- Optimism, a popular Ethereum Layer 2 scaling solution, has patched a major vulnerability in its network.
- The team was alerted of the vulnerability last week by a developer named Jay Freeman, also known as “saurik.”
- He was awarded the maximum possible bounty award of more than $2 million.
Share this article
Optimism has fixed a “critical bug” in its Geth (Ethereum’s most popular implementation) fork. The bug was discovered by Jay Freeman, the developer behind both Cydia and Orchid Protocol, who informed Optimism about it on Feb. 2 and was subsequently awarded its highest bounty.
Optimism Bug Fixed
Large losses may have been avoided by a simple bug discovery.
Optimism, the fourth-largest Layer 2 Ethereum scaling solution by total value locked, announced today that it had patched a critical bug in its Geth fork that had been discovered by developer Jay Freeman. Freeman was awarded the maximum bounty award of more than $2 million for alerting Optimism of the vulnerability.
If exploited, the bug would have allowed for ETH to be repeatedly created on Optimism through “triggering the SELFDESTRUCT opcode on a contract that held an ETH balance.” The SELFDESTRUCT function allows for the destruction of certain Ethereum smart contracts.
The bug was never exploited, though it might have been triggered by an Etherscan employee by accident. No “usable ETH” was created upon this accidental triggering, though.
A fix for the vulnerability was tested on Kovan, Optimism’s test net, and then deployed on the network’s mainnet—as well as on its infrastructure providers and forks—within hours after confirmation. The network remained operational throughout.
To patch the issue, Optimism developers shared a private patch with “key parties” immediately. After the patch was revealed as successful, it was “publicly released…hidden in an inconspicuous commit.” The team had to go about the patch fix and release with care due to the growing number of parties in the protocol’s ecosystem: various bridges, providers, and mainnet forks. This complexity contributes positively to decentralization but makes releases, especially security releases, more difficult, said the team.
The bounty Optimism pays for whitehat hackers is based on the threat level posed by the bug—in this case, Freeman received the maximum possible award.
Vitalik Buterin has discussed the importance of Layer 2’s for Ethereum’s future in order to combat the networks’ high transaction fees that, he said, made the network “not ready for direct mass adoption” on Layer 1. Last November, he introduced EIP 4488, an Ethereum improvement proposal focused on reducing gas fees even on Ethereum Layer 2 scaling solutions.
Disclosure: At the time of writing, the author of this piece owned ETH and several other cryptocurrencies.
$8M Lost as THORChain Suffers Third Attack in a Month
THORChain says the attacker made off with around $8 million. THORChain Hit by Another Exploit THORChain has suffered its third critical attack in a month. THORChain has suffered a sophisticated…
Balancer Pool Exploited, Over $500,000 of Funds Lost
A hacker found a loophole in a Balancer pool via a deflationary token, resulting in the pool being drained of $535,000. Balancer’s co-founder took responsibility for ignoring a previous bug…
$60M Stolen From AnubisDAO in Latest DeFi Attack
AnubisDAO has suffered from an attack in which an unknown entity stole $60 million from the project’s auction pool. Funds Drained From AnubisDAO In Suspected Rug pull AnubisDAO, a newly-launched…