Ethereum scaling startup Optimism has fixed a "critical bug" in the project's Geth fork that could allow malicious hackers to create infinite ETH.
The developers of Optimism, an Ethereum layer 2 scaling project, announced that a "critical bug" had been discovered and subsequently patched earlier this month.
The flaw, which would have allowed hackers to create as much "ETH" as possible in Optimism account balances, was first discovered by Jay Freeman, a white-hat hacker and developer of iOS jailbreak software Cydia.
In an in-depth blog post, Freeman explained that the vulnerability "would allow attackers to copy funds on any chain using their 'OVM 2.0' fork of go-ethereum". For his efforts, Freeman has received one of the largest bug bounties to date, with a total award of $2,000,042
According to the Optimism team, "The vulnerability makes it possible to create ETH on Optimism by repeatedly triggering the SELFDESTRUCT opcode on a contract holding an ETH balance."
In a blog post, the Optimism team noted that its chain history shows that the bug was not exploited except for the accidental activation of the bug by a staff member at ethereum data startup Etherscan (which did not yield additional exploits available).
"Within hours of confirmation, the fix to this issue was tested and deployed to Optimism's Kovan and Mainnet networks (including all infrastructure providers)," the team said, thanking Infura, QuickNode, and Alchemy for their quick responses.
"We also alerted multiple vulnerable Optimism fork and bridge providers to this issue. These projects have applied the required fixes."
Late last year, Optimism removed its whitelist (allowing any developer to start building projects on the Optimism network). Until then, the network was only available for specific projects like Uniswap and Synthetix. This limitation makes it easier for developers to detect and resolve potential vulnerabilities.
Optimism is a layer 2 scaling solution for the Ethereum network that uses "optimistic rollups" to aggregate transactions outside the Ethereum blockchain.
This provides the benefits of reduced slippage, lower transaction costs, and greatly increased transaction speed. However, as this bug shows, while layer 2 protocols have improved efficiency, security during continuous development remains a common concern.
While the bounty is the largest ever paid, MakerDAO just announced that it will offer up to $10 million to anyone who can point out a serious security threat in their smart contracts. This is the largest bug bounty series ever hosted on the bug bounty platform Immunefi.
Disclaimer : The above empty space does not represent the position of this platform. If the content of the article is not logical or has irregularities, please submit feedback and we will delete or correct it, thank you!
COPYRIGHT © 2021-2023 HZD.COM & WWW.HZD.AI ALL RIGHTS RESERVED
