Optimism Fixes "Critical Bug" Discovered by Outside Developer

The developer who discovered the bug and alerted Optimism to its existence has been awarded a $2 million bounty for his efforts.

Optimism Fixes "Critical Bug" Discovered by Outside Developer
Shutterstock cover by eamesBot

Key Takeaways

  • Optimism, a popular Ethereum Layer 2 scaling solution, has patched a major vulnerability in its network.
  • The team was alerted of the vulnerability last week by a developer named Jay Freeman, also known as “saurik.”
  • He was awarded the maximum possible bounty award of more than $2 million.

Share this article

Optimism has fixed a “critical bug” in its Geth (Ethereum’s most popular implementation) fork. The bug was discovered by Jay Freeman, the developer behind both Cydia and Orchid Protocol, who informed Optimism about it on Feb. 2 and was subsequently awarded its highest bounty. 

Optimism Bug Fixed

Large losses may have been avoided by a simple bug discovery. 

Optimism, the fourth-largest Layer 2 Ethereum scaling solution by total value locked, announced today that it had patched a critical bug in its Geth fork that had been discovered by developer Jay Freeman. Freeman was awarded the maximum bounty award of more than $2 million for alerting Optimism of the vulnerability.

If exploited, the bug would have allowed for ETH to be repeatedly created on Optimism through “triggering the SELFDESTRUCT opcode on a contract that held an ETH balance.” The SELFDESTRUCT function allows for the destruction of certain Ethereum smart contracts. 

The bug was never exploited, though it might have been triggered by an Etherscan employee by accident. No “usable ETH” was created upon this accidental triggering, though. 

A fix for the vulnerability was tested on Kovan, Optimism’s test net, and then deployed on the network’s mainnet—as well as on its infrastructure providers and forks—within hours after confirmation. The network remained operational throughout. 

To patch the issue, Optimism developers shared a private patch with “key parties” immediately. After the patch was revealed as successful, it was “publicly released…hidden in an inconspicuous commit.” The team had to go about the patch fix and release with care due to the growing number of parties in the protocol’s ecosystem: various bridges, providers, and mainnet forks. This complexity contributes positively to decentralization but makes releases, especially security releases, more difficult, said the team. 

The bounty Optimism pays for whitehat hackers is based on the threat level posed by the bug—in this case, Freeman received the maximum possible award. 

Vitalik Buterin has discussed the importance of Layer 2’s for Ethereum’s future in order to combat the networks’ high transaction fees that, he said, made the network “not ready for direct mass adoption” on Layer 1. Last November, he introduced EIP 4488, an Ethereum improvement proposal focused on reducing gas fees even on Ethereum Layer 2 scaling solutions. 

Disclosure: At the time of writing, the author of this piece owned ETH and several other cryptocurrencies. 

Share this article

Loading...