Main navigation

Jailbreak Veteran Discloses a Bug in Optimism: It Was Possible to Create Infinite ETH!

Advertisement
Fri, 11/02/2022 - 12:39
Jailbreak Veteran Discloses a Bug in Optimism: It Was Possible to Create Infinite ETH!
Cover image via stock.adobe.com
Read U.TODAY on
Google News
Advertisement

Ethereum's most popular second-layer scalability solution Optimism was vulnerable to the "Unbridled Optimism" attack — so were its forks, Boba and Metis.

Infinite Ethers for potential Optimism attackers

Seasoned developer Jay Freeman who is well-known as co-founder of Orchid and core developer of iOS Jailbreak and Cydia tools, released a detailed blog post on how Go-Ethereum fork Optimism could have been hacked.

According to his detailed explanation, a malicious actor could "mint" an arbitrary number of ETH tokens on any blockchain that utilizes Optimism Virtual Machine (OVM).

Advertisement

This could have been achieved by repeatedly triggering the SELFDESRUCT op-code on a contract with mainnet Ethers on balance. By doing so, attackers could increase their ETH holdings to infinite.

Also, Optimism forks Boba and Metis were prone to similar attacks design.

Bug fixed, $2M bounty comes to white-hat hacker

As per the statement of the Optimism team, their experts confirmed that the bug was never exploited by 'real' hackers: as such, all of the users' funds are safe.

An emergence patch was released to Optimism mainnet and Kovan testnet just hours after the bug was disclosed. All forks and bridge providers were alerted: they should update their software to L2Geth version v0.5.11 in order to keep their systems synchronized with Optimism.

The platform awarded the maximum bounty amount of $2,000,042 to Freeman through the Immunefi bug bounty instrument. The white-hat hacker announced he will cover the accident on Feb.18 during the ETHDenver conference.

Related articles

Advertisement
TopCryptoNewsinYourMailbox
TopCryptoNewsinYourMailbox
Advertisement
Advertisement

Recommended articles

Latest Press Releases

Our social media
There's a lot to see there, too

Popular articles

Advertisement
AD