Letztlich konnte ein Hacker seinen Smart Contract vor seinem wirklichen Ende aus dem Nichts beliebige Summen an Crypto-Geld erschaffen lassen.

Anders als andere Hacker meldete der Finder Jay Freeman das Problem bei Optimism. Das sind die Betreiber der auf Ethereum aufsetzenden Bezahlinfrastruktur mit dem Ether-Derivat OETH. Die fixten den Fehler dann auch recht zügig und belohnten den Finder mit der (meines Wissens) höchsten bislang ausgezahlten Prämie von 2.000.042 US-Dollar. Dass ein so junges, recht unbekanntes Projekt für einen solchen Fehler einfach mal über 2 Millionen auf den Tisch legen kann, sagt viel über den aktuellen Zustand der Crypto- und Blockchain-Blase. Aber das wird eine andere Geschichte.

Der Finder des Problems Jay Freeman mag vielen noch als Saurik bekannt sein.


Ether is bad for real Ether

Freeman discovered a glitch in a section of Optimism’s code which forces smart contracts to delete themselves and return related Ether to the sender.

  • Optimism’s “SELFDESTRUCT” function returned crypto to the sender but kept their related off-chain Ether IOUs.
  • This could be exploited to trick smart contracts into looping through the glitch — thus minting infinite “layer 2” crypto.
  • The Ether created by the bug was counterfeit but Freeman suggested it could wreak havoc across the wider crypto ecosystem.

“With your unbounded supply of IOUs, you could go to every decentralized exchange running on the L2 and mess with their economies, buying up vast quantities of other tokens while devaluing the chain’s own currency,” wrote Freeman.

These security flaws are known as overflow bugs.

A self-styled “grey hat” hacker figured out how to trick Ethereum scaling solution Optimism into effectively printing unlimited Ether earlier this month.

Software engineer Jay Freeman (who goes by Saurik online) didn’t leverage the exploit. Instead, he reported the issue to Optimism’s dev team, who paid him a $2-million bug bounty.

Freeman is probably best known for his work on Cydia, the app store for jailbroken iPhones. However, more recently he’s been looking for bugs on blockchains.

According to a breakdown on Freemans’ website, he discovered the glitch while looking into so-called “nano payment protocols.”

Optimism is one of these protocols.

The announcement does not, however, speculate on possible damages if the bug had been exploited by a malicious hacker.

Growing DeFi ecosystem makes security complex

According to Optimism’s blog post, defending the DeFi ecosystem against security issues is becoming increasingly complex, to a significant extent as a direct consequence of decentralization itself.

The post reads:

“it’s clear that the ecosystem will soon be far too large for this to remain practical. We’ll be updating our disclosure protocol to more closely match Geth’s in the near future,”

The post also points to the importance of bug bounty programs.

The Optimism team is currently in the process of specifying and building the next major release, Optimism: Bedrock Edition.

Eines der zentralen Features der neueren Blockchains wie Ethereum sind die sogenannten Smart Contracts. Das sind letztlich kleine Progrämmchen, die auf der Blockchain selbst ausgeführt werden und damit insbesondere Finanz-Transaktionen ermöglichen. Da das alles jedoch oftmals mit heißer Nadel gestrickt und weitgehend ungetestet ist, finden sich da immer wieder Fehler, die dramatische Konsequenzen haben.

In einem aktuellen Fall war ein solcher den Betreibern eines Blockchain-Projekts die Rekordprämie von über 2 Millionen US-Dollar wert.

Mehrfachvererbung bei Selbstmord

Das Problem betraf eine Bezahlinfrastruktur namens Optimism auf Basis von Ethereum. Seine Wurzel war die vom System bereitgestellte Selbstmord-Funktion, die früher wirklich Suicide heiß, dann aber in Selfdestruct umbenannt wurde.

Damit kann ein Objekt (also konkret ein Smart Contract etwa auf der Ether-Blockchain) all seine Ressourcen freigeben. Insbesondere übergibt es dabei seine Crypto-Tokens an einen selbstbestimmten Erben.

