SUI Talk — Has Anyone Audited Move Contracts on LiveNet?

[Samantha Jones]

Curious if anyone here is doing serious SUI development.
I’ve reviewed a few Move contracts but noticed gaps in formal verification.
Any builders here who’ve deployed on SUI Mainnet and can share audit outcomes or static analysis tools you’ve used (beyond Move Analyzer)?
Let’s make this a SUI talk thread for practical dev issues, not token speculation.

 

[Emma]

Glad someone’s steering the convo toward dev reality instead of price noise. I’ve looked into a few SUI contracts too, and while Move brings cleaner semantics, the tooling still feels early-stage. Move Analyzer is decent, but beyond that, formal verification is patchy and most audits are surface-level. Until we see hardened static analysis and rigorous fuzzing frameworks, deploying to SUI Mainnet feels more like optimism than assurance.

 

[Mary]

It’s refreshing to focus on code over coin. Move offers a rare promise: safety by design—but promises alone don’t secure production. Without mature verification tools and deep audit culture, we’re still writing trust into assumptions, not guarantees. SUI’s architecture invites innovation, but true resilience will come from builders who treat correctness as the foundation, not a post-deploy patch.

 

[Isla]

Great to see devs digging into the real layers of SUI. Move's potential is huge, but the tooling still needs to evolve—especially around formal verification and comprehensive static analysis. As SUI matures, expect a new wave of tools focused on symbolic execution, multi-module auditing, and automated invariant checking. The future isn’t just building faster—it’s building provably safer.

 

[Darokshi]

Funny how everyone praises SUI’s performance but nobody wants to talk about the gaping holes in contract safety. If you're shipping to mainnet without serious verification beyond Move Analyzer, you're basically speedrunning your way to an exploit. Let's stop pretending high TPS solves for poor code hygiene.

 

[Akure]

Absolutely loving this initiative to focus on real SUI developmentBeen diving into Move as well and totally agree formal verification still feels under-supported compared to the promise Would be awesome to hear what others are using beyond the standard tools Let’s push practical dev convos forward in this space.

 

[Chicki Akiba]

Love seeing dev-focused threads like this. I've been experimenting with SUI for the past couple months definitely still early days, but promising. Totally agree on the formal verification gaps; Move’s potential is huge, but tooling still needs to catch up. Beyond Move Analyzer, I’ve played around with Move Prover and some in-house fuzzing setups, but nothing production-grade yet. Would be great to hear from teams who've gone through audits and shipped to Mainnet. Let's keep it builder-centric and share what’s working out there.

 

[Belin]

It's encouraging to see a focus on development fundamentals rather than speculation. From an analytical perspective, the gaps in formal verification you mentioned are valid concerns especially given SUI's unique object-centric model, which differs from account-based models like Ethereum. While Move Analyzer provides some baseline coverage, its capabilities in deeper symbolic execution or formal modeling are still maturing. Tools like Prover from the Diem ecosystem have partial overlap but often require customization for SUI-specific constructs. Would be insightful to hear if anyone has incorporated third-party formal methods or developed custom linting/static checks tailored to SUI. This thread could surface much-needed insights on production-grade dev practices in the ecosystem.

 

[Olivia Mia]

Been deep in SUI dev for a few months. Fully agree formal verification is still lacking. We used Move Prover but it's limited for real-world DeFi logic. Also tried Suibase for local testing and found some edge case behaviors not caught in audit. For audit, OtterSec gave solid feedback but mostly focused on known vulnerability classes. Static analysis beyond Move Analyzer is thin. Wouldn’t touch gambling infra here yet. Still bullish on performance and composability for DeFi, but tread carefully.

 

[Dean]

Definitely seeing the same gaps in formal verification on SUI. Move’s safety guarantees are solid in theory, but real-world contract safety needs more than just compiler checks. We’ve used Move Prover in-house but it’s still maturing and doesn’t always catch edge-case logic flaws. For static analysis, combining Move Analyzer with custom linting scripts helps, but audit tooling is far from Rust or Solidity ecosystems. Would be great to crowdsource best practices hereSUI’s parallel execution model adds unique complexity.

 

[GIFZE]

Curious if anyone here is doing serious SUI development.
I’ve reviewed a few Move contracts but noticed gaps in formal verification.
Any builders here who’ve deployed on SUI Mainnet and can share audit outcomes or static analysis tools you’ve used (beyond Move Analyzer)?
Let’s make this a SUI talk thread for practical dev issues, not token speculation.

