create account

DeFi Under Fire: How a Math Error in CETUS Protocol Led to a Massive Exploit. by r1s2g3

View this thread on: hive.blogpeakd.comecency.com
hive-167922 · @r1s2g3 ·
$7.38
DeFi Under Fire: How a Math Error in CETUS Protocol Led to a Massive Exploit.
## DeFi Under Fire: How a Math Error in CETUS Protocol Led to a Massive Exploit.

It is no brainer that where  is money, malicious actors will also be there, eyeing the money and trying to seize every opportunity that will help them to deploy their attack vectors to drain the funds.  Sometimes phishing is used to lure the user, or in the latest case, hackers are using zero zero-value fund transfer scheme to attack the users. In this case, a little caution by the user will be able to safeguard their funds. But what will happen if the code guarding the fund is itself flawed? Contracts/Code that are now the actual custodian or are supposed to safeguard your funds are the actual weakest link in the safety of your funds. 


![image.png](https://files.peakd.com/file/peakd-hive/r1s2g3/EpvhWLX3XF258azHxprbthswvxT8gNyFdvg71BKbviWKW3hwKNVehmFcwKKgAxnZHEL.png)
[Source](https://pixabay.com/photos/math-mathematic-mathematical-1974628/)

## What exactly is CETUS protocol?
Cetus Protocol is a decentralized finance platform on the SUI blockchain platform. On May 22, the platform was hacked for approximately $223 million in funds. This hack caused the draining of the liquidity platform and few of the memecoins in the SUI blockchain, like AXOL, almost lost their values.


## How does the CETUS hack become possible?

Blockchain security firm Dedaub has analyzed to get the root cause of the hack. According  to their analysis "overflow" in the mathematical calculation caused this issue.

>The attacker exploited a vulnerability that truncates the most significant bits in a liquidity calculation function of Cetus AMM. This calculation is invoked when a user opens an LP position. When opening such position, a user can open a large or small position by specifying a β€œliquidity” parameter (what fraction of the pool you would like to get in return), and supplying the corresponding amount of tokens. By manipulating the liquidity parameter to an extremely high value, they caused an overflow in the intermediate calculations that went undetected due to a flawed truncation check. This allowed them to add massive liquidity positions with just 1 unit of token input, subsequently draining pools collectively containing hundreds of millions of dollars worth of token.

They have done a very detailed report explaining the mathematical functions, and the exact line of code that caused the issue. If you are really interested in reading all of this, then you should read this detailed report [here](https://dedaub.com/blog/the-cetus-amm-200m-hack-how-a-flawed-overflow-check-led-to-catastrophic-loss/)

## How the crypto community got divided after the hack.

SUI blockchain network validators froze the $160 million funds in the attacker's wallets. Since they can freeze the fund, the crypto community is now doubting the decentralization of the SUI platform. If they can freeze the fund, then it is a "centralized" network under the disguise of the "Decentralization".

## My 2 cents.

With all the risks and hacks involved in Defi, I am not a big fan of Defi currently. I already outlined the [risks in Defi in my earlier posts](https://inleo.io/@r1s2g3/decentralized-finance-defi-comes-with-a-risk-l1r). With CETUS hack, my fear also came true. I wish that the developer would understand that their code is responsible for the safeguarding the funds of the millions of users. Due to the narrative of crypto in social media that  promotes crypto as  100x or 1000x money making scheme overnight, many users  put their substantial savings sometime. I wish in this this did not happened.

In the end, I will just say invest in a platform by calculating the risks and rewards, and developers and auditors should perform their job more responsibly. 
 

