- Topic1/3
44k Popularity
32k Popularity
48k Popularity
9k Popularity
22k Popularity
- Pin
- 🎉 The #CandyDrop Futures Challenge is live — join now to share a 6 BTC prize pool!
📢 Post your futures trading experience on Gate Square with the event hashtag — $25 × 20 rewards are waiting!
🎁 $500 in futures trial vouchers up for grabs — 20 standout posts will win!
📅 Event Period: August 1, 2025, 15:00 – August 15, 2025, 19:00 (UTC+8)
👉 Event Link: https://www.gate.com/candy-drop/detail/BTC-98
Dare to trade. Dare to win.
- 🎉 Gate Square Growth Points Summer Lucky Draw Round 1️⃣ 2️⃣ Is Live!
🎁 Prize pool over $10,000! Win Huawei Mate Tri-fold Phone, F1 Red Bull Racing Car Model, exclusive Gate merch, popular tokens & more!
Try your luck now 👉 https://www.gate.com/activities/pointprize?now_period=12
How to earn Growth Points fast?
1️⃣ Go to [Square], tap the icon next to your avatar to enter [Community Center]
2️⃣ Complete daily tasks like posting, commenting, liking, and chatting to earn points
100% chance to win — prizes guaranteed! Come and draw now!
Event ends: August 9, 16:00 UTC
More details: https://www
Poolz suffers from an arithmetic overflow attack, resulting in a loss of $665,000, affecting multiple chain assets.
Poolz suffers from arithmetic overflow attack, resulting in a loss of approximately $665,000
Recently, an attack incident targeting Poolz occurred on the Ethereum, Binance Smart Chain, and Polygon networks. According to on-chain data monitoring, the attack took place on March 15, 2023, at 3:16 AM ( UTC ). This attack involved multiple tokens, including MEE, ESNC, DON, ASW, KMON, POOLZ, etc., with total losses amounting to approximately $665,000.
The attacker exploited an arithmetic overflow vulnerability in the Poolz smart contract. Specifically, the issue lies in the getArraySum function within the CreateMassPools function. This function fails to properly handle the overflow situation caused by large number additions when calculating the initial liquidity provided by users for batch pool creation.
The attack process is as follows:
The attacker first exchanged a small amount of MNZ tokens on a certain decentralized exchange.
Then call the CreateMassPools function, passing in the carefully constructed parameters. The _StartAmount array contains two values: one is a large number close to the uint256 limit, and the other is a normal token amount.
Due to the overflow caused by the accumulation operation in the getArraySum function, the final return value is 1. However, the contract still uses the original _StartAmount value when recording the pool properties.
This caused the attacker to actually transfer only 1 token, but recorded a huge amount of liquidity in the contract.
Finally, the attacker calls the withdraw function to extract tokens, completing the attack.
To prevent such issues from occurring again, it is recommended that developers take the following measures:
Use a newer version of the Solidity compiler, as these versions will automatically perform overflow checks.
If it is necessary to use an older version of Solidity, you can introduce third-party security libraries to handle integer operations, such as OpenZeppelin's SafeMath library.
When processing user input, especially in scenarios involving large number calculations, strict boundary checks and exception handling should be performed.
Conduct regular code audits, with special attention to parts that may involve integer overflow.
Consider introducing mechanisms such as multi-signature or time locks to buy time for responses in emergency situations.
This incident reminds us again that security should always be the primary consideration in smart contract development. Even seemingly simple arithmetic operations can become a breakthrough point for attackers to exploit.