Identity of the Bug and Its Consequences
A flaw in the user interface execution of Friend.tech has resulted in traders paying more than the required amount for ‘keys’ on the system. In a recent article on X, cybersecurity analysts Pawel Wylecial and ‘E.Laszlo’ uncovered that the bug emerges from the UI conserving details prior to completing transactions, resulting in a divergence from the blockchain over time. The glitch typically arises when multiple users trade ‘keys’ for the same account, leading traders to unintentionally overpay for their ‘keys.’
“During a specific event, E.Laszlo observed traders spending a hefty sum of 2.44 ether to purchase ‘keys.’ As per Dune’s investigation, traders have collectively overpaid by an estimated 445 ether. Furthermore, roughly 43,173 transactions were handled via the flawed front end. Notably, two traders, dpats_ and HerroCrypto, have mistakenly sent more than 1 ether in surplus payments,” stated the researchers.
The bug was previously reported to the Friend.tech team, but was deemed ‘out of scope,’ implying that no corrective measures were taken.
Evolution and Challenges of Friend.tech Platform
Launched on August 10, 2023, Friend.tech has swiftly emerged as a leading decentralized application (dApp) on the Base layer. Boasting a user base exceeding 200,000 and fostering a trading volume surpassing $230 million, the platform innovatively transforms user impact into tradable tokens named as “keys,” granting users access to a creator’s focus or sway.
“The allure of Friend.tech transcends crypto influencers, extending to NBA athletes and esports figures, making it a versatile and popular choice. The platform’s success was partly fueled by the buzz surrounding the Base network, a Layer 2 solution linked with Coinbase. Moreover, the backing of Paradigm, a Coinbase-affiliated investment company, bolstered confidence in Friend.tech’s future,” highlighted industry experts.
Despite its acclaim, Friend.tech faced data privacy issues, specifically related to potential user doxxing due to the association between Twitter profiles and Ethereum addresses. To counter these worries, Friend.tech clarified that the leaked information was sourced from their public API, underscoring the platform’s transparent nature and emphasizing the significance of user discretion in safeguarding personal data.
However, Friend.tech experienced a recent decline in popularity. According to data from a Dune analytics dashboard, the project amassed over $1 million in revenue last year, but the revenue plummeted to under $20,000 in recent days.
