How Does Bluefin Spot Work?
Bluefin Spot is a concentrated liquidity DEX on the Sui blockchain, handling over 30% of all decentralized spot trading volume on Sui. Users can swap tokens with fees as low as 0.01% for stablecoin pairs, provide concentrated liquidity to earn trading fees, and use their LP positions as collateral on partner lending protocols. Backed by Polychain Capital, SIG, and Brevan Howard, Bluefin has processed over $37 billion in total trading volume since September 2023. The protocol has undergone security audits by Trail of Bits and MoveBit, though the broader Sui DEX ecosystem was shaken by the $223M Cetus exploit in May 2025.
TVL
$20M
Sector
DEX
Risk Grade
C+
Value Grade
D+
Core Mechanisms
4.1.2
Concentrated Liquidity Market Maker (CLMM) on Sui with multiple fee tiers (0.01% to 0.30%)
Standard concentrated liquidity model adapted for Sui Move language. Handles over 30% of spot volume on Sui.
2.1.2
Tiered percentage fees: 0.01% for stablecoin pairs, 0.05% for major pairs, higher for volatile assets
Standard Uniswap V3-style fee tier structure.
7.1.1
BLUE token emission incentives for liquidity providers
Standard liquidity mining to bootstrap liquidity depth in concentrated positions.
1.2.1
BLUE token vesting with 39.5% circulating from 1B max supply
Standard linear vesting schedule for team and investor allocations.
5.1.1
BLUE token governance for protocol parameters
Standard token-weighted governance model.
6.1.1
NovelLP position NFTs accepted as collateral by partner lending protocols on Sui
Novel composability layer where concentrated liquidity positions (represented as NFTs) are accepted as collateral on Sui lending platforms, creating cross-protocol dependency.
How the Pieces Interact
The Cetus exploit demonstrated that shared math library vulnerabilities can affect multiple Sui DEXs. Bluefin uses similar architectural patterns, creating systemic risk from shared dependency.
Using concentrated LP positions as lending collateral creates cascading liquidation risk: if LP positions go out of range and lose value, lending positions backed by them could be liquidated, forcing LP withdrawal and further reducing liquidity.
Token emissions attract liquidity to concentrated positions, but much incentivized capital may sit outside the active price range, meaning the protocol subsidizes non-productive liquidity.
A network-level incident on Sui (as nearly occurred during the Cetus exploit) could force Bluefin to suspend operations, trapping LP capital during volatile periods.
What Could Go Wrong
- Bluefin Spot shares architectural patterns with Cetus Protocol, which suffered a $223M exploit in May 2025 due to a math library vulnerability — Bluefin suspended operations during that incident to assess exposure.
- Security audits revealed high-risk vulnerabilities including share manipulation flaws (ERC4626-style) in deposit/withdrawal functions, indicating the Move codebase requires ongoing scrutiny.
- As a concentrated liquidity DEX on Sui, Bluefin faces the same impermanent loss risks as Uniswap V3 but in a newer ecosystem with less mature tooling for LP risk management.
Cetus-Style Math Library Exploit
ModerateTrigger: A vulnerability in shared Move math libraries used by Bluefin is discovered and exploited, similar to the Cetus $223M hack
- 1.Attacker discovers overflow or precision bug in Bluefin CLMM math — Exploits the vulnerability to drain liquidity pools by manipulating tick calculations
- 2.Bluefin suspends operations to contain damage — LPs cannot withdraw, lending protocols holding Bluefin LP NFTs face collateral uncertainty
- 3.Cascading liquidations on Sui lending protocols — LP NFT collateral becomes worthless, triggering cross-protocol bad debt
Risk Profile at a Glance
Overall: C+ (41/100)
Lower score = safer