Tech

Optimism Fixes “Critical Bug” Discovered By Outside Developer

02/10/2022
Bitcoin Ethereum News

Key Takeaways

  • Optimism, a popular Ethereum Layer 2 scaling solution, has patched a major vulnerability in its network.
  • The team was alerted of the vulnerability last week by a developer named Jay Freeman, also known as “saurik.”
  • He was awarded the maximum possible bounty award of more than $2 million.

Share this article

Optimism has fixed a “critical bug” in its Geth (Ethereum’s most popular implementation) fork. The bug was discovered by Jay Freeman, the developer behind both Cydia and Orchid Protocol, who informed Optimism about it on Feb. 2 and was subsequently awarded its highest bounty. 

Optimism Bug Fixed

Large losses may have been avoided by a simple bug discovery. 

Optimism, the fourth-largest Layer 2 Ethereum scaling solution by total value locked, announced today that it had patched a critical bug in its Geth fork that had been discovered by developer Jay Freeman. Freeman was awarded the maximum bounty award of more than $2 million for alerting Optimism of the vulnerability.

If exploited, the bug would have allowed for ETH to be repeatedly created on Optimism through “triggering the SELFDESTRUCT opcode on a contract that held an ETH balance.” The SELFDESTRUCT function allows for the destruction of certain Ethereum smart contracts. 

The bug was never exploited, though it might have been triggered by an Etherscan employee by accident. No “usable ETH” was created upon this accidental triggering, though. 

A fix for the vulnerability was tested on Kovan, Optimism’s test net, and then deployed on the network’s mainnet—as well as on its infrastructure providers and forks—within hours after confirmation. The network remained operational throughout. 

To patch the issue, Optimism developers shared a private patch with “key parties” immediately. After the patch was revealed as successful, it was “publicly released…hidden in an inconspicuous commit.” The team had to go about the patch fix and release with care due to the growing number of parties in the protocol’s ecosystem: various bridges, providers, and mainnet forks. This complexity contributes positively to decentralization but makes releases, especially security releases, more difficult, said the team. 

The bounty Optimism pays for whitehat hackers is based on the threat level posed by the bug—in this case, Freeman received the maximum possible award. 

Vitalik Buterin has discussed the importance of Layer 2’s for Ethereum’s future in order to combat the networks’ high transaction fees that, he said, made the network “not ready for direct mass adoption” on Layer 1. Last November, he introduced EIP 4488, an Ethereum improvement proposal focused on reducing gas fees even on Ethereum Layer 2 scaling solutions. 

Disclosure: At the time of writing, the author of this piece owned ETH and several other cryptocurrencies. 

Share this article

The information on or accessed through this website is obtained from independent sources we believe to be accurate and reliable, but Decentral Media, Inc. makes no representation or warranty as to the timeliness, completeness, or accuracy of any information on or accessed through this website. Decentral Media, Inc. is not an investment advisor. We do not give personalized investment advice or other financial advice. The information on this website is subject to change without notice. Some or all of the information on this website may become outdated, or it may be or become incomplete or inaccurate. We may, but are not obligated to, update any outdated, incomplete, or inaccurate information.

You should never make an investment decision on an ICO, IEO, or other investment based on the information on this website, and you should never interpret or otherwise rely on any of the information on this website as investment advice. We strongly recommend that you consult a licensed investment advisor or other qualified financial professional if you are seeking investment advice on an ICO, IEO, or other investment. We do not accept compensation in any form for analyzing or reporting on any ICO, IEO, cryptocurrency, currency, tokenized sales, securities, or commodities.

See full terms and conditions.

$8M Lost as THORChain Suffers Third Attack in a Month

THORChain says the attacker made off with around $8 million.  THORChain Hit by Another Exploit  THORChain has suffered its third critical attack in a month. THORChain has suffered a sophisticated…

Balancer Pool Exploited, Over $500,000 of Funds Lost

A hacker found a loophole in a Balancer pool via a deflationary token, resulting in the pool being drained of $535,000. Balancer’s co-founder took responsibility for ignoring a previous bug…

$60M Stolen From AnubisDAO in Latest DeFi Attack

AnubisDAO has suffered from an attack in which an unknown entity stole $60 million from the project’s auction pool. Funds Drained From AnubisDAO In Suspected Rug pull AnubisDAO, a newly-launched…

OVR – the largest decentralized AR Metaverse

OVR is the decentralized infrastructure for the metaverse, merging physical and virtual world through Augmented Reality, creating a new dimension where everything is possible. It’s composed of 1.6 trillion unique hexagons…

Source: https://cryptobriefing.com/optimism-fixes-critical-bug-discovered-by-outside-developer/?utm_source=main_feed&utm_medium=rss