Acquista Criptovalute

Paga con

USD

Supports Visa, MasterCard, SEPA & more

Flexible trading, zero fees

Use your crypto for payments worldwide

Basic

Fai trading di criptovalute liberamente

Amplifica il tuo profitto con la leva finanziaria

Convert & Auto-Invest

Trade any size with no fees and no slippage

Get exposure to leveraged positions simply

Pre-Market Trading

Trade new tokens before listing

Advanced

Trade on-chain with Gate Wallet

Smart access to new on-chain tokens

Smart strategies with automated trading

Follow expert trading strategies

CrossEx Trading

One margin balance, shared across platforms

Access hundreds of perpetual contracts

One platform for global traditional assets

Trade European-style Vanilla Options

Conto unificato

Massimizza l'efficienza del tuo capitale

Introduction to Futures Trading

Learn the basics of futures trading

Join events to earn rewards

Use virtual funds to practice risk-free trading

Lancia

Raccogli le caramelle per guadagnare airdrop

Staking rapido, guadagna potenziali nuovi token

Fai holding GT e ottieni enormi airdrop gratuitamente

Unlock full access to global stock IPOs

Trade on-chain assets and earn airdrops

Earn futures points and claim airdrop rewards

Investimento

Guadagna interessi con i token inattivi

Auto-invest on a regular basis

Dual Investment

Profit from market volatility

Guadagna ricompense con staking flessibile

Prestito cripto

Impegnare una criptovaluta per prenderne in prestito un'altra

Centro dei prestiti

Centro completo dei prestiti

Premium wealth growth plans

Private Wealth Management

Premium asset allocation

Top-tier quant strategies

Metti in staking le criptovalute per guadagnare nei prodotti PoS

No-liquidation leverage

Mint GUSD for RWA returns

Post, share, and explore crypto trends

Live crypto market analysis

Chat with crypto traders

What is happening in crypto

Altro

慢雾：yearn遭遇攻击的根本原因是Yearn yETH加权稳定币交换池合约存在不安全的数学运算

GateNews

2025-12-05 02:53:10

金色财经报道，据SlowMist监测，12 月 1 日，去中心化金融协议yearn遭遇黑客攻击，造成约 900 万美元损失。慢雾安全团队对该事件进行了分析，确认根本原因如下：漏洞源于Yearn yETH加权稳定币交换池（Weighted Stableswap Pool）合约中用于计算供应量的 calcsupply 函数逻辑。由于存在不安全的数学运算，该函数在计算过程中允许溢出和舍入误差，导致新供应量与虚拟余额的乘积计算出现显著偏差。攻击者利用此缺陷可将流动性操控至特定数值，并超额铸造流动性池（LP）代币，从而非法获利。建议加强边界场景测试，并采用经过安全验证的算术运算机制，以防范同类协议中此类溢出等高危漏洞。

Disclaimer: The information on this page may come from third parties and does not represent the views or opinions of Gate. The content displayed on this page is for reference only and does not constitute any financial, investment, or legal advice. Gate does not guarantee the accuracy or completeness of the information and shall not be liable for any losses arising from the use of this information. Virtual asset investments carry high risks and are subject to significant price volatility. You may lose all of your invested principal. Please fully understand the relevant risks and make prudent decisions based on your own financial situation and risk tolerance. For details, please refer to Disclaimer.

Commento

0/400

Nessun commento