Key Points:
- Chain analytics firm Spot On Chain thinks friend.tech has a problem with the design of the access control level and should improve the system to avoid API leaks.
- friend.tech has denied the allegation of a data breach and argues that revealing the link between a public wallet address and a Twitter username is not a data breach.
- Previously, the popular Web3 social network leaked API data and had a problem trading shares from contracts without an invitation code.
Although friend.tech has denied that it leaked user data, the blockchain analytics company has once again released a comment proving that the network is having problems with access control that makes the API possible to leak and cause manipulation of share prices.
The controversy erupted when on-chain data analysis companies and users released reports that many personal information of friend.tech users had been leaked on the evening of August 21. The leaked data includes wallet addresses, Twitter names/IDs/avatars of more than 101,000 individuals.
The above message was found after analysts at Spot On chain discovered that friend.tech’s API itself was leaking user information. However, the social networking app web3 also responded that revealing the link between the public wallet address and Twitter username is not a data breach.
Analytics firm Spot On Chain responded to this comment and shared that although the network side generates the wallet address in the API, it can be straightforward to track back the wallet used to fund that address, and many people don’t know about it.
It is, therefore, essential to mention it in our privacy policy (shown as coming soon). An API violation occurs when an API is used manipulative or abusively. The current level of access control needs to be better designed, and many bots can use it to manipulate share prices easily.
The big KOL joins, and the bot directly buys many shares. Adjusting API access controls (such as restricting only shared buyers from being able to see tweets) can reduce the impact and create less effect from bots.
As introduced earlier, friend.tech is a less than two weeks old web3 social networking app taking the Coinbase layer-2 Base by storm. The project is curious about the idea of buying and selling shares of famous Twitter accounts and the ability to distribute airdrops after the prominent fund Paradigm participated in pouring investment capital.
DISCLAIMER: The information on this website is provided as general market commentary and does not constitute investment advice. We encourage you to do your own research before investing.
Source: https://coincu.com/212256-friendtech-problems-access-control/