Exploit in TIME Token Results in $188,000 Loss
Date: 2023-12-09 Author: Dima Zakharov Categories: BLOCKCHAIN, IN WORLD
In a shocking turn of events, an exploit in the TIME token has caused a substantial financial setback of $188,000, according to information from CertiK. The attack unfolded when an attacker converted 5 ETH into Wrapped Ether (WETH) and subsequently exchanged them for over 3.4 billion TIME tokens.
CertiK analysts have reported that the primary reason behind the exploit was manipulation of the Forwarder contract, designed for executing transactions from any address. The attacker crafted a request with a falsified sender address under their control and a matching signature. This deceptive request passed the verification process of the forwarding contract.
Taking advantage of a syntax parsing error, the attacker tricked the TIME contract into recognizing the address controlled by the attacker as legitimate, leading the TIME contract to burn a significant number of tokens from the target pool controlled by the attacker, rather than the intended address.
The attacker burned more than 62 billion TIME tokens, resulting in a substantial reduction in the token pool. Subsequently, the tokens were exchanged for a considerable amount of WETH, ultimately converting them back into ETH, including the portion used as a bribe during the process.
This incident highlights the fundamental vulnerabilities of smart contracts, where even a minor error can lead to significant financial losses.
