{"id":66642,"date":"2023-12-09T17:28:50","date_gmt":"2023-12-09T21:28:50","guid":{"rendered":"https:\/\/coinscreed.com\/staging\/?p=66642"},"modified":"2023-12-09T17:30:06","modified_gmt":"2023-12-09T21:30:06","slug":"smart-contract-exploit-leads-to-188k-loss-in-time-token","status":"publish","type":"post","link":"https:\/\/coinscreed.com\/staging\/smart-contract-exploit-leads-to-188k-loss-in-time-token\/","title":{"rendered":"Smart Contract Exploit Leads to $188k Loss in TIME Token"},"content":{"rendered":"\n<p>According to CertiK, a <a href=\"https:\/\/coinscreed.com\/staging\/hope-finance-loses-2m-in-recent-exploit.html\" target=\"_blank\" rel=\"noreferrer noopener\">recent exploit <\/a>of the TIME token resulted in a potential loss of approximately $188,000. <\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img fetchpriority=\"high\" decoding=\"async\" width=\"1024\" height=\"576\" src=\"https:\/\/coinscreed.com\/staging\/wp-content\/uploads\/2023\/12\/croc_1702156756910-1024x576.jpg\" alt=\"Smart Contract Exploit Leads to $188k Loss in TIME Token\" class=\"wp-image-66644\" srcset=\"https:\/\/coinscreed.com\/staging\/wp-content\/uploads\/2023\/12\/croc_1702156756910-1024x576.jpg 1024w, https:\/\/coinscreed.com\/staging\/wp-content\/uploads\/2023\/12\/croc_1702156756910-300x169.jpg 300w, https:\/\/coinscreed.com\/staging\/wp-content\/uploads\/2023\/12\/croc_1702156756910-768x432.jpg 768w, https:\/\/coinscreed.com\/staging\/wp-content\/uploads\/2023\/12\/croc_1702156756910-18x10.jpg 18w, https:\/\/coinscreed.com\/staging\/wp-content\/uploads\/2023\/12\/croc_1702156756910-750x422.jpg 750w, https:\/\/coinscreed.com\/staging\/wp-content\/uploads\/2023\/12\/croc_1702156756910-1140x641.jpg 1140w, https:\/\/coinscreed.com\/staging\/wp-content\/uploads\/2023\/12\/croc_1702156756910.jpg 1200w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\">Smart Contract Exploit Leads to $188k Loss in TIME Token<\/figcaption><\/figure>\n\n\n\n<p>The exploiter started the attack by exchanging 5 ETH for Wrapped Ether (WETH) and trading it for more than 3.4 billion <a href=\"https:\/\/coinscreed.com\/staging\/dwf-labs-buys-more-floki-tokens-boosting-price-by-24.html\" target=\"_blank\" rel=\"noreferrer noopener\">TIME tokens<\/a>. The modification of the Forwarder contract, which is intended to carry out transactions from any address, was the primary cause of the exploit, according to CertiK experts. <\/p>\n\n\n\n<p>The attacker created a request with a corresponding signature and a fictitious sender address that they controlled. This false request made it through the verification phase of the Forwarder contract.<\/p>\n\n\n\n<p>Using a parsing error, the attacker could trick the TIME contract into accepting a <a href=\"https:\/\/www.bing.com\/search?q=Smart+Contract+Exploit+Leads+to+%24188k+Loss+in+TIME+Token&cvid=555884d7f3b6407b83c4fd1b8f27de37&gs_lcrp=EgZjaHJvbWUyBggAEEUYOTIGCAEQRRg8qAIAsAIA&FORM=ANAB01&PC=WSEDDB\" target=\"_blank\" rel=\"noreferrer noopener\">attacker-controlled address<span class=\"wpil-link-icon\" title=\"Link goes to external site.\" style=\"margin: 0 0 0 5px;\"><svg width=\"24\" height=\"24\" style=\"height:16px; width:16px; fill:#000000; stroke:#000000; display:inline-block;\" viewBox=\"0 0 24 24\" version=\"1.1\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" xmlns:svg=\"http:\/\/www.w3.org\/2000\/svg\"><g id=\"wpil-svg-outbound-7-icon-path\" fill=\"none\" clip-path=\"url(#clip0_31_188)\">\r\n                            <path d=\"M9.16724 14.8891L20.1672 3.88908\" stroke-linecap=\"round\"\/>\r\n                            <path d=\"M13.4497 3.53554L20.5208 3.53554L20.5208 10.6066\" stroke-linecap=\"round\" stroke-linejoin=\"round\"\/>\r\n                            <path d=\"M17.5 13.5L17.5 16.26C17.5 17.4179 17.5 17.9968 17.2675 18.4359C17.0799 18.7902 16.7902 19.0799 16.4359 19.2675C15.9968 19.5 15.4179 19.5 14.26 19.5L7.74 19.5C6.58213 19.5 6.0032 19.5 5.56414 19.2675C5.20983 19.0799 4.92007 18.7902 4.73247 18.4359C4.5 17.9968 4.5 17.4179 4.5 16.26L4.5 9.74C4.5 8.58213 4.5 8.0032 4.73247 7.56414C4.92007 7.20983 5.20982 6.92007 5.56414 6.73247C6.0032 6.5 6.58213 6.5 7.74 6.5L11 6.5\" stroke-linecap=\"round\"\/>\r\n                        <\/g>\r\n                        <defs>\r\n                            <clipPath id=\"clip0_31_188\">\r\n                                <rect fill=\"white\" height=\"24\" width=\"24\"\/>\r\n                            <\/clipPath>\r\n                        <\/defs><\/svg><\/span><\/a> as authentic. Consequently, instead of burning tokens at the targeted address, the TIME contract mistakenly burned many tokens from the attacker-controlled target pool.<\/p>\n\n\n\n<p>The token pool was drastically reduced due to the attacker burning approximately 62 billion TIME tokens. Afterward, the tokens were traded for a sizeable quantity of WETH, which was later converted back to ETH, with a portion of the proceeds going toward a bribe.<\/p>\n\n\n\n<p>This event draws attention to the fundamental flaws in <a href=\"https:\/\/coinscreed.com\/staging\/thirdweb-discloses-common-security-flaw-in-smart-contracts.html\" target=\"_blank\" rel=\"noreferrer noopener\">smart contracts<\/a>, where even a small mistake can result in significant financial losses. <\/p>\n","protected":false},"excerpt":{"rendered":"<p>According to CertiK, a recent exploit of the TIME token resulted in a potential loss of approximately $188,000. The exploiter started the attack by exchanging 5 ETH for Wrapped Ether (WETH) and trading it for more than 3.4 billion TIME tokens. The modification of the Forwarder contract, which is intended to carry out transactions from [&hellip;]<\/p>\n","protected":false},"author":43,"featured_media":66644,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[11476],"tags":[2156,451,17538],"class_list":["post-66642","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-hacks-and-scams","tag-exploit","tag-smart-contract","tag-time-token"],"jetpack_featured_media_url":"https:\/\/coinscreed.com\/staging\/wp-content\/uploads\/2023\/12\/croc_1702156756910.jpg","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/posts\/66642","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/users\/43"}],"replies":[{"embeddable":true,"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/comments?post=66642"}],"version-history":[{"count":0,"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/posts\/66642\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/media\/66644"}],"wp:attachment":[{"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/media?parent=66642"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/categories?post=66642"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/tags?post=66642"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}