The root cause of the Cetus Protocol exploit in May 2025 was a misapplied integer overflow safeguard in the inter_mate library used by its smart contracts.
Claim
Quotes that support claims
The vulnerability stemmed from a misapplied integer overflow safeguard in the inter_mate library, particularly in the checked_shlw method, which incorrectly validated inputs against a 256-bit limit instead of a 192-bit limit, allowing for unchecked liquidity injections, the team explained.
The flaw originated from a misunderstanding of the semantics of left-shift in the integer-mate open source library, which the CLMM contract is dependent on. In its checked_shlw method, the actual check should verify whether the input value is ≤ 2^192, while the function in the exploited version checks if it is ≤ 2^256, which caused error in overflow checks.
Referenced by
Summary
Crypto news
Data block
