iOS jailbreak dev wins $2M bounty for finding critical Optimism bug

Share This Post

Ethereum scaling startup Optimism disclosed a “critical bug” fix in the project’s Geth fork that would have allowed malicious hackers to create infinite ETH

Developers from the Ethereum Layer 2 scaling project Optimism announced that a “critical bug” had been identified and subsequently patched earlier this month.

The bug, which could have enabled hackers to create as much ‘ETH’ in a Optimism account balance as they wished, was first discovered by white hat hacker and iOS jailbreak software Cydia developer Jay Freeman.

In a deep-dive blog post, Freeman explained that the bug, “would allow an attacker to replicate money on any chain using their ‘OVM 2.0’ fork of go-ethereum”. For his efforts Freeman was awarded one of largest bug bounties to date, netting a total reward amount of $2,000,042

According to the Optimism team, “The bug made it possible to create ETH on Optimism by repeatedly triggering the SELFDESTRUCT opcode on a contract that held an ETH balance.”

In a blog post, the Optimism team noted that its chain history showed that the bug had not been exploited, except for an accidental activation by a staffer at Ethereum data startup Etherscan, but “no usable excess was generated.”

“A fix for the issue was tested and deployed to Optimism’s Kovan and Mainnet networks (including all infrastructure providers) within hours of confirmation,” the team said, thanking Infura, QuickNode, and Alchemy for their fast response times.

“We also alerted multiple vulnerable Optimism forks and bridge providers to the presence of the issue. These projects have all applied the required fix.”

Late last year Optimism removed its whitelist, allowing for any developer to start building projects on the Optimism network. Prior to this, the network was only accessible to specific projects such as Uniswap and Synthetix. This limitation made it easier for developers to detect and resolve potential bugs

Related: MakerDAO launches biggest ever bug bounty with $10M reward

Optimism is a Layer 2 scaling solution for the Ethereum network, employing “optimistic rollups” that aggregate transactions outside of the Ethereum blockchain.

This provides the benefits of reducing slippage, decreasing transaction costs and vastly improving transaction speeds. However, as this bug has made clear, while Layer 2 protocols offer improvements in efficiency, security during ongoing development remains a common point of concern.

While this bounty is one the largest to have been paid out so far, MakerDAO has just announced that it will be offering a maximum bounty of $10M to anyone who can point out critical security threats in its smart contracts. This is the largest series of bug bounties ever to have been hosted on bug bounty platform Immunefi.

Read Entire Article
spot_img
- Advertisement -spot_img

Related Posts

JPMorgan Casts Doubt on Elon Musk’s D.O.G.E. Pursuit of Federal Reform

JPMorgan has warned the Elon Musk-led Department of Government Efficiency (DOGE) will face significant hurdles, citing Congress’ control over spending Elon Musk’s DOGE Sparks Debate as JPMorgan

XRP Price Reaches 3-Year High At $1.6 – 2 Ways It Can Go From Here

The XRP price recently surged to a three-year high of $16, marking a significant milestone in the cryptocurrency’s recent bullish rally This remarkable price movement has garnered the attention

From Premiums to Discounts: Bitcoin’s Wild Ride Splits Global Markets

In the past week, the crypto market has been buzzing with action, with bitcoin smashing its way to a new all-time high of $99,800 per coin on Thursday Data reveals an intriguing dynamic during this

XRP Analyst Sets $2 Target If It Holds Key Level – Can It Reach Multi-Year Highs?

XRP has emerged as a standout leader in the recent crypto rally, delivering massive gains and fueling optimism among investors The price has skyrocketed by an astonishing 225% in under three weeks,

Latam Insights: El Salvador’s Bitcoin Debt Idea, Milei’s MAGA

Welcome to Latam Insights, a compendium of the most relevant crypto and economic news from Latin America over the past week In this issue, Max Keiser floats an idea to allow El Salvador to acquire

XRP Below $1? Not Happening, Claims Millionaire Analyst

Ripple’s XRP has traded below the $1 level for nearly three years, affected primarily by the cases filed by the US Securities and Exchange Commission (SEC) Even during the mini bull run immediately