Security researchers Pawel Wylecial and ‘E.Laszlo’ have released a report that details a bug in the Friend.tech user interface implementation that resulted in traders overpaying for ‘keys’ on the blockchain social media application.
The bug is described as resulting from the user interface caching information before the transactions are created, which falls out of sync with the blockchain in the intervening time. This is generally caused by another user trading ‘keys’ for the same account.
This error was most likely to occur when keys were being frequently traded. E.Laszlo highlighted one particular launch that saw traders spending in excess of 2.44 ether to obtain the ‘keys.’
A thread explaining how more than 14k users have sent +187ETH in excess to FriendTech’s SC as a result of incorrect key pricing.
Check if you have been affected: https://t.co/8RzvNBiAVP
A joint report (@elaszlo & @h0wlu) submitted to @friendtech and classified as out of scope.
— E.Laszlo (@ELaszlo_) February 1, 2024
Read more: Are Friend.tech keys securities?
Dune’s analysis of this bug suggests that traders have, in total, spent an excess of approximately 445 ether. Furthermore, the analysis suggests that they’ve also sent approximately 43,173 transactions through the bugged front end.
The analysis also suggests that at least two traders, X users dpats_ and HerroCrypto, have sent over 1 ether in excess payments.
The researchers claim that they previously submitted a report of this bug to the Friend.tech team, who reportedly classified it as ‘out of scope.’
Friend.tech’s shine has faded as many ‘keys’ have fallen and new value flowing in has plummeted.
Read the full article here