- Topic1/3
9k Popularity
19k Popularity
14k Popularity
49k Popularity
23k Popularity
- Pin
- 📢 Gate Square #Creator Campaign Phase 2# is officially live!
Join the ZKWASM event series, share your insights, and win a share of 4,000 $ZKWASM!
As a pioneer in zk-based public chains, ZKWASM is now being prominently promoted on the Gate platform!
Three major campaigns are launching simultaneously: Launchpool subscription, CandyDrop airdrop, and Alpha exclusive trading — don’t miss out!
🎨 Campaign 1: Post on Gate Square and win content rewards
📅 Time: July 25, 22:00 – July 29, 22:00 (UTC+8)
📌 How to participate:
Post original content (at least 100 words) on Gate Square related to
- 📢 Gate Square #MBG Posting Challenge# is Live— Post for MBG Rewards!
Want a share of 1,000 MBG? Get involved now—show your insights and real participation to become an MBG promoter!
💰 20 top posts will each win 50 MBG!
How to Participate:
1️⃣ Research the MBG project
Share your in-depth views on MBG’s fundamentals, community governance, development goals, and tokenomics, etc.
2️⃣ Join and share your real experience
Take part in MBG activities (CandyDrop, Launchpool, or spot trading), and post your screenshots, earnings, or step-by-step tutorials. Content can include profits, beginner-friendl
- 🎉 Gate Square’s "Spark Program" Surpasses 1,000 KOLs!
💥 The creator ecosystem is in full bloom!
📈 Get featured, earn rewards, and grow your influence—what are you waiting for?
💰 Cash incentives ✔️
🚀 Traffic support ✔️
👑 Exclusive verification ✔️
From 0 to 1,000 in just weeks—Gate Square is becoming the epicenter of Web3 content! ⚡
You’re not just posting content, but the next "viral opportunity"!
🌟 Join the Spark Program and kickstart your breakthrough!
👉 https://www.gate.com/announcements/article/45695
- 📢 #Gate Square Writing Contest Phase 3# is officially kicks off!
🎮 This round focuses on: Yooldo Games (ESPORTS)
✍️ Share your unique insights and join promotional interactions. To be eligible for any reward, you must also participate in Gate’s Phase 286 Launchpool, CandyDrop, or Alpha activities!
💡 Content creation + airdrop participation = double points. You could be the grand prize winner!
💰Total prize pool: 4,464 $ESPORTS
🏆 First Prize (1 winner): 964 tokens
🥈 Second Prize (5 winners): 400 tokens each
🥉 Third Prize (10 winners): 150 tokens each
🚀 How to participate:
1️⃣ Publish an
- 📢 Gate Square #TopContentChallenge# is coming! Post high-quality content and win exclusive rewards!
🌟 We will select outstanding posts for exposure, and help elevate your influence!
💡 How to Participate?
1.Add the #TopContentChallenge# tag to your post.
2.Posts must be over 60 characters and receive at least 3 interactions (Likes/Comment/Share).
3.Post may include only the #TopContentChallenge# tag.
🎁 We’ll select 1 top post to win $50 Futures Voucher every Tuesday and Thursday!
📃 High-quality posts will be shared on Gate Square and labeled as [Featured Posts]!
📌 Rewards will be distribu
Carbontec Uncovers $520,000 Exploit Path in 1inch Router’s Rescue Function
A Carbontec investigation revealed that over $520,000 in mis-sent tokens were quietly withdrawn from 1inch Routers v4–v6 via public functions, exposing a security blind spot in one of defi’s most widely used contracts.
Design Oversight in 1inch Router Allowed Withdrawal of Mis-Sent Funds
Blockchain security firm Carbontec has uncovered a significant design vulnerability in 1inch’s Aggregation Router v6 smart contract, a key defi protocol that facilitates token swaps for millions of users. The issue? Anyone could withdraw tokens mistakenly sent to the contract, not just the owner.
According to an exclusive shared with Bitcoin.com News, more than $520,000 worth of crypto, including 4.2 WBTC (approximately $445K) in one transaction, was moved by unaffiliated actors across router versions 4, 5, and 6. The flaw stems from publicly accessible callback functions and the router’s logic that accepts user-defined swap pools. These allow for spoofed transactions that effectively launder fund extractions under the guise of routine protocol use.
Rather than being locked or retrievable only by 1inch, mis-sent tokens became fair game for anyone with technical knowledge. This is not a coding bug, but a gas-saving design tradeoff that underestimated user behavior and overestimated contract safety through obscurity.
Miroslav Baril, CTO at Carbontec, shared some thoughts from the company’s investigation.
Carbontec’s research shows this issue affects not just 1inch, but potentially any defi protocol that accepts external contract input or exposes internal swap callbacks. With hundreds of thousands in user funds quietly siphoned off, the investigation raises pressing questions about how defi protocols handle errors and who really has access to user funds.