Critical bug in Ethereum L2 Optimism, $2M bounty paid

Must read

MakerDAO price rebounds as DAI holds its peg and investors search for stablecoin security

Its been a rough couple of weeks for the cryptocurrency market. Bitcoin (BTC) price is nowhere near the price estimates of most analysts, multiple...

Do Kwon proposes Terra hard fork to save ecosystem

Terraform Labs will put the proposal up for a governance vote on May 18 Asia time. 4883 Total views ...

Price analysis 5/16: BTC, ETH, BNB, XRP, ADA, SOL, DOGE, DOT, AVAX, SHIB

The selling in Bitcoin (BTC) is showing no sign of abating and Bitcoin has fallen for seven straight weeks for the first time ever....

Bitcoin bulls aim to flip $30K to support, but derivatives data show traders lack confidence

Bitcoin (BTC) bounced 19% from the $25,400 low on May 12, but has investor confidence in the market been restored? Judging by the ascending...

EthereumHacks

Announced today, the Ethereum layer-2 chain Optimism was alerted by a white hat hacker of a critical bug in a smart contract. The bug was fixed and $2 million in bug bounty was paid out to the hacker.

Critical bug in Ethereum L2 Optimism, $2M bounty paid

Ethereum Layer-2 solution Optimism has fixed a critical software bug in one of its smart contracts on Ethereum. On February 2nd, the Optimism team was alerted by Jay Freeman of a critical bug in Optimism’s fork of the Ethereum Geth client software. As per the Optimism announcement “Funds Are Safu.”

The bug made it possible for a malicious hacker to create ETH on Optimism by “repeatedly triggering the “SELF-DESTRUCT” opcode on a contract that held an ETH balance.” Opcodes are different types of instructions that can run on the Ethereum Virtual Machine (EVM) execution environment. 

Bug triggered by Etherscan employee

Analysis of Optimism’s blockchain history carried out by the Optimism team showed that the bug was not exploited. The bug seems to have been accidentally triggered on one occasion by an employee at the popular block explorer Etherscan. As per the report, “no usable excess ETH was generated.”

According to the announcement, within hours of confirmation, the Optimism team developed and deployed a fix on the Kovan and Mainnet networks, mending the bug, and sent alerts to teams developing vulnerable Optimism forks and to L1-L2 bridge providers. Apart from the announcement, the Optimism team has also published a detailed breakdown of the incident.

As part of Optimism’s Immunefi bug bounty program, the maximum amount of just over $2 million was paid out to Jay Freeman. The fact that the maximum amount was paid, indicates the seriousness of the bug. The announcement does not, however, speculate on possible damages if the bug had been exploited by a malicious hacker.

Growing DeFi ecosystem makes security complex

According to Optimism’s blog post, defending the DeFi ecosystem against security issues is becoming increasingly complex, to a significant extent as a direct consequence of decentralization itself.

The post reads:

“it’s clear that the ecosystem will soon be far too large for this to remain practical. We’ll be updating our disclosure protocol to more closely match Geth’s in the near future,”

The post also points to the importance of bug bounty programs. 

The Optimism team is currently in the process of specifying and building the next major release, Optimism: Bedrock Edition. According to Optimism, Bedrock Edition will significantly reduce the difference in the code base between Optimism’s Geth fork, and the “official” go-ethereum client. Not having to modify as much of the original code makes it less likely to introduce bugs.

Everdome

CryptoSlate Newsletter

Featuring a summary of the most important daily stories in the world of crypto, DeFi, NFTs and more.

Get an edge on the cryptoasset market

Access more crypto insights and context in every article as a paid member of CryptoSlate Edge.

On-chain analysis

Price snapshots

More context

Join now for $19/month Explore all benefits

More articles

Latest article

MakerDAO price rebounds as DAI holds its peg and investors search for stablecoin security

Its been a rough couple of weeks for the cryptocurrency market. Bitcoin (BTC) price is nowhere near the price estimates of most analysts, multiple...

Do Kwon proposes Terra hard fork to save ecosystem

Terraform Labs will put the proposal up for a governance vote on May 18 Asia time. 4883 Total views ...

Price analysis 5/16: BTC, ETH, BNB, XRP, ADA, SOL, DOGE, DOT, AVAX, SHIB

The selling in Bitcoin (BTC) is showing no sign of abating and Bitcoin has fallen for seven straight weeks for the first time ever....

Bitcoin bulls aim to flip $30K to support, but derivatives data show traders lack confidence

Bitcoin (BTC) bounced 19% from the $25,400 low on May 12, but has investor confidence in the market been restored? Judging by the ascending...

Top 5 cryptocurrencies to watch this week: BTC, MANA, MKR, ZEC, KCS

Bitcoin (BTC) has been relatively calm during the weekend as crypto traders try to rebuild the markets after the Terra LUNA debacle. With macro...