All of these projects have applied the fix.”
Optimism’s whitelist was removed late last year, allowing any developer to begin building projects on its network. The network was previously only accessible to Synthetix and Uniswap. This restriction made it easier to find and fix potential bugs for developers
Related: MakerDAO launches largest ever bug bounty, with a $10M reward
Optimism, a Layer 2 scaling solution to the Ethereum network, uses “optimistic rollsups” that aggregate transactions beyond the Ethereum blockchain.
This has the potential to reduce slippage, decrease transaction costs, and greatly improve transaction speeds.
It goes on to say:
“The bug would have allowed ETH to be generated on Optimism by repeatedly firing the SELFDESTRUCT opcode on a contract containing an ETH balance.”
Whitehat hacker receives $2 million
Luckily for the network, no malicious hackers were aware of the flaw prior to patching. Within hours of confirming the issue, Optimism was testing and deploying a fix on the Kovan testnet and the Optimism mainnet.
The team has also notified other vulnerable Optimism forks and bridge providers about the technical vulnerability. All projects connected to Optimism are now free of the error.
As a token of gratitude, Optimism has awarded Freeman the maximum, one of the largest, awards of approximately $2 million.
If the bug had not been spotted in time, the network would likely have suffered an immense loss.
Optimism, Ethereum’s fourth-largest Layer 2 scaling solution after Total Value Locked, recently identified and fixed a system-critical flaw in its program code. The network learned of the vulnerability last week after it was discovered and reported by whitehat hacker Jay Freeman, the developer of the Cydia and Orchid protocols.
It was revealed that the bug was unintentionally triggered by an Etherescan employee.
This would have made it possible to generate infinite ETH tokens by launching a mini-program on the contract containing the ETH balance. As Freeman explained in a Deep Dive blog post, the bug would allow an attacker to replicate funds on any chain using their OVM 2.0 fork of Go-Ethereum.
Ethereum optimism 2m jay freemanii
Ethereum’s most popular second-layer scalability solution Optimism was vulnerable to the “Unbridled Optimism” attack — so were its forks, Boba and Metis.
Infinite Ethers for potential Optimism attackers
Seasoned developer Jay Freeman who is well-known as co-founder of Orchid and core developer of iOS Jailbreak and Cydia tools, released a detailed blog post on how Go-Ethereum fork Optimism could have been hacked.
Last week, I discovered (and reported) a critical bug (which has been fully patched) in @optimismPBC (a “layer 2 scaling solution” for Ethereum) that would have allowed an attacker to print arbitrary quantity of tokens, for which I won a $2,000,042 bounty.
A self-styled “grey hat” hacker figured out how to trick Ethereum scaling solution Optimism into effectively printing unlimited Ether earlier this month.
Software engineer Jay Freeman (who goes by Saurik online) didn’t leverage the exploit. Instead, he reported the issue to Optimism’s dev team, who paid him a $2-million bug bounty.
Freeman is probably best known for his work on Cydia, the app store for jailbroken iPhones.
However, more recently he’s been looking for bugs on blockchains.
According to a breakdown on Freemans’ website, he discovered the glitch while looking into so-called “nano payment protocols.”
Optimism is one of these protocols.
Sfruttandolo si poteva avereaccesso ad un numero effettivamente illimitato di token IOU,ed in particolare di token OETH, scambiabili poi regolarmente in ETH.
Questi scambi avrebbero potuto essere eseguiti su un exchange decentralizzato, dove sarebbe stato letteralmente impossibile bloccarli o annullarli.
Il fatto è che se fosse stato sfruttato, fino a che qualcuno non si fosse reso conto che c’era qualcosa che non andava l’attaccante poteva di fattomanipolare i mercati,acquistando a prezzo zero enormi quantità di reali ETH. Inoltre coloro che avessero venduto i loro ETH in cambio ad esempio degli OETH creati dal nulla dall’attaccante, si sarebbero trovati in portafoglio un token di valore molto vicino allo zero.
As per the report, “no usable excessETHwas generated.”
