- Topic1/3
566 Popularity
670 Popularity
534 Popularity
15k Popularity
15k Popularity
- Pin
- #Gate 2025 Semi-Year Community Gala# voting is in progress! 🔥
Gate Square TOP 40 Creator Leaderboard is out
🙌 Vote to support your favorite creators: www.gate.com/activities/community-vote
Earn Votes by completing daily [Square] tasks. 30 delivered Votes = 1 lucky draw chance!
🎁 Win prizes like iPhone 16 Pro Max, Golden Bull Sculpture, Futures Voucher, and hot tokens.
The more you support, the higher your chances!
Vote to support creators now and win big!
https://www.gate.com/announcements/article/45974
- 🎉 Hey Gate Square friends! Non-stop perks and endless excitement—our hottest posting reward events are ongoing now! The more you post, the more you win. Don’t miss your exclusive goodies! 🚀
1️⃣ #ETH Hits 4800# | Market Analysis & Prediction: Boldly share your ETH predictions to showcase your insights! 10 lucky users will split a 0.1 ETH prize!
Details 👉 https://www.gate.com/post/status/12322612
2️⃣ #Creator Campaign Phase 2# |ZKWASM Topic: Share original content about ZKWASM or its trading activity on X or Gate Square to win a share of 4,000 ZKWASM!
Details 👉 https://www.gate.com/post/st
Poolz suffers from an arithmetic overflow attack, with a loss of $665,000 across multiple chains.
Poolz suffers from an arithmetic overflow vulnerability attack, resulting in losses of up to $665,000.
Recently, an attack on the cross-chain platform Poolz has attracted industry attention. The attacker exploited an arithmetic overflow vulnerability in the smart contract, successfully stealing a large amount of tokens from multiple networks including Ethereum, BNB Chain, and Polygon, with estimated losses of about $665,000.
According to on-chain data, the attack occurred in the early hours of March 15, 2023. The attackers obtained various tokens, including MEE, ESNC, DON, ASW, KMON, POOLZ, etc. Currently, some of the stolen funds have been exchanged for BNB but have not yet been transferred to other addresses.
The attacker primarily exploited a vulnerability in the CreateMassPools function of the Poolz smart contract. This function allows users to create liquidity pools in bulk and provide initial liquidity. The issue lies in the getArraySum function, which is used to calculate the amount of tokens being transferred in. The attacker crafted input data in such a way that the cumulative result exceeded the range of uint256 type, causing an overflow that resulted in a return value of 1.
This arithmetic overflow allows an attacker to record a massive liquidity amount far exceeding the actual quantity in the system by simply transferring 1 token. Subsequently, the attacker easily withdrew a large amount of unauthorized tokens by calling the withdraw function.
To prevent similar incidents from happening again, security experts recommend that developers use a newer version of Solidity for contract compilation, as the new versions automatically perform overflow checks. For projects using older versions of Solidity, it may be worth considering the introduction of OpenZeppelin's SafeMath library to address integer overflow issues.
This event highlights the importance of security audits for smart contracts once again, especially when dealing with large numerical calculations which require extra caution. For DeFi projects, comprehensive security testing and regular code reviews are key measures to ensure the safety of user funds.