%208.84922%2020.7859%207.31436%2019.7603C5.7795%2018.7347%204.58322%2017.2771%203.8768%2015.5716C3.17039%2013.8662%202.98555%2011.9896%203.34568%2010.1791C3.70581%208.36859%204.59473%206.70554%205.90002%205.40025C7.20531%204.09496%208.86835%203.20605%2010.6788%202.84592C12.4893%202.48579%2014.3659%202.67063%2016.0714%203.37704C17.7768%204.08346%2019.2345%205.27974%2020.2601%206.8146C21.2856%208.34945%2021.833%2010.154%2021.833%2011.9999C21.833%2014.4753%2020.8497%2016.8492%2019.0993%2018.5996C17.349%2020.3499%2014.975%2021.3333%2012.4997%2021.3333Z'%20fill='white'/%3e%3cpath%20d='M19.167%208.06667C19.042%207.9425%2018.8731%207.8728%2018.697%207.8728C18.5208%207.8728%2018.3519%207.9425%2018.227%208.06667L10.8269%2015.4333L6.82695%2011.4333C6.70495%2011.3016%206.53562%2011.2237%206.35621%2011.2169C6.1768%2011.21%206.00201%2011.2747%205.87028%2011.3967C5.73856%2011.5187%205.66069%2011.688%205.65382%2011.8674C5.64694%2012.0468%205.71162%2012.2216%205.83362%2012.3533L10.8269%2017.3333L19.167%209.01333C19.2294%208.95136%2019.279%208.87762%2019.3129%208.79638C19.3467%208.71514%2019.3642%208.62801%2019.3642%208.54C19.3642%208.45199%2019.3467%208.36485%2019.3129%208.28361C19.279%208.20237%2019.2294%208.12864%2019.167%208.06667Z'%20fill='white'/%3e%3c/g%3e%3cdefs%3e%3cclipPath%20id='clip0_2790_31187'%3e%3crect%20width='24'%20height='24'%20fill='white'%20transform='translate(0.5)'/%3e%3c/clipPath%3e%3c/defs%3e%3c/svg%3e)
'%3e%3cpath%20d='M11.488%209.6C11.552%209.072%2011.6%208.544%2011.6%208C11.6%207.456%2011.552%206.928%2011.488%206.4H14.192C14.32%206.912%2014.4%207.448%2014.4%208C14.4%208.552%2014.32%209.088%2014.192%209.6M10.072%2014.048C10.552%2013.16%2010.92%2012.2%2011.176%2011.2H13.536C12.7609%2012.5346%2011.5313%2013.5456%2010.072%2014.048ZM9.872%209.6H6.128C6.048%209.072%206%208.544%206%208C6%207.456%206.048%206.92%206.128%206.4H9.872C9.944%206.92%2010%207.456%2010%208C10%208.544%209.944%209.072%209.872%209.6ZM8%2014.368C7.336%2013.408%206.8%2012.344%206.472%2011.2H9.528C9.2%2012.344%208.664%2013.408%208%2014.368ZM4.8%204.8H2.464C3.23091%203.46163%204.45973%202.44899%205.92%201.952C5.44%202.84%205.08%203.8%204.8%204.8ZM2.464%2011.2H4.8C5.08%2012.2%205.44%2013.16%205.92%2014.048C4.46261%2013.5458%203.23543%2012.5346%202.464%2011.2ZM1.808%209.6C1.68%209.088%201.6%208.552%201.6%208C1.6%207.448%201.68%206.912%201.808%206.4H4.512C4.448%206.928%204.4%207.456%204.4%208C4.4%208.544%204.448%209.072%204.512%209.6M8%201.624C8.664%202.584%209.2%203.656%209.528%204.8H6.472C6.8%203.656%207.336%202.584%208%201.624ZM13.536%204.8H11.176C10.9252%203.80929%2010.5545%202.85288%2010.072%201.952C11.544%202.456%2012.768%203.472%2013.536%204.8ZM8%200C3.576%200%200%203.6%200%208C0%2010.1217%200.842855%2012.1566%202.34315%2013.6569C3.08601%2014.3997%203.96793%2014.989%204.93853%2015.391C5.90914%2015.7931%206.94943%2016%208%2016C10.1217%2016%2012.1566%2015.1571%2013.6569%2013.6569C15.1571%2012.1566%2016%2010.1217%2016%208C16%206.94943%2015.7931%205.90914%2015.391%204.93853C14.989%203.96793%2014.3997%203.08601%2013.6569%202.34315C12.914%201.60028%2012.0321%201.011%2011.0615%200.608964C10.0909%200.206926%209.05058%200%208%200Z'%20fill='white'/%3e%3c/g%3e%3cdefs%3e%3cclipPath%20id='clip0_2766_6931'%3e%3crect%20width='16'%20height='16'%20fill='white'/%3e%3c/clipPath%3e%3c/defs%3e%3c/svg%3e)
'%3e%3cpath%20d='M3.35782%201.66741C3.3576%202.10941%203.1805%202.53322%202.86548%202.84561C2.55047%203.158%202.12334%203.33337%201.67807%203.33315C1.2328%203.33293%200.805847%203.15713%200.491147%202.84443C0.176448%202.53173%20-0.000222427%202.10774%202.10167e-07%201.66574C0.000222847%201.22374%200.177321%200.799926%200.492335%200.487539C0.807349%200.175152%201.23447%20-0.000220793%201.67975%202.08623e-07C2.12502%200.00022121%202.55197%200.176018%202.86667%200.488718C3.18137%200.801417%203.35804%201.2254%203.35782%201.66741ZM3.40819%204.56725H0.0503674V15H3.40819V4.56725ZM8.71354%204.56725H5.37251V15H8.67996V9.5253C8.67996%206.47547%2012.6842%206.19216%2012.6842%209.5253V15H16V8.39203C16%203.25065%2010.0735%203.44231%208.67996%205.96717L8.71354%204.56725Z'%20fill='white'/%3e%3c/g%3e%3cdefs%3e%3cclipPath%20id='clip0_2766_6495'%3e%3crect%20width='16'%20height='16'%20fill='white'/%3e%3c/clipPath%3e%3c/defs%3e%3c/svg%3e)
'%3e%3cpath%20d='M12.6%200.749512H15.0537L9.69372%206.89123L16%2015.2501H11.0629L7.19314%2010.1815L2.77029%2015.2501H0.314286L6.04686%208.67865L0%200.750655H5.06286L8.55543%205.38265L12.6%200.749512ZM11.7371%2013.7781H13.0971L4.32%202.14494H2.86171L11.7371%2013.7781Z'%20fill='white'/%3e%3c/g%3e%3c/svg%3e)
Triaged by HackenProof