optimism eth 2m freeman cydiamitchelhillcointelegraph

The computer virus produced it possible to expand ETH on Optimism by way of persistently triggering the SELFDESTRUCT opcode on a freelance that held an ETH balance.”

In a website online publish, the Optimism crew seen that its chain report showed that the computer virus skilled now not been exploited, instead of for an unintended activation by way of a staffer at Ethereum wisdom startup Etherscan, however “no usable additional was once produced.”

“A right kind for the problem was once tested and deployed to Optimism’s Kovan and Mainnet networks (which incorporates all infrastructure distributors) inside of a number of hours of affirmation,” the staff stated, thanking Infura, QuickNode, and Alchemy for his or her all of a sudden response moments.

“We additionally alerted a large number of susceptible Optimism forks and bridge suppliers to the presence of the placement.

Optimism, Ethereum’s fourth-largest Layer 2 scaling solution after Total Value Locked, recently identified and fixed a system-critical flaw in its program code. The network learned of the vulnerability last week after it was discovered and reported by whitehat hacker Jay Freeman, the developer of the Cydia and Orchid protocols.

It was revealed that the bug was unintentionally triggered by an Etherescan employee.

This would have made it possible to generate infinite ETH tokens by launching a mini-program on the contract containing the ETH balance. As Freeman explained in a Deep Dive blog post, the bug would allow an attacker to replicate funds on any chain using their OVM 2.0 fork of Go-Ethereum.


As per the report, “no usable excessETHwas generated.”

According to the announcement, within hours of confirmation, the Optimism team developed and deployed a fix on the Kovan and Mainnet networks, mending the bug, and sent alerts to teams developing vulnerable Optimism forks and to L1-L2 bridge providers. Apart from the announcement, the Optimism team has also published a detailedbreakdownof the incident.

As part of Optimism’s Immunefi bug bountyprogram, the maximum amount of just over $2 million was paid out to Jay Freeman.
The fact that the maximum amount was paid, indicates the seriousness of the bug.

J6KOlU8aSW— Jay Freeman (saurik) (@saurik) February 10, 2022

According to his detailed explanation, a malicious actor could “mint” an arbitrary number of ETH tokens on any blockchain that utilizes Optimism Virtual Machine (OVM).

This could have been achieved by repeatedly triggering the SELFDESRUCT op-code on a contract with mainnet Ethers on balance. By doing so, attackers could increase their ETH holdings to infinite.

Also, Optimism forks Boba and Metis were prone to similar attacks design.

Bug fixed, $2M bounty comes to white-hat hacker

As per the statement of the Optimism team, their experts confirmed that the bug was never exploited by ‘real’ hackers: as such, all of the users’ funds are safe.

An emergence patch was released to Optimism mainnet and Kovan testnet just hours after the bug was disclosed.

Ethereum Layer-2 solution Optimism has fixed a critical software bug in one of its smart contracts on Ethereum. On February 2nd, the Optimism team was alerted byJay Freemanof a critical bug in Optimism’s fork of theEthereumGeth client software.
As per the Optimismannouncement“Funds Are Safu.”

The bug made it possible for a malicious hacker to create ETH onOptimismby “repeatedly triggering the “SELF-DESTRUCT” opcode on a contract that held an ETH balance.” Opcodes are different types of instructions that can run on the Ethereum Virtual Machine (EVM) execution environment.

Bug triggered by Etherscan employee

Analysis of Optimism’s blockchain history carried out by the Optimism team showed that the bug was not exploited. The bug seems to have been accidentally triggered on one occasion by an employee at the popular block explorer Etherscan.

Ethereum Layer-2 solution Optimism has fixed a critical software bug in one of its smart contracts on Ethereum. On February 2nd, the Optimism team was alerted by Jay Freeman of a critical bug in Optimism’s fork of the Ethereum Geth client software.

As per the Optimism announcement “Funds Are Safu.”

The bug made it possible for a malicious hacker to create ETH on Optimism by “repeatedly triggering the “SELF-DESTRUCT” opcode on a contract that held an ETH balance.” Opcodes are different types of instructions that can run on the Ethereum Virtual Machine (EVM) execution environment.

