Beosin EagleEye security risk monitoring, warning and blocking platform under Beosin detected an attack on the TIME token, with hackers profiting about $188,000. Beosin security team analyzed that the hacker exploited a contract vulnerability to destroy the TIME token in the TIME-ETH trading pair, thereby profiting. The reason for this is that the _msgSender() of the TIME token returns not msg.sender, but is selected based on the caller. If the caller is the Forwarder contract, then the specified address of the caller is returned. At the same time, the Forwarder contract has arbitrary external call function, and the attacker calls the TIME contract's burn function through the Forwarder contract, passing in the pair address, and finally destroying the TIME token in the pair.