Beosin: Discovered a critical vulnerability in Move VM

ChainCatcher message, recently, the blockchain security company Beosin discovered a critical vulnerability in Move VM.

The Beosin security research team found a stack overflow vulnerability in the Move virtual machine caused by an unrestricted recursive call depth. This vulnerability can lead to a total network shutdown and prevent new validator nodes from joining the network, potentially causing a hard fork. Versions prior to Sui mainnetv1.2.1 and Aptos mainnetv1.4.3 are affected by this vulnerability.

Currently, the vulnerability has been officially patched. Versions of Suimainnetv1.2.1, Aptosmainnetv1.4.3, and Move-language after June 10, 2023, have fixed this vulnerability.