- Pin
- 🗒 Gate.io Suggested Topics Posting Event: #NFP Data Release#
✍️ Please include the topic #NFP Data Release# in your post
💰 5 quality posters * each receive $10 Points
The Non-Farm Payroll (NFP) data is set to be released on May 2nd. As a key economic indicator, it often has a significant impact on market sentiment. How do you think this upcoming report will influence the crypto market’s direction? Are you bullish or bearish?
Post with the hashtag #NFP Data Release# to share your insights or analysis to share the $50 reward pool!
⏰ Event Time: April 30, 4:00 AM - May 1, 4:00 AM (UTC)
⚠️ Note
- 🎉 Gate.io Growth Points Lucky Draw Round 🔟 is Officially Live!
Draw Now 👉 https://www.gate.io/activities/creditprize?now_period=10
🌟 How to Earn Growth Points for the Draw?
1️⃣ Enter 'Post', and tap the points icon next to your avatar to enter 'Community Center'.
2️⃣ Complete tasks like post, comment, and like to earn Growth Points.
🎁 Every 300 Growth Points to draw 1 chance, win MacBook Air, Gate x Inter Milan Football, Futures Voucher, Points, and more amazing prizes!
⏰ Ends on May 4, 16:00 PM (UTC)
Details: https://www.gate.io/announcements/article/44619
#GrowthPoints#
Rug Pull occurred on another Arbitrum public chain project, involving an amount of about 3 million US dollars
Written by: Beosin
On May 19, 2022, according to the Beosin-EagleEye situational awareness platform, the Swaprum project on the **Arbitrum public chain project was suspected to be a Rug Pull, involving an amount of about 3 million US dollars. **
The Beosin security team analyzed the incident for the first time and discovered that there was a backdoor in the liquidity mortgage reward pool deployed by the project party. The project party (Swaprum: Deployer) used the add() backdoor function to steal the liquidity of user mortgages Tokens, in order to achieve the purpose of removing the liquidity of the trading pool for profit. **
Event related information
Attack transactions (due to the existence of a large number of attack transactions, only some of them are shown here)
Attacker Address
0xf2744e1fe488748e6a550677670265f664d96627**(Swaprum: Deployer)**
Vulnerable contract
0x2b6dec18e8e4def679b2e52e628b14751f2f66bc
(TransparentUpgradeableProxy Contract)
0xcb65D65311838C72e35499Cc4171985c8C47D0FC
(Implementation Contract)
Attack process
For the sake of convenience, let's take two of the transactions as examples:
Call the add backdoor function to steal liquidity tokens)
Remove liquidity profit)
(
Replaced with a backdoored liquidity staking rewards contract
(
Vulnerability Analysis
The main reason for this attack is that the **Swaprum project party used the function of the proxy contract to switch the implementation contract, and switched the normal implementation contract to the implementation contract with the backdoor function, so that the backdoor function stole the liquid assets mortgaged by the user. **
Funds Tracking
As of the time of publication, the Beosin KYT anti-money laundering analysis platform found that about 1,628 ETH (approximately US$3 million) of stolen funds had been cross-chained to Ethereum, and 1,620 ETH had been deposited into Tornado Cash.