67.3 k views

White Hat Hacker Awarded $2 Million for Fixing ETH-Creation Bug

Ethereum layer-2 solution, Optimism, fixed a major flaw that would have permitted an illegal and continuous creation of ETH tokens. 

According to sources, Optimism might have just solved a significant system vulnerability issue. The potential glitch got the attention of developers at Ethereum through an Ethical Hacker, Jay Freeman, who discovered flaws in the code and saved the network from significant theft risks. 

The bug, now curtailed, was reportedly triggered by an Etherscan employee. Had the issue not been promptly resolved, malicious users on the chain could have exploited the flaw. This means a cyber actor could have gained access to the unlimited generation of fresh ETH tokens. 

In a comprehensive blog post, Jay described precisely how this vulnerability could lead to the infinite duplication of the second most-valued cryptocurrency in the world. He explained that any developer on Ethereum’s chain could automatically use one of its forks to create new tokens. Specifically, a continuous regeneration is triggered by running a SELF-DESTRUCT opcode command on a smart contract that once held ETH tokens. 

Swift Resolution of Bug by Optimism

Luckily, Optimism restored the integrity of the network by fixing the bug on time before it exploited it. After receiving word about the issue, the development team implemented a fix on Kovan testnet and Optimism Mainnet in a matter of hours. Additionally, other affiliated forks and bridges to Optimism were alerted of the defect. So, as of now, Optimism and other related Ethereum projects are bug-proof. 

Following the bug’s swift resolution, Optimism swiftly rewarded whistleblower Jay Freeman, an amount of $2 million. The recent award makes Freeman’s bounty one of the highest ever recorded. However, a reasonable reward when one considers how much could have been lost had a malicious party caught on with the glitch. Additionally, the bonus gives developers an incentive to report code inconsistencies instead of exploiting them for selfish ends. 

System Integrity Issues Ravage Layer-2 Solutions

Besides Optimism, other layer-2 rollups have been reported to suffer from technical weaknesses. December saw a popular scaling solution; Polygon silently tackled a bug that exposed 92% of MATIC tokens to malevolent parties. Luckily, two ethical hackers stepped up to notify the network and were rewarded $1.75 million each. A few months earlier, a whitehat hacker reported and identified a loophole that could have cost Polygon a billion dollars. Last week saw Ethereum bridge, Wormhole, lose more than $325 million.

Layer-2 solutions have introduced significant scaling improvements amidst numerous benefits for users (such as reduced transaction fees). However, recent incidents hint that it might be at the cost of some security concerns. 

Ethereum live price
price change

Of late, several DAOs (Decentralized Autonomous Organizations) are taking proactive approaches to curb glitches. Offering bounties to Whitehats to identify and report security loops remain a practical approach to salvage potential glitches in a smart contract.

Stay up to date with our latest articles