The Nemo contract security vulnerability led to the theft of $2.59 million, raising alarms about asset security on the Sui chain

Event Overview:

On September 7, 2025, Beijing time, Nemo on the Sui chain was attacked, with hackers exploiting py_index to steal approximately $2.59 million.

Attacker Address:

0x01229b3cc8469779d42d59cfc18141e4b13566b581787bf16eb5d61058c1c724

Attack Transaction:

https://suivision.xyz/txblock/HMMicxQWn43rnNswi4gNHanUaeiWW5ijqM5bHLca67D9?tab=Overview

Nemo Package:

0x0f286ad004ea93ea6ad3a953b5d4f3c7306378b0dcc354c3f4ebb1d506d3b47f

Root Cause:

The root cause of the Nemo theft was that PyState was incorrectly set as a mutable reference, allowing attackers to maliciously modify pyindex, resulting in a large amount of PT and YT being obtained by multiplying pyindex with the separated SY parameter when calling the mint_py function.

In-depth analysis revealed that the function py.getsyamountinforexactpyout allowed an unconstrained number to be passed in when calling py.currentpyindex to modify the pyindex field of pyState.

· py.getsyamountinforexactpy_out calculates the amount of SY input required for the PY output, but the index here has no restrictions.

· py.currentpyindex compares the passed pyindex with the stored index and returns the maximum as the latest value of pystate.pyindexstored.

Attack Process Analysis:

1. The attacker calls the initpyposition function to initialize a py_position (initializing the user's position record, unrelated to this attack).

2. Then, they use a flash loan with py.borrowptamount to borrow a large amount of PT tokens (subsequently swapping for SY balance).

3. They call market.swapexactptforsy 100 times to exchange PT for SY tokens.

4. By using py.getsyamountinforexactpyout, the attacker calculates the SY input required for the PY output, passing a constructed extremely large number 553402322211286548480000 into pyindex, disrupting the original structure.

5. The attacker then exploits the abnormally inflated index to mint PT and YT at an exorbitantly high discount rate when calling yieldfactory.mintpy, thus extracting a large amount of PT.

The MintEvent is as follows:

6. Finally, the attacker uses the minted PT to repay the debt through py.repayptamount, then redeems the yield-bearing assets and withdraws the tokens in Scallop.

Thus, the attacker stole approximately $2.59 million by manipulating py_index, subsequently converting the assets to USDC and transferring them across chains via Bridge, ultimately converting them to ETH and DAI stored at 0x41b1906c4BCded607c6b02861cE15C2E49FF7576.

After the attack, the Nemo team urgently paused the smart contract functions and began investigating the incident. The investigation revealed that the $2.59 million asset loss stemmed from launching new features without adequate auditing.

Event Summary:

The core of this attack lies in the incorrect setting of sensitive data as writable, allowing attackers to freely pass parameters and modify them. Strict restrictions and checks should be implemented for the state of sensitive data.