- Topic1/3
23k Popularity
15k Popularity
33k Popularity
8k Popularity
19k Popularity
- Pin
- 🎉 The #CandyDrop Futures Challenge is live — join now to share a 6 BTC prize pool!
📢 Post your futures trading experience on Gate Square with the event hashtag — $25 × 20 rewards are waiting!
🎁 $500 in futures trial vouchers up for grabs — 20 standout posts will win!
📅 Event Period: August 1, 2025, 15:00 – August 15, 2025, 19:00 (UTC+8)
👉 Event Link: https://www.gate.com/candy-drop/detail/BTC-98
Dare to trade. Dare to win.
- 🎉 Gate Square Growth Points Summer Lucky Draw Round 1️⃣ 2️⃣ Is Live!
🎁 Prize pool over $10,000! Win Huawei Mate Tri-fold Phone, F1 Red Bull Racing Car Model, exclusive Gate merch, popular tokens & more!
Try your luck now 👉 https://www.gate.com/activities/pointprize?now_period=12
How to earn Growth Points fast?
1️⃣ Go to [Square], tap the icon next to your avatar to enter [Community Center]
2️⃣ Complete daily tasks like posting, commenting, liking, and chatting to earn points
100% chance to win — prizes guaranteed! Come and draw now!
Event ends: August 9, 16:00 UTC
More details: https://www
Analysis of NFT Contract Security Risks: Lessons Behind the $64.9 Million Loss in the First Half of 2022
NFT Contract Security Analysis: Review of Events in the First Half of 2022 and Discussion of Common Issues
In the first half of 2022, the security situation in the NFT field was severe. Data shows that there were a total of 10 major security incidents, resulting in losses of approximately $64.9 million. The main attack methods included contract vulnerability exploitation, private key leaks, and phishing, among others. It is worth noting that phishing attacks on the Discord platform occurred almost daily, causing individual users to suffer frequent losses.
Analysis of Typical Security Incidents
TreasureDAO event
On March 3rd, the TreasureDAO trading platform was attacked, and over 100 NFTs were stolen. The reason was a logical flaw caused by the mixed use of ERC-1155 and ERC-721 tokens. The contract did not differentiate between token types when processing token purchases, allowing attackers to use ERC-20 tokens to purchase NFTs at zero cost.
APE Coin airdrop event
On March 17, hackers acquired over 60,000 APE Coin airdrop through flash loans. The vulnerability stemmed from the airdrop contract using instantaneous state to determine NFT ownership, which could be manipulated by flash loans.
Revest Finance incident
On March 27, Revest Finance was attacked, resulting in a loss of $120,000. This was a typical ERC-1155 reentrancy attack due to the contract not properly handling the order of state updates when minting new FNFTs.
NBA wool-pulling incident
On April 21, the NBA project was attacked. The issue lies in the signature mechanism of the whitelist verification, which has two main vulnerabilities: signature impersonation and reuse.
Akutar event
On April 23, the Akutar project locked 11,539 ETH (approximately $34 million) due to a contract vulnerability. The main issues included design flaws in the refund function and the failure to account for users bidding multiple times.
XCarnival event
On June 24, XCarnival was attacked, resulting in a loss of 3087 ETH (approximately 3.8 million USD). The vulnerability was due to the lack of verification of the legitimacy of the xToken address when staking NFTs, and the failure to check the status of collateral records during borrowing.
Common Security Issues with NFT Contracts
Signature impersonation and reuse:
Logical loopholes:
ERC721/ERC1155 Reentrancy Attack:
The scope of authorization is too broad:
Price Manipulation:
Given the complexity of NFT contracts and the potential risks, it is crucial to seek a professional security company for a comprehensive audit to prevent possible security hazards.