- Topic1/3
30k Popularity
8k Popularity
13k Popularity
7k Popularity
17k Popularity
- Pin
- 🎉 Gate Square Growth Points Summer Lucky Draw Round 1️⃣ 2️⃣ Is Live!
🎁 Prize pool over $10,000! Win Huawei Mate Tri-fold Phone, F1 Red Bull Racing Car Model, exclusive Gate merch, popular tokens & more!
Try your luck now 👉 https://www.gate.com/activities/pointprize?now_period=12
How to earn Growth Points fast?
1️⃣ Go to [Square], tap the icon next to your avatar to enter [Community Center]
2️⃣ Complete daily tasks like posting, commenting, liking, and chatting to earn points
100% chance to win — prizes guaranteed! Come and draw now!
Event ends: August 9, 16:00 UTC
More details: https://www
- #Gate 2025 Semi-Year Community Gala# voting is in progress! 🔥
Gate Square TOP 40 Creator Leaderboard is out
🙌 Vote to support your favorite creators: www.gate.com/activities/community-vote
Earn Votes by completing daily [Square] tasks. 30 delivered Votes = 1 lucky draw chance!
🎁 Win prizes like iPhone 16 Pro Max, Golden Bull Sculpture, Futures Voucher, and hot tokens.
The more you support, the higher your chances!
Vote to support creators now and win big!
https://www.gate.com/announcements/article/45974
Poolz protocol suffers from arithmetic overflow attack, resulting in a loss of $665,000.
Poolz protocol encounters arithmetic overflow attack, resulting in a loss of approximately $665,000
Recently, an attack on the Poolz protocol has attracted industry attention. According to on-chain data, the attack occurred on March 15, 2023, involving multiple networks such as Ethereum, BNB Chain, and Polygon. The attacker successfully exploited an arithmetic overflow vulnerability in the smart contract, stealing a large amount of tokens worth approximately $665,000.
The attacker mainly targeted the CreateMassPools function of the Poolz protocol. This function was originally intended to allow users to create liquidity pools in bulk and provide initial liquidity. However, due to an arithmetic overflow issue in the getArraySum function, the attacker was able to exploit this vulnerability.
Specifically, the attacker passes in a specific _StartAmount array that causes the cumulative result to exceed the maximum value of uint256, resulting in an overflow where the return value is 1. This allows the attacker to record a deposit amount far exceeding the actual amount in the system by transferring just 1 token. Subsequently, the attacker can use the withdraw function to extract these non-existent tokens.
This incident involves multiple tokens, including MEE, ESNC, DON, ASW, KMON, POOLZ, etc. The attacker has exchanged some of the profited tokens for BNB, but as of the time of reporting, these funds have not yet been transferred out of the attacker's address.
To prevent similar issues from occurring again, industry experts recommend that developers take the following measures:
Use a newer version of the Solidity compiler, which automatically performs overflow checks during the compilation process.
For projects using lower versions of Solidity, consider introducing OpenZeppelin's SafeMath library to address integer overflow issues.
Strengthen code auditing, with particular attention to functions and operations that may cause arithmetic overflow.
Conduct regular security assessments and vulnerability scans, and promptly fix any identified issues.
This incident serves as a reminder to blockchain project developers and users that security should always be the primary consideration in the rapidly evolving cryptocurrency ecosystem. For investors, it is also important to remain vigilant and pay attention to the security and technical strength of the projects.