🌟 Photo Sharing Tips: How to Stand Out and Win?
1.Highlight Gate Elements: Include Gate logo, app screens, merchandise or event collab products.
2.Keep it Clear: Use bright, focused photos with simple backgrounds. Show Gate moments in daily life, travel, sports, etc.
3.Add Creative Flair: Creative shots, vlogs, hand-drawn art, or DIY works will stand out! Try a special [You and Gate] pose.
4.Share Your Story: Sincere captions about your memories, growth, or wishes with Gate add an extra touch and impress the judges.
5.Share on Multiple Platforms: Posting on Twitter (X) boosts your exposure an
Poly Network was attacked by a Hacker: A contract design flaw led to the withdrawal of funds.
Analysis of the Attack Incident on the Poly Network Protocol
Recently, the cross-chain interoperability protocol Poly Network became the target of a hacker attack, drawing widespread attention in the industry. Security experts conducted an in-depth analysis of the incident, revealing the specific methods used by the attackers.
The core issue of this attack lies in the verifyHeaderAndExecuteTx function of the EthCrossChainManager contract. This function can execute specific cross-chain transactions through the _executeCrossChainTx function. Since the owner of the EthCrossChainData contract is the EthCrossChainManager contract, the latter is able to call the putCurEpochConPubKeyBytes function of the former to modify the contract's keeper.
The attacker exploited this design flaw by passing carefully crafted data through the verifyHeaderAndExecuteTx function, causing the _executeCrossChainTx function to call the putCurEpochConPubKeyBytes function of the EthCrossChainData contract, thereby changing the keeper role to an address specified by the attacker. After completing this step, the attacker can freely construct transactions to withdraw any amount of funds from the contract.
The specific attack process is as follows:
The attacker first locked onto the target contract.
The putCurEpochConPubKeyBytes function is called through the verifyHeaderAndExecuteTx function of the EthCrossChainManager contract to change the keeper.
Subsequently, multiple attack transactions were carried out to extract funds from the contract.
Due to the modification of the keeper, other users' normal transactions are immediately rejected.
It is worth noting that this incident was not caused by a leak of the keeper's private key, but rather that the attacker cleverly exploited a flaw in the contract design. This case once again highlights the importance of smart contract security audits, especially for complex cross-chain protocols.
The development team and security experts should learn from this incident and strengthen the review of contract permission management and function call logic to prevent similar attacks. At the same time, users are also reminded to remain vigilant when using emerging DeFi protocols and to pay attention to risk prevention.