A bug in the user interface implementation of Friend.tech has led to traders overpaying for ‘keys’ on the platform.
In a recent post on X, security researchers Pawel Wylecial and ‘E.Laszlo’ said the bug arises from the user interface caching information before transactions are created, causing it to fall out of sync with the blockchain over time.
The issue is most likely triggered when multiple users trade ‘keys’ for the same account.
Traders, unknowingly affected by this bug, ended up overpaying for their ‘keys.’
Issue 1: Lack of UI synchronization with the current blockchain status resulting in outdated prices to fill out the transaction data.
Issue 2: No refund function is implemented for such transactions.
Result: More than 440 (+187 through app) excess ETH sent and locked forever.
— E.Laszlo (@ELaszlo_) February 1, 2024
Traders Overpaied 2.44 ETH to Acquire Keys
During one particular launch, E.Laszlo observed traders spending an excessive amount of 2.44 ether to acquire ‘keys.’
According to Dune’s analysis, the total excess expenditure by traders is estimated to be around 445 ether.
Additionally, approximately 43,173 transactions were processed through the flawed front end.
The analysis further highlights that two traders, dpats_ and HerroCrypto, have sent over 1 ether in excess payments.
The researchers claim to have previously reported the bug to the Friend.tech team.
However, the team allegedly classified it as ‘out of scope,’ suggesting that no action was taken to address the issue.
Friend.tech’s Popularity Drops After Splashy Debut
Friend.tech, launched on August 10, 2023, has become one of the top decentralized applications (dApps) on the Base layer, attracting over 200,000 users and facilitating a trading volume exceeding $230 million.
The platform uniquely converts user influence into tradable tokens known as “keys,” allowing users to gain access to a creator’s attention or influence.
The model has attracted not only cryptocurrency influencers but also NBA players and esports personalities, broadening its appeal beyond the crypto space.
One significant factor contributing to Friend.tech’s popularity was the hype surrounding the Base network, a Layer 2 solution associated with Coinbase.
The involvement of Paradigm, an investment firm connected to Coinbase, further increased confidence in Friend.tech’s potential.
However, the platform has also faced privacy concerns, particularly regarding the potential for user doxxing due to the link between Twitter profiles and Ethereum addresses.
Friend.tech has addressed these concerns by clarifying that the information deemed leaked was actually from their public API, showcasing the platform’s open nature while also highlighting the importance of user caution in protecting personal information.
Nevertheless, Friend.tech has seen its popularity drop as of late.
According to a Dune analytics dashboard, the project raked in more than $1 million in revenue last year.
However, its revenue has recently fallen to under $20,000 over the past couple of days.
Read the full article here