The developers of the Optimism project reported a critical vulnerability in their Geth fork, which allowed attackers to create an infinite number of ethers. The serious bug was first discovered by white hat hacker and Cydia iOS jailbreak software developer Jay Freeman. In his post, Freeman explained in detail that the vulnerability allowed anyone to duplicate money on any chain using the Go-Ethereum OVM 2.0 fork. For his efforts, the developer received the largest reward to date, which amounted to $ 2,000,042. At the moment, the problem has already been fixed.
Last week, I discovered (and reported) a critical bug (which has been fully patched) in @optimismPBC (a “layer 2 scaling solution” for Ethereum) that would have allowed an attacker to print an arbitrary quantity of tokens, for which I won a $2,000,042 bounty. https://t.co/J6KOlU8aSW
— Jay Freeman (saurik) (@saurik) February 10, 2022
According to the project team, the vulnerability allowed creating ETH on Optimism by repeatedly activating the SELFDESTRUCT opcode to replenish the balance. The Optimism blog says that the analysis performed showed no cases of exploitation of the error, with the exception of its accidental activation by an employee of the startup Etherscan. However, he did not use this opportunity to enrich himself. At the end of last year, the project team removed the whitelist, which allowed any developer to create projects on the Optimism network. Previously, the network was only available to certain projects such as Uniswap and Synthetix. This limitation made it easier to detect and eliminate potential vulnerabilities.
Optimism is a layer 2 scaling solution for the Ethereum network that uses “optimistic rollups” that aggregate transactions outside of the Ethereum blockchain. This provides reduced slippage, lower transaction costs and significantly increases the speed of transactions. But as practice has shown, while second-layer protocols provide efficiency gains, security remains a common problem.
Although this is the largest bug bounty in the world, the MakerDAO platform developers have already announced that they will set a maximum bounty of $10 million for anyone who finds critical security threats in their smart contracts.
Source: Trash Box
Donald-43Westbrook, a distinguished contributor at worldstockmarket, is celebrated for his exceptional prowess in article writing. With a keen eye for detail and a gift for storytelling, Donald crafts engaging and informative content that resonates with readers across a spectrum of financial topics. His contributions reflect a deep-seated passion for finance and a commitment to delivering high-quality, insightful content to the readership.