Posted Using [INLEO](https://inleo.io/@r1s2g3/defi-under-fire-how-a-math-error-in-cetus-protocol-led-to-a-massive-exploit-6dn)
πŸ‘  , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , and 210 others
properties (23)
authorr1s2g3
permlinkdefi-under-fire-how-a-math-error-in-cetus-protocol-led-to-a-massive-exploit-6dn
categoryhive-167922
json_metadata{"app":"leothreads/0.3","format":"markdown","tags":["hive-167922","defi","sui","cetus","hack","hive-engine","neoxian","pob","archon","cent"],"canonical_url":"https://inleo.io/@r1s2g3/defi-under-fire-how-a-math-error-in-cetus-protocol-led-to-a-massive-exploit-6dn","links":["https://files.peakd.com/file/peakd-hive/r1s2g3/EpvhWLX3XF258azHxprbthswvxT8gNyFdvg71BKbviWKW3hwKNVehmFcwKKgAxnZHEL.png)","https://pixabay.com/photos/math-mathematic-mathematical-1974628/)","https://dedaub.com/blog/the-cetus-amm-200m-hack-how-a-flawed-overflow-check-led-to-catastrophic-loss/)","https://inleo.io/@r1s2g3/decentralized-finance-defi-comes-with-a-risk-l1r).","https://inleo.io/@r1s2g3/defi-under-fire-how-a-math-error-in-cetus-protocol-led-to-a-massive-exploit-6dn)"],"images":[],"isPoll":false,"dimensions":{}}
created2025-05-26 17:33:12
last_update2025-05-26 17:33:12
depth0
children11
last_payout2025-06-02 17:33:12
cashout_time1969-12-31 23:59:59
total_payout_value3.704 HBD
curator_payout_value3.675 HBD
pending_payout_value0.000 HBD
promoted0.000 HBD
body_length3,878
author_reputation474,160,583,961,607
root_title"DeFi Under Fire: How a Math Error in CETUS Protocol Led to a Massive Exploit."
beneficiaries[]
max_accepted_payout1,000,000.000 HBD
percent_hbd0
post_id142,978,708
net_rshares23,344,633,624,483
author_curate_reward""
vote details (274)
@cleanplanet · 
Hello,<br/>this Comment has been upvoted with 100%, thanks to @r1s2g3 who burned 1000 PLANET<br/>With this burn @r1s2g3 is actively participating in the CLEAN PLANET reward protocol.<br/>@r1s2g3 is helping @cleanplanet to grow with the curation.<br/>Thanks for your help<br/>@cleanplanet
properties (22)
authorcleanplanet
permlinkre-r1s2g3-20250528t040559299z
categoryhive-167922
json_metadata"{"tags":["cleanplanet"],"app":"hivegadgets/1.0.0","format":"markdown+html","description":"Upvote for burned Planet Token"}"
created2025-05-28 04:06:00
last_update2025-05-28 04:06:00
depth1
children0
last_payout2025-06-04 04:06:00
cashout_time1969-12-31 23:59:59
total_payout_value0.000 HBD
curator_payout_value0.000 HBD
pending_payout_value0.000 HBD
promoted0.000 HBD
body_length287
author_reputation85,786,252,576,268
root_title"DeFi Under Fire: How a Math Error in CETUS Protocol Led to a Massive Exploit."
beneficiaries[]
max_accepted_payout1,000,000.000 HBD
percent_hbd10,000
post_id143,007,175
net_rshares0
@india-leo ·
Indiaunited Curation 1748281453874
This post has been manually curated by @bhattg from Indiaunited community. Join us on our [Discord Server](https://discord.gg/bGmS2tE). 

Do you know that you can earn a passive income by delegating your Leo power to @india-leo account? We share 100 % of the curation rewards with the delegators. 

