CETUS智能合約中的微小溢出錯誤是2.3億美元的根本原因

Slowmist確認了Checked_SHLW功能中的錯誤是$ 2.3億美元Defi損失的根本原因。 CETUS智能合約中的微小溢出錯誤使攻擊者可以偽造大規模的流動性沉積。

On May 22, something alarming happened in the SUI blockchain world. Prices on the Cetus decentralized exchange (DEX) suddenly dropped, and its liquidity pools were drained. The total estimated loss was over $230 million.

5月22日，Sui區塊鏈世界發生了一些令人震驚的事情。 CETUS分散交易所（DEX）的價格突然下降，其流動性池被排出。總估計損失超過2.3億美元。

Several reports quickly implicated a single triple-entry arbitrageur who used a flash loan to crash a token price instantly and siphon off funds from multiple protocols. However, the precise technical vulnerability that enabled this massive exploit remained a subject of discussion.

幾份報告迅速暗示了一個單一的三重套期，他使用Flash貸款立即崩潰了代幣的價格，並從多個協議中刪除了資金。但是，使這種大規模利用的確切技術脆弱性仍然是討論的主題。

Now, renowned blockchain security team SlowMist has released a detailed analysis, revealing a tiny overflow bug in Cetus’ smart contract as the root cause of the staggering DeFi loss.

現在，著名的區塊鏈安全團隊Slowmist發布了詳細的分析，揭示了Cetus智能合約中的一個微小的溢出錯誤是造成驚人的Defi損失的根本原因。

The checked_shlw function, designed to check for errors like overflows, failed to properly detect an overflow in the get_delta_a function, which is used to calculate the delta of token A when adding liquidity.

Checked_SHLW函數旨在檢查諸如溢出之類的錯誤，無法正確檢測GET_DELTA_A函數中的溢出，該功能用於計算添加流動性時，該功能用於計算令牌a的三角洲。

This bug allowed the attacker to claim to be adding a huge amount of liquidity by displaying a nearly impossible price and submitting only 1 token, while the system expected 367506680905089974005506088888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888

該錯誤使攻擊者聲稱通過顯示幾乎不可能的價格並僅提交1個令牌，而係統預計，該錯誤可以增加大量流動性。