The skyrocketing Sui is gaining momentum. Are you ready to launch the first move of the Move ecosystem?

In 2024, the skyrocketing Sui gained momentum and launched the first shot of the Move ecosystem.

First of all, it has surged nearly 70% in the past week, making the market pay attention to this Move again. The bright star of the series, according to DefiLlama data,Sui TVL has reached 327 million US dollars, an increase of 6.76% in 24 hours, and an increase of 73.19% in the past 7 days. The current top three TVL protocols on its chain are: Cetus (USD 62.44 million), NAVI Protocol (USD 61.42 million) and Scallop Lend (USD 54.96 million).

As an important member of the Move ecosystem, Sui is committed to promoting the security, interoperability and sustainable development of digital assets. Today, follow the security perspective of the Beosin research team and take another look at what opportunities Sui will have in 2024.

The Sui with strong momentum, is it Solana Killer or ETH Killer?< /p>

Sui is a high-performance public chain created by Mysten Labs, allowing developers to build on Sui Low latency, high throughput applications. Mysten Labs, founded by Evan Cheng, the former head of Facebook's Novi project, raised US$36 million in December 2021 and then raised US$300 million in September 2022 at a valuation of more than US$2 billion.

Sui is characterized by an object-centric data model. Each object will store a global, unique ID, a copy of the owner's metadata, a version number (version: 1 will be added each time the object is called) and a binary specification sequence ized data (Binary Canonical Serialization) , as shown in the following figure:

Due to the object data model, Sui can Whether the objects in the transaction depend on each other group the transactions so that different transactions can be processed at different nodes and multiple transactions can be processed in parallel.

Sui divides objects into owned objects and shared objects.

Owned object usage scenarios include tokens and NFT . For transactions that only contain owned objects, Sui uses the Byzantine Consistent Broadcast (BCB) consensus algorithm to confirm the transaction. The BCB consensus algorithm can be simply understood as first the verifiers vote whether to package the transaction, then the transaction initiator counts the voting results, and then the verifier checks whether the statistical results are correct to decide whether to package the transaction. The advantage of this algorithm is that the statistical process is executed on the client side, which reduces the communication time between validator nodes, thereby quickly confirming transactions.

Shared object is used in DeFi, NFT trading markets, games, etc. Applications that require frequent interaction with users. For transactions containing shared objects, Sui uses the Narwhal and Bullshark protocols for sorting and verification. Narwhal is Sui's transaction memory pool, responsible for checking pending transactions and generating a directed acyclic graph path to traverse these transactions. Bullshark reaches consensus on a specific directed acyclic graph traversal, thereby confirming a specific order of these transactions.

Based on the above design, the current TPS tested by Sui has reached a maximum of 297,000, and the transaction confirmation time is about 480ms, showing excellent performance.

Compared with Solana and Ethereum, what are the advantages of Sui?

(1)  The underlying design is safer

The Move smart contract supported by Sui requires byte verification first Then execute it. The Move language has built-in bytecode verifiers to check resource, type and memory safety. This can check for many common errors before executing the contract and prevent the contract from being attacked by malicious code.

(2)  Native resource security< /span>

Sui's object-centric data model allows development Users use the four keywords copy, drop, store, and key to set permissions and program resources. Solana does not have native resource security, and resource security is implemented by each contract.

(3)  Pay more attention to user safety

Sui provides transaction pre-execution services, and wallet service providers can pre-execute contracts The user is then notified of the contract execution results and contract permissions, helping them to clearly understand the possible consequences of the transaction before signing the transaction when interacting with the dApp, greatly reducing the risk of fraud.

What other opportunities are available to participate in the Three Musketeers on Sui?

Currently, Sui’s top projects include Cetus, a one-stop DeFi project, Lending projects NAVI Protocol and Scallop Lend, these three swordsmen account for 50% of the TVL in the Sui ecosystem.

1.  Cetus

The main goal set by Cetus is to develop a flexible and powerful first-level liquidity network for Aptos Facilitate asset transactions with Sui. The goal of the protocol is to provide the best trading experience and efficiency to consumers in the DeFi ecosystem. It does this through a focused liquidity protocol and a series of related interoperable operational modules.

https://app.cetus.zone/pool/list

Currently, some liquidity pools have received official liquidity incentives from Sui. In addition to receiving CETUS rewards, they can also receive SUI token rewards.

