Optimism eth 2m freeman cydiamitchelhillcointelegraph

optimism eth 2m freeman cydiamitchelhillcointelegraph

Ethereum’s most popular second-layer scalability solution Optimism was vulnerable to the “Unbridled Optimism” attack — so were its forks, Boba and Metis.

Infinite Ethers for potential Optimism attackers

Seasoned developer Jay Freeman who is well-known as co-founder of Orchid and core developer of iOS Jailbreak and Cydia tools, released a detailed blog post on how Go-Ethereum fork Optimism could have been hacked.

Last week, I discovered (and reported) a critical bug (which has been fully patched) in @optimismPBC (a “layer 2 scaling solution” for Ethereum) that would have allowed an attacker to print arbitrary quantity of tokens, for which I won a $2,000,042 bounty.


Developers from the Ethereum Layer 2 scaling problem Optimism introduced {that a} “important computer virus” skilled been recognized and therefore patched previous this thirty day length.

The computer virus, which can have enabled hackers to expand as a lot ‘ETH’ in a Optimism account stability as they wanted, was once to begin with discovered by way of white hat hacker and iOS jailbreak software Cydia developer Jay Freeman.

Previous week, I exposed (and documented) a very important computer virus (which has been solely patched) in @optimismPBC (a “layer 2 scaling treatment” for Ethereum) that might have licensed an attacker to print arbitrary quantity of tokens, for which I won a $2,000,042 bounty.

J6KOlU8aSW

— Jay Freeman (saurik) (@saurik) February 10, 2022

According to his detailed explanation, a malicious actor could “mint” an arbitrary number of ETH tokens on any blockchain that utilizes Optimism Virtual Machine (OVM).

This could have been achieved by repeatedly triggering the SELFDESRUCT op-code on a contract with mainnet Ethers on balance. By doing so, attackers could increase their ETH holdings to infinite.

Also, Optimism forks Boba and Metis were prone to similar attacks design.

Bug fixed, $2M bounty comes to white-hat hacker

As per the statement of the Optimism team, their experts confirmed that the bug was never exploited by ‘real’ hackers: as such, all of the users’ funds are safe.

An emergence patch was released to Optimism mainnet and Kovan testnet just hours after the bug was disclosed.

The bug seems to have been accidentally triggered on one occasion by an employee at the popular block explorer Etherscan. As per the report, “no usable excess ETH was generated.”

According to the announcement, within hours of confirmation, the Optimism team developed and deployed a fix on the Kovan and Mainnet networks, mending the bug, and sent alerts to teams developing vulnerable Optimism forks and to L1-L2 bridge providers. Apart from the announcement, the Optimism team has also published a detailed breakdown of the incident.

As part of Optimism’s Immunefi bug bounty program, the maximum amount of just over $2 million was paid out to Jay Freeman.
The fact that the maximum amount was paid, indicates the seriousness of the bug.

The announcement does not, however, speculate on possible damages if the bug had been exploited by a malicious hacker.

Growing DeFi ecosystem makes security complex

According to Optimism’s blog post, defending the DeFi ecosystem against security issues is becoming increasingly complex, to a significant extent as a direct consequence of decentralization itself.

The post reads:

“it’s clear that the ecosystem will soon be far too large for this to remain practical. We’ll be updating our disclosure protocol to more closely match Geth’s in the near future,”

The post also points to the importance of bug bounty programs.

The Optimism team is currently in the process of specifying and building the next major release, Optimism: Bedrock Edition.

  • Ethereum Layer 2 scaling solution Optimism recently deployed a fix for a critical bug found on the network earlier this month.
  • The vulnerability could have put Optimism at risk of massive potential losses.
  • A bounty of over $2 million was given to developer Jay Freeman.
  • Ethereum Layer 2 scaling solution Optimism recently patch a “critical bug” in its network which was discovered last week. A bounty award of over $2 million was given to Jay Freeman, the developer behind the Cydia and Orchid Protocol.

    Optimism deploys major fix on its network

    The fourth-largest Layer 2 Ethereum scaling solution by total value locked, Optimism was alerted to the vulnerability last week on the network.

    The announcement does not, however, speculate on possible damages if the bug had been exploited by a malicious hacker.

    Growing DeFi ecosystem makes security complex

    According to Optimism’s blog post, defending the DeFi ecosystem against security issues is becoming increasingly complex, to a significant extent as a direct consequence of decentralization itself.

    The post reads:

    “it’s clear that the ecosystem will soon be far too large for this to remain practical. We’ll be updating our disclosure protocol to more closely match Geth’s in the near future,”

    The post also points to the importance of bug bounty programs.

    The Optimism team is currently in the process of specifying and building the next major release, Optimism: Bedrock Edition.

    Ether’.

    A white-hat hacker and iOS Cydia jailbreak software developer has won a reward of $2 million (roughly Rs. 15 crore) after fixing a “critical bug” in Ethereum Layer 2 scaling project Optimism which could have enabled hackers to build as much Ether in an Optimism account balance as they wanted.

    Optimism declared that the bug was uncovered earlier this month and has been later fixed by an iOS developer who goes by the name Jay Freeman on Twitter, enabling him to receive one of the largest bug-finding awards to date.

    Credits: Mosttraded.com

    In a detailed blog post, Freeman (@saurik) clarified on Twitter that the bug would “allow an attacker to copy money on any chain utilizing his OVM 2.0 go-Ethereum fork.” For his efforts, Freeman earned one of the largest bug-finding awards to date, with a total award of $2,000,042 (roughly Rs.

    Ethereum’s most popular second-layer scalability solution Optimism was vulnerable to the “Unbridled Optimism” attack — so were its forks, Boba and Metis.

    Infinite Ethers for potential Optimism attackers

    Seasoned developer Jay Freeman who is well-known as co-founder of Orchid and core developer of iOS Jailbreak and Cydia tools, released a detailed blog post on how Go-Ethereum fork Optimism could have been hacked.

    Last week, I discovered (and reported) a critical bug (which has been fully patched) in @optimismPBC (a “layer 2 scaling solution” for Ethereum) that would have allowed an attacker to print arbitrary quantity of tokens, for which I won a $2,000,042 bounty.

    It goes on to say:

    “The bug would have allowed ETH to be generated on Optimism by repeatedly firing the SELFDESTRUCT opcode on a contract containing an ETH balance.”

    Whitehat hacker receives $2 million

    Luckily for the network, no malicious hackers were aware of the flaw prior to patching. Within hours of confirming the issue, Optimism was testing and deploying a fix on the Kovan testnet and the Optimism mainnet. The team has also notified other vulnerable Optimism forks and bridge providers about the technical vulnerability.
    All projects connected to Optimism are now free of the error.

    As a token of gratitude, Optimism has awarded Freeman the maximum, one of the largest, awards of approximately $2 million. If the bug had not been spotted in time, the network would likely have suffered an immense loss.

    The bug was thought to have been triggered by an Etherscan employee by accident but was never exploited.

    If exploited, the bug would have allowed for repeated ETH creation on the network through triggering a code on the contract that held ETH balance.

    Freeman was awarded the maximum bounty award of over $2 million for notifying Optimism of the vulnerability. The network could have suffered larger potential losses if the bug was never discovered.

    According to Optimism, the fix for the issue was tested and deployed to Optimism’s Kovan and Mainnet networks within hours of confirmation. The team further alerted other vulnerable Optimism forks and bridge providers of the issue and all projects have patched a fix for the bug.

    Ethereum price vulnerable to 16% drop

    Ethereum price could be headed for a steep decline if the critical lines of defense fail to hold.

    Leave a Reply

    Your email address will not be published.