The Sui Foundation’s post-mortem ties two of three outages to an edge case in the v1.72 address-balances feature, and the third to a randomness-state bug exposed by an interim fix the team shipped knowing it carried halt risk.
The Sui Foundation on Sunday published a post-mortem on the three mainnet outages that took its Layer 1 down on May 28 and 29, pinning the first two halts on a gas-charging bug introduced by the v1.72 “address balances” upgrade and the third on a separate randomness-state fault exposed when validators restarted to install an interim fix the team admits it shipped knowing it carried a low-probability halt risk.
SUIthe network’s native token, slid 6.6% in the 24 hours after the post-mortem and is down 18.5% over seven days at $0.82, trimming Sui’s market capitalization to $3.31 billion, per CoinGecko. The chain holds $479.66 million in total value locked, the thirteenth-largest among networks tracked by DefiLlamabehind Avalanche and ahead of Monad. Sui-based DEXs cleared $77.33 million in 24-hour volume on Sunday — led by DeepBook V3 at $26.69 million.
Last week, Sui restarted after back-to-back halts tied to the same 1.72 release. It is also one of the more granular Layer 1 incident reports published this year, naming specific code paths and conceding the validator network briefly ran on a fix Mysten Labs engineers knew might fail.
The Gas-Smashing Bug
The first two halts traced to a corner of execution Sui calls “gas smashing” — the process by which the runtime combines all of a transaction’s input coins into a single coin and debits it for gas, before the transaction itself runs. The v1.72 release introduced “address balances,” a feature that lets users withdraw from and deposit to a single address concurrently by emitting balance deltas that a system settlement transaction reconciles each block.
The edge case, per the Foundation: when a transaction attempted to overdraft an address balance to cover gas, it was correctly marked cancelled with an `InsufficientFundsForWithdraw` error — but gas smashing then ran again on the same reservation object, spending funds the transaction had just been told it could not access. The settlement layer received a negative delta applied to a zero balance and the validators crashed. Once a crash bug is in the input pipeline, every honest validator hits the same bad input and the chain stops.
The Known-Risk Patch
Sui’s interim fix, deployed Thursday to bring the chain back, was to stop running gas smashing on transactions cancelled with `InsufficientFundsForWithdraw`. The Foundation now says the team “accepted the risk accompanying this proposal in order to bring the halted network back as quickly as possible while a robust fix was developed.” On Friday morning, the network hit a variant of the same edge case and halted a second time. A second patch followed.
The third halt arrived hours later at the next scheduled epoch change. Validators restarting to adopt Friday’s patch failed to meet the participation threshold for the new epoch’s distributed key generation — the protocol step that initializes randomness for an epoch. DKG disabled itself by design, but a latent bug meant that failure verdict was never written to disk. As further restarts followed, each validator came back up unaware DKG had failed, the queue of randomness-dependent transactions grew, and end-of-epoch logic stalled waiting on a DKG that would never run. The permanent fix persisted DKG status across restarts and added a force-close mechanism to converge validators on a stuck epoch.
What’s Off the Hook
No user funds were at risk across the three halts and no committed transactions were rolled back, per the Foundation. The incidents had no relation to traffic load and no relation to an external exploit, and transactions returned to sub-second finality after the third restart. The Foundation also said an internal AI agent with access to production validator logs “materially accelerated diagnosis.”
The Reliability Bar
For context: Solana’s last officially confirmed mainnet halt was February 6, 2024, when a bug in the validator program cache forced a roughly five-hour coordinated restart. Sui, by comparison, was hit by a brief halt in November 2024 on a congestion-control assert and a six-hour consensus stall in January 2026 before this latest run.
The Foundation named four remediation priorities: extending Sui’s “safe mode” graceful-degradation patterns across the rest of the reconfiguration path; rebuilding gas-charging logic to a code-quality bar comparable to the Move VM or the Mysticeti consensus protocol; broadening the production-debugging AI agent program; and adding a defense-in-depth layer that would let a validator skip a crash-inducing input rather than halt the chain.
Mysten Labs CEO Evan Cheng and Chief Product Officer Adeniyi Abiodun had not posted public commentary on the post-mortem as of publication. The Defiant has requested comment from the Sui Foundation.