🚨On May 22, LP protocol @CetusProtocol was exploited, with losses exceeding $230M.
The attacker crafted a call that caused an overflow—yet still bypassed the check—allowing them to swap a tiny amount of tokens for a massive amount of liquidity assets. How?
🧐The core issue lies in the get_delta_a function. Its checked_shlw logic failed to properly detect an overflow, leading to a critical miscalculation of required haSUI.
➡️As a result, the protocol drastically underestimated how much haSUI the attacker needed to add—letting them drain assets at virtually no cost.
➕Using our on-chain AML & tracing tool @MistTrack_io, we also analyzed the EVM address receiving cross-chain funds: 0x890...4919b.
🔗Full post here:
https://t.co/TXZBzVhBet
#SUI #Cetus #Exploit #Web3Security #MistTrack