Futures
Access hundreds of perpetual contracts
TradFi
Gold
One platform for global traditional assets
Options
Hot
Trade European-style vanilla options
Unified Account
Maximize your capital efficiency
Demo Trading
Introduction to Futures Trading
Learn the basics of futures trading
Futures Events
Join events to earn rewards
Demo Trading
Use virtual funds to practice risk-free trading
Launch
CandyDrop
Collect candies to earn airdrops
Launchpool
Quick staking, earn potential new tokens
HODLer Airdrop
Hold GT and get massive airdrops for free
Pre-IPOs
Unlock full access to global stock IPOs
Alpha Points
Trade on-chain assets and earn airdrops
Futures Points
Earn futures points and claim airdrop rewards
During the recent security analysis, an interesting case emerged. The staking-related contracts of ListaDAO were targeted, but it wasn't a simple bug; it appears that a vulnerability was hidden in the logic design.
According to the report from GoPlus Security, there was an attack on the Liquid Staking Vault contract, and the attacker skillfully exploited the share calculation function of the Dividend contract. When a specific token is transferred, this calculation function is triggered, interfering with the reward distribution logic of the staking vault, ultimately allowing the attacker to withdraw a large amount of assets.
What’s noteworthy is that this logic flaw existed in both the Liquid Staking Vault and the Dividend contract. In other words, projects that copied this same implementation or forked projects with similar designs could face the same risks. The potential for malicious exploitation is considered quite high.
As a recommendation to the development team, the importance of audits has once again been highlighted. Relying solely on a one-time audit is insufficient; continuous security verification and a review of staking-related logic design are essential. This case reminds us that smart contract security is not a one-and-done process but requires ongoing vigilance.