Poolz suffers from an arithmetic overflow vulnerability attack, resulting in losses of approximately $665,000.

Recently, an attack on the Poolz platform has drawn attention in the industry. According to on-chain monitoring data, the attack occurred on March 15, 2023, involving multiple networks including Ethereum, BNB Chain, and Polygon. The attacker exploited an arithmetic overflow vulnerability in the smart contract to successfully steal a large amount of tokens, with a total value of approximately $665,000.

The attacker cleverly manipulated the CreateMassPools function, exploiting the integer overflow issue in the getArraySum function. Specifically, the attacker constructed a special input array that caused the cumulative result to exceed the range of uint256, resulting in a return value of 1 from the function. However, the contract still used the original _StartAmount value when recording the pool attributes, leading to significant financial losses.

The stolen assets include various ERC-20 tokens, such as MEE, ESNC, DON, ASW, KMON, POOLZ, etc. The attacker has exchanged some of the profited tokens for BNB, but so far, these funds have not been transferred out of the attacker's address.

This incident once again highlights the importance of security audits for smart contracts. To prevent similar arithmetic overflow issues, professionals recommend that developers use newer versions of the Solidity programming language, as these versions automatically perform overflow checks during compilation. For projects using older versions of Solidity, it may be advisable to incorporate OpenZeppelin's SafeMath library to enhance the security of the contracts.

This attack incident reminds us that while blockchain technology is rapidly developing, security issues should always be taken seriously. Development teams should place greater emphasis on contract audits and implement comprehensive security measures to protect user assets from similar attacks.