According to CertiK, the TIME token was exploited recently, resulting in a loss of approximately $188k.
The attack began with the exploiter converting 5 ETH to Wrapped Ether (WETH), and then trading this for over 3.4 billion TIME tokens.
CertiK analysts reported that the exploit’s root cause was the manipulation of the Forwarder contract, which is designed to execute transactions from any address.
The attacker crafted a request with a falsified sender address, which they controlled, and a matching signature. This deceptive request passed the Forwarder contract’s verification process.
TIME Token was exploited for ~$188k due to a recently disclosed vulnerability around ERC2771 and Multicall
See our in-depth analysis on the TIME exploit belowhttps://t.co/NF8UPcRPfQ https://t.co/MGDnmFd56d
— CertiK Alert (@CertiKAlert) December 8, 2023
The attacker leveraged a parsing error, where the TIME contract was deceived into recognizing an attacker-controlled address as legitimate.
As a result, the TIME contract erroneously burned a massive amount of tokens from the target pool controlled by the attacker, rather than the intended address.
See Also: MyDoge Twitter Account Hacked, Mobile App and Wallets Secure
The attacker burned over 62 billion TIME tokens, leading to a drastic reduction in the token pool. The tokens were then exchanged for a substantial amount of WETH, eventually converting these back to ETH, including a portion used for a bribe in the process.
This incident highlights the underlying vulnerabilities in smart contracts, where even a minor error can lead to substantial financial losses.
Disclaimer: The information provided is not trading advice. Bitcoinworld.co.in holds no liability for any investments made based on the information provided on this page. We strongly recommend independent research and/or consultation with a qualified professional before making any investment decisions.
Source: https://bitcoinworld.co.in/time-token-exploited-188k-lost-in-the-exploit/