CC ResearchBack to OCC Research
CHAINFLOWChainflow · Jun 2025

Cetus Exploit & Sui Governance Vote

Chainflow's official response to the Cetus $223M exploit on Sui, the validator governance vote to freeze attacker funds, and recommendations for improving governance frameworks.

By Othman Gbadamassi· OCC Research
Read on Chainflow
SuiGovernanceSecurity

Summary

On May 22, 2025, Cetus Protocol, the largest decentralized exchange on Sui, was exploited for approximately $223 million through an arithmetic overflow vulnerability in its concentrated liquidity pools. The attacker manipulated price calculations by exploiting an overflow in the tick math functions, allowing them to drain liquidity from multiple pools.

In the aftermath, the Sui Foundation coordinated with validators representing over 90% of stake to freeze the attacker's assets. This unprecedented response raised urgent questions about the boundaries of validator coordination, the decentralization of the network, and the governance processes used to reach consensus on such a critical decision.

The Cetus Exploit

The exploit targeted Cetus Protocol's concentrated liquidity market maker (CLMM) pools. The attacker leveraged an arithmetic overflow vulnerability in the tick math functions to manipulate price calculations. By crafting transactions that triggered the overflow, the attacker was able to add minimal liquidity at manipulated price ranges and then withdraw vastly more than deposited.

The total funds drained amounted to approximately $223 million, making it one of the largest DeFi exploits in 2025. The attacker began bridging funds to Ethereum shortly after the exploit, adding urgency to the response.

Validator Response

The Sui Foundation moved swiftly, coordinating with validators to freeze addresses associated with the attacker. Validators representing over 90% of stake agreed to ignore transactions from the flagged addresses, effectively freezing the remaining stolen funds on the Sui network.

The important thing to remember here from a decentralization standpoint is not the mechanism behind it but the amount of stake-entity required to do so.

This coordinated response was effective in halting further movement of stolen assets but also raised serious concerns about the concentration of power and the precedent it sets for future interventions.

Chainflow's Vote

Chainflow voted Yes on the governance proposal to support the recovery of stolen funds. The decision was driven by the clear evidence of malicious exploitation and the scale of damage to the Sui DeFi ecosystem. However, Chainflow accompanied its vote with significant criticism of the process itself.

The voting window of approximately 48 hours was considered insufficient for a decision of this magnitude. The rushed timeline limited the ability of smaller validators and community members to fully assess the implications before casting their votes.

Governance Concerns

While the outcome of the vote was clear, the process revealed several weaknesses in Sui's governance infrastructure:

  • Rushed voting mechanics: A 48-hour window for a decision affecting hundreds of millions of dollars in assets and setting precedent for future interventions is inadequate.
  • Centralized coordination: The Sui Foundation's role in organizing the validator response, while effective, highlighted the network's reliance on a central entity for crisis management.
  • Lack of formal framework: There was no established governance protocol for handling exploits of this nature, leading to ad hoc decision-making.
  • Precedent concerns: The ability to freeze individual addresses through validator coordination raises questions about censorship resistance and the immutability guarantees of the network.

Recommendations

To strengthen Sui's governance framework and prepare for future incidents, Chainflow recommends the following initiatives:

PLM: Proposal Lifecycle Metadata Standards

Establish standardized metadata for governance proposals, including required fields for context, impact assessment, timeline justification, and precedent analysis. This ensures voters have consistent, comprehensive information for decision-making.

ORA: Outcome Review & Accountability

Implement post-vote review processes that assess whether the intended outcomes were achieved, document unintended consequences, and create a public record of governance decisions and their results.

IPM: Informal Power Maps

Create transparency around the informal power structures within the network. Understanding who holds influence beyond formal stake weight helps the community identify potential points of centralization.

GHI: Governance Health Index

Develop a composite metric that tracks the overall health of governance, including participation rates, vote diversity, proposal quality, and decision-making timelines.

RTF: Recurring Friction Tracking

Systematically identify and document recurring points of friction in governance processes. Tracking these patterns enables proactive improvements rather than reactive fixes.

Conclusion

The Cetus exploit and subsequent governance vote represent a pivotal moment for the Sui ecosystem. While the community's ability to coordinate a rapid response demonstrated resilience, the process exposed governance gaps that must be addressed before the next crisis. Building robust governance frameworks before they are needed is far more effective than constructing them under duress.

Chainflow remains committed to participating constructively in Sui governance and advocates for the adoption of these frameworks to strengthen the ecosystem's long-term decentralization and resilience.

Read on Chainflowoccresearch.org

Governance that remembers. Institutional Memory as a Service.

Have thoughts or feedback on this research?

Othman@occresearch.org