Slow Fog released an analysis of the Cetus theft incident of $230 million: hackers exchanged a minimal amount of Tokens for massive Liquidity assets.

Odaily Planet Daily News Slowfog released an analysis of the $230 million theft of Cetus, which pointed out that the core of this incident is that the attacker carefully constructs parameters to make the overflow occur but can bypass detection, and finally exchange a very small amount of Token for a huge amount of liquid assets, the core reason is that there is an overflow detection bypass vulnerability in the checkedshlw in the getdeltaa function. This is where the attackers exploit this, causing the system to be severely skewed in calculating how much haSUI actually needs to be added. Since the overflow was not detected, the system misjudged the amount of haSUI needed, resulting in the attacker being able to exchange a large amount of liquid assets with only a small number of tokens, thus achieving the attack. This attack demonstrates the power of mathematical overflow vulnerabilities. The attacker precisely calculated and selected specific parameters, exploiting the flaws in the checkedshlw function to obtain liquidity worth billions at the cost of just 1 token. This is an extremely sophisticated mathematical attack, and it is recommended that developers strictly verify all boundary conditions of mathematical functions in smart contract development.