According to a new analysis report from SlowMist, the attack on the DeFi platform Cetus – which caused about $230 million in damage – stemmed from a serious technical vulnerability in the ‘checked_shlw’ function inside the ‘get_delta_a’ function.
Specifically, Cetus’s system did not detect the overflow condition (overflow) during the processing, causing the mechanism for calculating the necessary amount of haSUI to be seriously inaccurate. Due to not recognizing this error, the system misestimated the amount of haSUI that needed to be deposited, thereby allowing the attacker to use a very small amount of tokens to exchange for a much larger volume of liquidity assets.
This vulnerability causes a serious imbalance in the pricing mechanism and facilitates the exploitative behavior of protocol assets.
Disclaimer: The information on this page may come from third parties and does not represent the views or opinions of Gate. The content displayed on this page is for reference only and does not constitute any financial, investment, or legal advice. Gate does not guarantee the accuracy or completeness of the information and shall not be liable for any losses arising from the use of this information. Virtual asset investments carry high risks and are subject to significant price volatility. You may lose all of your invested principal. Please fully understand the relevant risks and make prudent decisions based on your own financial situation and risk tolerance. For details, please refer to
Disclaimer.
