🎉 The #CandyDrop Futures Challenge is live — join now to share a 6 BTC prize pool!
📢 Post your futures trading experience on Gate Square with the event hashtag — $25 × 20 rewards are waiting!
🎁 $500 in futures trial vouchers up for grabs — 20 standout posts will win!
📅 Event Period: August 1, 2025, 15:00 – August 15, 2025, 19:00 (UTC+8)
👉 Event Link: https://www.gate.com/candy-drop/detail/BTC-98
Dare to trade. Dare to win.
Poolz suffers from arithmetic overflow attack, losing $665,000.
Poolz Suffers from Arithmetic Overflow Vulnerability Attack, Resulting in Losses of Approximately $665,000
Recently, an attack on Poolz has attracted widespread attention in the cryptocurrency community. According to on-chain monitoring data, the attack occurred on March 15, 2023, involving multiple chains including Ethereum, BNB Chain, and Polygon. This attack resulted in losses of various tokens, with a total value of approximately $665,000.
An attacker exploited an arithmetic overflow vulnerability in the Poolz smart contract. Specifically, the issue lies in the getArraySum function within the CreateMassPools function. This function, when calculating the number of tokens, results in a mismatch between the actual number of tokens transferred and the recorded amount due to the overflow problem.
The attack process is roughly as follows:
The attacker first exchanged some MNZ tokens on a decentralized exchange.
Then the CreateMassPools function was called. This function was supposed to allow users to create liquidity pools in bulk and provide initial liquidity.
During the CreatePool process, due to the overflow issue of the getArraySum function, an attacker only needs to transfer 1 token, but the system records a value that is far greater than the actual amount.
Finally, the attacker withdrew tokens far exceeding the actual amount deposited through the withdraw function, thereby completing the attack.
This incident once again highlights the importance and potential risks of arithmetic operations in smart contracts. To prevent similar issues, developers should consider using newer versions of the Solidity compiler, which automatically perform overflow checks. For projects using older versions of Solidity, it is recommended to use OpenZeppelin's SafeMath library to handle integer operations and avoid overflow risks.
This event reminds us that security should always be the primary consideration in blockchain and smart contract development. Regular code audits, using verified libraries, and implementing comprehensive security measures are crucial for protecting user assets and maintaining the project's reputation.