Cetus CLMM Postmortem

Cetus CLMM Hack — May 22, 2025 Post-Mortem (Aggregated)

Incident Overview

On May 22, 2025, Cetus Protocol on Sui was exploited for roughly $223M. The exploit resulted in the loss of approximately $223 million in under 15 minutes. Around $60M was bridged out to Ethereum quickly, while roughly $162M remained on Sui and was frozen before it could fully exit.

Root Cause Analysis

The exploit stemmed from a critical vulnerability in the protocol's math library:

• Single failure point: an incorrect overflow guard in checked_shlw allowed a shift-left scaling step in Cetus' u256 fixed-point math to overflow silently, corrupting the add-liquidity token-delta calculation.

• The implementation of checked_shlw was flawed, comparing the provided value to 0xFFFFFFFFFFFFFFFF << 192 rather than 0x1 << 192. The value 0x1 << 192 is the smallest value that cannot be safely shifted left by 64 bits without an overflow.

• The value used by Cetus is well above this threshold, permitting some values that would create an overflow to pass the check.

Attack Mechanism

• The attacker used a flashloan to rapidly acquire 10,024,321.28 haSUI and then swapped out 5,765,124.79 SUI, driving the pool price down.

• This price movement enabled the attacker to open a CLMM position requiring only a minimal amount of one token, leveraging the "single-sided / nearly single-token" liquidity behavior in concentrated liquidity designs.

• After the unsafe shift-induced truncation, the protocol computed the required Token A amount as effectively 1 unit, while still minting/recording the position with massive liquidity (i.e., 10,365,647,984,364,446,732,462,244,378,333,008).

Containment and Recovery

• Cetus paused the affected contracts to stop additional extraction.

• Sui validators coordinated emergency action to block attacker-controlled addresses on-chain, preserving the majority of the stolen value on Sui instead of allowing a full bridge-out.

• Full recovery was initiated: locked funds reclaimed through vote process, backed by Cetus treasury resources and a loan from the Sui Foundation to cover the offchain portion.

Broader Impact

The incident was treated as a shared-library failure rather than an isolated pool bug. Attention shifted to other protocols with the same vulnerable math primitive, including Kriya, Momentum, and Bluefin.