SlowMist released an analysis of the Cetus stolen $230 million event, which pointed out: The core of this event is that the attacker carefully constructed parameters to make the overflow occur but bypass the detection, and finally exchanged a very small amount of Token for a large amount of liquid assets. The core reason is that there is an overflow detection bypass vulnerability in the checked_shlw in the get_delta_a function. The attacker took advantage of this to make the system have a serious bias in calculating how much haSUI actually needs to be added. Since the overflow was not detected, the system misjudged the number of required haSUI, resulting in the attacker only needs a very small number of Tokens, which can be exchanged for a large number of liquid assets, thus realizing the attack. This attack demonstrates the power of the mathematical overflow vulnerability. The attacker selects specific parameters by precise calculation, exploits the flaw of the checked_shlw function, and obtains billions worth of liquidity at the cost of 1 token. This is an extremely sophisticated mathematical attack, and it is recommended that developers strictly verify the boundary conditions of all mathematical functions in smart contract development.