- Topic1/3
26k Popularity
17k Popularity
36k Popularity
8k Popularity
19k Popularity
- Pin
- 🎉 The #CandyDrop Futures Challenge is live — join now to share a 6 BTC prize pool!
📢 Post your futures trading experience on Gate Square with the event hashtag — $25 × 20 rewards are waiting!
🎁 $500 in futures trial vouchers up for grabs — 20 standout posts will win!
📅 Event Period: August 1, 2025, 15:00 – August 15, 2025, 19:00 (UTC+8)
👉 Event Link: https://www.gate.com/candy-drop/detail/BTC-98
Dare to trade. Dare to win.
- 🎉 Gate Square Growth Points Summer Lucky Draw Round 1️⃣ 2️⃣ Is Live!
🎁 Prize pool over $10,000! Win Huawei Mate Tri-fold Phone, F1 Red Bull Racing Car Model, exclusive Gate merch, popular tokens & more!
Try your luck now 👉 https://www.gate.com/activities/pointprize?now_period=12
How to earn Growth Points fast?
1️⃣ Go to [Square], tap the icon next to your avatar to enter [Community Center]
2️⃣ Complete daily tasks like posting, commenting, liking, and chatting to earn points
100% chance to win — prizes guaranteed! Come and draw now!
Event ends: August 9, 16:00 UTC
More details: https://www
NBA digital collectible contracts have a significant security vulnerability, raising concerns about zero-cost minting risks.
The NBA digital collectible contract has serious security vulnerabilities.
Recently, the NBA launched a series of digital collectibles, which has attracted widespread attention in the market. However, during the sale of these collectibles, we discovered a concerning issue: the smart contracts responsible for selling these digital collectibles have significant security vulnerabilities. This flaw could be exploited by malicious actors to mint collectibles at zero cost and sell them for improper gains.
The core issue of this security vulnerability lies in the defect of the contract's signature verification mechanism for whitelisted users. Specifically, the contract does not have sufficient security measures in place to ensure the uniqueness and exclusivity of whitelisted signatures. This means that attackers can reuse the signatures of other whitelisted users to mint collectibles, thereby bypassing the normal purchasing process.
From a technical perspective, the problem lies in the implementation of the verify function. This function, when performing signature verification, does not include the address of the transaction sender in the signature content. More seriously, the contract also lacks a mechanism to ensure that each signature can only be used once. These should be the most basic security practices in software development, yet they have been overlooked in this high-profile project.
The occurrence of such a security vulnerability in such a well-known project is truly surprising and concerning. It not only exposes the negligence of the project team regarding the security of the smart contract but also serves as a wake-up call for the entire digital collectibles market. This incident once again highlights the importance of security audits and code reviews in blockchain project development.
For users who have already purchased these digital collectibles, this is undoubtedly unsettling news. At the same time, it also serves as an important warning for traditional institutions that are currently entering or planning to enter the digital collectibles market: while embracing new technologies, it is crucial to prioritize security and ensure that users' rights are fully protected.
We hope the NBA can take swift action to fix this vulnerability and strengthen the security measures of its smart contracts. At the same time, this is also an opportunity for the entire industry to reflect and improve, to ensure that similar projects can be launched more safely and reliably in the future.