As a result, the attacker could mint a massive amount of liquidity with just one token A. The attacker then burned a portion of their liquidity, draining the pool.

The attacker crafted a liquidity value that caused checked_shlw to return a small value. In the subsequent div_round operation, this small value resulted in a division that returned 0, but due to rounding up, div_round returned 1. The final required amount of token A was only 1.

Due to a coding error in checked_shlw, the overflow check fails, allowing a large, invalid liquidity value to pass through, causing the intermediate product to be truncated.

However, if the liquidity is too large and the product exceeds 192 bits, the upper 64 bits overflow and are truncated. To prevent this, checked_shlw performs an overflow check before executing the shift.

get_delta_a is used to calculate the required amount of token A when adding a specified amount of liquidity within a price range. In the calculation, liquidity is first multiplied by the price range delta. The resulting product needs to be shifted left by 64 bits(Uniswap v3 math)

Looks like the bug is on the a token side of the calculation, according to their recent patch.

I was wrong on this one. Move will revert if the u256 is too large to represented as u64.

After investigating the Cetus exploit transaction, I believe I have identified the root cause of the bug. The issue stems from a type casting from u256 to u64 within the get_amount_by_liquidity function.

RT @hibillh: I'm grateful that we were able to take 3rd place in the #BlazCTF competition. Kudos to my team @chiachih_wu @ashleyhsu_eth @ne….

I’m honored to be the Lead Judge of @ajnafi Audit Contest on @sherlockdefi. Happy auditing, Watsons!.

RT @Quill_Academy: 📢 Announcement: Meet the master CTF crafters for QuillCTF-Dubai. 🔥These CTF legends have crafted the toughest and the mo….

RT @pashovkrum: Did you think randomness "just doesn't work" on the blockchain? There actually are some solutions but all have trade-offs.….

I’m the lead judge in current Perennial Fix Review contest on @sherlockdefi. @perenniallabs had arranged multiple rounds of auditing. It’s not easy to find bugs now. However, Sherlock is not lacking intelligent minds. Can’t wait to see the brilliant discoveries from you!.

Climbing the leaderboards and achieving milestones @sherlockdefi

Tagging the sponsor @alloprotocol.

I began my smart contract auditing journey on @sherlockdefi six months ago. It has been an incredibly thrilling experience. This time, I am the lead judge of Allo V2 and really looking forward to your discoveries.