<sub>**100% of the rewards from this comment goes to the curator for their manual curation efforts. Please encourage the curator @bhattg by upvoting this comment and support the community by voting the posts made by @indiaunited.**</sub>
πŸ‘  ,
properties (23)
authorindia-leo
permlinkindiaunited-1748281453874
categoryhive-167922
json_metadata{"app":"hiveblog/0.1","format":"markdown","tags":["hive-167922","defi","sui","cetus","hack","hive-engine","neoxian","pob","archon","cent"]}
created2025-05-26 17:44:12
last_update2025-05-26 17:44:12
depth1
children1
last_payout2025-06-02 17:44:12
cashout_time1969-12-31 23:59:59
total_payout_value0.000 HBD
curator_payout_value0.000 HBD
pending_payout_value0.000 HBD
promoted0.000 HBD
body_length536
author_reputation7,515,460,731,052
root_title"DeFi Under Fire: How a Math Error in CETUS Protocol Led to a Massive Exploit."
beneficiaries
0.
accountbhattg
weight10,000
max_accepted_payout1,000,000.000 HBD
percent_hbd10,000
post_id142,978,868
net_rshares319,743,879
author_curate_reward""
vote details (2)
@r1s2g3 · 
thanks for curation.
πŸ‘  ,
properties (23)
authorr1s2g3
permlinkre-india-leo-swxpsd
categoryhive-167922
json_metadata{"tags":["hive-167922"],"app":"peakd/2025.5.7"}
created2025-05-27 19:21:51
last_update2025-05-27 19:21:51
depth2
children0
last_payout2025-06-03 19:21:51
cashout_time1969-12-31 23:59:59
total_payout_value0.000 HBD
curator_payout_value0.000 HBD
pending_payout_value0.000 HBD
promoted0.000 HBD
body_length20
author_reputation474,160,583,961,607
root_title"DeFi Under Fire: How a Math Error in CETUS Protocol Led to a Massive Exploit."
beneficiaries[]
max_accepted_payout1,000,000.000 HBD
percent_hbd10,000
post_id143,000,661
net_rshares588,407,560
author_curate_reward""
vote details (2)
@indiaunited ·
$0.02
Indiaunited Curation 1748315453255
This post has been manually curated by @bhattg from Indiaunited community. Join us on our [Discord Server](https://discord.gg/bGmS2tE). 

Do you know that you can earn a passive income by delegating to @indiaunited. We share more than 100 % of the curation rewards with the delegators in the form of IUC tokens. HP delegators and IUC token holders also get upto 20% additional vote weight. 

Here are some handy links for delegations: [100HP](https://hivesigner.com/sign/delegateVestingShares?delegator=&delegatee=indiaunited&vesting_shares=167272.6358399369%20VESTS), [250HP](https://hivesigner.com/sign/delegateVestingShares?delegator=&delegatee=indiaunited&vesting_shares=418181.5895998423%20VESTS), [500HP](https://hivesigner.com/sign/delegateVestingShares?delegator=&delegatee=indiaunited&vesting_shares=836363.1791996846%20VESTS), [1000HP](https://hivesigner.com/sign/delegateVestingShares?delegator=&delegatee=indiaunited&vesting_shares=1672726.3583993693%20VESTS). 

[![image.png](https://files.peakd.com/file/peakd-hive/bala41288/46eaz12N-image.png)](https://discord.gg/bGmS2tE) 

<sub>**100% of the rewards from this comment goes to the curator for their manual curation efforts. Please encourage the curator @bhattg by upvoting this comment and support the community by voting the posts made by @indiaunited.**</sub>. 

