Slow Mist: The Cetus theft incident was caused by a mathematical overflow vulnerability

According to Hash World, Slow Mist's analysis of the Cetus theft incident indicates that it was caused by a mathematical overflow vulnerability. The attacker deliberately constructed parameters that caused an overflow, thereby bypassing detection and using a very small amount of Token to exchange for a large amount of liquidity assets. The attacker exploited the vulnerability in the function checked_shlw to acquire a large amount of assets, including SUI, vSUI, and USDC, at the cost of one token. Some funds (USDC, SOL, etc.) were transferred to EVM addresses via cross-chain methods such as Sui Bridge, and 10 million USD worth of assets were deposited into Suilend. Currently, 162 million USD of the stolen funds have been frozen. Cetus has patched the vulnerability, and Slow Mist advises developers to strictly verify the boundary conditions of mathematical functions. Previously, it was reported that Cetus confirmed a theft of 223 million USD, and 162 million USD of the stolen funds have now been frozen.