- Topic1/3
48k Popularity
5k Popularity
3k Popularity
344 Popularity
466 Popularity
- Pin
- 🎉 Hey Gate Square friends! Non-stop perks and endless excitement—our hottest posting reward events are ongoing now! The more you post, the more you win. Don’t miss your exclusive goodies! 🚀
1️⃣ #ETH Hits 4800# | Market Analysis & Prediction: Boldly share your ETH predictions to showcase your insights! 10 lucky users will split a 0.1 ETH prize!
Details 👉 https://www.gate.com/post/status/12322612
2️⃣ #Creator Campaign Phase 2# |ZKWASM Topic: Share original content about ZKWASM or its trading activity on X or Gate Square to win a share of 4,000 ZKWASM!
Details 👉 https://www.gate.com/post/st - 📢 Gate Square #Creator Campaign Phase 2# is officially live!
Join the ZKWASM event series, share your insights, and win a share of 4,000 $ZKWASM!
As a pioneer in zk-based public chains, ZKWASM is now being prominently promoted on the Gate platform!
Three major campaigns are launching simultaneously: Launchpool subscription, CandyDrop airdrop, and Alpha exclusive trading — don’t miss out!
🎨 Campaign 1: Post on Gate Square and win content rewards
📅 Time: July 25, 22:00 – July 29, 22:00 (UTC+8)
📌 How to participate:
Post original content (at least 100 words) on Gate Square related to
A well-known sports digital collectibles project has exposed a serious vulnerability in smart contracts, warning the industry's safety awareness.
Recently, a significant sports digital collectible issuance has attracted widespread attention in the industry. However, some security experts have discovered serious vulnerabilities in the project's smart contracts, which could be exploited by malicious actors for costless minting and profit.
This vulnerability mainly stems from improper design of the signature verification mechanism for whitelist users. The contract failed to ensure the exclusivity and one-time use of whitelist signatures. As a result, potential attackers may reuse the signatures of other whitelist users to mint collectibles.
From the publicly available contract code, it is clear that the verify function has obvious design flaws. First, it does not include the address of the transaction sender in the signature verification process. Second, it lacks a mechanism to prevent signature reuse. These should be basic security practices in smart contract development and are considered entry-level knowledge in software security.
Surprisingly, such a fundamental security vulnerability has appeared in a highly publicized large project. This not only exposes the project's negligence in contract security auditing but also highlights that the entire industry still has a long way to go in standardizing smart contract development and raising security awareness.
This event serves as a reminder that regardless of the scale and influence of a project, security is always the primary consideration in the blockchain and digital collectibles space. For developers, it is essential to strictly adhere to security best practices, conduct comprehensive code audits, and perform vulnerability testing. For users, it is also important to remain vigilant about the security of any digital collectibles project before participating and to conduct necessary investigations and assessments.
In the future, as the industry continues to mature, we hope to see more project parties, developers, and security experts working together to establish more robust standards for smart contracts development and auditing, to ensure the security and sustainable development of the digital collectibles ecosystem.