Slowmist揭示了Cetus如何损失2.3亿美元的精致智能合同利用

区块链安全公司Slowmist已发布了针对CETU的2.3亿美元漏洞的详细技术细分，该公司是SUI生态系统上的关键流动性提供商。

The essence of the Cetus exploit lies in the misusage of the checked_shlw function during a liquidity addition operation. This function, designed for efficient multiplication in assembly code, has a limitation when dealing with large numbers, specifically in the context of a modular arithmetic system.

CETUS漏洞的本质在于在流动性加法操作期间误用了checked_shlw功能。该功能旨在在汇编代码中有效乘法，在处理大量时，特别是在模块化算术系统的背景下，具有限制。

As explained by SlowMist, "In essence, the modular arithmetic system used in blockchain smart contracts operates within a limited range of numbers. When an operation, such as multiplication, results in a sum exceeding this range, a remainder is calculated by dividing the product by the modulus. This remainder, in turn, becomes the final result of the modular multiplication."

正如Slowmist所解释的那样：“本质上，区块链智能合约中使用的模块化算术系统在有限的数字范围内运行。当操作（例如乘法）导致超过此范围的操作导致剩余的总和超过该范围时，通过将产品除以模量。剩余的结果，将其最终结果成为模块化乘法的最终结果。”

The researchers further noted that "the checked_shlw function is meant to perform a left shift and multiply operation, checking for overflow in the process. However, in a scenario where a very large multiplier is used with a small multiplicand, the multiplication itself might not overflow, but the addition of the original multiplicand to the final product might."

研究人员进一步指出：“ checked_shlw函数旨在执行左移和多重操作，检查过程中的溢出。但是，在一个非常大的乘数与小型乘法中一起使用的情况下，乘法本身可能不会溢出，但是将原始乘数添加到最终产品中。”

This anomaly, according to SlowMist, was exploited by the attacker to exchange just one token for an outsized share of liquidity, ultimately draining the pools.

据Slowmist称，这种异常现象被攻击者剥削，仅交换一个令牌，以获得大量的流动性，最终耗尽了游泳池。

"This was a precision-engineered mathematical exploit. The attacker exploited the edge cases of a vulnerable math function to extract liquidity worth billions from the protocol," the researchers concluded.

研究人员总结说：“这是一种精确的工程数学利用。攻击者利用了脆弱的数学功能的边缘案例，以从协议中提取价值数十亿美元的流动性。”

The incident led to a sharp decline in token pair values and liquidity depth across Cetus. In response, the Cetus team suspended the smart contract to prevent further loss and launched a full investigation.

该事件导致代币的值和CETUS的流动性深度急剧下降。作为回应，CETUS团队暂停了智能合同，以防止进一步损失，并进行了全面调查。

SlowMist has advised developers to pay closer attention to boundary conditions in smart contract development. The firm highlighted that even low-level math operations require rigorous validation to prevent similar vulnerabilities.

Slowmist建议开发人员在智能合同开发中更加关注边界条件。该公司强调，即使是低级数学操作，也需要严格的验证以防止类似的漏洞。

"The exploitation of the checked_shlw function's behavior in specific boundary conditions to perform an addition operation and trigger an overflow in the final step of the liquidity addition operation is a sophisticated technique that underscores the importance of meticulous coding practices in blockchain security," the researchers said.

研究人员说：“在流动性加法操作的最后一步中，在特定边界条件下对Checked_SHLW函数的行为进行了溢出是一种复杂的技术，它强调了在区块链安全中精心编码实践的重要性。”

As of now, Cetus continues to work with third-party security experts to patch the exploit and assess recovery options. This attack adds to a growing list of high-profile DeFi breaches in 2025, highlighting the risks associated with complex on-chain protocols.

截至目前，CETUS继续与第三方安全专家合作，以修补利用并评估恢复方案。这次攻击增加了2025年越来越多的备受瞩目的Defi漏洞清单，突出了与复杂的链链协议相关的风险。