The window to exchange $HAI for Hacken Equity Shares ($HES) is now open > Claim your spot today

  • Hacken
  • Blog
  • Network
  • How to hack TTC Protocol?

How to hack TTC Protocol?

By Hacken

Share via:

HackenProof is hosting a bug bounty program for a modern social networking protocol based on blockchain called TTC Protocol. Let’s take a short look at their whitepaper, describe the main concepts and some technical details. Then we’ll show you how to run a node to start bug hunting on TTC Bug Bounty Program.

1. TTC Protocol introduction

TTC is a decentralized nextgen social networking protocol. TTC provides a brand new social experience; the platform is completely decentralized. It was built to replace the old-style, “attention economy”-based social networks. TTC users will be able to get rewards for interacting with other users and their content.

2. Whitepaper overview

As new social networking protocol, TTC requires a high speed of transactions. BFT-DPoS model solves this issue.

A variety of social platforms are welcome to operate as DAPPs in the ecosystem of the TTC Protocol. DAPPs within the ecosystem include mainstream social networking services such as personal life sharing platforms, photo sharing communities, video sharing communities, and live streaming platforms.

TTC was built on the ERC-20 token standard to incentivize different participants in the ecosystem of the TTC Protocol. The TTC Protocol applies the user-oriented account system, which distinguishes external owner accounts and smart contract accounts. TTC Protocol allows one private key to correspond with multiple addresses, and also supports the authority transfer of the address owner.

There is a runtime environment for smart contracts called The TTC Virtual Machine (TTVM). It has Turing completeness, a high level of security, and high extensibility. TTVM supports multiple languages, such as Python, JavaScript, Solidity and Go, to embrace more developer communities.

TTC supports cross-chain, namely, it uses a distributed private key control protocol. Since it supports cross chain asset transfer and mortgage, Oracle, multi-token smart contracts, and it will not suffer from “51% attacks.”

3. Node installation

Official Go implementation of TTC –

gttc – is golang implementation of the TTC protocol. It requires go (1.9x and 1.10x) and gcc.

Get the latest release of gttc:


Unzip downloaded archive:


Move files:

mv gttc-0.0.4/* $HOME/go/src/

Change directory:

cd $HOME/go/src/

Build gttc:

go build

Add folder to PATH:

export PATH=$PATH:$HOME/go/src/

Run node in testnet:

gttc --testnet

To turn API run:

gttc --testnet --rpc 

Test the API:

curl -X POST --data '{"jsonrpc":"2.0","method":"net_version","params":[],"id":67}' -H "Content-Type: application/json" localhost:8545



gttc is based on geth, so API calls are identical.

4. Test

The most evident way to test the node is trying to send some malicious or wrong data into API. I’ve decided to use BurpSuite with its intruder and fuzzing wordlists from

I used a wordlist with Unicode characters with “eth_sendRawTransaction” method and got the following response:

"jsonrpc": "2.0",
"id": 1,
"error": {
"code": -32602,
"message": "invalid argument 0: json: cannot unmarshal hex string without 0x prefix into Go value of type hexutil.Bytes"

5. Report from

An attacker can send a GetBlockHeadersMsg request in LES subprotocol with malicious parameters to attack any remote node and make it crash. This bug was found in geth right up to v1.8.10 and it was fixed in v1.8.11 by validating user input and skipping overflow in GetBlockHeadersMsg handler. As soon as gttc is using geth v1.8.9 I decided to try this vulnerability. The bug was reported and marked as CVE-2018–12018. The exploit to this CVE is attached in the description, but it doesn’t work now. So I decided to write a new one for gttc.

You can find the script on the github repository. To run the exploit you need to know enode of the target node.

python3 --enode 'enode of your node'

The error message on the target node:

panic: runtime error: index out of range

goroutine 282 [running]:*ProtocolManager).handleMsg(0xc42081cf00, 0xc42038e300, 0x0, 0x0)
/root/go/src/ +0x8cc8*ProtocolManager).handle(0xc42081cf00, 0xc42038e300, 0x0, 0x0)
/root/go/src/ +0x727, 0x10a7b40, 0xc423cb0700, 0x0, 0x0)
/root/go/src/ +0x23b*Peer).startProtocols.func1(0xc423cb0700, 0xc422f11da0, 0x10a7b40, 0xc423cb0700)
/root/go/src/ +0x66
created by*Peer).startProtocols
/root/go/src/ +0x201

6. Conclusions

Now you know what is TTC, how it can be used, its main concepts and technical details. Also, we’ve covered TTC’s node installation and API usage. Now you can start bug hunting on the TTC public bug bounty program on HackenProof. You can try another inputs and methods to break nodes or you can find your own way to find a bug. Mind you, the HackenProof team is constantly writing “How to hack” articles about blockchain based products. If you are interested in bug hunting on blockchain based products you should check out the following posts How to hack VeChainThor and How to hack Smart Contracts. Stay tuned – more useful content is coming your way!

subscribe image
promotion image

Subscribe to our newsletter

Enter your email address to subscribe to Hacken Reseach and receive notifications of new posts by email.

Read next:

More related
  • Blog image
    Major Product Release: Extractor Integrates Forta Attack Detector Hacken
  • Blog image
  • Blog image

Get our latest updates and expert insights on Web3 security