Main navigation

Jailbreak Veteran Discloses a Bug in Optimism: It Was Possible to Create Infinite ETH!

Fri, 02/11/2022 - 12:39
article image
Vladislav Sopov
The leading Ethereum scaling solution would have allowed bad actors to create infinite ETH
Jailbreak Veteran Discloses a Bug in Optimism: It Was Possible to Create Infinite ETH!
Cover image via
Read U.TODAY on
Google News

Ethereum's most popular second-layer scalability solution Optimism was vulnerable to the "Unbridled Optimism" attack — so were its forks, Boba and Metis.

Infinite Ethers for potential Optimism attackers

Seasoned developer Jay Freeman who is well-known as co-founder of Orchid and core developer of iOS Jailbreak and Cydia tools, released a detailed blog post on how Go-Ethereum fork Optimism could have been hacked.

According to his detailed explanation, a malicious actor could "mint" an arbitrary number of ETH tokens on any blockchain that utilizes Optimism Virtual Machine (OVM).

This could have been achieved by repeatedly triggering the SELFDESRUCT op-code on a contract with mainnet Ethers on balance. By doing so, attackers could increase their ETH holdings to infinite.

Also, Optimism forks Boba and Metis were prone to similar attacks design.

Bug fixed, $2M bounty comes to white-hat hacker

As per the statement of the Optimism team, their experts confirmed that the bug was never exploited by 'real' hackers: as such, all of the users' funds are safe.

An emergence patch was released to Optimism mainnet and Kovan testnet just hours after the bug was disclosed. All forks and bridge providers were alerted: they should update their software to L2Geth version v0.5.11 in order to keep their systems synchronized with Optimism.

The platform awarded the maximum bounty amount of $2,000,042 to Freeman through the Immunefi bug bounty instrument. The white-hat hacker announced he will cover the accident on Feb.18 during the ETHDenver conference.

article image
About the author

Blockchain Analyst & Writer with scientific background. 6+ years in IT-analytics, 3+ years in blockchain.

Worked in independent analysis as well as in start-ups (, Monoreto, Attic Lab etc.)