CETUS智能合约中的微小溢出错误是2.3亿美元的根本原因

Slowmist确认了Checked_SHLW功能中的错误是$ 2.3亿美元Defi损失的根本原因。 CETUS智能合约中的微小溢出错误使攻击者可以伪造大规模的流动性沉积。

On May 22, something alarming happened in the SUI blockchain world. Prices on the Cetus decentralized exchange (DEX) suddenly dropped, and its liquidity pools were drained. The total estimated loss was over $230 million.

5月22日，Sui区块链世界发生了一些令人震惊的事情。 CETUS分散交易所（DEX）的价格突然下降，其流动性池被排出。总估计损失超过2.3亿美元。

Several reports quickly implicated a single triple-entry arbitrageur who used a flash loan to crash a token price instantly and siphon off funds from multiple protocols. However, the precise technical vulnerability that enabled this massive exploit remained a subject of discussion.

几份报告迅速暗示了一个单一的三重套期，他使用Flash贷款立即崩溃了代币的价格，并从多个协议中删除了资金。但是，使这种大规模利用的确切技术脆弱性仍然是讨论的主题。

Now, renowned blockchain security team SlowMist has released a detailed analysis, revealing a tiny overflow bug in Cetus’ smart contract as the root cause of the staggering DeFi loss.

现在，著名的区块链安全团队Slowmist发布了详细的分析，揭示了Cetus智能合约中的一个微小的溢出错误是造成惊人的Defi损失的根本原因。

The checked_shlw function, designed to check for errors like overflows, failed to properly detect an overflow in the get_delta_a function, which is used to calculate the delta of token A when adding liquidity.

Checked_SHLW函数旨在检查诸如溢出之类的错误，无法正确检测GET_DELTA_A函数中的溢出，该功能用于计算添加流动性时，该功能用于计算令牌a的三角洲。

This bug allowed the attacker to claim to be adding a huge amount of liquidity by displaying a nearly impossible price and submitting only 1 token, while the system expected 367506680905089974005506088888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888

该错误使攻击者声称通过显示几乎不可能的价格并仅提交1个令牌，而系统预计，该错误可以增加大量流动性。