Ethereum offchain scaling solution Optimism revealed that there was found a vulnerability in the codebase by software engineer Jay Freeman (saurik), who reported the issue.
Related: Ethereum Scaling Solution Optimism Removes Whitelist
The bug would enable a hacker to print assets on any chain via a fork of go-ethereum. Optimism patched the bug, and awarded Jay Freeman over $2 M. The team deployed the update to its test network Kovan and mainnet.
Last week we patched a critical bug in the Optimism codebase, discovered by @saurik. Here’s our official disclosure and some of the lessons we learned.https://t.co/9DbR8QBYyw
— Optimism (@optimismPBC) February 10, 2022
As the conducted analysis revealed, the bug was not used, except for the accidental activation of the Ethereum explorer Etherscan by an employee. The coins were not issued.
In an article by the developer, which he entitled “Attacking Ethereum L2 with unbridled Optimism,” Jay Freeman described how he discovered the issue and shared his views on the overall working mechanism, existing challenges and ways to increase the security of the network.
He noted that one of the most problematic instructions in the Ethereum Virtual machine is SELFDESTRUCT, which in the case of explosion would cause large losses. SELFDESTRUCT allows a contract to deploy itself, and transfer large amounts of tokens very quickly.
Trending: Smart Contracts Audits Startup Hexens Closed $4.2 M Seed Funding
Optimism started a bounty program on January 13, setting a max prize of $2,000,042 for discovering critical bugs.