Poolz suffers from arithmetic overflow attack, with losses of approximately $665,000

Recently, multiple Poolz projects on various blockchain networks were attacked by hackers, resulting in the theft of a large number of tokens, with a total value of approximately $665,000. This attack mainly occurred on chains such as Ethereum, BNB Chain, and Polygon.

The attacker exploited an arithmetic overflow vulnerability in the Poolz smart contract. Specifically, the issue lies in the getArraySum function within the CreateMassPools function. This function accumulates values by iterating over the _StartAmount array but does not handle overflow appropriately. The attacker cleverly constructed an array containing extremely large values, causing the cumulative result to exceed the uint256 range, ultimately resulting in a return value of 1.

The attack process is as follows:

1. The attacker first exchanged some MNZ tokens on a certain DEX.

2. Then call the CreateMassPools function, passing in the carefully designed parameters. Although only 1 token is actually transferred, _StartAmount records a huge value.

3. Finally, withdraw funds through the withdraw function to complete the attack.

This incident involves multiple tokens, including MEE, ESNC, DON, ASW, KMON, POOLZ, etc. The largest loss was for the ASW token, exceeding 2 billion pieces.

To prevent such issues from occurring again, it is recommended that developers use a newer version of the Solidity compiler, which has built-in overflow checking functionality. For projects using older versions of Solidity, it may be advisable to incorporate OpenZeppelin's SafeMath library to handle integer overflow issues.

This attack once again reminds DeFi projects of the importance of smart contract security. Even seemingly simple arithmetic operations, if mishandled, can lead to serious security vulnerabilities. Project teams should place greater emphasis on code audits and take necessary security measures to protect user assets.