According to CertiK, a recent exploit of the TIME token resulted in a potential loss of approximately $188,000.
The exploiter started the attack by exchanging 5 ETH for Wrapped Ether (WETH) and trading it for more than 3.4 billion TIME tokens. The modification of the Forwarder contract, which is intended to carry out transactions from any address, was the primary cause of the exploit, according to CertiK experts.
The attacker created a request with a corresponding signature and a fictitious sender address that they controlled. This false request made it through the verification phase of the Forwarder contract.
Using a parsing error, the attacker could trick the TIME contract into accepting a attacker-controlled address as authentic. Consequently, instead of burning tokens at the targeted address, the TIME contract mistakenly burned many tokens from the attacker-controlled target pool.
The token pool was drastically reduced due to the attacker burning approximately 62 billion TIME tokens. Afterward, the tokens were traded for a sizeable quantity of WETH, which was later converted back to ETH, with a portion of the proceeds going toward a bribe.
This event draws attention to the fundamental flaws in smart contracts, where even a small mistake can result in significant financial losses.