- Topic
12k Popularity
101k Popularity
129k Popularity
6k Popularity
3k Popularity
- Pin
- 🎉 Hey Gate Square friends! Non-stop perks and endless excitement—our hottest posting reward events are ongoing now! The more you post, the more you win. Don’t miss your exclusive goodies! 🚀
🆘 #Gate 2025 Semi-Year Community Gala# | Square Content Creator TOP 10
Only 1 day left! Your favorite creator is one vote away from TOP 10. Interact on Square to earn Votes—boost them and enter the prize draw. Prizes: iPhone 16 Pro Max, Golden Bull sculpture, Futures Vouchers!
Details 👉 https://www.gate.com/activities/community-vote
1️⃣ #Show My Alpha Points# | Share your Alpha points & gains
Post your - 🚀 ETH jumped to $4,600 this morning, up 8.69% in 24h!
Just shy of the $4,891 ATH—think it breaks through?
📍 Follow Gate_Square, vote and drop your reason.
🎁 4 winners split $100 Futures Voucher! - 📢 Exclusive on Gate Square — #PROVE Creative Contest# is Now Live!
CandyDrop × Succinct (PROVE) — Trade to share 200,000 PROVE 👉 https://www.gate.com/announcements/article/46469
Futures Lucky Draw Challenge: Guaranteed 1 PROVE Airdrop per User 👉 https://www.gate.com/announcements/article/46491
🎁 Endless creativity · Rewards keep coming — Post to share 300 PROVE!
📅 Event PeriodAugust 12, 2025, 04:00 – August 17, 2025, 16:00 UTC
📌 How to Participate
1.Publish original content on Gate Square related to PROVE or the above activities (minimum 100 words; any format: analysis, tutorial, creativ - 💙 Gate Square #Gate Blue Challenge# 💙
Show your limitless creativity with Gate Blue!
📅 Event Period
August 11 – 20, 2025
🎯 How to Participate
1. Post your original creation (image / video / hand-drawn art / digital work, etc.) on Gate Square, incorporating Gate’s brand blue or the Gate logo.
2. Include the hashtag #Gate Blue Challenge# in your post title or content.
3. Add a short blessing or message for Gate in your content (e.g., “Wishing Gate Exchange continued success — may the blue shine forever!”).
4. Submissions must be original and comply with community guidelines. Plagiarism or re - 🎉 The #CandyDrop Futures Challenge# is live — join now to share a 6 BTC prize pool!
📢 Post your futures trading experience on Gate Square with the event hashtag — $25 × 20 rewards are waiting!
🎁 $500 in futures trial vouchers up for grabs — 20 standout posts will win!
📅 Event Period: August 1, 2025, 15:00 – August 15, 2025, 19:00 (UTC+8)
👉 Event Link: https://www.gate.com/candy-drop/detail/BTC-98
Dare to trade. Dare to win.
Poly Network was attacked by a Hacker: Contract vulnerability led to the keeper being tampered with.
Analysis of the Poly Network Hacker Attack Incident
Recently, the cross-chain interoperability protocol Poly Network was attacked by a Hacker, drawing widespread attention. After in-depth analysis by the security team, it was found that the attacker did not implement the attack through the leakage of the keeper's private key, but instead exploited a vulnerability in the contract.
Attack Principles
The core of the attack lies in the EthCrossChainManager contract's verifyHeaderAndExecuteTx function, which can execute specific cross-chain transactions through the _executeCrossChainTx function. Since the owner of the EthCrossChainData contract is the EthCrossChainManager contract, the latter can call the former's putCurEpochConPubKeyBytes function to modify the contract's keeper.
The attacker passed carefully crafted data to the verifyHeaderAndExecuteTx function, causing the _executeCrossChainTx function to call the putCurEpochConPubKeyBytes function of the EthCrossChainData contract, thereby changing the keeper role to an address specified by the attacker. After the keeper role replacement is completed, the attacker can arbitrarily construct transactions and withdraw any amount of funds from the contract.
Attack Process
The attacker first called the putCurEpochConPubKeyBytes function through the verifyHeaderAndExecuteTx function of the EthCrossChainManager contract to change the keeper.
Subsequently, the attacker leveraged the modified permissions to carry out a series of attack transactions, extracting funds from the contract.
Due to the modification of the keeper, the normal transactions of other users were rejected.
This attack pattern has occurred not only on the BSC chain but also on the Ethereum network, which has encountered similar attacks.
Conclusion
The fundamental cause of this attack incident lies in the fact that the keeper of the EthCrossChainData contract can be modified by the EthCrossChainManager contract, and the verifyHeaderAndExecuteTx function of the EthCrossChainManager contract can execute user-input data through the _executeCrossChainTx function. The attacker exploited this design flaw by constructing specific data to modify the keeper of the EthCrossChainData contract, thereby achieving fund theft.
This event once again highlights the importance of security design in cross-chain protocols, especially the need for stricter audits and restrictions in permission management and function calls. For decentralized finance projects, continuous security audits and vulnerability fixes are crucial to prevent similar attack incidents.