- Topic
65k Popularity
5k Popularity
12k Popularity
349 Popularity
7k Popularity
- Pin
- 🎉 The #CandyDrop Futures Challenge# is live — join now to share a 6 BTC prize pool!
📢 Post your futures trading experience on Gate Square with the event hashtag — $25 × 20 rewards are waiting!
🎁 $500 in futures trial vouchers up for grabs — 20 standout posts will win!
📅 Event Period: August 1, 2025, 15:00 – August 15, 2025, 19:00 (UTC+8)
👉 Event Link: https://www.gate.com/candy-drop/detail/BTC-98
Dare to trade. Dare to win. - 📢 Gate Square Exclusive: #WXTM Creative Contest# Is Now Live!
Celebrate CandyDrop Round 59 featuring MinoTari (WXTM) — compete for a 70,000 WXTM prize pool!
🎯 About MinoTari (WXTM)
Tari is a Rust-based blockchain protocol centered around digital assets.
It empowers creators to build new types of digital experiences and narratives.
With Tari, digitally scarce assets—like collectibles or in-game items—unlock new business opportunities for creators.
🎨 Event Period:
Aug 7, 2025, 09:00 – Aug 12, 2025, 16:00 (UTC)
📌 How to Participate:
Post original content on Gate Square related to WXTM or its - 🎉 Attention Alpha fans! Alpha’s latest TAG airdrop goes live today at 10 AM—first come, first served!
💰 Don’t forget to share your airdrop or points screenshot on Gate Square with the hashtag #ShowMyAlphaPoints# for a chance to win a share of the $200 token mystery box!
🥇 Top points winner: $100
✨ 5 outstanding posts: $20 each
📸 Pro tips:
Add a caption like “I earned ____ with Alpha. So worth it”
Share your points-earning tips or redemption experience for a better chance to win!
📅 Activity deadline: August 10, 18:00 UTC
Let’s go! See you tonight: https://www.gate.com/announcements/article - Hey fam—did you join yesterday’s [Show Your Alpha Points] event? Still not sure how to post your screenshot? No worries, here’s a super easy guide to help you win your share of the $200 mystery box prize!
📸 posting guide:
1️⃣ Open app and tap your [Avatar] on the homepage
2️⃣ Go to [Alpha Points] in the sidebar
3️⃣ You’ll see your latest points and airdrop status on this page!
👇 Step-by-step images attached—save it for later so you can post anytime!
🎁 Post your screenshot now with #ShowMyAlphaPoints# for a chance to win a share of $200 in prizes!
⚡ Airdrop reminder: Gate Alpha ES airdrop is - Gate Futures Trading Incentive Program is Live! Zero Barries to Share 50,000 ERA
Start trading and earn rewards — the more you trade, the more you earn!
New users enjoy a 20% bonus!
Join now:https://www.gate.com/campaigns/1692?pid=X&ch=NGhnNGTf
Event details: https://www.gate.com/announcements/article/46429
Carbontec Uncovers $520,000 Exploit Path in 1inch Router’s Rescue Function
A Carbontec investigation revealed that over $520,000 in mis-sent tokens were quietly withdrawn from 1inch Routers v4–v6 via public functions, exposing a security blind spot in one of defi’s most widely used contracts.
Design Oversight in 1inch Router Allowed Withdrawal of Mis-Sent Funds
Blockchain security firm Carbontec has uncovered a significant design vulnerability in 1inch’s Aggregation Router v6 smart contract, a key defi protocol that facilitates token swaps for millions of users. The issue? Anyone could withdraw tokens mistakenly sent to the contract, not just the owner.
According to an exclusive shared with Bitcoin.com News, more than $520,000 worth of crypto, including 4.2 WBTC (approximately $445K) in one transaction, was moved by unaffiliated actors across router versions 4, 5, and 6. The flaw stems from publicly accessible callback functions and the router’s logic that accepts user-defined swap pools. These allow for spoofed transactions that effectively launder fund extractions under the guise of routine protocol use.
Rather than being locked or retrievable only by 1inch, mis-sent tokens became fair game for anyone with technical knowledge. This is not a coding bug, but a gas-saving design tradeoff that underestimated user behavior and overestimated contract safety through obscurity.
Miroslav Baril, CTO at Carbontec, shared some thoughts from the company’s investigation.
Carbontec’s research shows this issue affects not just 1inch, but potentially any defi protocol that accepts external contract input or exposes internal swap callbacks. With hundreds of thousands in user funds quietly siphoned off, the investigation raises pressing questions about how defi protocols handle errors and who really has access to user funds.