Poolz suffers from arithmetic overflow attack, losing $665,000 across multiple chains.

robot
Abstract generation in progress

Poolz suffers from arithmetic overflow attack, with losses of approximately $665,000

Recently, multiple Poolz projects on various blockchain networks were attacked by hackers, resulting in the theft of a large number of tokens, with a total value of approximately $665,000. This attack mainly occurred on chains such as Ethereum, BNB Chain, and Polygon.

The attacker exploited an arithmetic overflow vulnerability in the Poolz smart contract. Specifically, the issue lies in the getArraySum function within the CreateMassPools function. This function accumulates values by iterating over the _StartAmount array but does not handle overflow appropriately. The attacker cleverly constructed an array containing extremely large values, causing the cumulative result to exceed the uint256 range, ultimately resulting in a return value of 1.

Poolz suffered an attack due to an arithmetic overflow issue, resulting in a loss of approximately $665K!

The attack process is as follows:

  1. The attacker first exchanged some MNZ tokens on a certain DEX.

  2. Then call the CreateMassPools function, passing in the carefully designed parameters. Although only 1 token is actually transferred, _StartAmount records a huge value.

  3. Finally, withdraw funds through the withdraw function to complete the attack.

Poolz suffered an attack due to an arithmetic overflow issue, resulting in a loss of approximately $665K!

This incident involves multiple tokens, including MEE, ESNC, DON, ASW, KMON, POOLZ, etc. The largest loss was for the ASW token, exceeding 2 billion pieces.

Poolz was attacked due to an arithmetic overflow issue, resulting in a loss of approximately $665K!

To prevent such issues from occurring again, it is recommended that developers use a newer version of the Solidity compiler, which has built-in overflow checking functionality. For projects using older versions of Solidity, it may be advisable to incorporate OpenZeppelin's SafeMath library to handle integer overflow issues.

This attack once again reminds DeFi projects of the importance of smart contract security. Even seemingly simple arithmetic operations, if mishandled, can lead to serious security vulnerabilities. Project teams should place greater emphasis on code audits and take necessary security measures to protect user assets.

Poolz suffered an attack due to an arithmetic overflow issue, resulting in a loss of approximately $665K!

View Original
This page may contain third-party content, which is provided for information purposes only (not representations/warranties) and should not be considered as an endorsement of its views by Gate, nor as financial or professional advice. See Disclaimer for details.
  • Reward
  • 6
  • Share
Comment
0/400
GateUser-3824aa38vip
· 07-09 07:43
Got stolen again, huh?
View OriginalReply0
LiquidatedDreamsvip
· 07-09 06:59
What happened again? Sigh.
View OriginalReply0
FarmHoppervip
· 07-06 08:17
Another project has fallen.
View OriginalReply0
GasFeeWhisperervip
· 07-06 08:12
The overflow vulnerability can be so significant.
View OriginalReply0
BearMarketSurvivorvip
· 07-06 08:04
Another smart contract has been crashed.
View OriginalReply0
DarkPoolWatchervip
· 07-06 07:52
The contract must have a loophole SB again, right?
View OriginalReply0
Trade Crypto Anywhere Anytime
qrCode
Scan to download Gate app
Community
English
  • 简体中文
  • English
  • Tiếng Việt
  • 繁體中文
  • Español
  • Русский
  • Français (Afrique)
  • Português (Portugal)
  • Bahasa Indonesia
  • 日本語
  • بالعربية
  • Українська
  • Português (Brasil)