The Poolz Finance (POOLZ) network Web3 platform suffered a loss
After the Euler exploit, a resurgence of concerns about security in the cryptocurrency world has been prompted by a classical arithmetic overflow issue in Poolz Finance.
Just two days after the Euler episode, a different hacker took $390,000 from Poolz Finance, a cross-chain Web3 crowdfunding launchpad on the Polygon and Binance Smart Chain. According to a PeckShield review from March 15th, the suspicious activity in the token vesting smart contract pointed to a “classic arithmetic overflow issue” as the root cause. In a post about the incident, Poolz advised users to cease trading POOLZ tokens. The launchpad dev team flagged the address in issue and also took the liquidity out of Pancakeswap and Uniswap.
The Basic Factor
An arithmetic overflow problem led to the hack. The exploit was first identified when the token vesting smart contract received identical transaction patterns from the same sender frequently.
This gave the hacker access to tokens that had already been distributed to the general public. They could transfer cryptocurrency into their accounts, change it to BNB, and then remove it from the system.
The hacker made off with roughly $390,000 USD equal from their exploits, severely damaging the Poolz ecosystem. When this was made known to the general public, the price of Poolz’s native currency, POOLZ, fell by more than 95%.
Process
The hacker started by exchanging MNZ tokens on the cryptocurrency platform PancakeSwap. The major problem with the attack was when the attacker used the CreateMassPools function.
The standard procedure is for users to establish pools in groups, supply initial liquidity, and then create the pools using the CreatePool function, which logs the pool attributes using a mapping.
The getArraySum function, which repeatedly iterates through the startamount array and accumulates its values, was the problem. The array sum was discovered to be greater than uint256 by inspecting the call stack, which led to the function returning 1.
An attacker could deposit one token but set the startamount to a very large number because the CreatePool function still records pool attributes using startamount.
The hacker then used the withdraw to finish off the assault and cash in on the vulnerability.
Solution
Using or creating mathematical libraries to substitute the standard mathematical operators (addition, subtraction, and multiplication) is a common method for preventing underflow and overflow errors.
With the help of the SafeMath library from Open Zeppelin, users can perform the basic arithmetic processes as well as throw errors based on preconditions and postconditions to determine whether an overflow or underflow has taken place.
Above 0.8.0, Solidity compilers can automatically check for overflows and underflows and generate an error if the values err. Additionally, a smart contract must be correctly designed to guard against potential Denial of Service attacks based on integer overflow and underflow problems.
Closing Notes
Companies dealing in crypto should upgrade their security measures frequently and make sure their systems are secure and reliable to prevent hacking. The Poolz Finance hacking incidents highlight the critical importance of crypto-world security. To keep their assets and transactions on the blockchain secure, developers and users alike must remain vigilant and take all necessary measures.
New to trading? Try crypto trading bots or copy trading on best crypto exchanges
Join Coinmonks Telegram Channel and Youtube Channel get daily Crypto News
