How Twitter Helped Avert a Critical Exploit

This vulnerability was not in Optimism’s code, but rather in a custom bridge provided by BitBTC
BitBTC’s custom bridge code did not acknowledge the specific layer-2 token being minted to the layer-1 address

A Twitter user has helped avert a potential exploit after publicly flagging a vulnerability in BitBTC’s Optimism bridge — the latest such near-miss following a year full of “successful” thefts.

Lee Bousfield, a tech lead at Ethereum scaling solution Arbitrum — PlasmaPower0 on Twitter — published what he dubbed a critical exploit after he said his messages were ignored by BitBTC.

BitBTC’s Optimism bridge is trivially vulnerable. Their team has ignored my messages, so I’m going to publish the critical exploit here. 🧵https://t.co/onyN9SzBjt
— Lee Bousfield (@PlasmaPower0) October 18, 2022

Optimism layer-2 blockchain bridge facilitates withdrawals of any token from a corresponding layer-1 wallet. But, the BitBTC code involved does not acknowledge what the layer-2 token actually is —and mints an arbitrary layer-1 to match.

“That means an attacker could deploy their own token on Optimism, give themselves all the supply, and set that token’s L1Token to the real BitBTC L1 address,” Bousfield tweeted.

“Then, when the attacker withdraws their malicious token through the BitBTC bridge, it gives them real BitBTC tokens on L1.”

Of note, the apparent vulnerability was not in Optimism’s code, but rather in a custom bridge facilitated by BitBTC, according to Kelvin Fichter, an Optimism developer. Meaning, in the developer’s estimation, non-BitBTC assets were not at risk.

“We put a lot of time and energy into the standard bridge and I highly recommend using the standard bridge rather than rolling your own custom bridge unless you really know what you’re doing,” Fichter tweeted.

The next day, an attacker — who claimed he was testing the code, tried to withdraw 200 billion BitBTC from Optimism.

The exploit was able to be stopped as the process of withdrawing the token from the bridge would have taken seven days, and BitBTC in the interim patched the vulnerability via a software update.

“The attacks will now fail when they arrive on L1. Thanks everyone for making noise and helping get this fixed,” Bousfield tweeted.

Bousfield did not immediately return a request for comment.

Get the day’s top crypto news and insights delivered to your inbox every evening. Subscribe to Blockworks’ free newsletter now.

Bessie Liu
Blockworks
Reporter
Bessie is a New York based crypto reporter who previously worked as a tech journalist for The Org. She completed her master’s degree in journalism at New York University after working as a management consultant for over two years. Bessie is originally from Melbourne, Australia.
You can contact Bessie at [email protected]

Source: https://blockworks.co/how-twitter-helped-avert-a-critical-exploit/