Move

New Sui VM: Bug Bounty Now Open

Sui's execution layer is getting its most significant improvement since launch

Sui Foundation

2 min read
New Sui VM: Bug Bounty Now Open

Main Takeaways

  • Sui's VM is being rewritten to improve performance, reduce memory overhead, and lay the groundwork for future Move language features.
  • The new VM is publicly visible on GitHub now, with Mainnet deployment targeted for early April.
  • Starting today, the bug bounty program on Hackenproof accepts vulnerability submissions against the new VM, paid at Mainnet rates.

Overview

Sui's virtual machine (VM), the execution layer that runs every Move program on the network, is being upgraded. The new VM marks a significant step forward for Sui's execution infrastructure. 

The code is public as of today, with Mainnet deployment targeted for early April. To make the most of that window, we're updating the bug bounty program to cover it now, at full Mainnet rates, before it even reaches Testnet.

Why the VM is Being Rebuilt

The existing VM has served Sui well, but the upgrade addresses a set of structural limitations that have become more constraining as the network grows and Move as a language continues to evolve.

The new VM introduces per-package caching, which reduces load times and improves memory usage at scale. It reworks how types are stored and resolved, how execution is handled across packages, and how the interpreter processes instructions. The result is a cleaner, more performant execution layer that also lays the groundwork for future Move language features that the current architecture could not easily support.

The new VM is publicly visible on GitHub today.

Bug Bounty Open for Submissions

Starting today, we are updating the rules of Sui's bug bounty program on Hackenproof to accept VM-related vulnerability submissions. Valid submissions will be paid at Mainnet rates, even though the code has not yet reached Testnet.

Identifying vulnerabilities is crucial work. We want the security community to engage with this code seriously, before it reaches production. If you find something meaningful, you will be compensated accordingly.

The program is live at hackenproof.com/programs/sui-protocol.

Proactive Review, Real Incentives

Deploying a new VM to Mainnet is a significant event. The VM upgrade has already undergone internal review and multiple independent audits. Opening it to public scrutiny under full bounty conditions is the next step in that process.

This upgrade is a major step forward for Sui's execution layer, and opening the bounty early is part of shipping it responsibly. With the code now public and Mainnet deployment ahead, this is the moment for the broader security community to help pressure-test what comes next.