TL;DR
- A bug was discovered in Friendtech’s user interface, causing traders to overpay for ‘keys’ in the blockchain-based social media application.
- The issue originated from the interface caching information before transactions are created, causing a mismatch with the blockchain.
- Traders overspent approximately 445 Ethers due to the bug, processing around 43,173 transactions through the faulty interface. Friendtech’s lack of response raises concerns about security in the app.
In a report by security researchers Pawel Wylecial and ‘E.Laszlo,’ a bug in Friendtech’s user interface implementation was revealed, leading traders to overpay for ‘keys’ in the blockchain-based social media application.
This problem is described as a result of the user interface caching information before transactions are created, causing a desynchronization with the blockchain in the meantime. This desynchronization typically occurs when another user is trading ‘keys’ for the same account. The incidence of this error was more likely during frequent exchanges of ‘keys.’ A specific event mentioned by E.Laszlo indicates that traders spent over 2.44 ethers to obtain these ‘keys.’
A thread explaining how more than 14k users have sent +187ETH in excess to FriendTech’s SC as a result of incorrect key pricing.
Check if you have been affected: https://t.co/8RzvNBiAVP
A joint report (@elaszlo & @h0wlu) submitted to @friendtech and classified as out of scope.
— E.Laszlo (@ELaszlo_) February 1, 2024
According to Dune’s analysis of this bug, traders overspent approximately 445 Ethers in total. Additionally, the analysis suggests that they also sent around 43,173 transactions through the faulty interface.
Friendtech Looks the Other Way and Dodges Detected Problems
The analysis results also indicate that at least two traders, dpats_ and HerroCrypto Made excessive payments of more than 1 Ether. The researchers claim to have submitted a report on this bug to the Friendtech team. Who allegedly classified it as ‘out of scope.’
Friendtech’s popularity declined as the value of ‘keys’ fell, and the influx of new value progressively plummeted. The situation highlights the importance of security in blockchain-based applications. Underscores the need for an appropriate response to error reports by developers. To avoid potential financial losses and ensure user trust in these platforms.
The incident also emphasizes the complexity of maintaining synchronization between the user interface and the blockchain in dynamic and high transaction volume environments. Highlighting the importance of thorough testing and prompt responses to identified issues.