- Topic
39k Popularity
471 Popularity
9k Popularity
19k Popularity
4k Popularity
33k Popularity
22k Popularity
33k Popularity
146k Popularity
- Pin
- 🎉 A Warm Welcome to Dr.Han on Gate Square!
Dr.Han — Founder of Gate and a seasoned crypto industry observer — is now officially sharing insights on Gate Square!
📢 Follow Dr.Han and like or comment on his latest post for a chance to win!
👉 Post: https://www.gate.com/post/status/11966645
👉 Profile: https://www.gate.com/profile/Dr_Han
🎁 Giveaway Alert:
We’ll randomly select 10 lucky users from those who follow + like/comment to receive a limited-edition Gate T-shirt — the same style worn by Dr.Han!
(If shipping is unavailable in your region, a $50 Futures Voucher will be provided instead.)
�
- 🔥 Gate Square #Gate Alpha Third Points Carnival# Trading Sharing Event is Live!
Share Alpha trading highlights screenshots with #Gate Alpha Trading Share# to split $100!
🎁 10 lucky users * 10 USDT each
📅 July 4, 4:00 – July 20, 16:00 UTC+8
Don’t forget—the main Alpha Points Carnival prize pool is up to $1,000,000!
Trade and post for double the chances to win!
Learn more: https://www.gate.com/announcements/article/45908
- 🎉 Gate xStocks Trading is Now Live! Spot, Futures, and Alpha Zone – All Open!
📝 Share your trading experience or screenshots on Gate Square to unlock $1,000 rewards!
🎁 5 top Square creators * $100 Futures Voucher
🎉 Share your post on X – Top 10 posts by views * extra $50
How to Participate:
1️⃣ Follow Gate_Square
2️⃣ Make an original post (at least 20 words) with #Gate xStocks Trading Share#
3️⃣ If you share on Twitter, submit post link here: https://www.gate.com/questionnaire/6854
Note: You may submit the form multiple times. More posts, higher chances to win!
📅 July 3, 7:00 – July 9,
- #GateSquareGiveaway# - Spot the Differences 👀
GM ☕ Our frog friend has two slightly different mornings—can you find all the changes?
💰 $10 Futures Voucher * 5 winners
To join:
🔹Follow Gate_Square
🔹Like this post and drop your answer in the comments
📅 Ends at 16:00 PM, July 7 (UTC)
Crypto world version of a grand deception? Slow Mist incident report: How hackers exploited code vulnerabilities to steal 220 million USD from Cetus.
Recently, the theft of 220 million USD from the Cetus protocol shocked the crypto world, sparking discussions across various sectors. The cybersecurity team, Slow Mist, also released a complete report on the incident, stating that this attack demonstrated the power of mathematical overflow vulnerabilities. The attacker used precise calculations to choose specific parameters, exploiting the defect in the checked_shlw function to gain liquidity worth billions at the cost of just one token. This was an extremely sophisticated mathematical attack, and developers are advised to strictly verify all boundary conditions of mathematical functions during smart contract development.
Slow Mist: The core of the incident is a vulnerability in the overflow check.
The Slow Mist team stated that the core of this incident is that the attacker constructed parameters meticulously to induce an overflow while bypassing detection, ultimately allowing for a minimal amount of Tokens to exchange for a large amount of Liquidity assets. This is consistent with the previous analysis by @neeksec.
( From protocol vulnerabilities to decentralized dialectics: a detailed explanation of the Cetus incident from beginning to end, has the security of MOVE language been shaken? )
The attacker first borrowed 10,020,000 haSUI through a flash loan, causing the price in the haSUI/SUI pool to plummet by 99.9%. Then, they added liquidity in the price range of tick values 300000~300200, which has a width of only 1%.
Next is the key vulnerability of the event, where the attacker claims to have added a massive liquidity ( exceeding 10 to the power of 27 ), but due to an encoding error in the checked_shlw function, the contract only charged them 1 haSUI.
Calculation of required liquidity formula ( Source: Slow Mist Technology )
The reason why the attacker in the Slow Fog analysis was able to exchange a single Token for a huge amount of Liquidity lies in the overflow check vulnerability in the checked_shlw function within the get_delta_a function. The attacker exploited this point, causing the system to have a serious deviation in calculating how much haSUI needed to be added. Since the overflow was not detected, the system misjudged the quantity of haSUI required, resulting in the attacker needing only a minimal amount of Token to exchange for a large number of liquidity assets.
Any input value less than 0xffffffffffffffff << 192 will bypass the overflow check. However, when these values are left-shifted by 64 bits, the result exceeds the representation range of u256, at which point the high-order data is truncated, resulting in a value that is far less than the theoretical value. As a result, the system will underestimate the required amount of haSUI in subsequent calculations.
The problematic code ( comes from: Slow Mist Technology )
The attacker removed liquidity in three stages, obtaining a total of 20.04 million haSUI and over 5.76 million SUI. Finally, the attacker returned the flash loan, netting a profit of over 230 million dollars.
Cetus has fixed the code
Afterwards, Cetus fixed the code, including:
Correct 0xffffffffffffffff << 192 to the correct threshold 1 << 192.
Change the judgment condition from n > mask to n >= mask.
Ensure that when a left shift of 64 bits may cause an overflow, the overflow flag can be correctly detected and returned.
The repaired checked_shlw function ( Source: Slow Mist Technology ) Slow Mist Team: Developers should strictly validate all mathematical functions' boundary conditions.
Slow Fog indicates that the attacker had already prepared the gas fee two days ago and made an attempt before the attack, but it failed. Currently, the funds in the attacker's Sui address have been frozen, and the EVM address has also been blacklisted by Slow Fog for tracking.
The Slow Mist team stated that this attack demonstrated the power of mathematical overflow vulnerabilities. The attacker precisely calculated specific parameters and exploited the defect in the checked_shlw function to obtain liquidity worth billions at the cost of 1 Token. This was an extremely sophisticated mathematical attack, and the Slow Mist security team advises developers to rigorously verify the boundary conditions of all mathematical functions in smart contract development.
Is this article a case of deception in the crypto world? Slow Fog Incident Report: How hackers exploited code vulnerabilities to loot 220 million USD, originally appeared in Chain News ABMedia.