2 years ago
On February 10, the well-known developer of Cydia and iOS Jailbreak, Jay Freeman, different known arsenic Saurik, published a Twitter thread astir a bug helium recovered successful the Layer-2 (L2) scaling protocol known arsenic Optimism. According to Freeman, the vulnerability, which has been patched, could person allowed an attacker to make an infinite magnitude of tokens.
Cydia Creator ‘Saurik’ Discovers Optimism L2 Vulnerability
Jay Freeman is simply a salient bundle developer who is good known for his iOS Jailbreak and Cydia tools. Freeman’s Cydia graphical idiosyncratic interface (GUI) was released successful February 2008, and it gives users with jailbroken iPhones the quality to download unauthorized bundle for the Apple smartphone operating strategy iOS. Freeman precocious published a blog post called “Attacking an Ethereum L2 with Unbridled Optimism,” which explains however helium reported a captious information contented to the developers of the L2 scaling solution Optimism.
Optimism’s L2 solution allows users to determination ethereum for a fraction of the cost. Currently, moving ether utilizing Optimism tin outgo $0.56 per transfer arsenic opposed to the L1 state fees contiguous which are $3.29 per transaction. To swap coins onchain utilizing L1 it volition outgo a idiosyncratic $16.47 successful ether but utilizing Optimism to swap coins volition outgo $0.83. Freeman reported the Optimism vulnerability connected February 2, 2022 and the bug has since been patched.
The onslaught would person allowed “an attacker to replicate wealth connected immoderate concatenation utilizing their “OVM 2.0” fork of go-ethereum (which they telephone l2geth),” Freeman said. The developer further explained that helium plans to speech astir the Optimism vulnerability connected February 18th astatine Ethdenver 2022. Freeman was besides awarded a $2,000,042 bounty for discovering the bug and disclosing it to the team. The bundle engineer’s blog station describes however the attacker could mint an arbitrary quantity of tokens earlier the bug was patched.
“The bug presented present — which I dub ‘Unbridled Optimism’ — tin possibly beryllium (crudely) modelled arsenic a bug connected the acold broadside of a ‘bridge,’” Freeman wrote. “But is really a bug successful the virtual instrumentality that executes astute contracts connected Optimism. Exploiting this enables the attacker to person entree to an efficaciously unbounded fig of tokens (aka, the IOUs) connected the acold broadside of the bridge. It is my contention that this is much unsafe than simply tricking the reserves into allowing a withdrawal.” The developer continued:
Further, with your unbounded proviso of IOUs, you could spell to each decentralized speech moving connected the L2 and messiness with their economies, buying up immense quantities of different tokens portion devaluing the chain’s ain currency. Using your entree to infinite capital, you could further manipulate onchain pricing oracles to leverage for different attacks; and, until idiosyncratic yet realizes your wealth is counterfeit, arbitragers volition flock to the web to merchantability you their assets.
The Pessimism Surrounding Cross-Chain Applications
In summation to the vulnerability recovered successful Optimism, Freeman discussed cross-chain span exertion successful large detail. The developer mentioned that the aforesaid time helium disclosed the bug to Optimism, the Wormhole span was attacked. Freeman besides touched upon the Poly Network hack successful his post. “Even erstwhile hackers bash bargain wealth from a bridge, the ramifications are limited,” Freeman’s blog station explains.
Freeman discovering the Optimism bug follows the slew of hacks against cross-chain bridges and the community’s newfound interest implicit the information of this up-and-coming technology. The Cydia developer’s blog station mentions concepts similar “’insurance policies’ against crypto hacks.” Moreover, Ethereum (ETH) co-founder Vitalik Buterin precocious discussed concerns tied to the information of cross-chain span platforms. “I americium pessimistic astir cross-chain applications,” a caller Reddit station by Buterin declares.
Tags successful this story
1 cardinal players, binance tracks hackers, Blockchain, Blog Post, Cryptocurrencies, Cydia Dev, Cydia Developer, Developer, Ethereum, Ethereum (ETH), Hacker, iOS Jailbreak, Jay Freeman, L2, L2 scaling, Optimism, Optimism bug, Optimism bug patched, Optimism vulnerability, Scaling, Tokens, Vitalik Buterin
What bash you deliberation astir Jay Freeman’s Optimism bug discovery? Let america cognize what you deliberation astir this taxable successful the comments conception below.
Jamie Redman
Jamie Redman is the News Lead astatine Bitcoin.com News and a fiscal tech writer surviving successful Florida. Redman has been an progressive subordinate of the cryptocurrency assemblage since 2011. He has a passionateness for Bitcoin, open-source code, and decentralized applications. Since September 2015, Redman has written much than 5,000 articles for Bitcoin.com News astir the disruptive protocols emerging today.
Image Credits: Shutterstock, Pixabay, Wiki Commons
Disclaimer: This nonfiction is for informational purposes only. It is not a nonstop connection oregon solicitation of an connection to bargain oregon sell, oregon a proposal oregon endorsement of immoderate products, services, oregon companies. Bitcoin.com does not supply investment, tax, legal, oregon accounting advice. Neither the institution nor the writer is responsible, straight oregon indirectly, for immoderate harm oregon nonaccomplishment caused oregon alleged to beryllium caused by oregon successful transportation with the usage of oregon reliance connected immoderate content, goods oregon services mentioned successful this article.
English (US) 