Cydia Dev Discloses Ethereum L2 Bug — Optimism Attacker Could Have ‘Printed an Arbitrary Quantity of Tokens’

Share This Post

Cydia Dev Discloses Ethereum L2 Bug — Optimism Attacker Could Have 'Printed an Arbitrary Quantity of Tokens'

On February 10, the well-known developer of Cydia and iOS Jailbreak, Jay Freeman, otherwise known as Saurik, published a Twitter thread about a bug he found in the Layer-2 (L2) scaling protocol known as Optimism. According to Freeman, the vulnerability, which has been patched, could have allowed an attacker to create an infinite amount of tokens.

Cydia Creator ‘Saurik’ Discovers Optimism L2 Vulnerability

Jay Freeman is a prominent software developer who is well known for his iOS Jailbreak and Cydia tools. Freeman’s Cydia graphical user interface (GUI) was released in February 2008, and it gives users with jailbroken iPhones the ability to download unauthorized software for the Apple smartphone operating system iOS. Freeman recently published a blog post called “Attacking an Ethereum L2 with Unbridled Optimism,” which explains how he reported a critical security issue to the developers of the L2 scaling solution Optimism.

Optimism’s L2 solution allows users to move ethereum for a fraction of the cost. Currently, moving ether using Optimism can cost $0.56 per transfer as opposed to the L1 gas fees today which are $3.29 per transaction. To swap coins onchain using L1 it will cost a user $16.47 in ether but using Optimism to swap coins will cost $0.83. Freeman reported the Optimism vulnerability on February 2, 2022 and the bug has since been patched.

The attack would have allowed “an attacker to replicate money on any chain using their “OVM 2.0” fork of go-ethereum (which they call l2geth),” Freeman said. The developer further explained that he plans to talk about the Optimism vulnerability on February 18th at Ethdenver 2022. Freeman was also awarded a $2,000,042 bounty for discovering the bug and disclosing it to the team. The software engineer’s blog post describes how the attacker could mint an arbitrary quantity of tokens before the bug was patched.

“The bug presented here — which I dub ‘Unbridled Optimism’ — can maybe be (crudely) modelled as a bug on the far side of a ‘bridge,’” Freeman wrote. “But is actually a bug in the virtual machine that executes smart contracts on Optimism. Exploiting this enables the attacker to have access to an effectively unbounded number of tokens (aka, the IOUs) on the far side of the bridge. It is my contention that this is more dangerous than merely tricking the reserves into allowing a withdrawal.” The developer continued:

Further, with your unbounded supply of IOUs, you could go to every decentralized exchange running on the L2 and mess with their economies, buying up vast quantities of other tokens while devaluing the chain’s own currency. Using your access to infinite capital, you could further manipulate onchain pricing oracles to leverage for other attacks; and, until someone finally realizes your money is counterfeit, arbitragers will flock to the network to sell you their assets.

The Pessimism Surrounding Cross-Chain Applications

In addition to the vulnerability found in Optimism, Freeman discussed cross-chain bridge technology in great detail. The developer mentioned that the same day he disclosed the bug to Optimism, the Wormhole bridge was attacked. Freeman also touched upon the Poly Network hack in his post. “Even when hackers do steal money from a bridge, the ramifications are limited,” Freeman’s blog post explains.

Freeman discovering the Optimism bug follows the slew of hacks against cross-chain bridges and the community’s newfound concern over the security of this up-and-coming technology. The Cydia developer’s blog post mentions concepts like “’insurance policies’ against crypto hacks.” Moreover, Ethereum (ETH) co-founder Vitalik Buterin recently discussed concerns tied to the security of cross-chain bridge platforms. “I am pessimistic about cross-chain applications,” a recent Reddit post by Buterin declares.

What do you think about Jay Freeman’s Optimism bug discovery? Let us know what you think about this subject in the comments section below.

Read Entire Article
spot_img
- Advertisement -spot_img

Related Posts

Is Bitcoin Bull Run Over? What This Legendary Metric Says

Here’s what the historical trend of the Bitcoin Market Value to Realized Value (MVRV) Ratio suggests regarding whether the current bull run is over or not Bitcoin MVRV Ratio Could Hint At Where

Token Merger: Bitget Unifies BGB and BWB for Ecosystem Growth

Cryptocurrency exchange Bitget has announced plans to consolidate its two native tokens, Bitget Token (BGB) and Bitget Wallet Token (BWB), into a single utility token, BGB The transition, effective

Bitcoin Dominated By HODLing Sentiment – Metrics Reveal Holders Move BTC Less Frequently

Bitcoin has experienced a rollercoaster ride over the past couple of weeks, showcasing its trademark volatility After reaching an all-time high (ATH), the leading cryptocurrency saw its price drop by

KULR latest to add Bitcoin to corporate treasury with $21 million acquisition

Energy company KULR Technology Group unveiled the start of its Bitcoin (BTC) treasury on Dec 4 by acquiring 21718 BTC for approximately $21 million, at an average purchase price of $96,55653 per

MEXC Research: Top 10 Futures Tokens of 2024

The crypto derivatives market has grown rapidly, with more traders seeking advanced tools to manage risk and amplify returns The leading global exchange, MEXC has expanded its future contract

Russia Enacts Ban on Crypto Mining Operations in 10 Regions, Hints at Expansion

Russia recently enacted a ban on crypto mining operations in 10 regions until 2031, citing high energy consumption issues as the cause Deputy Prime Minister Alexander Novak stated that this list