Developers from Optimism, a layer 2 scaling solution on Ethereum, have announced the identification of a “critical bug.” The developers also clarified that this bug has since been patched.
White hat & iOS jailbreak dev discover Optimism bug
The bug in question could have allowed a hacker to create Ethereum in an Optimism account. The bug was initially identified by a white hat hacker and an iOS jailbreak software developer, Jay Freeman.
Freeman stated that this big could have allowed the “attacker to replicate money on any chain using their ‘OVM 2.0’ fork of go-ethereum.” Following this discovery, Freeman was awarded a $2 million bounty, which is one of the largest ones to date.
Optimism also published a blog post stating that a network analysis had shown that the bug had not been exploited. However, there was an incident with an Etherscan staffer, but “no usable excess was generated.”
“A fix for the issue was tested and deployed to Optimism’s Kovan and Mainnet networks (including all infrastructure providers) within hours of confirmation,” the team said. Moreover, the team thanked those who responded promptly to fix the bug. It also said it had “alerted multiple vulnerable Optimism forks and bridge providers to the presence of the issue. These projects have all applied the required fix.”
Vulnerabilities ignited by protocol changes
Towards the end of last year, Optimism got rid of its whitelist to enable developers to build projects on the Optimism network. When this whitelist was up, Optimism was only accessible to specific projects. While this process was limiting, developers could detect and sort out the bug.
Optimism is a layer two scaling solution on the Ethereum blockchain. It uses optimistic rollups to handle transactions out of the Ethereum blockchain. This lowers the transaction costs and boosts speeds on the Ethereum network.
However, the vulnerability on Optimism has shown that layer two networks are prone to vulnerabilities as they are still under development, which poses a risk to users.
MakerDAO has also announced a similar bounty. The protocol will issue a $10M maximum bounty to any white hat to detect potential threats on the platform. This is the largest bug bounty hosted on Immunefi, a bug bounty platform. As the risk of hacking threats grows, protocols have been vigilant to ensure their networks are not compromised.
Your capital is at risk.