Futures
Access hundreds of perpetual contracts
CFD
Gold
One platform for global traditional assets
Options
Hot
Trade European-style vanilla options
Unified Account
Maximize your capital efficiency
Demo Trading
Introduction to Futures Trading
Learn the basics of futures trading
Futures Events
Join events to earn rewards
Demo Trading
Use virtual funds to practice risk-free trading
CFD
Stock CFD Derivatives
US Stocks
Access real US stocks and ETFs
HK Stocks
Trade quality Hong Kong-listed stocks
Korean Stocks
SK Hynix
Real Korean stocks and top assets
Stock Futures
High leverage, 24/7 trading
Tokenized Stocks
Backed by real stock assets
IPO Access
Unlock full access to global stock IPOs
GUSD
3.8%
Mint GUSD for Treasury RWA yields
Stocks Activities
Trade Popular Stocks and Unlock Generous Airdrops
Launch
CandyDrop
Collect candies to earn airdrops
Launchpool
Quick staking, earn potential new tokens
HODLer Airdrop
Hold GT and get massive airdrops for free
Pre-IPOs
Unlock full access to global stock IPOs
Alpha Points
Trade on-chain assets and earn airdrops
Futures Points
Earn futures points and claim airdrop rewards
Promotions
AI
Gate AI
Your all-in-one conversational AI partner
Gate AI Bot
Use Gate AI directly in your social App
GateClaw
Gate Blue Lobster, ready to go
Gate for AI Agent
AI infrastructure, Gate MCP, Skills, and CLI
Gate Skills Hub
10K+ Skills
From office tasks to trading, the all-in-one skill hub makes AI even more useful.
⚠️Smart contract vulnerability exploited: QNT reserve pool assets attacked
On-chain security incident occurs again. Attackers exploited account authorization and contract permission design flaws to successfully steal assets from the reserve pool.
The key details of this incident are as follows:
The attacker launched the attack through a flawed EIP-7702 account mechanism
Stole 1,988.5 Quant (QNT) from the reserve pool
Worth approximately 54.93 Ethereum
The core reason for the problem:
1️⃣ The reserve pool administrator's EOA address delegates code to the BatchExecutor contract via EIP-7702
2️⃣ This contract then authorizes the BatchCall contract to perform batch calls
3️⃣ But the () function has no permission checks
As a result:
👉 Any external address can directly call this function
👉 The attacker successfully executed batch calls and transferred the reserve pool assets
Professional perspective:
Such incidents are essentially not a problem with the underlying blockchain, but a failure in contract permission management design. In DeFi systems, a single misconfigured permission can often lead to complete fund drain.
Summary in one sentence:
In the on-chain world, code is law, and security boundaries often determine everything. #WCTC交易王PK #加密市场小幅下跌 #Polymarket每日热点 $ONT $SSV