Sui 主網三天三度中斷！官方報告解釋：「負餘額」與「隨機狀態」兩大致命漏洞風險

Sui experienced three consecutive outages on the mainnet from Thursday to Friday, totaling over seven hours of trading halt. The "address balance" feature introduced in version 1.72 exposed a transaction fee deduction flaw, leading to negative balances and system crashes. The emergency fix itself carried known disruption risks, triggering a second round of failures.
(Background recap: An Ethereum developer's six major complaints: ETH was defeated not by an opponent but by itself)
(Additional context: CFTC opens up perpetual crypto contracts, finally lifting derivatives market restrictions for U.S. domestic investors)

Sui's mainnet experienced three consecutive outages from Thursday to Friday, with over seven hours of halted trading. The Sui Foundation subsequently released a comprehensive incident analysis report tracing the three outages back to two separate vulnerabilities introduced in version 1.72. This chain of failures revealed a critical weakness in the blockchain upgrade process: the emergency fix itself became a trigger for the next collapse.

Table of Contents

Toggle

• Incident Timeline
• Random State Vulnerability and the Third Outage
• Core Issue Diagnosis
• Fixes and Future Safeguards
• Market Reactions

Incident Timeline

The first outage occurred last Thursday, lasting about six and a half hours. The "address balance" feature added in v1.72 exposed a flaw in the transaction fee deduction mechanism: when a transaction is canceled due to insufficient funds, the network still deducts those funds, creating a negative balance and causing validation nodes to crash during reconciliation. Such issues are not uncommon in blockchain upgrades; the core problem lies in insufficient stress testing of edge states.

More seriously, the emergency fix pushed by the Sui team on Thursday carried a "known disruption risk." To quickly restore on-chain services, the team accepted this trade-off, which resulted in the network going down again on Friday morning—second outage. This is a typical "patching compounding effect": the first fix introduces new states, and the second fix triggers a chain reaction before the previous state stabilizes.

Random State Vulnerability and the Third Outage

The third outage was caused by another undisclosed random state vulnerability. This occurred during the restart and patch installation of validation nodes—meaning the fix process itself could trigger new uncertainties. This tension between hot fixes and cold startups is a common blind spot in blockchain upgrades.

Core Issue Diagnosis

Overall, the three consecutive outages on Sui exposed three structural weaknesses:

• Lack of isolation layers for emergency fixes—The v1.72 fix was directly deployed to the mainnet without isolated testing on testnet
• Insufficient stress testing of state machine—Negative balance issues should have been caught during edge case transaction testing
• The fix itself introduced new risks—The team admitted to accepting "known disruption risks" but did not disclose this to the community beforehand

Fixes and Future Safeguards

Sui stated that user funds were never at substantial risk, and both vulnerabilities have been fully patched. Meanwhile, the Foundation established a "forced epoch termination" mechanism—when validation nodes get stuck during reconciliation, an automatic epoch switch is triggered to restore network liquidity.

This incident offers a lesson for blockchain upgrade processes: emergency fixes need a "safety valve." Specifically, before deploying to mainnet, at least 20-30% of validators should upgrade first and observe for one epoch, rather than a full network switch. Similar practices are widely adopted in Cosmos SDK upgrade procedures.

From the perspective of Taiwanese users, DeFi protocols within the Sui ecosystem (such as Bluefin, Meteora) experienced varying degrees of liquidity lock during Thursday to Friday. Some LPs found that impermanent loss was larger than expected—because price feeds remained nearly static during the six and a half hours of downtime. This on-chain price freeze effect during Layer 1 outages warrants attention from all liquidity providers.

Market Reaction

Sui's token ($SUI) fluctuated approximately 8-12% after the outages, indicating the market's relatively strong capacity to digest short-term infrastructure failures. Compared to the about 15% price drop during Aptos mainnet outages in 2024, market patience for blockchain downtime appears to be increasing.

$APT #