MultiversX Tracker is Live!

iOS jailbreak dev wins $2M bounty for finding critical Optimism bug

The Cointelegraph ​

Cryptocoins News / The Cointelegraph ​ 265 Views

Developers from the Ethereum layer-2 scaling project Optimism announced that a “critical bug” had been identified and subsequently patched earlier this month.

The bug, which could have enabled hackers to create as much Ether (ETH) in an Optimism account balance as they wished, was first discovered by white-hat hacker and iOS jailbreak software Cydia developer Jay Freeman.

In a deep-dive blog post, Freeman explained that the bug, “would allow an attacker to replicate money on any chain using their "OVM 2.0" fork of go-Ethereum.” For his efforts, Freeman was awarded one of the largest bug bounties to date, netting a total reward amount of $2,000,042.

According to the Optimism team, “The bug made it possible to create ETH on Optimism by repeatedly triggering the SELFDESTRUCT opcode on a contract that held an ETH balance.”

In a blog post, the Optimism team noted that its chain history showed that the bug had not been exploited, except for an accidental activation by a staffer at Ethereum data startup Etherscan, but “no usable excess was generated.”

“A fix for the issue was tested and deployed to Optimism’s Kovan and Mainnet networks (including all infrastructure providers) within hours of confirmation,” the team said, thanking Infura, QuickNode and Alchemy for their fast response times.

“We also alerted multiple vulnerable Optimism forks and bridge providers to the presence of the issue. These projects have all applied the required fix.”

Late last year Optimism removed its whitelist, allowing for any developer to start building projects on the Optimism network. Prior to this, the network was only accessible to specific projects such as Uniswap and Synthetix. This limitation made it easier for developers to detect and resolve potential bugs

Related: MakerDAO launches biggest ever bug bounty with $10M reward

Optimism is a layer-2 scaling solution for the Ethereum network, employing “optimistic rollups” that aggregate transactions outside of the Ethereum blockchain.

This provides the benefits of reducing slippage, decreasing transaction costs and vastly improving transaction speeds. However, as this bug has made clear, while layer 2 protocols offer improvements in efficiency, security during ongoing development remains a common point of concern.

While this bounty is one the largest to have been paid out so far, MakerDAO has just announced that it will be offering a maximum bounty of $10 million to anyone who can point out critical security threats in its smart contracts. This is the largest series of bug bounties ever to have been hosted on bug bounty platform Immunefi.


Get BONUS $200 for FREE!

You can get bonuses upto $100 FREE BONUS when you:
💰 Install these recommended apps:
💲 SocialGood - 100% Crypto Back on Everyday Shopping
💲 xPortal - The DeFi For The Next Billion
💲 CryptoTab Browser - Lightweight, fast, and ready to mine!
💰 Register on these recommended exchanges:
🟡 Binance🟡 Bitfinex🟡 Bitmart🟡 Bittrex🟡 Bitget
🟡 CoinEx🟡 Crypto.com🟡 Gate.io🟡 Huobi🟡 Kucoin.



Comments