Slowmist揭示了Cetus如何損失2.3億美元的精緻智能合同利用

區塊鏈安全公司Slowmist已發布了針對CETU的2.3億美元漏洞的詳細技術細分，該公司是SUI生態系統上的關鍵流動性提供商。

The essence of the Cetus exploit lies in the misusage of the checked_shlw function during a liquidity addition operation. This function, designed for efficient multiplication in assembly code, has a limitation when dealing with large numbers, specifically in the context of a modular arithmetic system.

CETUS漏洞的本質在於在流動性加法操作期間誤用了checked_shlw功能。該功能旨在在彙編代碼中有效乘法，在處理大量時，特別是在模塊化算術系統的背景下，具有限制。

As explained by SlowMist, "In essence, the modular arithmetic system used in blockchain smart contracts operates within a limited range of numbers. When an operation, such as multiplication, results in a sum exceeding this range, a remainder is calculated by dividing the product by the modulus. This remainder, in turn, becomes the final result of the modular multiplication."

正如Slowmist所解釋的那樣：“本質上，區塊鏈智能合約中使用的模塊化算術系統在有限的數字範圍內運行。當操作（例如乘法）導致超過此範圍的操作導致剩餘的總和超過該範圍時，通過將產品除以模量。剩餘的結果，將其最終結果成為模塊化乘法的最終結果。”

The researchers further noted that "the checked_shlw function is meant to perform a left shift and multiply operation, checking for overflow in the process. However, in a scenario where a very large multiplier is used with a small multiplicand, the multiplication itself might not overflow, but the addition of the original multiplicand to the final product might."

研究人員進一步指出：“ checked_shlw函數旨在執行左移和多重操作，檢查過程中的溢出。但是，在一個非常大的乘數與小型乘法中一起使用的情況下，乘法本身可能不會溢出，但是將原始乘數添加到最終產品中。”

This anomaly, according to SlowMist, was exploited by the attacker to exchange just one token for an outsized share of liquidity, ultimately draining the pools.

據Slowmist稱，這種異常現像被攻擊者剝削，僅交換一個令牌，以獲得大量的流動性，最終耗盡了游泳池。

"This was a precision-engineered mathematical exploit. The attacker exploited the edge cases of a vulnerable math function to extract liquidity worth billions from the protocol," the researchers concluded.

研究人員總結說：“這是一種精確的工程數學利用。攻擊者利用了脆弱的數學功能的邊緣案例，以從協議中提取價值數十億美元的流動性。”

The incident led to a sharp decline in token pair values and liquidity depth across Cetus. In response, the Cetus team suspended the smart contract to prevent further loss and launched a full investigation.

該事件導致代幣的值和CETUS的流動性深度急劇下降。作為回應，CETUS團隊暫停了智能合同，以防止進一步損失，並進行了全面調查。

SlowMist has advised developers to pay closer attention to boundary conditions in smart contract development. The firm highlighted that even low-level math operations require rigorous validation to prevent similar vulnerabilities.

Slowmist建議開發人員在智能合同開發中更加關注邊界條件。該公司強調，即使是低級數學操作，也需要嚴格的驗證以防止類似的漏洞。

"The exploitation of the checked_shlw function's behavior in specific boundary conditions to perform an addition operation and trigger an overflow in the final step of the liquidity addition operation is a sophisticated technique that underscores the importance of meticulous coding practices in blockchain security," the researchers said.

研究人員說：“在流動性加法操作的最後一步中，在特定邊界條件下對Checked_SHLW函數的行為進行了溢出是一種複雜的技術，它強調了在區塊鏈安全中精心編碼實踐的重要性。”

As of now, Cetus continues to work with third-party security experts to patch the exploit and assess recovery options. This attack adds to a growing list of high-profile DeFi breaches in 2025, highlighting the risks associated with complex on-chain protocols.

截至目前，CETUS繼續與第三方安全專家合作，以修補利用並評估恢復方案。這次攻擊增加了2025年越來越多的備受矚目的Defi漏洞清單，突出了與復雜的鍊鍊協議相關的風險。