- Topic
35k Popularity
17k Popularity
46k Popularity
17k Popularity
43k Popularity
18k Popularity
7k Popularity
4k Popularity
115k Popularity
28k Popularity
- Pin
- 🎊 ETH Deposit & Trading Carnival Kicks Off!
Join the Trading Volume & Net Deposit Leaderboards to win from a 20 ETH prize pool
🚀 Climb the ranks and claim your ETH reward: https://www.gate.com/campaigns/site/200
💥 Tiered Prize Pool – Higher total volume unlocks bigger rewards
Learn more: https://www.gate.com/announcements/article/46166
- 📢 ETH Heading for $4800? Have Your Say! Show Off on Gate Square & Win 0.1 ETH!
The next bull market prophet could be you! Want your insights to hit the Square trending list and earn ETH rewards? Now’s your chance!
💰 0.1 ETH to be shared between 5 top Square posts + 5 top X (Twitter) posts by views!
🎮 How to Join – Zero Barriers, ETH Up for Grabs!
1.Join the Hot Topic Debate!
Post in Gate Square or under ETH chart with #ETH Hits 4800# and #ETH# . Share your thoughts on:
Can ETH break $4800?
Why are you bullish on ETH?
What's your ETH holding strategy?
Will ETH lead the next bull run?
Or any o
- 🧠 #GateGiveaway# - Crypto Math Challenge!
💰 $10 Futures Voucher * 4 winners
To join:
1️⃣ Follow Gate_Square
2️⃣ Like this post
3️⃣ Drop your answer in the comments
📅 Ends at 4:00 AM July 22 (UTC)
- 🎉 #Gate Alpha 3rd Points Carnival & ES Launchpool# Joint Promotion Task is Now Live!
Total Prize Pool: 1,250 $ES
This campaign aims to promote the Eclipse ($ES) Launchpool and Alpha Phase 11: $ES Special Event.
📄 For details, please refer to:
Launchpool Announcement: https://www.gate.com/zh/announcements/article/46134
Alpha Phase 11 Announcement: https://www.gate.com/zh/announcements/article/46137
🧩 [Task Details]
Create content around the Launchpool and Alpha Phase 11 campaign and include a screenshot of your participation.
📸 [How to Participate]
1️⃣ Post with the hashtag #Gate Alpha 3rd - 🚨 Gate Alpha Ambassador Recruitment is Now Open!
📣 We’re looking for passionate Web3 creators and community promoters
🚀 Join us as a Gate Alpha Ambassador to help build our brand and promote high-potential early-stage on-chain assets
🎁 Earn up to 100U per task
💰 Top contributors can earn up to 1000U per month
🛠 Flexible collaboration with full support
Apply now 👉 https://www.gate.com/questionnaire/6888
Cetus suffered an attack resulting in a loss of $230 million, raising alarm bells for the security of the SUI ecosystem.
Cetus Attacked, Loss Exceeds $230 Million
On May 22, the SUI ecosystem liquidity provider Cetus allegedly suffered an attack, with multiple trading pairs experiencing significant declines and the liquidity pool depth sharply decreasing, with estimated losses exceeding $230 million. Cetus subsequently issued a statement saying that it has suspended the smart contract and is investigating the incident.
The security team conducted an in-depth analysis of the attack, revealing the specific methods used by the attackers.
Attack Analysis
Attackers exploited system vulnerabilities by carefully constructing parameters to achieve operations that exchanged a very small amount of tokens for a huge amount of liquidity. The specific steps are as follows:
Borrowing a large amount of haSUI through flash loans caused the pool price to plummet by 99.90%.
Open liquidity positions in a very narrow price range, with a range width of only 1.00496621%.
Declares to add a huge amount of liquidity, but actually pays only 1 token A. This is the core of the attack, exploiting the overflow detection bypass vulnerability in the checked_shlw function of get_delta_a.
The system has a serious deviation when calculating the required haSUI amount, leading to a misjudgment that allows attackers to exchange a minimal amount of Tokens for a large quantity of liquidity assets.
Finally, remove liquidity to obtain huge token profits and complete the attack.
Project Party Fix
After the attack, Cetus quickly released a patch. The main fix addressed the error mask and judgment conditions in the checked_shlw function, ensuring that it can correctly detect situations that may lead to overflow.
Capital Flow Analysis
Attackers profited approximately $230 million, including various assets such as SUI, vSUI, and USDC. Some funds were transferred to EVM addresses via cross-chain bridges. Approximately $10 million in assets were deposited into Suilend, and 24 million SUI were transferred to a new address and have not yet been withdrawn.
Fortunately, the SUI Foundation and other relevant parties have successfully frozen approximately $162 million of the stolen funds on the SUI chain.
On the EVM chain, the attacker exchanged part of the funds for ETH and transferred 20,000 ETH to a new address. Currently, the balance of that address on Ethereum is 3,244 ETH.
Summary
This attack fully demonstrates the power of mathematical overflow vulnerabilities. The attacker achieved substantial profits by precisely calculating and selecting parameters, exploiting function defects in the smart contract. This serves as a reminder to developers that they must rigorously validate all boundary conditions of mathematical functions during contract development to prevent similar attacks.