Cetus suffered a mathematical overflow attack, resulting in a loss of $230 million, with $162 million already frozen.

Cetus suffers from a mathematical overflow vulnerability attack, resulting in losses exceeding $230 million.

On May 22, the liquidity provider Cetus on the SUI ecosystem was suspected of being attacked, leading to a significant drop in liquidity pool depth, with several token trading pairs experiencing declines, estimated losses exceeding $230 million. Cetus subsequently announced that it has temporarily suspended its smart contracts and is investigating the incident.

The core of this attack is that the attacker carefully constructs parameters to exploit a mathematical overflow vulnerability in the system, exchanging a very small amount of tokens for a large amount of liquidity assets. The attack process mainly includes the following steps:

  1. The attacker borrowed a large amount of haSUI through a flash loan, causing the pool price to plummet by 99.90%.

  2. Open liquidity positions in a very narrow price range, with a range width of only 1.00496621%.

  3. Use the overflow detection bypass vulnerability in checked_shlw of the get_delta_a function to declare a massive liquidity addition, but only actually pay 1 token.

  4. Remove liquidity to obtain a large amount of haSUI and SUI tokens.

  5. Repay the flash loan and complete the attack.

Slow Fog: Cetus was hacked for $230 million, analyzing the attack method and fund transfer situation

The attacker successfully profited approximately 230 million dollars, including various assets such as SUI, vSUI, and USDC. After the attack, part of the funds were transferred to an EVM address via a cross-chain bridge, including about 10 million dollars deposited into Suilend and 24,022,896 SUI transferred to a new address.

Slow Mist: Cetus was hacked for 230 million USD, analysis of attack methods and fund transfer situation

Fortunately, with the cooperation of the SUI Foundation and other ecosystem members, a total of 162 million dollars of stolen funds on SUI have now been successfully frozen.

Cetus has released a fix patch that mainly corrects the error mask and judgment conditions in the checked_shlw function, ensuring it can correctly detect overflow situations.

Slow Fog: Cetus stolen $230 million, analyzing attack methods and fund transfer situation

This attack highlights the dangers of mathematical overflow vulnerabilities. Developers should rigorously validate the boundary conditions of all mathematical functions in smart contract development to prevent similar attacks from occurring again.

Slow Mist: Cetus was hacked for $230 million, analysis of attack methods and fund transfer situation

CETUS4.68%
View Original
This page may contain third-party content, which is provided for information purposes only (not representations/warranties) and should not be considered as an endorsement of its views by Gate, nor as financial or professional advice. See Disclaimer for details.
  • Reward
  • 10
  • Share
Comment
0/400
MetaDreamervip
· 21h ago
It's the same old story, the project party takes the trap.
View OriginalReply0
GweiWatchervip
· 21h ago
Now sui is doomed.
View OriginalReply0
Lonely_Validatorvip
· 23h ago
smart contracts The eternal pain point
View OriginalReply0
UncommonNPCvip
· 07-23 20:17
sui is gone too, given for free.
View OriginalReply0
GateUser-1a2ed0b9vip
· 07-22 13:32
Math is so confusing, who understands it...
View OriginalReply0
GateUser-aa7df71evip
· 07-22 13:30
See, I was right, sui is just a garbage chain.
View OriginalReply0
GateUser-c802f0e8vip
· 07-22 13:30
Waiting for Clip Coupons tutorial
View OriginalReply0
ChainSpyvip
· 07-22 13:24
Oh no, gonna be on the news again.
View OriginalReply0
ZeroRushCaptainvip
· 07-22 13:24
Another battlefield has fallen, my suckers harvesting reminder is in effect.
View OriginalReply0
MetaverseLandlordvip
· 07-22 13:19
Now the project party has lost their pants.
View OriginalReply0
View More
Trade Crypto Anywhere Anytime
qrCode
Scan to download Gate app
Community
English
  • 简体中文
  • English
  • Tiếng Việt
  • 繁體中文
  • Español
  • Русский
  • Français (Afrique)
  • Português (Portugal)
  • Bahasa Indonesia
  • 日本語
  • بالعربية
  • Українська
  • Português (Brasil)