2 years ago
A hacker has made disconnected with $2 cardinal successful bug bounty aft uncovering an alarming vulnerability with the Ethereum network. This bug could person been precise atrocious if it had been recovered by achromatic chapeau hackers who could person exploited the integer plus for billions of dollars worthy of ETH. Instead, a ‘grey hat’ hacker popularly known arsenic Saurik informed the Ethereum squad of the vulnerability, netting himself a sizable reward successful return.
Finding The Vulnerability On Ethereum
Hacker Saurik had recovered the vulnerability connected Optimism, an Ethereum furniture 2 rollup solution. The hacker himself published a study arsenic to however helium recovered the vulnerability connected the solution. Looking done nano payments protocols connected the rollup, helium had recovered a vulnerability that could let an attacker to retreat unbridled a ‘virtually unlimited’ magnitude of ETH from the solution.
Related Reading | TA: Ethereum Overcome Hurdles, Why 100 SMA Is The Key
It was akin to the onslaught method deployed connected fashionable astute contracts blockchain Solana that resulted successful the $353 cardinal hacks connected Wormhole. Optimism, similar Wormhole, mint what are known arsenic “Wrapped Ether.” Users deposit their Ether connected the astute declaration to fundamentally service arsenic collateral and they are adjacent these tokens that lone beryllium connected Optimism’s network. They past usage nano payments protocol to marque transactions faster and quicker.
Saurik who is famously known for processing the Jailbroken iOS had confirmed the vulnerability. However, alternatively of exploiting the vulnerability for his ain idiosyncratic gain, the self-styled grey chapeau hacker had reported it to the Optimism devs. In return, Saurik was rewarded with a $2 cardinal bounty for his altruism, which has helped to marque the web and furniture 2 rollup safer for users.
Debunking Popular Rumors
After quality of the vulnerability and consequent bounty outgo broke, determination person been rumors circulating regarding what an attacker could person done with it if they chose to not study it to the devs. The astir fashionable of these has been that the attacker would person been capable to retreat an unlimited magnitude of ETH from the network. While this has immoderate merit to it, it is mostly false.
Firstly, the vulnerability exists connected a furniture 2 rollup solution Optimism. While the protocol exists connected the ethereum network, it is not the web itself. This means that the vulnerability was localized to the protocol alone. So portion an attacker would person been capable to exploit this to retreat an ‘unlimited’ magnitude of ETH, they could lone retreat the disposable equilibrium connected the Optimism address.
Related Reading | Will Ethereum Hit $7k This Year? Finder’s Panel Says Yes
Nevertheless, it is inactive nary concealed that the results would person been devastating for users of the furniture 2 protocol if a achromatic chapeau hacker had recovered the vulnerability. This lawsuit speaks volumes astir the usefulness of bug bounties. While the rewards for these bounties whitethorn look excessively ample astatine first, 1 indispensable deliberation astir what the alternate would beryllium if determination was nary inducement for hackers to travel guardant with their findings. White chapeau hackers nary uncertainty assistance to prevention millions, if not billions, of dollars each year.
Featured representation from Gagadget, illustration from TradingView.com
English (US) 