According to Odaily, a detailed analysis by SlowMist has revealed the mechanics behind the recent $230 million theft from Cetus. The attack centered on the exploitation of an overflow vulnerability in the get_delta_a function, specifically bypassing the checked_shlw overflow detection. This allowed the attacker to manipulate parameters, causing the system to miscalculate the required amount of haSUI tokens. As a result, the attacker was able to exchange a minimal amount of tokens for a substantial amount of liquidity assets.
The incident highlights the potential impact of mathematical overflow vulnerabilities. By carefully selecting specific parameters and exploiting the flaw in the checked_shlw function, the attacker managed to obtain liquidity worth billions with just one token. This sophisticated mathematical attack underscores the importance of rigorously validating boundary conditions in all mathematical functions during smart contract development.
