Blockchain security firm SlowMist has released its official analysis report detailing the $230 million attack on Cetus, a liquidity provider operating in the SUI ecosystem.
According to the report, the attacker bypassed security checks by creating an overflow error in the system with cleverly designed parameters and managed to obtain a huge amount of liquid assets in exchange for a very small amount of tokens.
SlowMist stated that the attacker used a vulnerability in the checked_shlw function by choosing carefully calculated parameters and obtained billions of dollars worth of liquidity by spending only 1 token. The report said that this was an extremely complex mathematical attack. The SlowMist security team stated that in order to prevent similar incidents, developers who develop smart contracts should meticulously check the boundary conditions in all mathematical functions.
As you may recall, a suspicious situation was detected in the Cetus protocol on May 22, the depth of the liquidity pool decreased significantly, and the value of many token trading pairs decreased. Following the incident, Cetus announced in its announcement that a security incident had been detected, smart contracts were temporarily suspended for the security of the protocol, and the team had launched an investigation. The total loss is estimated to exceed $230 million.
*This is not investment advice.
