- Topic1/3
566 Popularity
670 Popularity
534 Popularity
15k Popularity
15k Popularity
- Pin
- #Gate 2025 Semi-Year Community Gala# voting is in progress! 🔥
Gate Square TOP 40 Creator Leaderboard is out
🙌 Vote to support your favorite creators: www.gate.com/activities/community-vote
Earn Votes by completing daily [Square] tasks. 30 delivered Votes = 1 lucky draw chance!
🎁 Win prizes like iPhone 16 Pro Max, Golden Bull Sculpture, Futures Voucher, and hot tokens.
The more you support, the higher your chances!
Vote to support creators now and win big!
https://www.gate.com/announcements/article/45974
- 🎉 Hey Gate Square friends! Non-stop perks and endless excitement—our hottest posting reward events are ongoing now! The more you post, the more you win. Don’t miss your exclusive goodies! 🚀
1️⃣ #ETH Hits 4800# | Market Analysis & Prediction: Boldly share your ETH predictions to showcase your insights! 10 lucky users will split a 0.1 ETH prize!
Details 👉 https://www.gate.com/post/status/12322612
2️⃣ #Creator Campaign Phase 2# |ZKWASM Topic: Share original content about ZKWASM or its trading activity on X or Gate Square to win a share of 4,000 ZKWASM!
Details 👉 https://www.gate.com/post/st
Poolz protocol suffers from arithmetic overflow attack, resulting in a loss of $665,000.
Poolz protocol encounters arithmetic overflow attack, resulting in a loss of approximately $665,000
Recently, an attack on the Poolz protocol has attracted industry attention. According to on-chain data, the attack occurred on March 15, 2023, involving multiple networks such as Ethereum, BNB Chain, and Polygon. The attacker successfully exploited an arithmetic overflow vulnerability in the smart contract, stealing a large amount of tokens worth approximately $665,000.
The attacker mainly targeted the CreateMassPools function of the Poolz protocol. This function was originally intended to allow users to create liquidity pools in bulk and provide initial liquidity. However, due to an arithmetic overflow issue in the getArraySum function, the attacker was able to exploit this vulnerability.
Specifically, the attacker passes in a specific _StartAmount array that causes the cumulative result to exceed the maximum value of uint256, resulting in an overflow where the return value is 1. This allows the attacker to record a deposit amount far exceeding the actual amount in the system by transferring just 1 token. Subsequently, the attacker can use the withdraw function to extract these non-existent tokens.
This incident involves multiple tokens, including MEE, ESNC, DON, ASW, KMON, POOLZ, etc. The attacker has exchanged some of the profited tokens for BNB, but as of the time of reporting, these funds have not yet been transferred out of the attacker's address.
To prevent similar issues from occurring again, industry experts recommend that developers take the following measures:
Use a newer version of the Solidity compiler, which automatically performs overflow checks during the compilation process.
For projects using lower versions of Solidity, consider introducing OpenZeppelin's SafeMath library to address integer overflow issues.
Strengthen code auditing, with particular attention to functions and operations that may cause arithmetic overflow.
Conduct regular security assessments and vulnerability scans, and promptly fix any identified issues.
This incident serves as a reminder to blockchain project developers and users that security should always be the primary consideration in the rapidly evolving cryptocurrency ecosystem. For investors, it is also important to remain vigilant and pay attention to the security and technical strength of the projects.