- Topic
25k Popularity
219k Popularity
39k Popularity
176k Popularity
5k Popularity
- Pin
- 🎤 Cheer for Your Idol · Gate Takes You Straight to Token of Love! 🎶
Fam, head to Gate Square now and cheer for #TokenOfLove# — 20 music festival tickets are waiting for you! 🔥
HyunA / SUECO / DJ KAKA / CLICK#15 — Who are you most excited to see? Let’s cheer together!
📌 How to Join (the more ways you join, the higher your chance of winning!)
1️⃣ Interact with This Post
Like & Retweet + vote for your favorite artist
Comment: “I’m cheering for Token of Love on Gate Square!”
2️⃣ Post on Gate Square
Use hashtags: #ArtistName# + #TokenOfLove#
Post any content you like:
🎵 The song you want to he - ✈️ Gate Square | Gate Travel Sharing Event is Ongoing!
Post with #Gate Travel Sharing Ambassadors# on Square and win exclusive travel goodies! 💡
🌴 How to join:
1️⃣ Post on Square with the hashtag #Gate Travel Sharing Ambassadors#
2️⃣ You can:
Share the destination you most want to visit with Gate Travel (hidden gems or hot spots)
Tell your booking experience with Gate Travel (flights/hotels)
Drop money-saving/usage tips
Or write a light, fun Gate Travel story
📦 Prizes:
🏆 Top Ambassador (1): Gate Travel Camping Kit
🎖️ Popular Ambassadors (3): Gate Quick-Dry Travel Set
🎉 Lucky Participant - 🎉 Hey Gate Square friends! Non-stop perks and endless excitement—our hottest posting reward events are ongoing now! The more you post, the more you win. Don’t miss your exclusive goodies! 🚀
🆘 #Gate 2025 Semi-Year Community Gala# | Square Content Creator TOP 10
Only 1 day left! Your favorite creator is one vote away from TOP 10. Interact on Square to earn Votes—boost them and enter the prize draw. Prizes: iPhone 16 Pro Max, Golden Bull sculpture, Futures Vouchers!
Details 👉 https://www.gate.com/activities/community-vote
1️⃣ #Show My Alpha Points# | Share your Alpha points & gains
Post your
Revealing the Reason Behind the Poly Network Hacker Attack: EthCrossChainData Contract Keeper Was Tampered With
Analysis of the Poly Network protocol Hacker Attack Incident
Recently, the cross-chain interoperability protocol Poly Network was attacked by a Hacker, which has attracted widespread attention in the industry. The security team conducted an in-depth analysis of the incident and believes that the attacker cleverly constructed data to modify the keeper address of the EthCrossChainData contract, rather than the previously rumored keeper private key leakage being the cause.
Attack Core
The key to the attack lies in the verifyHeaderAndExecuteTx function of the EthCrossChainManager contract. This function can execute specific cross-chain transactions through the _executeCrossChainTx function. Since the owner of the EthCrossChainData contract is the EthCrossChainManager contract, the latter can call the putCurEpochConPubKeyBytes function of the former to change the contract's keeper.
The attacker uses the verifyHeaderAndExecuteTx function, passing in carefully crafted data, to invoke the putCurEpochConPubKeyBytes function of the EthCrossChainData contract from the _executeCrossChainTx function, thereby changing the keeper role to an address specified by the attacker. After this step is completed, the attacker can arbitrarily construct transactions and withdraw any amount of funds from the contract.
Attack Process
The attacker first changed the keeper by calling the putCurEpochConPubKeyBytes function through the verifyHeaderAndExecuteTx function of the EthCrossChainManager contract.
Subsequently, the attacker began to implement a series of attack transactions to extract funds from the contract.
Due to the modification of the keeper, other users' normal transactions were rejected.
Similar attack methods have also been applied on the Ethereum network.
Conclusion
The root cause of this attack lies in the fact that the keeper of the EthCrossChainData contract can be modified by the EthCrossChainManager contract, and the latter's verifyHeaderAndExecuteTx function can execute data provided by the user. The attacker exploited this vulnerability by constructing specific data, successfully changing the keeper address of the EthCrossChainData contract. This finding clarifies the previous erroneous rumor about the leakage of the keeper's private key.
This incident once again highlights the importance of cross-chain protocol security. For complex smart contract systems, especially those involving cross-chain operations, stricter security audits and risk assessments are needed. At the same time, this also reminds blockchain project developers to pay extra attention to issues of permission management and data validation to prevent similar security vulnerabilities from being exploited.