- Topic1/3
52k Popularity
36k Popularity
51k Popularity
9k Popularity
22k Popularity
- Pin
- 🎉 The #CandyDrop Futures Challenge is live — join now to share a 6 BTC prize pool!
📢 Post your futures trading experience on Gate Square with the event hashtag — $25 × 20 rewards are waiting!
🎁 $500 in futures trial vouchers up for grabs — 20 standout posts will win!
📅 Event Period: August 1, 2025, 15:00 – August 15, 2025, 19:00 (UTC+8)
👉 Event Link: https://www.gate.com/candy-drop/detail/BTC-98
Dare to trade. Dare to win.
- 🎉 Gate Square Growth Points Summer Lucky Draw Round 1️⃣ 2️⃣ Is Live!
🎁 Prize pool over $10,000! Win Huawei Mate Tri-fold Phone, F1 Red Bull Racing Car Model, exclusive Gate merch, popular tokens & more!
Try your luck now 👉 https://www.gate.com/activities/pointprize?now_period=12
How to earn Growth Points fast?
1️⃣ Go to [Square], tap the icon next to your avatar to enter [Community Center]
2️⃣ Complete daily tasks like posting, commenting, liking, and chatting to earn points
100% chance to win — prizes guaranteed! Come and draw now!
Event ends: August 9, 16:00 UTC
More details: https://www
Poly Network attacked: smart contracts vulnerability leads to cross-chain security incident
Cross-chain Protocol Security Vulnerability Analysis: Analysis of the Poly Network Attack Incident
Recently, a hacker attack targeting the cross-chain interoperability protocol Poly Network has attracted wide attention in the industry. According to the security team's analysis, this attack was not due to the leakage of the keeper's private key, but rather the attacker cleverly exploited a vulnerability in the smart contract.
Attack Core
The key to the attack lies in the verifyHeaderAndExecuteTx function within the EthCrossChainManager contract. This function can execute specific cross-chain transactions through the _executeCrossChainTx function. Since the owner of the EthCrossChainData contract is the EthCrossChainManager contract, the latter is able to call the former's putCurEpochConPubKeyBytes function to modify the contract's keeper.
Attack Process
The attacker passes carefully crafted data through the verifyHeaderAndExecuteTx function.
This data makes the _executeCrossChainTx function call the putCurEpochConPubKeyBytes function of the EthCrossChainData contract.
Through the above operations, the attacker successfully changed the keeper role to the specified address.
After completing the keeper replacement, the attacker can arbitrarily construct transactions to withdraw any amount of funds from the contract.
Attack Impact
After the attack occurred, other users' normal transactions were rejected due to the modification of the keeper. This situation has occurred on multiple blockchain networks, including Binance Smart Chain and Ethereum.
Security Insights
The permission management of smart contracts is crucial, especially when it comes to modifying permissions for key roles (such as keepers).
The security of cross-chain operations needs special attention, as they often involve complex interactions and high-value assets.
The design of contract functions should strictly limit the scope of executable operations to avoid vulnerabilities that can be exploited by attackers.
Regular security audits and vulnerability assessments are crucial for identifying and fixing potential issues.
This incident reminds us once again that security is always the primary concern in the rapidly evolving blockchain ecosystem. For developers and project teams, continuously improving security measures and enhancing code quality are key to protecting user assets.