2.  NAVI Protocol

NAVI Protocol provides lending services for mainstream tokens, stablecoins and CETUS tokens. NAVI’s innovative features, such as automated leverage vaults and segregated modes, enable users to leverage their assets and gain access to new trading opportunities with minimal risk. NAVI's design provides support for digital assets of different risk levels, while its advanced security features ensure the protection of user funds and the mitigation of systemic risks.

https://app.naviprotocol.io/market

NAVI currently cooperates with OKX DeFi to launch an additional token interest rate increase service. Users can deposit USDC and enjoy up to 35% APY. The total prize pool is 50,000 USDC and 100,000 CETUS, and the prize pool is available while all is used up.

3.  Scallop Lend

Scallop Lend is the largest lending agreement in the Sui ecosystem and the first to obtain Sui DeFi protocol officially funded by the foundation. Similar to NAVI Protocol, Scallop Lend offers lending services for 8 tokens and provides an SDK for professional traders. On January 1, 2024, Scallop Lend completed the airdrop snapshot, and the first phase of the airdrop began.

https://app.scallop.io/

Users who miss this airdrop event can continue to use Scallop Lend’s lending service to obtain Scallop Lend’s second phase airdrop rewards.

Beosin launches security audit service for Move smart contracts

Beosin’s cooperation with Sui started last year after the Beosin security team discovered Multiple public chain vulnerabilities were discovered. One of the vulnerabilities is quite interesting. After communicating with the Sui team, we obtained permission to make its details public. This is a denial of service vulnerability in the Sui public chain p2p protocol, which can cause nodes in the Sui network to crash due to memory exhaustion. This denial of service vulnerability is caused by an ancient attack method - "memory bomb". For details, please read: "Beosin discovered a severe vulnerability in Move VM: it can cause the entire network of public chains such as Sui and Aptos to collapse, and may even cause a hard fork. 》.

Possible vulnerabilities in the Move contract

1) Developers are using Aptos, Sui, or other Move-based blockchains When developing a unique Framework, a certain degree of security awareness should be maintained to ensure supply chain security.

2) Function permission issues. The permissions for some function calls must be carefully divided, because some key functions will involve governance and seriously affect the security of funds. For such function calls, the caller needs to be authenticated.

3) Attention should be paid to business logic design and code implementation The logic problem therein. For example, some DeFi projects are concerned with the implementation of flash loans. Beosin has previously conducted research on the Move version of flash loans. For details, please see "Web3 Technology Research | How is the Solidity flash loan implementation different from the Move and Rust flash loan implementations?" 》.

4)  Regarding Move projects, you need to pay attention to the code when upgrading the module The  owner  is immutable after initial deployment, and the deployer's address will always have upgrade permissions after deployment.

Move contract audit services and audit items

Beosin security team has launched a security audit service for Move smart contracts at the end of 2022. It aims to discover and assist project parties in repairing security risks in projects in advance and ensure the asset security of users and project parties. Its main security audit items include:

•Overflow vulnerability

•Replay attack

•Unsafe random numbers

•Transaction sequence dependence

•Denial of service

•Access Control

•Improper permissions

•Business design

•Business implementation< /p>

•Manipulated token prices

•Arbitrage attack

•Gas optimization

•Third-party module security< /span>

•Capability Security

•Resource security

•Upgraded security

•Centralization risk

span>

Details of Beosin Move smart contract security audit service can be found in "Beosin | Officially launched for Security audit service for Move smart contracts, looking at Move language from a security perspective (Part 1).

In addition, Beosin will launch the Move Lint static detection tool in 2023 to help developers Implement

Automatically discover potential security risks in the contract and locate the location where the vulnerability occurs. Enhance contract security. For a detailed introduction, please see "Beosin launches Move Lint static detection tool to improve the security of Sui public chain smart contract development through best practices."

Will Sui achieve faster growth in 2024?

Move smart contract language is designed to be safe and reliable. To avoid vulnerabilities and security risks existing in some traditional smart contract languages ​​(such as Solidity). This makes Sui's contracts more trustworthy and secure, providing users with better protection.

Sui will start to make efforts in 2024, focusing on ecological development as one of its playing methods. First, Sui’s total locked value (TVL) has reached $327 million, showing users’ trust and participation in the project, indicating the rapid growth of its ecosystem and the continued increase in users. In addition, Sui ranks among the top three in the TVL ranking of non-EVM chains, and together with other protocols such as Cetus, NAVI Protocol, and Scallop Lend, jointly promote the development of the Move ecosystem.

Will Sui take off in 2024? We will wait and see.