A rare incident happened earlier this month when a hacker chose $2M bug bounty instead of printing unlimited ‘Ether’.
A white-hat hacker and iOS Cydia jailbreak software developer has won a reward of $2 million (roughly Rs. 15 crore) after fixing a “critical bug” in Ethereum Layer 2 scaling project Optimism which could have enabled hackers to build as much Ether in an Optimism account balance as they wanted.
Optimism declared that the bug was uncovered earlier this month and has been later fixed by an iOS developer who goes by the name Jay Freeman on Twitter, enabling him to receive one of the largest bug-finding awards to date.
In a detailed blog post, Freeman (@saurik) clarified on Twitter that the bug would “allow an attacker to copy money on any chain utilizing his OVM 2.0 go-Ethereum fork.” For his efforts, Freeman earned one of the largest bug-finding awards to date, with a total award of $2,000,042 (roughly Rs. 15 crore).
According to the Optimism team, “The bug allowed the creation of ETH on Optimism by frequently activating the SELFDESTRUCT opcode on a contract that had an ETH balance.”
In a separate blog post, “the Optimism team noted that its chain history demonstrated that the bug was not exploited, aside from an employee accidentally activating the Ethereum Etherscan data startup, but “no usable surplus was created.”
“The fix was tested and deployed to the Optimism Kovan and Mainnet networks (including all infrastructure providers) within hours of confirmation,” the team said, thanking Infura, QuickNode, and Alchemy for the fast response times.
“We have also alerted several vulnerable forks of Optimism and bridge providers to the issue. All of these projects have applied the required fix.”
At the end of last year, Optimism removed its whitelist, allowing any developer to start creating projects on the Optimism network. Before this, the network was only available to certain projects such as Uniswap and Synthetix. This limitation made it easier for developers to detect and fix potential bugs.
As per its website, Optimism identifies as a Layer-2 scaling protocol for Ethereum applications and is meant to look, feel and behave like Ethereum but cheaper and faster. As for developers building on Optimism, the company tries to make the switch away from the main Ethereum network as seamless as possible without having to go through a long process.
Freeman noted that he sometimes “balks” at assisting blockchain projects with “basic issues of decentralization or security,” as those core tenets of the technology which “can’t be afterthoughts.”
“This stuff is too important to be releasing quickly and adjusting the design in the field,” he wrote (our emphasis).
“And yet, we see crypto project after crypto project trying to externalize the cost of their core design to people being only indirectly compensated, rather than building a team around mathematicians, economists, and security experts.
