SlowMist releases analysis of $230 million theft of Cetus: Hackers exchange tiny token amounts for massive liquid assets

Odaily Planet Daily News: SlowMist has released an analysis of the $230 million theft of Cetus, which points out that the core of this incident is that the attacker carefully constructed parameters to cause overflow but was able to bypass detection, ultimately exchanging a huge amount of liquid assets with a very small token amount. The core reason is that there is an overflow detection bypass vulnerability in the checked_Shlw function of get-delta_a. The attacker took advantage of this and caused serious deviations in the system's calculation of how much haSUI needed to be added. Due to the undetected overflow, the system misjudged the required amount of haSUI, resulting in the attacker being able to exchange a large amount of liquid assets with only a small amount of tokens, thus achieving the attack. This attack demonstrates the power of mathematical overflow vulnerabilities. The attacker selects specific parameters through precise calculations and exploits the flaws in the checked_sthlw function to obtain billions of dollars worth of liquidity at the cost of one token. This is an extremely sophisticated mathematical attack, and it is recommended that developers rigorously verify the boundary conditions of all mathematical functions in smart contract development.