Sui attributes three mainnet outages to upgrade vulnerabilities, with the last one known to carry a risk of interruption before a fix was implemented

On June 1st, according to The Block, the Sui Foundation released an incident analysis report for the recent three mainnet outages, attributing the three network disruptions that occurred last Thursday and Friday to two independent vulnerabilities introduced in the v1.72 version upgrade. The first outage lasted about six and a half hours, while the second and third occurred on Friday morning and afternoon, respectively. The first two outages stemmed from a "balance of addresses" feature introduced in v1.72 that exposed a flaw in transaction fee deduction. When transactions were canceled due to insufficient funds, the network still spent these funds, leading to negative balances and causing validator reconciliation to crash. The foundation admitted that the emergency hotfix pushed on Thursday carried a known risk of disruption, which the team accepted to quickly restore on-chain services. The network subsequently experienced another outage on Friday morning due to this. The third outage was triggered by another undisclosed random state vulnerability that occurred when validators restarted to install a repair patch. Sui stated that user funds were never at risk, both vulnerabilities have been fixed, and a mechanism for forcibly terminating stalled epochs has been established. The foundation also mentioned that AI agents with access to its production systems significantly accelerated the diagnostic process.