According to the announcement, within hours of confirmation, the Optimism team developed and deployed a fix on the Kovan and Mainnet networks, mending the bug, and sent alerts to teams developing vulnerable Optimism forks and to L1-L2 bridge providers. Apart from the announcement, the Optimism team has also published a detailedbreakdownof the incident.
As part of Optimism’s Immunefi bug bountyprogram, the maximum amount of just over $2 million was paid out to Jay Freeman.
The fact that the maximum amount was paid, indicates the seriousness of the bug.
Ether is bad for real Ether
Freeman discovered a glitch in a section of Optimism’s code which forces smart contracts to delete themselves and return related Ether to the sender.
- Optimism’s “SELFDESTRUCT” function returned crypto to the sender but kept their related off-chain Ether IOUs.
- This could be exploited to trick smart contracts into looping through the glitch — thus minting infinite “layer 2” crypto.
- The Ether created by the bug was counterfeit but Freeman suggested it could wreak havoc across the wider crypto ecosystem.
“With your unbounded supply of IOUs, you could go to every decentralized exchange running on the L2 and mess with their economies, buying up vast quantities of other tokens while devaluing the chain’s own currency,” wrote Freeman.
These security flaws are known as overflow bugs.
Qualche giorno fa il celebrehacker Jay Freeman, aliasSaurik, ha scoperto un pericoloso bug sul protocollo dei nano paymentusato dalsecond layer di Ethereum Optimism.
Last week, I discovered (and reported) a critical bug (which has been fully patched) in @optimismPBC (a “layer 2 scaling solution” for Ethereum) that would have allowed an attacker to print arbitrary quantity of tokens, for which I won a $2,000,042 bounty. https://t.co/J6KOlU8aSW
— Jay Freeman (saurik) (@saurik) February 10, 2022
Il bug su Optimism, second layer di Ethereum
Lo sfruttamento del bug avrebbe consentito ad un utente malintenzionato dicreare quantità illimitate di token.
The problem is now fixed, and Freeman claims to have received areward of more than two million dollars.
The bug could be exploited on any chain connected to Optimism, using the “OVM 2.0” fork of go-ethereum (l2geth).
The danger of the Optimism bug
Optimism currently uses a centralized “sequencer”, so they were able to act quickly both to fix the bug on their own nodes and infrastructure, and to deploy interventions on downstream projects using their code base (Boba and Metis).
Saurik named this bug“Unbridled Optimism”, revealing that it affected the virtual machine running smart contracts on Optimism. Exploiting this bug, one could haveaccess to an effectively unlimited number of IOU tokens, and in particular OETH tokens, which could then be exchanged for ETH on a regular basis.
The announcement does not, however, speculate on possible damages if the bug had been exploited by a malicious hacker.
Growing DeFi ecosystem makes security complex
According to Optimism’s blog post, defending the DeFi ecosystem against security issues is becoming increasingly complex, to a significant extent as a direct consequence of decentralization itself.
The post reads:
“it’s clear that the ecosystem will soon be far too large for this to remain practical. We’ll be updating our disclosure protocol to more closely match Geth’s in the near future,”
The post also points to the importance of bug bounty programs.
The Optimism team is currently in the process of specifying and building the next major release, Optimism: Bedrock Edition.
Freeman received a $2,000,042 reward for his efforts.
The Optimism Team claims that the bug allowed for the creation of ETH on Optimism. It was activated repeatedly by the SELFDESTRUCT opcode, which is used to trigger a contract with an ETH balance.
The Optimism team wrote in a blog that their chain history indicated that the bug was not exploited.
A staffer from Ethereum data startup Etherscan accidentally activated it, but that “no usable excess” had been generated.
“A solution was tested and deployed to Optimism’s Kovan network and Mainnet network (including all infrastructure providers) within hours after confirmation,” the team stated. They also thanked Alchemy, QuickNode and Infura for their quick response.
“We also alerted several vulnerable Optimism bridge providers and forks to the existence of the problem.