Sui DEX Cetus Drained Exploiting Flawed Open-Source Liquidity Overflow Check → Security

A close-up shot features a textured, vibrant blue object with a complex, open framework, showcasing numerous silver metallic wires threaded through its internal structure. The shallow depth of field highlights the granular surface and intricate interconnections of this abstract form

A detailed abstract image displays smooth, white, interconnected spherical and toroidal structures at its core. These are intricately surrounded by a multitude of sharp, reflective blue crystalline fragments and fine metallic rods

Briefing

The Cetus Protocol, a Concentrated Liquidity Market Maker (CLMM) on the Sui Network, was subjected to a catastrophic exploit that drained its liquidity pools, resulting in a loss of approximately $223 million in user assets. The primary consequence was a systemic liquidity shock across the Sui ecosystem, causing a sharp devaluation of multiple native tokens and a temporary halt of protocol operations. The incident is quantified by the fact that the Sui Foundation, in coordination with validators, was able to successfully freeze $162 million of the stolen funds on-chain, but the remaining $61 million was successfully bridged to Ethereum and converted to ETH.

A detailed perspective showcases a blue, glitter-textured, open-lattice structure, featuring multiple embedded metallic bearings. A silver-toned tool with a blue accent is precisely inserted into one of these bearings, highlighting mechanical engagement

Context

The core risk factor was the reliance on an open-source library for critical arithmetic operations within the complex logic of the Concentrated Liquidity Market Maker model. While the Move programming language provides inherent overflow protections, bit shift operations are intentionally exempted, necessitating a custom safeguard that was incorrectly implemented. This created a latent, high-severity vulnerability class where faulty input validation could lead to state corruption and asset loss, despite the protocol having undergone multiple security audits.

A large, textured white sphere with prominent rings, appearing to split open, reveals a vibrant expulsion of numerous small blue and white particles. A smaller, similar sphere is partially visible in the background, also engaged in this particulate dispersion

Analysis

The attacker initiated the exploit using a flash swap to manipulate pool prices, then leveraged a subtle flaw in the checked_shlw function of a third-party library. This function, intended to prevent integer overflow during bit shifts, used an incorrect constant for its validation check, allowing an attacker-supplied liquidity value to pass the check. This value then caused a Most Significant Bits (MSB) truncation during the subsequent liquidity calculation, resulting in the protocol assigning an artificially massive liquidity position to the attacker for a minimal token deposit (e.g. one unit). The attacker immediately used this phantom liquidity to remove a proportional amount of real assets from the pool, effectively draining the funds in a series of transactions.

Two sophisticated white modular devices are shown in a state of dynamic interaction, with a luminous blue cube and radiating particles connecting their open interfaces. The background features blurred, similar technological components, suggesting a vast, interconnected system

Parameters

Total Funds Drained → $223 Million – The estimated loss from the CLMM pools on the Cetus Protocol.
Assets Frozen On-Chain → $162 Million – The amount of stolen funds successfully blacklisted by Sui validators.
Unrecovered Funds Bridged → $61 Million – The portion of assets successfully moved to Ethereum and converted to ETH.
Vulnerability Type → Integer Overflow Check Flaw – A subtle error in the logic of the checked_shlw function in a third-party library.

A close-up view reveals a metallic, hexagonal object with intricate silver and dark grey patterns, partially surrounded by a vibrant, translucent blue, organic-looking material. A cylindrical metallic component protrudes from one side of the central object

Outlook

Protocols utilizing complex AMM logic, particularly those built on newer virtual machines or languages like Move, must immediately conduct a zero-tolerance review of all custom arithmetic and external library dependencies. The successful on-chain freezing of $162 million by Sui validators introduces a critical discussion on the trade-off between decentralized immutability and emergency governance-based asset recovery, setting a precedent for centralized intervention on public networks. The industry standard must evolve beyond traditional audits to include formal verification of low-level bitwise operations and a deeper, adversarial review of all third-party code.

A sophisticated, translucent cube-like object is centered against a clean, light gray background. Its intricate design features a smooth white spherical core enveloped by clear, geometric facets and an outer layer of textured material, partly permeated by brilliant blue

Verdict

This exploit confirms that complex mathematical logic and subtle bitwise errors in core smart contract libraries remain the highest-leverage attack vector, overriding the security assurances of even recently audited protocols.

concentrated liquidity, automated market maker, integer overflow, smart contract flaw, open source library, bitwise truncation, liquidity pool drain, flash swap attack, on-chain censorship, validator governance, cross chain bridge, decentralized exchange, asset freezing, Sui network, Move language, price manipulation, security audit, post mortem analysis, token value collapse, systemic risk Signal Acquired from → halborn.com