Smart contract exploit in TIME token leads to $188k loss
According to CertiK, the TIME token was exploited recently, resulting in a loss of approximately $188k. The attack began with the exploiter converting 5 ETH to Wrapped Ether (WETH), and then trading this for over 3.4 billion TIME tokens. CertiK analysts reported that the exploit ’s root cause was the manipulation of the Forwarder contract , which is designed to execute transactions from any address. The attacker crafted a request with a falsified sender address, which they controlled, and a matching signature. This deceptive req passed the Forwarder contract ’s verification process. #CertiKSkynetAlert TIME Token was exploit ed for ~ $188k due to a recently disclosed vulnerability around ERC2771 and Multicall See our in-depth Analysis on the TIME exploit belowhttps://t.co/NF8UPcRPfQ https://t.co/MGDnmFd56d — CertiK Alert (@CertiKAlert) December 8, 2023 The attacker leveraged a parsing error, where the TIME contract was deceived into recognizing an attacker-con...