For almost a decade, OpenZeppelin Contracts have been the foundation that developers trust when building onchain. Our Solidity libraries power the infrastructure behind $35 trillion in total value transferred onchain — used by leading protocols such as Aave, Lido, Uniswap, Ethena, Maple, and many more.
Today, we're bringing that same standard to Sui.
We're launching OpenZeppelin Contracts for Sui with a foundational release: a DeFi Math Library and Access Management module purpose-built for the Sui ecosystem.
This is the first milestone in a long-term partnership with Sui Foundation to deliver the secure, reusable building blocks that Sui developers need, starting with the primitives that matter most for DeFi.
We chose DeFi math as our starting point for a reason.
In May 2025, the Cetus Protocol exploit demonstrated what happens when math primitives aren't built to the highest security standard. A single flaw in a shared math library's overflow check allowed an attacker to corrupt liquidity calculations across multiple pools. The vulnerability wasn't unique to Cetus as several other Sui protocols relied on the same library and were exposed to the same risk.
The root cause was precisely the kind of problem that standardized, rigorously tested libraries are designed to prevent: an incorrect overflow guard in a checked_shl-type function that silently allowed a critical intermediate value to overflow, breaking the math that DeFi protocols depend on for accurate pricing and accounting.
This incident reinforced what we've learned across a decade of securing smart contracts: math libraries aren't just utilities, they're critical infrastructure. When every protocol builds or imports its own, a single error propagates across the entire ecosystem. The solution is a shared, audited, continuously maintained standard that every team can build on with confidence.
That's exactly what OpenZeppelin Contracts for Sui delivers, starting with the functions that matter most.
DeFi Math Library (v1): 12 core functions covering the primitives DeFi protocols depend on.
average: Returns the average of two numbers without overflowmul_div: Full-precision floor(x * y / denominator), essential for AMM pricing, fee calculations, and share-based vaultsmul_shr: Full-precision floor(x * y >> n) for fixed-point arithmeticchecked_shl / checked_shr: Bitwise shifts with overflow protection. These are the exact type of operations where the Cetus vulnerability occurred — our implementations are ported from OpenZeppelin's battle-tested Solidity library with comprehensive overflow guardsinv_mod: Modular multiplicative inverse in Z/nZsqrt: Square root for u256 and other types not covered nativelylog2 / log10 / log256: Logarithmic functions for pricing curves, tick math, and concentrated liquidityclz: Leading zero bit count for u256msb: Most significant bit detectionu256 ↔ u64) developed in coordination with Mysten LabsAccess Management (v1): the Ownable module, providing ownership-based access control adapted for Sui's object model. This is the foundational pattern for permission management in Move, giving developers a trusted reference implementation to build on.
Every function in this release meets the quality bar that has made OpenZeppelin Contracts the industry standard:
These primitives unlock the core math layer for DeFi on Sui:
mul_div and sqrt for constant-product pricing, concentrated liquidity tick math using log2mul_div for deposit/withdrawal calculationsOwnable for admin functions, upgrade permissions, and parameter governanceExplore the code and start building on GitHub. Learn more about the library, API references, and integration guides in the OpenZeppelin Contracts for Sui documentation. If you're building DeFi on Sui, stop rolling your own math. Start building on the standard.