Good contract exploit in TIME token results in $188k loss
In line with CertiK, the TIME token was exploited lately, leading to a lack of roughly $188k.
The assault started with the exploiter changing 5 ETH to Wrapped Ether (WETH), after which buying and selling this for over 3.4 billion TIME tokens.
CertiK analysts reported that the exploit’s root trigger was the manipulation of the Forwarder contract, which is designed to execute transactions from any tackle. The attacker crafted a request with a falsified sender tackle, which they managed, and an identical signature. This misleading req handed the Forwarder contract’s verification course of.
The attacker leveraged a parsing error, the place the TIME contract was deceived into recognizing an attacker-controlled tackle as official. Consequently, the TIME contract erroneously burned an enormous quantity of tokens from the goal pool managed by the attacker, slightly than the meant tackle.
The attacker burned over 62 billion TIME tokens, resulting in a drastic discount within the token pool. The tokens had been then exchanged for a considerable quantity of WETH, ultimately changing these again to ETH, together with a portion used for a bribe within the course of.
This incident highlights the underlying vulnerabilities in good contracts, the place even a minor error can result in substantial monetary losses.
