l2 optimism 2m jay cydiamitchelhillcointelegraph

The bug seems to have been accidentally triggered on one occasion by an employee at the popular block explorer Etherscan. As per the report, “no usable excess ETH was generated.”

According to the announcement, within hours of confirmation, the Optimism team developed and deployed a fix on the Kovan and Mainnet networks, mending the bug, and sent alerts to teams developing vulnerable Optimism forks and to L1-L2 bridge providers. Apart from the announcement, the Optimism team has also published a detailed breakdown of the incident.

As part of Optimism’s Immunefi bug bounty program, the maximum amount of just over $2 million was paid out to Jay Freeman. The fact that the maximum amount was paid, indicates the seriousness of the bug.


The announcement does not, however, speculate on possible damages if the bug had been exploited by a malicious hacker.

Growing DeFi ecosystem makes security complex

According to Optimism’s blog post, defending the DeFi ecosystem against security issues is becoming increasingly complex, to a significant extent as a direct consequence of decentralization itself.

The post reads:

“it’s clear that the ecosystem will soon be far too large for this to remain practical. We’ll be updating our disclosure protocol to more closely match Geth’s in the near future,”

The post also points to the importance of bug bounty programs.

The Optimism team is currently in the process of specifying and building the next major release, Optimism: Bedrock Edition.


Additionally, they alerted multiple vulnerable Optimism forks and bridges to the presence of the issue and all these projects have applied the required fix.

Implications

The white hat hacker, Jay Freeman (saurik), has received the maximum amount of $2M from the Bug Bounty Program after contacting and inform optimism about its vulnerability. This gives an insight on the severity of this Bug as the possible damage could have been huge for Optimism and all his forks.

Increased complexity for defending DeFi protocols against security issues like this one is a direct consequence of the decentralization itself. Bug Bounty Programs are therefore an essential part of this ecosystem as they incentivize hackers to not harm the whole network by trying to reward themselves, leading to a win-win situation for both sides.

2.

The announcement does not, however, speculate on possible damages if the bug had been exploited by a malicious hacker.

Growing DeFi ecosystem makes security complex

According to Optimism’s blog post, defending the DeFi ecosystem against security issues is becoming increasingly complex, to a significant extent as a direct consequence of decentralization itself.

The post reads:

“it’s clear that the ecosystem will soon be far too large for this to remain practical. We’ll be updating our disclosure protocol to more closely match Geth’s in the near future,”

The post also points to the importance of bug bounty programs.

The Optimism team is currently in the process of specifying and building the next major release, Optimism: Bedrock Edition.

Prices have risen as much as 7.5% in comparison to January 2021.

All these circumstances have led to a massive drop in cryptocurrency prices. Bitcoin fell 4% in 24 hours, Ethereum 5.6% and Solana for as much as 10%.

Implications

The overall sentiment in the markets is led by fear and uncertainty about future developments regarding war, inflation and the pandemic. By facing all these factors at once, the result is a highly speculative bet on future outcomes and the volatility clearly spikes during times like this.
We have to prepare our self for a long, bumpy road in terms of price movements until the storm passes and the uncertainty fades away.

Nevertheless, the technological progress some projects are making is huge and will strengthen the future floor prices of cryptocurrencies.

Ethereum Layer-2 solution Optimism has fixed a critical software bug in one of its smart contracts on Ethereum. On February 2nd, the Optimism team was alerted by Jay Freeman of a critical bug in Optimism’s fork of the Ethereum Geth client software. As per the Optimism announcement “Funds Are Safu.”

The bug made it possible for a malicious hacker to create ETH on Optimism by “repeatedly triggering the “SELF-DESTRUCT” opcode on a contract that held an ETH balance.” Opcodes are different types of instructions that can run on the Ethereum Virtual Machine (EVM) execution environment.

Bug triggered by Etherscan employee

Analysis of Optimism’s blockchain history carried out by the Optimism team showed that the bug was not exploited.

Ethereum Layer-2 solution Optimism has fixed a critical software bug in one of its smart contracts on Ethereum. On February 2nd, the Optimism team was alerted by Jay Freeman of a critical bug in Optimism’s fork of the Ethereum Geth client software. As per the Optimism announcement “Funds Are Safu.”

The bug made it possible for a malicious hacker to create ETH on Optimism by “repeatedly triggering the “SELF-DESTRUCT” opcode on a contract that held an ETH balance.” Opcodes are different types of instructions that can run on the Ethereum Virtual Machine (EVM) execution environment.

Bug triggered by Etherscan employee

Analysis of Optimism’s blockchain history carried out by the Optimism team showed that the bug was not exploited.

Average Transaction Fee Chart” is multiple times lower than the paid transaction fees by the user.

The calculation was done by combining several datapoints from the Etherscan website with the following formula:

By subtracting the Base Fee (implemented with EIP-1559, equal to Ether burned), the remaining sum represents the priority fee paid to the miners in the auction model and lines up perfectly with the provided chart:

Implications

Instead of showing the user the total transaction cost in the “Average Transaction Fee Chart”, etherscan calculates the “Average Priority Fee Chart” and is misleading its users by advertising them as the average fee to be paid by the user.

As a result, the provided fees are way too low, leading to biased personal and institutional decisions for using the platform.

The bug seems to have been accidentally triggered on one occasion by an employee at the popular block explorer Etherscan. As per the report, “no usable excess ETH was generated.”

According to the announcement, within hours of confirmation, the Optimism team developed and deployed a fix on the Kovan and Mainnet networks, mending the bug, and sent alerts to teams developing vulnerable Optimism forks and to L1-L2 bridge providers. Apart from the announcement, the Optimism team has also published a detailed breakdown of the incident.

As part of Optimism’s Immunefi bug bounty program, the maximum amount of just over $2 million was paid out to Jay Freeman.
The fact that the maximum amount was paid, indicates the seriousness of the bug.

Here are the three news headlines we saw as particularly intriguing this week:

1. Critical Bug in Ethereum Layer 2 Optimism, $2M Bounty paid

Facts

The Optimism Team was alerted by a white hat hacker over a critical bug in one of their smart contracts on Ethereum. Optimism is one of the major optimistic scaling solutions of Ethereum with a total value locked over $470M.

The critical bug in Optimism’s fork of the Ethereum Geth client would have made it possible for a malicious hacker to create ETH on Optimism by “repeatedly triggering the SELFDESTRUCT opcode on a contract that held an ETH balance.” according to their disclosure.

Within hours of confirmation on the alert Optimism deployed a fix for the issue on Kovan testnet and Mainnet networks.

According to them there was no excess ETH generated.

In addition to that, multiple websites who gather their data from etherscan like l2fees.info suffer from faulty comparisons and spread the incorrect data to all users of their website.

3. Crypto prices fall due to increased tension in the Russia-Ukraine conflict and inflation report

Facts

Cryptocurrencies are among the riskiest assets investors hold in their portfolio due to their high volatility and unclear future. During times of fear, these assets get dumped first leading to high price declines.

Russia amasses troops at the Ukrainian border and according to the White House they could invade the country within the next few days.
In addition to the fear of a possible war, US inflation hits highest level in 40 years in January.

Similar Posts:

Leave a comment