From protocol vulnerabilities to the dialectics of decentralization: A detailed explanation of the Cetus incident, has the security of MOVE language been shaken?

Question

A few days ago, Cetus, the largest decentralized exchange on Sui, was hacked for $220 million, of which about $60 million has been transferred to Ethereum across chains. Security researchers at Amber Group shared on Twitter that the problem stemmed from a vulnerability in the Cetus protocol and had little to do with the security of the MOVE language. In addition, Mysten Labs' product chief Adeniyi also said that he has placed $160 million in house arrest hackers from the validator side. This article takes you from the beginning and end of events to the dialectic of decentralization, an understanding.

( Water family shed tears! Sui main DEX Cetus lost over 260 million dollars, evaporating 83% TVL )

The vulnerability lies in the coding issues of Cetus itself.

Amber Group's security researcher @neeksec stated on Twitter that he has identified the main cause of the incident with Cetus. He pointed out: "The root cause of the vulnerability originates from the type conversion from u256 to u64 in the get_amount_by_liquidity function." However, he later corrected himself, stating that the real issue should be the "failure of the overflow check in the get_delta_a function."

The get_delta_a function calculates the number of token A required to increase a specified amount of liquidity within a certain price range. Using the calculation of Uniswap v3 as an example, liquidity is first multiplied by the price range delta. The resulting product needs to be shifted left by 64 bits. But if the liquidity is too large and the product exceeds 192 bits, the upper 64 bits overflow and are truncated. To prevent this, checked_shlw performs an overflow check before performing the shift.

The key issue in this case is that the overflow check of the checked_shlw function has a coding error, failing to prevent invalid large liquidity values. The attacker carefully designed a liquidity value that caused checked_shlw to return a smaller value. In the subsequent div_round operation, utilizing the mechanism of rounding up, div_round returned 1, resulting in a final required amount of token A being only 1.

Author's note:

In other words, the attacker first claims to provide a large amount of liquidity, and the product of this flow in the function exceeds the system setting, just as the computer can only display the first ten digits, but the last multiplied number is eleven. In general, this excess value will overflow and be truncated, and an overflow check should be performed before performing the shift. However, an error occurred in the part of the overflow check, and the attacker exploited the vulnerability to withdraw a huge amount of money with only a very small number of tokens. Therefore, this problem has no correlation with the object-oriented security claimed by the suiMOVE language.

How does Sui freeze funds? Does it represent centralization?

Immediately after the incident, Mysten Labs product director Adeniyi said on the live broadcast that $160 million of the $220 million stolen had been frozen. This may be good news for Cetus, but it also raises questions about whether this move violates the principles of decentralization. But let's be clear that decentralization is not a black-and-white binary problem. In the early days of Ethereum, about 14% of the supply was compromised, so it voted to recover the token record through a hard fork proposal. This is also the origin of ETC Ethereum Classic.

Independent researcher Haotian pointed out that at the time of the incident, hackers transferred some USDC assets cross-chain to Ethereum. However, most assets remain on the Sui chain. As for how they were frozen, it is essentially the network validators collectively turning a blind eye. As long as the blacklisted address initiates a transaction, the validators will simply ignore it. Therefore, the network records show that the hackers still hold these assets, but they are effectively under soft custody, unable to package transactions on-chain. In response, Damien from the Bucket protocol also stated that although this method is more centralized, at least it is written in the rules.

Cosine also indicates that if hackers want to go all the way, they should still be thinking about how to bypass this freezing mechanism. It's like you have a debit card, but the ATM refuses to provide you with service.

What is worth noting is that Sui officially claims to return the frozen funds to the liquidity pool, which may be a more controversial part. After all, if an object-oriented public chain can directly transfer ownership of objects, it would be a significant controversy. However, Kyrie from the Typus protocol also stated in the comments that direct transfer should be impossible unless the hacker is willing to return it. For reference, Cetus is currently negotiating with the hacker; if the hacker returns the stolen assets, they can retain about six million dollars' worth of Ether, and Cetus will not pursue further.

Decentralization is the goal, not the starting point.

Regarding the issue of decentralization, Damien stated that decentralized finance is relative, and the value of DeFi does not lie in "absolute decentralization," but rather in creating an open, permissionless financial experimentation space. Compared to traditional finance, it allows more ordinary people to participate, whether as users or developers. This is what truly attracts us. Appropriate centralization can ensure the safety of users, developers, and investors. He also pointed out that if you are only concerned about whether black money can be transferred out, then your motives are questionable.

Decentralization is the goal, not the starting point. In the future, if we hope to have more institutions entering the market, what they want is the security of funds, not watching two hundred million dollars being washed away with no way to stop it. Ultimately, decentralization is not meant to be used for self-destruction of the Great Wall.

Similarly, regarding the issue of decentralization, Raccoon believes that Sui is not Ethereum, as its underlying genetic makeup comes from Meta's Libra, thus the requirements for decentralization are inherently different. He pointed out that such coordination behaviors are still different from the "rollback" of centralized databases; as long as they are handled properly, with public relations follow-up and transparent processes, they can still be understood and accepted by the community. Sui must be more decentralized than BNB Chain, but it does not need to reach the faith-based goal of being a complete "world computer."

( Sui/Cetus Ecological Crisis and Coin Price Observation: From Hard Injuries to Resilience, 7 Major Points at a Glance )

This article discusses the evolution from protocol vulnerabilities to the dialectics of decentralization: a detailed explanation of the Cetus incident, has the security of the MOVE language been shaken? First appeared in Chain News ABMedia.