The Sui-based yield trading platform Nemo suffered a $2.59 million hack on September 7th. An audit, conducted by smart contract auditor Asymptotic, identified a vulnerability in the protocol’s code before deployment. This vulnerability, in the ‘get_sy_amount_in_for_exact_py_out’ function, allowed an attacker to manipulate the protocol’s state. However, the Nemo team failed to address this security concern promptly, with the vulnerability being pushed live without sufficient verification, according to post-mortem analysis. [Continue by mentioning the incident timeline – Vulnerability identified on August 11th; Unvalidated code deployment in early January and vulnerable code pushing continued till the exploit occurred.] Despite implementing an upgrade procedure to prevent such instances in April, the vulnerability persisted until the exploit took place. This incident highlights a critical issue of security procedures that require vigilance and prompt implementation even after warnings and audits.