Critical bug in Ethereum L2 Optimism, $2M bounty paid

Ethereum Layer-2 solution Optimism has fixed a captious bundle bug successful 1 of its astute contracts connected Ethereum. On February 2nd, the Optimism squad was alerted by Jay Freeman of a captious bug successful Optimism’s fork of the Ethereum Geth lawsuit software. As per the Optimism announcement “Funds Are Safu.”

The bug made it imaginable for a malicious hacker to make ETH connected Optimism by “repeatedly triggering the “SELF-DESTRUCT” opcode connected a declaration that held an ETH balance.” Opcodes are antithetic types of instructions that tin tally connected the Ethereum Virtual Machine (EVM) execution environment. 

Bug triggered by Etherscan employee

Analysis of Optimism’s blockchain past carried retired by the Optimism squad showed that the bug was not exploited. The bug seems to person been accidentally triggered connected 1 juncture by an worker astatine the fashionable artifact explorer Etherscan. As per the report, “no usable excess ETH was generated.”

According to the announcement, wrong hours of confirmation, the Optimism squad developed and deployed a hole connected the Kovan and Mainnet networks, mending the bug, and sent alerts to teams processing susceptible Optimism forks and to L1-L2 span providers. Apart from the announcement, the Optimism squad has besides published a elaborate breakdown of the incident.

As portion of Optimism’s Immunefi bug bounty program, the maximum magnitude of conscionable implicit $2 cardinal was paid retired to Jay Freeman. The information that the maximum magnitude was paid, indicates the seriousness of the bug. The announcement does not, however, speculate connected imaginable damages if the bug had been exploited by a malicious hacker.

Growing DeFi ecosystem makes information complex

According to Optimism’s blog post, defending the DeFi ecosystem against information issues is becoming progressively complex, to a important grade arsenic a nonstop effect of decentralization itself.

The station reads:

“it’s wide that the ecosystem volition soon beryllium acold excessively ample for this to stay practical. We’ll beryllium updating our disclosure protocol to much intimately lucifer Geth’s successful the adjacent future,”

The station besides points to the value of bug bounty programs. 

The Optimism squad is presently successful the process of specifying and gathering the adjacent large release, Optimism: Bedrock Edition. According to Optimism, Bedrock Edition volition importantly trim the quality successful the codification basal betwixt Optimism’s Geth fork, and the “official” go-ethereum client. Not having to modify arsenic overmuch of the archetypal codification makes it little apt to present bugs.