- Topic
15k Popularity
24k Popularity
108k Popularity
2k Popularity
19k Popularity
- Pin
- 🚀 ETH jumped to $4,600 this morning, up 8.69% in 24h!
Just shy of the $4,891 ATH—think it breaks through?
📍 Follow Gate_Square, vote and drop your reason.
🎁 4 winners split $100 Futures Voucher! - 📢 Exclusive on Gate Square — #PROVE Creative Contest# is Now Live!
CandyDrop × Succinct (PROVE) — Trade to share 200,000 PROVE 👉 https://www.gate.com/announcements/article/46469
Futures Lucky Draw Challenge: Guaranteed 1 PROVE Airdrop per User 👉 https://www.gate.com/announcements/article/46491
🎁 Endless creativity · Rewards keep coming — Post to share 300 PROVE!
📅 Event PeriodAugust 12, 2025, 04:00 – August 17, 2025, 16:00 UTC
📌 How to Participate
1.Publish original content on Gate Square related to PROVE or the above activities (minimum 100 words; any format: analysis, tutorial, creativ - 💙 Gate Square #Gate Blue Challenge# 💙
Show your limitless creativity with Gate Blue!
📅 Event Period
August 11 – 20, 2025
🎯 How to Participate
1. Post your original creation (image / video / hand-drawn art / digital work, etc.) on Gate Square, incorporating Gate’s brand blue or the Gate logo.
2. Include the hashtag #Gate Blue Challenge# in your post title or content.
3. Add a short blessing or message for Gate in your content (e.g., “Wishing Gate Exchange continued success — may the blue shine forever!”).
4. Submissions must be original and comply with community guidelines. Plagiarism or re - 🎉 The #CandyDrop Futures Challenge# is live — join now to share a 6 BTC prize pool!
📢 Post your futures trading experience on Gate Square with the event hashtag — $25 × 20 rewards are waiting!
🎁 $500 in futures trial vouchers up for grabs — 20 standout posts will win!
📅 Event Period: August 1, 2025, 15:00 – August 15, 2025, 19:00 (UTC+8)
👉 Event Link: https://www.gate.com/candy-drop/detail/BTC-98
Dare to trade. Dare to win.
The SUI ecosystem project Cetus was attacked for $230 million, with an overflow vulnerability leading to massive losses.
SUI ecosystem project Cetus suffered a $230 million attack, detailed methods and flow of funds.
On May 22, the liquidity provider Cetus on the SUI ecosystem was allegedly attacked, resulting in a significant decrease in liquidity pool depth and a drop in several token trading pairs, with estimated losses exceeding $230 million. Cetus subsequently announced that it has suspended the smart contract and is investigating the incident.
A certain security team quickly intervened to analyze and issued a security alert. Below is a detailed analysis of the attack methods and the funds transfer situation.
Attack Analysis
The core of this attack lies in the attackers carefully constructing parameters, allowing the overflow to occur while bypassing detection, ultimately exchanging a minimal amount of tokens for a substantial amount of liquidity assets. The specific steps are as follows:
The attacker first borrowed a large amount of haSUI through a flash loan, causing the pool price to plummet by 99.90%.
The attacker chose a very narrow price range to establish a liquidity position, with a range width of only 1.00496621%.
Attack Core: The attacker claims to add a huge amount of liquidity, but the system actually only received 1 token A. This is due to an overflow detection bypass vulnerability in the checked_shlw function within the get_delta_a function.
The attacker removes liquidity and gains huge token profits.
The attacker returned the flash loan, netting approximately 10,024,321.28 haSUI and 5,765,124.79 SUI.
Project Party Fix
Cetus has released a patch that primarily fixes the implementation of the checked_shlw function:
Capital Flow Analysis
The attacker profited approximately $230 million, including various assets such as SUI, vSUI, and USDC. The attacker transferred part of the funds to EVM addresses via cross-chain bridges. Specific actions include:
According to Cetus, a total of $162 million in stolen funds has been successfully frozen on SUI.
On EVM chains, the actions of attackers include:
Summary
This attack demonstrates the dangers of mathematical overflow vulnerabilities. The attacker exploited the flaw in the checked_shlw function by making precise calculations and choosing specific parameters, obtaining massive liquidity at a very low cost. Developers should strictly validate the boundary conditions of all mathematical functions in smart contract development to prevent similar vulnerabilities.