We @shoucccc @tonykebot found a critical vulnerability in time.fun last week and conducted a hack. The vulnerability allows hackers to steal all trading fees and modify metadata (e.g. change "toly's minute" to "vitalik's minute") of every tokens launched.
As the issue has been resolved, here is the full disclosure:
time.fun provides each new user with a dedicated wallet to deposit USDC for trading. User's private key is securely stored in a third party provider. But SOL is needed to cover gas fees and time.fun wants a seamless interaction for users, the wallet “HW2C...Lo1H” signs every trade transaction alongside the user’s wallet signature. Surprisingly, this same wallet also owns all tokens launched by time.fun. As it is one of the signers, we can act on behalf of “HW2C...Lo1H” if we can let the backend sign arbitrary data.
We discovered that by forging a token, it was possible to trick the backend into believing it was signing a legitimate transaction—letting us change metadata or withdraw all funds from “HW2C...Lo1H.” We reached out to the team (through buying 1 minute of their founder on time.fun) meanwhile did a whitehat hack. The team responded and fixed quickly and we returned all the funds.
All backends should never sign transactions coming from the frontend, regardless of how thorough the validation or simulation checks appear. These safeguards can be bypassed by obfuscating transactions or bundling/front-running transactions to alter their semantics.
As the issue has been resolved, here is the full disclosure:
time.fun provides each new user with a dedicated wallet to deposit USDC for trading. User's private key is securely stored in a third party provider. But SOL is needed to cover gas fees and time.fun wants a seamless interaction for users, the wallet “HW2C...Lo1H” signs every trade transaction alongside the user’s wallet signature. Surprisingly, this same wallet also owns all tokens launched by time.fun. As it is one of the signers, we can act on behalf of “HW2C...Lo1H” if we can let the backend sign arbitrary data.
We discovered that by forging a token, it was possible to trick the backend into believing it was signing a legitimate transaction—letting us change metadata or withdraw all funds from “HW2C...Lo1H.” We reached out to the team (through buying 1 minute of their founder on time.fun) meanwhile did a whitehat hack. The team responded and fixed quickly and we returned all the funds.
All backends should never sign transactions coming from the frontend, regardless of how thorough the validation or simulation checks appear. These safeguards can be bypassed by obfuscating transactions or bundling/front-running transactions to alter their semantics.
• • •
Missing some Tweet in this thread? You can try to
force a refresh