Allerdings existierenden diese Smart Contracts nur auf der Blockchain. Also muss dieser Erbvorgang vonstattengehen, bevor das Objekt final terminiert wird, denn sonst gäbe es ja die damit verknüpften Tokens nicht mehr.
Dummerweise vergaß die Selbstmord-Funktion (wohl angesichts des ohnehin unmittelbar bevorstehenden Endes) diese vererbten Tokens vom Konto des “Selbstmörders” abzubuchen. Weshalb dieser die Tokens dann erneut vererben konnte. Und dann noch mal und so weiter.

Ethereum Layer-2 solution Optimism has fixed a critical software bug in one of its smart contracts on Ethereum. On February 2nd, the Optimism team was alerted byJay Freemanof a critical bug in Optimism’s fork of theEthereumGeth client software. As per the Optimismannouncement“Funds Are Safu.”

The bug made it possible for a malicious hacker to create ETH onOptimismby “repeatedly triggering the “SELF-DESTRUCT” opcode on a contract that held an ETH balance.” Opcodes are different types of instructions that can run on the Ethereum Virtual Machine (EVM) execution environment.

Bug triggered by Etherscan employee

Analysis of Optimism’s blockchain history carried out by the Optimism team showed that the bug was not exploited.
The bug seems to have been accidentally triggered on one occasion by an employee at the popular block explorer Etherscan.

Ethereum Layer-2 solution Optimism has fixed a critical software bug in one of its smart contracts on Ethereum. On February 2nd, the Optimism team was alerted by Jay Freeman of a critical bug in Optimism’s fork of the Ethereum Geth client software. As per the Optimism announcement “Funds Are Safu.”

The bug made it possible for a malicious hacker to create ETH on Optimism by “repeatedly triggering the “SELF-DESTRUCT” opcode on a contract that held an ETH balance.” Opcodes are different types of instructions that can run on the Ethereum Virtual Machine (EVM) execution environment.

Bug triggered by Etherscan employee

Analysis of Optimism’s blockchain history carried out by the Optimism team showed that the bug was not exploited.

As per the report, “no usable excessETHwas generated.”

According to the announcement, within hours of confirmation, the Optimism team developed and deployed a fix on the Kovan and Mainnet networks, mending the bug, and sent alerts to teams developing vulnerable Optimism forks and to L1-L2 bridge providers. Apart from the announcement, the Optimism team has also published a detailedbreakdownof the incident.

As part of Optimism’s Immunefi bug bountyprogram, the maximum amount of just over $2 million was paid out to Jay Freeman. The fact that the maximum amount was paid, indicates the seriousness of the bug.

The bug seems to have been accidentally triggered on one occasion by an employee at the popular block explorer Etherscan. As per the report, “no usable excess ETH was generated.”

According to the announcement, within hours of confirmation, the Optimism team developed and deployed a fix on the Kovan and Mainnet networks, mending the bug, and sent alerts to teams developing vulnerable Optimism forks and to L1-L2 bridge providers. Apart from the announcement, the Optimism team has also published a detailed breakdown of the incident.

As part of Optimism’s Immunefi bug bounty program, the maximum amount of just over $2 million was paid out to Jay Freeman.
The fact that the maximum amount was paid, indicates the seriousness of the bug.

The announcement does not, however, speculate on possible damages if the bug had been exploited by a malicious hacker.

Growing DeFi ecosystem makes security complex

According to Optimism’s blog post, defending the DeFi ecosystem against security issues is becoming increasingly complex, to a significant extent as a direct consequence of decentralization itself.

The post reads:

“it’s clear that the ecosystem will soon be far too large for this to remain practical. We’ll be updating our disclosure protocol to more closely match Geth’s in the near future,”

The post also points to the importance of bug bounty programs.

The Optimism team is currently in the process of specifying and building the next major release, Optimism: Bedrock Edition.

Similar Posts:

Leave a comment