Poolz Protocol — Hack description

Ironblocks detection system was tracking POOLZ Protocol hack in real-time when the hack began.

The hacker was able to trick the vesting contract into believing that it deposited a large amount of tokens while actually depositing a tiny amount. The hack occurred on a Poolz contract used for vesting tokens.

This contract has a function “CreateMassPools” which receives a token, array of vesting amounts, vesting times, recipients and then manages the vesting of this token for the given recipients.

Here is what happened in 6 steps:

1. The hacker sends a malicious transaction to the contract: 0x2cc4A6C6D5Ff183d7E3c7e33e9Bc10d55BDBaEA8

method CreateMassPools with 2 vesting recipients (both the hacker) + amounts (along with 0 vesting time). The second amount the hacker passes in is the amount they want to steal from the contract, and the first amount is a uint which when added to the second amount overflows to a small number of tokens.

2. This method internally uses the function getArraySum which returns the sum of the amounts which should be transferred from the sender to the vesting contract.

3. Because of this uint overflow, the CreateMassPools transfers a low deposit from the hacker, but owes a large vesting amount to the hacker.

4. The hacker is able to withdraw any tokens that were vesting and sell them on dexes, draining all the liquidity.

5. On Ethereum the hacker was able to drain around $30,000 on Polygon $45,000 and Bsc $200,000

6. The Poolz team immediately halted trading on all Cexes where most trading occurred, and is planning on creating a snapshot of the token holder a block before the hack occurred and airdropping a new token and restoring liquidity, making token holders whole again.

***We would like to mention that if our firewall system was deployed on POOLZ protocol while the hack took place, we could have stopped completely the Hackers from getting hold of any tokens whatsoever.