This post received an extra 6.95% vote for delegating HP / holding IUC tokens.
πŸ‘  , ,
properties (23)
authorindiaunited
permlinkindiaunited-1748315453255
categoryhive-167922
json_metadata{"app":"hiveblog/0.1","format":"markdown","tags":["hive-167922","defi","sui","cetus","hack","hive-engine","neoxian","pob","archon","cent"]}
created2025-05-27 03:10:54
last_update2025-05-27 03:10:54
depth1
children1
last_payout2025-06-03 03:10:54
cashout_time1969-12-31 23:59:59
total_payout_value0.000 HBD
curator_payout_value0.023 HBD
pending_payout_value0.000 HBD
promoted0.000 HBD
body_length1,409
author_reputation96,731,905,330,256
root_title"DeFi Under Fire: How a Math Error in CETUS Protocol Led to a Massive Exploit."
beneficiaries
0.
accountbhattg
weight10,000
max_accepted_payout1,000,000.000 HBD
percent_hbd10,000
post_id142,986,352
net_rshares151,776,728,422
author_curate_reward""
vote details (3)
@r1s2g3 · 
Thanks for curation.
πŸ‘  ,
properties (23)
authorr1s2g3
permlinkre-indiaunited-swxprh
categoryhive-167922
json_metadata{"tags":["hive-167922"],"app":"peakd/2025.5.7"}
created2025-05-27 19:21:18
last_update2025-05-27 19:21:18
depth2
children0
last_payout2025-06-03 19:21:18
cashout_time1969-12-31 23:59:59
total_payout_value0.000 HBD
curator_payout_value0.000 HBD
pending_payout_value0.000 HBD
promoted0.000 HBD
body_length20
author_reputation474,160,583,961,607
root_title"DeFi Under Fire: How a Math Error in CETUS Protocol Led to a Massive Exploit."
beneficiaries[]
max_accepted_payout1,000,000.000 HBD
percent_hbd10,000
post_id143,000,653
net_rshares616,781,713
author_curate_reward""
vote details (2)
@jfang003 ·
$0.05
@jfang003 "The hacks suck and the freezing of funds will obvi..."
The hacks suck and the freezing of funds will obviously cause issues. I wonder how things will go because security and hacks will be fighting against each other all the time.
πŸ‘  , , , ,
properties (23)
authorjfang003
permlinkre-r1s2g3-rvm9fcpc
categoryhive-167922
json_metadata{"app":"leothreads/0.3","format":"markdown","tags":["leofinance"],"canonical_url":"https://inleo.io/threads/view/jfang003/re-r1s2g3-rvm9fcpc","isPoll":false,"pollOptions":{},"dimensions":[]}
created2025-05-27 05:37:33
last_update2025-05-27 05:37:33
depth1
children2
last_payout2025-06-03 05:37:33
cashout_time1969-12-31 23:59:59
total_payout_value0.024 HBD
curator_payout_value0.023 HBD
pending_payout_value0.000 HBD
promoted0.000 HBD
body_length174
author_reputation638,268,559,151,210
root_title"DeFi Under Fire: How a Math Error in CETUS Protocol Led to a Massive Exploit."
beneficiaries[]
max_accepted_payout1,000,000.000 HBD
percent_hbd10,000
post_id142,987,898
net_rshares155,458,439,503
author_curate_reward""
vote details (5)
@r1s2g3 · 
 More we rely on Code, more better we need to Code. look like, defi development will need time to mature enough to put robust code.

!PIZZA !LOL
πŸ‘  , , ,
properties (23)
authorr1s2g3
permlinkre-jfang003-swxpqu
categoryhive-167922
json_metadata{"tags":["hive-167922"],"app":"peakd/2025.5.7"}
created2025-05-27 19:20:57
last_update2025-05-27 19:20:57
depth2
children1
last_payout2025-06-03 19:20:57
cashout_time1969-12-31 23:59:59
total_payout_value0.000 HBD
curator_payout_value0.000 HBD
pending_payout_value0.000 HBD
promoted0.000 HBD
body_length144
author_reputation474,160,583,961,607
root_title"DeFi Under Fire: How a Math Error in CETUS Protocol Led to a Massive Exploit."
beneficiaries[]
max_accepted_payout1,000,000.000 HBD
percent_hbd10,000
post_id143,000,647
net_rshares4,641,043,391
author_curate_reward""
vote details (4)
@lolzbot · 
<div class='pull-right'><center><img src="https://lolztoken.com/lolz.png"><br><a href="https://lolztoken.com">lolztoken.com</a></p><br><br><br><br></center></div><p><center><strong>Why is a timer like a scale?<br>They both measure wait.</strong><br><sub>Credit: <a href="https://peakd.com/@reddit">reddit</a></sub><br>@jfang003, I sent you an <a href="https://lolztoken.com">$LOLZ</a> on behalf of r1s2g3<br><br>(1/10)<br>Farm <strong><a href='https://lolztoken.com'>LOLZ tokens</a></strong> when you <strong><a href='https://peakd.com/hive-155986/@lolztoken/earn-10percent-apr-on-hive-power-delegations-to-the-lolz-project'>Delegate Hive</a> or <a href='https://peakd.com/hive-155986/@lolztoken/introducing-lolz-defi-now-you'>Hive Tokens</a>.</strong><br>Click to delegate: <a href='https://hivesigner.com/sign/delegateVestingShares?delegator=&delegatee=lolzbot&vesting_shares=10%20HP'>10</a> - <a href='https://hivesigner.com/sign/delegateVestingShares?delegator=&delegatee=lolzbot&vesting_shares=20%20HP'>20</a> - <a href='https://hivesigner.com/sign/delegateVestingShares?delegator=&delegatee=lolzbot&vesting_shares=50%20HP'>50</a> - <a href='https://hivesigner.com/sign/delegateVestingShares?delegator=&delegatee=lolzbot&vesting_shares=100%20HP'>100</a> HP</center></p>
properties (22)
authorlolzbot
permlinkre-re-jfang003-swxpqu-20250527t192113z
categoryhive-167922
json_metadata"{"app": "beem/0.24.19"}"
created2025-05-27 19:21:27
last_update2025-05-27 19:21:27
depth3
children0
last_payout2025-06-03 19:21:27
cashout_time1969-12-31 23:59:59
total_payout_value0.000 HBD
curator_payout_value0.000 HBD
pending_payout_value0.000 HBD
promoted0.000 HBD
body_length1,274
author_reputation195,897,011,665,967
root_title"DeFi Under Fire: How a Math Error in CETUS Protocol Led to a Massive Exploit."
beneficiaries[]
max_accepted_payout1,000,000.000 HBD
percent_hbd10,000
post_id143,000,657
net_rshares0
@osiriss · 
!LOLZ
!PIZZA
!BEER
πŸ‘  , ,
properties (23)
authorosiriss
permlinkswxtby
categoryhive-167922
json_metadata{"app":"hiveblog/0.1"}
created2025-05-27 20:38:21
last_update2025-05-27 20:38:21
depth1
children1
last_payout2025-06-03 20:38:21
cashout_time1969-12-31 23:59:59
total_payout_value0.000 HBD
curator_payout_value0.000 HBD
pending_payout_value0.000 HBD
promoted0.000 HBD
body_length18
author_reputation20,975,257,128,795
root_title"DeFi Under Fire: How a Math Error in CETUS Protocol Led to a Massive Exploit."
beneficiaries[]
max_accepted_payout1,000,000.000 HBD
percent_hbd10,000
post_id143,001,714
net_rshares4,247,625,868
author_curate_reward""
vote details (3)
@pizzabot · 
@osiriss, sorry! You need more to stake more $PIZZA to use this command.

