🚨On May 22, LP protocol @CetusProtocol was exploited, with losses exceeding 230M. The attacker crafted a call that caused an overflow—yet still bypassed the check—allowing them to swap a tiny amount of tokens for a massive amount of liquidity assets. How? 🧐The core issue lies in the get_delta_a function. Its checked_shlw logic failed to properly detect an overflow, leading to a critical miscalculation of required haSUI. ➡️As a result, the protocol drastically underestimated how much haSUI the attacker needed to add—letting them drain assets at virtually no cost. ➕Using our on-chain AML & tracing tool @MistTrack_io, we also analyzed the EVM address receiving cross-chain funds: 0x890...4919b. 🔗Full post here: https://slowmist.medium.com/slowmist-analysis-of-the-230-million-cetus-hack-ee569af040f2 #SUI #Cetus #Exploit #Web3Security #MistTrack