- Topic1/3
4k Popularity
157k Popularity
13k Popularity
33k Popularity
100k Popularity
- Pin
- Hey Square fam! How many Alpha points have you racked up lately?
Did you get your airdrop? We’ve also got extra perks for you on Gate Square!
🎁 Show off your Alpha points gains, and you’ll get a shot at a $200U Mystery Box reward!
🥇 1 user with the highest points screenshot → $100U Mystery Box
✨ Top 5 sharers with quality posts → $20U Mystery Box each
📍【How to Join】
1️⃣ Make a post with the hashtag #ShowMyAlphaPoints#
2️⃣ Share a screenshot of your Alpha points, plus a one-liner: “I earned ____ with Gate Alpha. So worth it!”
👉 Bonus: Share your tips for earning points, redemption experienc
- 🎉 The #CandyDrop Futures Challenge is live — join now to share a 6 BTC prize pool!
📢 Post your futures trading experience on Gate Square with the event hashtag — $25 × 20 rewards are waiting!
🎁 $500 in futures trial vouchers up for grabs — 20 standout posts will win!
📅 Event Period: August 1, 2025, 15:00 – August 15, 2025, 19:00 (UTC+8)
👉 Event Link: https://www.gate.com/candy-drop/detail/BTC-98
Dare to trade. Dare to win.
Euler Finance suffered a flash loan attack, losing nearly $200 million.
Euler Finance suffered a flash loan attack, losing nearly $200 million.
On March 13, the Euler Finance project suffered a flash loan attack due to a smart contract vulnerability, resulting in a loss of approximately $197 million in funds. This attack involved six types of tokens and is one of the largest security incidents in the DeFi space in recent times.
Attack Process Analysis
The attacker first obtained a flash loan of 30 million DAI from a lending platform, and then deployed two contracts for lending and liquidation. The attack process is roughly as follows:
Stake 20 million DAI in the Euler Protocol to receive 19.5 million eDAI.
Use Euler Protocol to borrow 195.6 million eDAI and 200 million dDAI with 10x leverage.
Use the remaining 10 million DAI to repay part of the debt and burn the corresponding dDAI.
Lend the same amount of eDAI and dDAI again.
Donate 100 million eDAI through the donateToReserves function, then call the liquidate function to liquidate and obtain 310 million dDAI and 250 million eDAI.
Finally, withdraw 38.9 million DAI, repay 30 million Flash Loans, net profit is about 8.87 million DAI.
Cause of Vulnerability
The key to this attack lies in the fact that Euler Finance's donateToReserves function lacks necessary liquidity checks. Unlike other functions such as mint, donateToReserves does not call the checkLiquidity function to verify the user's asset status. This allows attackers to use this function to put their own accounts in a liquidatable state, thereby carrying out the attack.
Under normal circumstances, the checkLiquidity function would call the RiskManager module to ensure that the user's eToken is greater than the dToken, in order to maintain the security of the system. However, the donateToReserves function bypasses this important step, providing an opportunity for attackers.
Security Recommendations
This incident again highlights the importance of contract security in DeFi projects. For lending projects, it is particularly important to pay attention to the following points:
Ensure that all functions involving fund operations perform sufficient liquidity checks.
Strictly control the borrowing leverage of users to prevent system risks caused by excessive leverage.
Implement multiple security mechanisms, such as an emergency pause function, to respond to sudden security incidents.
Conduct comprehensive contract audits, with particular attention to key aspects such as fund repayment, liquidity detection, and debt liquidation.
Regularly conduct security assessments and stress tests to promptly identify and fix potential vulnerabilities.
This attack event reminds us that in the rapidly evolving Web3 world, security should always be a top priority. Project teams should invest more resources in security construction, and users also need to enhance their risk awareness and participate cautiously in various DeFi projects.