According to Odaily, a deep analysis by SlowMist has uncovered how a hacker stole $230 million from Cetus by exploiting a math overflow vulnerability in the get_delta_a function. The flaw bypassed a protection mechanism (checked_shlw), letting the attacker manipulate parameters and trick the system into miscalculating token values.
Example :
Imagine a smart contract says:
“You give me 1 haSUI, I give you 1,000,000 USDT.”
Due to an overflow bug in the math calculation, the attacker made it seem like they only needed 1 token to receive millions in liquidity. In reality, they should have needed a huge amount. By carefully choosing the inputs, the attacker got billions in value almost for free.
Takeaway:
This is a powerful reminder that even a tiny math error in a smart contract can lead to massive losses. Overflow vulnerabilities must be taken seriously. Every calculation needs proper limits, validation, and safe coding practices to avoid this kind of disaster.
Source: Binance square.