Sui DEX Cetus Drained Exploiting Flawed Open-Source Liquidity Overflow Check → Security

A cluster of vibrant blue and clear crystalline structures rises from dark, reflective water, partially enveloped by soft white snow. The background features a muted grey sky, creating a stark, cold environment

The image displays a close-up of a futuristic, metallic computing device with prominent blue glowing internal components. Its intricate design features brushed metal surfaces, sharp geometric forms, and transparent sections revealing illuminated conduits

Briefing

The Cetus Protocol, a Concentrated Liquidity Market Maker (CLMM) on the Sui Network, was subjected to a catastrophic exploit that drained its liquidity pools, resulting in a loss of approximately $223 million in user assets. The primary consequence was a systemic liquidity shock across the Sui ecosystem, causing a sharp devaluation of multiple native tokens and a temporary halt of protocol operations. The incident is quantified by the fact that the Sui Foundation, in coordination with validators, was able to successfully freeze $162 million of the stolen funds on-chain, but the remaining $61 million was successfully bridged to Ethereum and converted to ETH.

A sophisticated, futuristic mechanical assembly is centrally featured, composed of metallic silver and dark grey components, including intricate gears and a prominent circular aperture. Transparent blue structural elements partially enclose this advanced mechanism, which is enveloped by a dynamic, granular, foamy substance

Context

The core risk factor was the reliance on an open-source library for critical arithmetic operations within the complex logic of the Concentrated Liquidity Market Maker model. While the Move programming language provides inherent overflow protections, bit shift operations are intentionally exempted, necessitating a custom safeguard that was incorrectly implemented. This created a latent, high-severity vulnerability class where faulty input validation could lead to state corruption and asset loss, despite the protocol having undergone multiple security audits.

A futuristic, intricate mechanical device is presented, featuring a detailed central circular mechanism surrounded by angular blue and silver housing. Visible gold and silver gears are precisely arranged within the core, suggesting complex internal operations

Analysis

The attacker initiated the exploit using a flash swap to manipulate pool prices, then leveraged a subtle flaw in the checked_shlw function of a third-party library. This function, intended to prevent integer overflow during bit shifts, used an incorrect constant for its validation check, allowing an attacker-supplied liquidity value to pass the check. This value then caused a Most Significant Bits (MSB) truncation during the subsequent liquidity calculation, resulting in the protocol assigning an artificially massive liquidity position to the attacker for a minimal token deposit (e.g. one unit). The attacker immediately used this phantom liquidity to remove a proportional amount of real assets from the pool, effectively draining the funds in a series of transactions.

A sophisticated metallic mechanism, featuring striking blue and silver components with gear-like detailing, is meticulously presented. It rests within a bed of white foam, partially revealing dark blue, faceted geometric structures beneath

Parameters

Total Funds Drained → $223 Million – The estimated loss from the CLMM pools on the Cetus Protocol.
Assets Frozen On-Chain → $162 Million – The amount of stolen funds successfully blacklisted by Sui validators.
Unrecovered Funds Bridged → $61 Million – The portion of assets successfully moved to Ethereum and converted to ETH.
Vulnerability Type → Integer Overflow Check Flaw – A subtle error in the logic of the checked_shlw function in a third-party library.

A detailed close-up reveals a futuristic, mechanical object with a central white circular hub featuring a dark, reflective spherical lens. Numerous blue, faceted, blade-like structures radiate outwards from this central hub, creating a complex, symmetrical pattern against a soft grey background

Outlook

Protocols utilizing complex AMM logic, particularly those built on newer virtual machines or languages like Move, must immediately conduct a zero-tolerance review of all custom arithmetic and external library dependencies. The successful on-chain freezing of $162 million by Sui validators introduces a critical discussion on the trade-off between decentralized immutability and emergency governance-based asset recovery, setting a precedent for centralized intervention on public networks. The industry standard must evolve beyond traditional audits to include formal verification of low-level bitwise operations and a deeper, adversarial review of all third-party code.

A close-up view presents a futuristic, metallic hardware device, partially adorned with granular frost, held by a white, textured glove. The device's open face reveals an intricate arrangement of faceted blue and silver geometric forms nestled within its internal structure

Verdict

This exploit confirms that complex mathematical logic and subtle bitwise errors in core smart contract libraries remain the highest-leverage attack vector, overriding the security assurances of even recently audited protocols.

concentrated liquidity, automated market maker, integer overflow, smart contract flaw, open source library, bitwise truncation, liquidity pool drain, flash swap attack, on-chain censorship, validator governance, cross chain bridge, decentralized exchange, asset freezing, Sui network, Move language, price manipulation, security audit, post mortem analysis, token value collapse, systemic risk Signal Acquired from → halborn.com