- March 12, 2026

OpenZeppelin

OpenZeppelin

OpenZeppelin

OpenZeppelin

For almost a decade, OpenZeppelin Contracts have been the foundation that developers trust when building onchain. Our Solidity libraries power the infrastructure behind $35 trillion in total value transferred onchain — used by leading protocols such as Aave, Lido, Uniswap, Ethena, Maple, and many more.

Today, we're bringing that same standard to Sui.

OpenZeppelin Contracts for Sui: The First Release

We're launching OpenZeppelin Contracts for Sui with a foundational release: a DeFi Math Library and Access Management module purpose-built for the Sui ecosystem.

This is the first milestone in a long-term partnership with Sui Foundation to deliver the secure, reusable building blocks that Sui developers need, starting with the primitives that matter most for DeFi.

Why DeFi Math, and Why First

We chose DeFi math as our starting point for a reason.

In May 2025, the Cetus Protocol exploit demonstrated what happens when math primitives aren't built to the highest security standard. A single flaw in a shared math library's overflow check allowed an attacker to corrupt liquidity calculations across multiple pools. The vulnerability wasn't unique to Cetus as several other Sui protocols relied on the same library and were exposed to the same risk.

The root cause was precisely the kind of problem that standardized, rigorously tested libraries are designed to prevent: an incorrect overflow guard in a checked_shl-type function that silently allowed a critical intermediate value to overflow, breaking the math that DeFi protocols depend on for accurate pricing and accounting.

This incident reinforced what we've learned across a decade of securing smart contracts: math libraries aren't just utilities, they're critical infrastructure. When every protocol builds or imports its own, a single error propagates across the entire ecosystem. The solution is a shared, audited, continuously maintained standard that every team can build on with confidence.

That's exactly what OpenZeppelin Contracts for Sui delivers, starting with the functions that matter most.

What's Included

DeFi Math Library (v1): 12 core functions covering the primitives DeFi protocols depend on.

  • average: Returns the average of two numbers without overflow
  • mul_div: Full-precision floor(x * y / denominator), essential for AMM pricing, fee calculations, and share-based vaults
  • mul_shr: Full-precision floor(x * y >> n) for fixed-point arithmetic
  • checked_shl / checked_shr: Bitwise shifts with overflow protection. These are the exact type of operations where the Cetus vulnerability occurred — our implementations are ported from OpenZeppelin's battle-tested Solidity library with comprehensive overflow guards
  • inv_mod: Modular multiplicative inverse in Z/nZ
  • sqrt: Square root for u256 and other types not covered natively
  • log2 / log10 / log256: Logarithmic functions for pricing curves, tick math, and concentrated liquidity
  • clz: Leading zero bit count for u256
  • msb: Most significant bit detection
  • Safe cast utilities (u256u64) developed in coordination with Mysten Labs

Access Management (v1): the Ownable module, providing ownership-based access control adapted for Sui's object model. This is the foundational pattern for permission management in Move, giving developers a trusted reference implementation to build on.

Security Standards

Every function in this release meets the quality bar that has made OpenZeppelin Contracts the industry standard:

  • 90%+ code coverage, enforced by CI
  • Mandatory 2-reviewer approval on every pull request
  • Direct port from battle-tested Solidity logic, not written from scratch
  • MIT licensed and fully open source

What You Can Build With It

These primitives unlock the core math layer for DeFi on Sui:

  • AMMs and DEXs: mul_div and sqrt for constant-product pricing, concentrated liquidity tick math using log2
  • Lending protocols: interest rate calculations, collateral ratio math, and liquidation thresholds with full-precision arithmetic
  • Vaults and yield aggregators: share-based accounting using mul_div for deposit/withdrawal calculations
  • Token pricing oracles: logarithmic functions for TWAP calculations and price normalization
  • Any protocol needing access control: Ownable for admin functions, upgrade permissions, and parameter governance

Get Started

Explore the code and start building on GitHub. Learn more about the library, API references, and integration guides in the OpenZeppelin Contracts for Sui documentation. If you're building DeFi on Sui, stop rolling your own math. Start building on the standard.