Bug triggered by Etherscan employee

Analysis of Optimism’s blockchain history carried out by the Optimism team showed that the bug was not exploited.

Security concerns in crypto projects

Optimism isn’t the only Ethereum scaling solution that has had issues with bugs. Towards the end of December, Polygon quietly fixed a bug that put 9.27 billion of its 10 billion MATIC tokens at risk of being stolen.
Two white hat hackers who were the first to report the problem received a total reward of $3.5 million; and back in October, with the help of another whitehat hacker, Polygon fixed a vulnerability that could have cost the company $850 million.

While Layer 2 protocols have brought numerous benefits to Ethereum and its customers, these events point to larger issues in their security protocols.

To stay one step ahead of blackhat hackers, MakerDAO has offered a reward of up to $10 million for anyone who helps identify significant vulnerabilities in their smart contracts.

Overdue previous twelve months Optimism got rid of its whitelist, making it imaginable for for any developer to start out off putting in place jobs at the Optimism neighborhood. Previous to this, the community was once best accessible to distinct tasks this kind of as Uniswap and Synthetix.

This limitation constructed it so much more uncomplicated for builders to discover and clear up possible insects

Attached:MakerDAO launches maximum essential at any time computer virus bounty with $10M praise

Optimism is a Layer 2 scaling possibility for the Ethereum neighborhood, using “optimistic rollups” that mixture transactions external of the Ethereum blockchain.

This provides the rewards of decreasing slippage, reducing transaction prices and massively strengthening transaction speeds.

According to the Optimism team, “The bug allowed the creation of ETH on Optimism by frequently activating the SELFDESTRUCT opcode on a contract that had an ETH balance.”

In a separate blog post, “the Optimism team noted that its chain history demonstrated that the bug was not exploited, aside from an employee accidentally activating the Ethereum Etherscan data startup, but “no usable surplus was created.”

“The fix was tested and deployed to the Optimism Kovan and Mainnet networks (including all infrastructure providers) within hours of confirmation,” the team said, thanking Infura, QuickNode, and Alchemy for the fast response times.

Credits: Elevenews.com

“We have also alerted several vulnerable forks of Optimism and bridge providers to the issue.

The token has formed a rising wedge pattern on the 4-hour chart, putting ETH at risk of a drop toward $2,511.

The first foothold for Ethereum price is at the 50 four-hour Simple Moving Average (SMA) at $2,992, coinciding with the 38.2% Fibonacci retracement level and the support line given by the Momentum Reversal Indicator (MRI).

ETH/USDT 4-hour chart

The next line of defense for ETH is at the lower boundary of the governing technical pattern at $2,903, intersecting with the 200 four-hour SMA.

However, if buying pressure increases, Ethereum price could tag the 21 four-hour SMA at $3,154, coinciding with the 23.6% Fibonacci retracement level next.

نقص فنی مهم راهکار لایه-2 اتریوم موسوم به Optimism در کلاینت نرم‌افزاری Geth شناسایی و رفع شد. Jay Freeman فردی بود که این باگ را در روز دوم فوریه به‌اطلاع تیم توسعه‌‌دهندگان اتریوم رساند، در اعلامیه‌ی منتشر شده از سوی راهکار Optimism آمده است که «دارایی‌های کاربران امن بوده و آسیبی به‌آنها وارد نشده است.»

این نقص فنی به هکرهای مجرم اجازه می‌داد تا با اجرای مکرر آپ‌کد (کد دستوری) «خود-تخریب/SELF DESTRUCT» بر یک حساب دارای موجودی اتریوم، اقدام به ایجاد توکن‌های ETH نمایند.
آپ‌کدها مجموعه‌‌های متنوعی از دستوراتی هستند که می‌توانند در محیط ماشین مجازی اتریوم (EVM) اجرا شوند.

کارمند Etherscan این نقص را ایجاد کرد

براساس مطالعه‌ی تیم توسعه‌دهنده‌ی Optimism، این باگ فنی مورد سوءاستفاده قرار نگرفته بلکه توسط یکی از کارمندان سایت معروف Etherscan سهوا ایجاد شده است.

Similar Posts:

Leave a comment