Optimism is an Ethereum scaling firm. It has revealed a workaround for a “major flaw” in the project’s Geth fork. This would have allowed hostile hackers to create a limitless amount of ETH.
Furthermore, programmers from the Ethereum Layer 2 scaling project Optimism stated that a “major problem” got discovered and fixed.
White hat hacker and iOS jailbreak software engineer Jay Freeman originally found the issue. It could have allowed hackers to manufacture as much ‘ETH’ as they wanted in an Optimism account balance.
He said in his tweet that last week, he uncovered (and disclosed) a serious problem in @optimismPBC (an Ethereum “layer 2 scaling solution”). It would have allowed an attacker to print an arbitrary number of tokens, for which I received a $2,000,042 bounty.
The Flaw on the Hack
Freeman highlighted the flaw in a detailed blog post. It said that it would allow an attacker to reproduce money on any chain utilizing their ‘OVM 2.0’ version of go-Ethereum. For his work, Freeman received one of the greatest bug bounties ever, with a total payment of $2,000,042.
The flaw, according to the Optimism team, allowed users to produce ETH on the platform. Additionally, this was done by repeatedly invoking the SELFDESTRUCT opcode on a contract with an ETH balance.
However, the Optimism team stated in a blog post that the problem had not abused. Furthermore, an unintentional activation by a worker at Ethereum data startup Etherscan, but that no useable excess had generated.
Within hours, a confirmation went through. The team said, a remedy for the vulnerability tested and distributed across Optimism’s Kovan and Mainnet network. This goes along with all infrastructure providers. They also expressed gratitude to Infura, QuickNode, and Alchemy for their quick responses.
They’ve also notified a number of susceptible Optimism forks and bridge providers about the problem. All of these projects have implemented the required fix.
Optimism’s Lifts Whitelist
Optimism lifted its whitelist late last year, allowing any developer to start developing projects on the Optimism network. Prior to this, only specific initiatives like Uniswap and Synthetix had access to the network. This restriction made it a lot easier for programmers to identify and fix potential bugs.
Furthermore, Optimism is an Ethereum network Layer 2 scalability solution. It uses “optimistic rollups” to consolidate transactions from outside the Ethereum blockchain.
This has the advantages of reducing transaction slippage, lowering transaction costs, and greatly increasing transaction speeds. However, while Layer 2 protocols provide performance gains, security during continuous development is still a major worry.
Additionally, this is one of the greatest bounty payments to date. On the other hand, MakerDAO has just revealed that it will pay a maximum of $10 million to anyone who can identify serious security flaws in its smart contracts. The most extensive set of bug bounties ever provided on Immunefi’s bug bounty program.
