While Friend.tech is blasting with tons of users, some on-chain sleuths have already discovered alarming vulnerabilities in its smart contract.
A pseudonymous core contributor to Yearn Finance, Banteg has posted a list of 101,183 people containing twitter accounts and their address connected on Friend.tech.
Banteg claimed that users gave access to posting them as the site asked for their data. Friend.tech asked permission to track and save data from twitter while signing up and users also granted permission to post on their behalf.
The data leakage-vulnerability was found by onchain data researcher SpotOnChain which shared it on X. SpotOnChain revealed that user data can be obtained by API.
In another vulnerability, it also stated that users can buy or sell shares directly on Etherescan using Metamask wallet.
The news comes forward amid Friend.tech being in trend in the crypto community with its sparkling beta launch. It generated over $1 million in fees in 24 hours, surpassing major DeFi players like Uniswap and Bitcoin.
