A white hat hacker and iOS Cydia jailbreak software developer has earned a reward of $2 million (roughly Rs. 15 crore) after fixing a “critical bug” in Ethereum Layer 2 scaling project Optimism which could have allowed hackers to create as much Ether in an Optimism account balance as they wanted. Optimism announced that the bug was discovered earlier this month and has been subsequently fixed by an iOS developer who goes by the name Jay Freeman on Twitter, allowing him to earn one of the largest bug-finding awards to date.
In a detailed blog post, Freeman (@saurik) explained on Twitter that the bug would “allow an attacker to copy money on any chain using his OVM 2.0 go-Ethereum fork.” For his efforts, Freeman received one of the largest bug-finding awards to date, with a total award of $2,000,042 (roughly Rs. 15 crore).
Last week, I discovered (and reported) a critical bug (which has been fully patched) in @optimismPBC (a “layer 2 scaling solution” for Ethereum) that would have allowed an attacker to print arbitrary quantity of tokens, for which I won a $2,000,042 bounty. https://t.co/J6KOlU8aSW
— Jay Freeman (saurik) (@saurik) February 10, 2022
According to the Optimism team, “The bug allowed the creation of ETH on Optimism by repeatedly activating the SELFDESTRUCT opcode on a contract that had an ETH balance.”
We’re incredibly thankful to saurik for spending so much time analyzing our protocol over the year–enough to find such an important fix! We highly recommend you check out his in-depth breakdown. We’ll award the full $2,000,042 promised in our bug bounty. https://t.co/536XK2Bfa5 pic.twitter.com/p8PZujKaDg
— Optimism (@optimismPBC) February 10, 2022
In a separate blog post, the Optimism team noted that its chain history showed that the bug was not exploited, aside from an employee accidentally activating the Ethereum Etherscan data startup, but “no usable surplus was created.”
“The fix was tested and deployed to the Optimism Kovan and Mainnet networks (including all infrastructure providers) within hours of confirmation,” the team said, thanking Infura, QuickNode, and Alchemy for the fast response times.
“We have also alerted several vulnerable forks of Optimism and bridge providers to the issue. All of these projects have applied the required fix.”
At the end of last year, Optimism removed its whitelist, allowing any developer to start creating projects on the Optimism network. Prior to this, the network was only available to certain projects such as Uniswap and Synthetix. This limitation made it easier for developers to detect and fix potential bugs.
As per its website, Optimism identifies as a Layer-2 scaling protocol for Ethereum applications and is meant to look, feel and behave like Ethereum but cheaper and faster. As for developers building on Optimism, the company tries to make the switch away from the main Ethereum network as seamless as possible without having to go through a long process.
Cryptocurrency is an unregulated digital currency, not a legal tender and subject to market risks. The information provided in the article is not intended to be and does not constitute financial advice, trading advice or any other advice or recommendation of any sort offered or endorsed by NDTV. NDTV shall not be responsible for any loss arising from any investment based on any perceived recommendation, forecast or any other information contained in the article.