Ethereum's most popular second-layer scalability solution Optimism was vulnerable to the "Unbridled Optimism" attack — so were its forks, Boba and Metis.
Infinite Ethers for potential Optimism attackers
Seasoned developer Jay Freeman who is well-known as co-founder of Orchid and core developer of iOS Jailbreak and Cydia tools, released a detailed blog post on how Go-Ethereum fork Optimism could have been hacked.
Last week, I discovered (and reported) a critical bug (which has been fully patched) in @optimismPBC (a "layer 2 scaling solution" for Ethereum) that would have allowed an attacker to print arbitrary quantity of tokens, for which I won a $2,000,042 bounty. https://t.co/J6KOlU8aSW— Jay Freeman (saurik) (@saurik) February 10, 2022
According to his detailed explanation, a malicious actor could "mint" an arbitrary number of ETH tokens on any blockchain that utilizes Optimism Virtual Machine (OVM).
This could have been achieved by repeatedly triggering the SELFDESRUCT op-code on a contract with mainnet Ethers on balance. By doing so, attackers could increase their ETH holdings to infinite.
Also, Optimism forks Boba and Metis were prone to similar attacks design.
Bug fixed, $2M bounty comes to white-hat hacker
As per the statement of the Optimism team, their experts confirmed that the bug was never exploited by 'real' hackers: as such, all of the users' funds are safe.
An emergence patch was released to Optimism mainnet and Kovan testnet just hours after the bug was disclosed. All forks and bridge providers were alerted: they should update their software to L2Geth version v0.5.11 in order to keep their systems synchronized with Optimism.
The platform awarded the maximum bounty amount of $2,000,042 to Freeman through the Immunefi bug bounty instrument. The white-hat hacker announced he will cover the accident on Feb.18 during the ETHDenver conference.