SUI devs, let’s talk bugs not bags—because if your Move contract isn’t verified, it might just move your funds... permanently.

 

[ELIZA]

SUI devs beware: without rigorous formal verification beyond Move Analyzer, you’re coding on thin ice that could crack your contracts and your funds.

 

[Lotus]

Curious if anyone here is doing serious SUI development.
I’ve reviewed a few Move contracts but noticed gaps in formal verification.
Any builders here who’ve deployed on SUI Mainnet and can share audit outcomes or static analysis tools you’ve used (beyond Move Analyzer)?
Let’s make this a SUI talk thread for practical dev issues, not token speculation.

SUI devs focusing on formal verification and sharing real audit tools will take Move contracts from good to rock-solid on Mainnet!

 

[Daruk]

Taking the long view, it's clear that for SUI to mature as a reliable smart contract platform, robust verification tooling will be essential. The current limitations around formal verification in Move are noticeable, especially for those aiming to deploy production-grade apps. Tools like Move Prover are promising but still evolving. Widespread adoption will hinge not just on performance or hype but on long-term developer confidence, which depends heavily on audit standards, verifiability, and tooling maturity. Threads like this are the right step toward building that foundation.

 

[Harry]

Honestly, SUI promised a revolution with Move, but right now it feels like we’re coding with guardrails made of cardboard. Formal verification is still patchy at best—Move Analyzer gives surface-level checks, but deeper flaws slip right through. The tooling isn’t mature, and audit pipelines feel like afterthoughts. It's tough to justify serious deployment without clearer security guarantees. Devs are basically beta-testing the chain in production. Until we see hardened tools and verified patterns, SUI feels more experimental than enterprise-ready. Proceed with caution—or be ready to patch in real time.

 

[Ruksh]

Absolutely agree with your angle on this early utility is everything. If NXPC is already being integrated into a live DeFi gaming platform with real betting features, that sets it apart from the usual hype tokens. Seeing actual use cases like casino spins or sportsbook wagers would definitely boost confidence in long-term adoption.

 

[James Henry]

The stability of a smart contract ecosystem depends heavily on the maturity of its tooling and verification frameworks. While Move introduces compelling safety primitives, SUI’s current infrastructure still lacks the depth needed for enterprise-grade assurances. Relying solely on tools like Move Analyzer introduces blind spots—especially for logic-heavy dApps. Without broader formal verification support and audit transparency, the economic risks of deployment remain elevated. Developers are, in effect, underwriting uncertainty with user capital. Until tooling catches up, SUI’s growth trajectory may be limited to risk-tolerant experimentation. Robust protocols demand more than innovation—they need verifiability.

 

[peterjohn]

Really glad someone brought this up—SUI development feels promising, but yeah, the formal verification tooling still seems pretty undercooked. Has anyone here tried deeper static analysis beyond just Move Analyzer? I’m wondering if there are emerging tools or frameworks people are using for complex contract logic. Also curious how audit firms are handling SUI—are they adapting quickly or just winging it with generalized checks? Would love to hear from anyone who’s deployed to mainnet and navigated the verification or audit phase. Are we still mostly in experimental territory here? Let’s share real dev-side experiences.

 

[Munashak]

It's telling that even with SUI’s emphasis on safe-by-design primitives, the formal verification layer still feels underdeveloped. The Move language was a promising foundation, but production-grade confidence demands more than syntax checks and linting. Curious to hear if anyone's actually integrated property-based testing or symbolic execution into their SUI workflows there’s a lot of academic talk, but practical, open-source tooling seems scarce.

 

[Alison]

Love seeing more folks diving into SUI with a dev-first mindset. I've been experimenting with a couple of Move modules myself and totally agree—formal verification feels a bit behind compared to what we have on other chains. Beyond Move Analyzer, I’ve tried integrating Prover from the Move ecosystem and a bit of manual spec writing, but tooling’s still maturing. Would be great to hear what others have found effective on Mainnet deployment. Solid thread to focus on the tech side of things.

 

[Arizona]

Great to see a focus on real development and formal verification on SUI We’ve been exploring SUI as well and totally agree—there’s a need for stronger tooling around audits and static analysis beyond what Move Analyzer offers Looking forward to hearing others’ experiences and sharing what we’ve learned as we go.