- Topic1/3
76k Popularity
54k Popularity
69k Popularity
10k Popularity
22k Popularity
- Pin
- 🎉 The #CandyDrop Futures Challenge is live — join now to share a 6 BTC prize pool!
📢 Post your futures trading experience on Gate Square with the event hashtag — $25 × 20 rewards are waiting!
🎁 $500 in futures trial vouchers up for grabs — 20 standout posts will win!
📅 Event Period: August 1, 2025, 15:00 – August 15, 2025, 19:00 (UTC+8)
👉 Event Link: https://www.gate.com/candy-drop/detail/BTC-98
Dare to trade. Dare to win.
- 🎉 Gate Square Growth Points Summer Lucky Draw Round 1️⃣ 2️⃣ Is Live!
🎁 Prize pool over $10,000! Win Huawei Mate Tri-fold Phone, F1 Red Bull Racing Car Model, exclusive Gate merch, popular tokens & more!
Try your luck now 👉 https://www.gate.com/activities/pointprize?now_period=12
How to earn Growth Points fast?
1️⃣ Go to [Square], tap the icon next to your avatar to enter [Community Center]
2️⃣ Complete daily tasks like posting, commenting, liking, and chatting to earn points
100% chance to win — prizes guaranteed! Come and draw now!
Event ends: August 9, 16:00 UTC
More details: https://www
Poolz suffers from arithmetic overflow attack, with multi-chain losses nearing $670,000.
Poolz encounters arithmetic overflow vulnerability attack, resulting in a loss of nearly $670,000
Recently, an attack on the multi-chain Poolz project has attracted widespread attention in the industry. According to on-chain monitoring data, the attack occurred on March 15, 2023, involving multiple public chains such as Ethereum, BNB Chain, and Polygon.
This attack resulted in a large number of tokens being stolen, including tokens from multiple projects such as MEE, ESNC, DON, ASW, KMON, and POOLZ. Preliminary estimates suggest that the total value of the stolen assets is approximately $665,000. Currently, some of the stolen tokens have been exchanged by the attackers for BNB, but they have not yet been transferred out of the addresses controlled by the attackers.
Analysis shows that this attack primarily exploited an arithmetic overflow vulnerability in the Poolz project's smart contract. The attacker triggered the integer overflow by cleverly constructing input parameters while creating liquidity pools in bulk, thereby achieving the goal of obtaining a large amount of liquidity with a very small number of tokens.
Specifically, the attacker first exchanged a small amount of MNZ tokens on a certain decentralized exchange. Subsequently, the attacker called the CreateMassPools function in the Poolz contract, which allows users to create liquidity pools in bulk and provide initial liquidity. The issue lies in the getArraySum function, which is used to calculate the total amount of initial liquidity provided by the user.
The attacker carefully constructed an array containing extremely large values as input parameters. When these values were summed, integer overflow occurred, resulting in a huge discrepancy between the actual number of tokens transferred and the recorded number. Ultimately, the attacker only transferred 1 token but recorded a massive liquidity value in the contract.
After completing the above operation, the attacker immediately called the withdraw function to extract funds, easily completing the entire attack process.
This incident highlights once again the dangers of arithmetic overflow issues in smart contracts. To mitigate similar risks, industry experts recommend that developers use newer versions of the Solidity programming language, which automatically perform overflow checks during the compilation process. For projects using older versions of Solidity, it may be advisable to incorporate mature security libraries such as OpenZeppelin to address integer overflow issues.
This incident reminds us that contract security is always a key issue that cannot be ignored in the blockchain ecosystem. Project teams need to continuously strengthen code audits and security testing, while users should remain vigilant and carefully assess the associated risks when participating in new projects.