- Topic1/3
25k Popularity
152k Popularity
8k Popularity
32k Popularity
95k Popularity
- Pin
- Hey Square fam! How many Alpha points have you racked up lately?
Did you get your airdrop? We’ve also got extra perks for you on Gate Square!
🎁 Show off your Alpha points gains, and you’ll get a shot at a $200U Mystery Box reward!
🥇 1 user with the highest points screenshot → $100U Mystery Box
✨ Top 5 sharers with quality posts → $20U Mystery Box each
📍【How to Join】
1️⃣ Make a post with the hashtag #ShowMyAlphaPoints#
2️⃣ Share a screenshot of your Alpha points, plus a one-liner: “I earned ____ with Gate Alpha. So worth it!”
👉 Bonus: Share your tips for earning points, redemption experienc
- 🎉 The #CandyDrop Futures Challenge is live — join now to share a 6 BTC prize pool!
📢 Post your futures trading experience on Gate Square with the event hashtag — $25 × 20 rewards are waiting!
🎁 $500 in futures trial vouchers up for grabs — 20 standout posts will win!
📅 Event Period: August 1, 2025, 15:00 – August 15, 2025, 19:00 (UTC+8)
👉 Event Link: https://www.gate.com/candy-drop/detail/BTC-98
Dare to trade. Dare to win.
Vulnerabilities in digital collectible contracts lead to permanent lock-up of 34 million USD, highlighting the importance of security audits.
Recently, a security company discovered two serious vulnerabilities in a digital collectible contract. These vulnerabilities could result in user assets being locked or the project party's funds being unable to be withdrawn.
The first vulnerability exists in the refund processing function. This function refunds all users in a looping manner, but if a certain user is a malicious contract, they may refuse to accept the refund and interrupt the transaction, causing the refund operations for all users to fail. Fortunately, this vulnerability has not been exploited in practice.
To avoid similar issues, it is recommended that the project party take the following security measures:
The second vulnerability is caused by a logic error in the code. In the function for extracting project funds, there is a conditional statement, but the object of comparison is incorrect. This results in the condition never being met, and the project party cannot extract assets from the contract. Currently, over 34 million dollars worth of assets are permanently locked in this contract.
These issues once again highlight that even well-known projects can make basic mistakes. During the development process, thorough testing and basic security awareness are crucial. Although security audits have become standard practice in the decentralized finance sector, they are still lacking in digital collectibles projects. This negligence has directly led to significant financial losses.
This incident reminds us that regardless of the scale of the project, we should prioritize code security, conduct comprehensive testing and audits to prevent similar significant losses from occurring again.