🎉 [Gate 30 Million Milestone] Share Your Gate Moment & Win Exclusive Gifts!
Gate has surpassed 30M users worldwide — not just a number, but a journey we've built together.
Remember the thrill of opening your first account, or the Gate merch that’s been part of your daily life?
📸 Join the #MyGateMoment# campaign!
Share your story on Gate Square, and embrace the next 30 million together!
✅ How to Participate:
1️⃣ Post a photo or video with Gate elements
2️⃣ Add #MyGateMoment# and share your story, wishes, or thoughts
3️⃣ Share your post on Twitter (X) — top 10 views will get extra rewards!
👉
Poolz suffers from arithmetic overflow attack, losing $665,000 across multiple chains.
Poolz suffers from arithmetic overflow attack, with losses of approximately $665,000
Recently, multiple Poolz projects on various blockchain networks were attacked by hackers, resulting in the theft of a large number of tokens, with a total value of approximately $665,000. This attack mainly occurred on chains such as Ethereum, BNB Chain, and Polygon.
The attacker exploited an arithmetic overflow vulnerability in the Poolz smart contract. Specifically, the issue lies in the getArraySum function within the CreateMassPools function. This function accumulates values by iterating over the _StartAmount array but does not handle overflow appropriately. The attacker cleverly constructed an array containing extremely large values, causing the cumulative result to exceed the uint256 range, ultimately resulting in a return value of 1.
The attack process is as follows:
The attacker first exchanged some MNZ tokens on a certain DEX.
Then call the CreateMassPools function, passing in the carefully designed parameters. Although only 1 token is actually transferred, _StartAmount records a huge value.
Finally, withdraw funds through the withdraw function to complete the attack.
This incident involves multiple tokens, including MEE, ESNC, DON, ASW, KMON, POOLZ, etc. The largest loss was for the ASW token, exceeding 2 billion pieces.
To prevent such issues from occurring again, it is recommended that developers use a newer version of the Solidity compiler, which has built-in overflow checking functionality. For projects using older versions of Solidity, it may be advisable to incorporate OpenZeppelin's SafeMath library to handle integer overflow issues.
This attack once again reminds DeFi projects of the importance of smart contract security. Even seemingly simple arithmetic operations, if mishandled, can lead to serious security vulnerabilities. Project teams should place greater emphasis on code audits and take necessary security measures to protect user assets.