Sui Network has begun public testing of a re-engineered virtual machine while simultaneously launching a bug bounty program built around mainnet-level incentives. The rollout combines a major execution-layer redesign with a security campaign that offers high-value rewards before the upgrade reaches production.
The bounty structure is unusually aggressive for a test-phase program. Sui said total rewards are capped at $1,000,000, with critical findings eligible for payouts ranging from $100,000 to $500,000.
A VM Upgrade Focused on Speed and Safer Execution
At the center of the release is a rebuilt execution layer meant to change how transactions flow through the network and how parallel execution is handled. The redesign is intended to reduce execution bottlenecks and improve responsiveness by cutting the amount of data retrieval required during processing.
One of the key technical changes is per-package caching, which is designed to lower the number of state fetches needed for each operation. That optimization is expected to reduce median transaction latency and limit the kind of long confirmation times that create friction for wallets and dApps.
The new virtual machine also introduces native support for an evolved version of Move. By pushing more verification and safety checks into the runtime itself, the upgrade is meant to reduce the amount of defensive code developers need to write at the contract level.
Security Incentives Are Running at Mainnet Intensity
The bug bounty is being administered through HackenProof and covers core blockchain components, including the VM execution layer, consensus interactions, and the Move stack across the compiler, runtime, and standard libraries. Sui is treating the test period as a live hardening phase rather than a limited pre-release review.
The published reward tiers reflect that approach. Critical reports can earn between $100,000 and $500,000, while high-severity findings are listed at $50,000, medium at $10,000, and low at $5,000. Sui also said that valid submissions will be evaluated against mainnet-level impact even though the VM is still in public testing.
The program places particular emphasis on memory safety, bytecode verification, and consensus integrity. Those areas matter because failures there could trigger the kinds of user-facing problems that are hardest to contain, including unexpected state transitions, validator instability, temporary shutdowns, or unauthorized object manipulation.
If the redesign performs as intended and the bounty process catches critical flaws early, Sui could reduce a meaningful class of execution and UX risks before the new VM reaches production.