The minimum requirement is 20.0 PIZZA staked.

More $PIZZA is available from [Hive-Engine](https://hive-engine.com/?p=market&t=PIZZA) or [Tribaldex](https://tribaldex.com/trade/PIZZA)
πŸ‘  
properties (23)
authorpizzabot
permlinkre-swxtby-20250527t203915z
categoryhive-167922
json_metadata"{"app": "pizzabot"}"
created2025-05-27 20:39:15
last_update2025-05-27 20:39:15
depth2
children0
last_payout2025-06-03 20:39:15
cashout_time1969-12-31 23:59:59
total_payout_value0.000 HBD
curator_payout_value0.000 HBD
pending_payout_value0.000 HBD
promoted0.000 HBD
body_length258
author_reputation7,539,448,525,896
root_title"DeFi Under Fire: How a Math Error in CETUS Protocol Led to a Massive Exploit."
beneficiaries[]
max_accepted_payout1,000,000.000 HBD
percent_hbd10,000
post_id143,001,730
net_rshares43,662,568
author_curate_reward""
vote details (1)
@pizzabot · 
<center>PIZZA!


$PIZZA slices delivered:
@r1s2g3<sub>(2/10)</sub> tipped @jfang003 


<sub>Come get [MOON](https://moon.hive.pizza)ed!</sub></center>
πŸ‘  
properties (23)
authorpizzabot
permlinkre-defi-under-fire-how-a-math-error-in-cetus-protocol-led-to-a-massive-exploit-6dn-20250527t192120z
categoryhive-167922
json_metadata"{"app": "leothreads/pizzabot"}"
created2025-05-27 19:21:21
last_update2025-05-27 19:21:21
depth1
children0
last_payout2025-06-03 19:21:21
cashout_time1969-12-31 23:59:59
total_payout_value0.000 HBD
curator_payout_value0.000 HBD
pending_payout_value0.000 HBD
promoted0.000 HBD
body_length150
author_reputation7,539,448,525,896
root_title"DeFi Under Fire: How a Math Error in CETUS Protocol Led to a Massive Exploit."
beneficiaries[]
max_accepted_payout1,000,000.000 HBD
percent_hbd10,000
post_id143,000,654
net_rshares41,790,122
author_curate_reward""
vote details (1)
Help/Feedback