Sui’s mainnet recently encountered a series of disruptions, suffering three distinct outages over the course of May 28 and May 29, following the network’s significant 1.72 release. According to an analysis by the Sui Foundation, these outages were primarily caused by unexpected edge cases in gas charging and validator restart logic. The foundation has since confirmed that these issues have been resolved, with network activity returning to normal and affirming that “no user funds were at risk.”
The first outage occurred on Thursday, May 28, around 7 a.m. PT, and lasted until approximately 1:30 p.m. PT. A second disruption took place on Friday morning, beginning at about 5 a.m. PT and concluding around 8:30 a.m. PT. The final halt began Friday afternoon at approximately 1:30 p.m. PT and was resolved by 7:20 p.m. PT.
The Sui Foundation noted that the initial two outages were the result of crash bugs linked to the new gas charging logic introduced in the 1.72 upgrade, which allowed for address balances. The third outage was a separate incident, triggered during a scheduled epoch change when validator restarts exposed a latent bug in the handling of randomness state preservation.
During the outages, the Sui Foundation reassured its users, stating, “no user funds were at risk, and the network did not revert any committed transactions when it resumed.” They further explained that validators had effectively addressed the known issues stemming from both the gas-charging bug and the randomness-state bug, allowing network activity to resume.
Sui Gas Charging Bug Triggered Initial Halts
The first issue arose from Sui’s innovative address balance feature, enabling users to store funds and pay for gas without relying solely on coin objects. This new functionality permits transactions to be processed using gas from address balances, coin objects, or a combination of both.
The edge case that triggered the outages emerged in the hybrid gas path. When a transaction attempted to withdraw from an address balance insufficient to cover competing transactions, it was appropriately canceled with an InsufficientFundsForWithdraw error. However, during the gas smashing phase—which combines input coins into a single gas-paying coin—the same reservation could attempt to debit funds again.
According to the foundation’s explanation, the crash occurred not during gas smashing but during the settlement phase when balance deltas were reconciled. An underflow was triggered by a negative delta applied to a zero balance.
To address the issue, an immediate but temporary fix was implemented: avoiding gas smashing when a transaction was canceled due to InsufficientFundsForWithdraw. Validators adopted this fix on Thursday, restoring the network to functionality. However, the foundation acknowledged that this was merely a stopgap solution while engineers worked on a more comprehensive fix.
“Changing gas logic is a delicate operation,” stated the foundation. “There are complicated interactions between address balances and coins. Changes must preserve previous behavior or utilize appropriate version gating.”
This interim patch, while helpful, contained a known vulnerability. If a transaction had multiple cancellation reasons, another error could obscure the InsufficientFundsForWithdraw condition. This led to a recurrence of the original underflow issue, resulting in the second outage on Friday morning.
Epoch Change Exposed Randomness-State Bug
The third outage occurred after the network had resumed normal operations on Friday morning. During the next scheduled epoch change, validators were unable to complete the transition due to a bug related to Sui’s distributed key generation protocol (DKG), which is essential for transactions that require on-chain randomness.
During the earlier restart cycle, insufficient participation in DKG meant that randomness was disabled as intended. However, the failure verdict was not recorded to disk. When validators restarted, they failed to recognize that the DKG process had not been completed.
As a result, validators did not remember the DKG failure, leading to a backlog in the paused queue. The end-of-epoch logic, which must clear this queue before closing, became stuck as it awaited a DKG resolution that would never materialize.
The solution involved two components: ensuring the DKG status persisted across restarts and introducing a mechanism that allowed validators to close the stalled epoch at a coordinated point. This mechanism was successfully employed to close the affected epoch, allowing the network to progress to the next epoch and restore randomness.
The Sui Foundation framed these outages as valuable engineering lessons, emphasizing the need for enhanced resilience in end-of-epoch transitions, particularly regarding graceful degradation and operational force-close mechanisms. They also highlighted that gas charging requires the same level of thoroughness as the Move VM or Mysticeti consensus due to its critical role in settlement, conservation checks, and scheduling.
As of the latest update, SUI is trading at $0.8798.
