Fun

Cydia Dev Discloses Ethereum L2 Bug — Optimism Attacker Could Have ‘Printed an Arbitrary Quantity of Tokens’

News Feed - 2022-02-13 02:02:20

Cydia Dev Discloses Ethereum L2 Bug — Optimism Attacker Could Have "Printed an Arbitrary Quantity of Tokens"


On February 10, the well-known developer of Cydia and iOS Jailbreak, Jay Freeman, otherwise known as Saurik, published a Twitter thread about a bug he found in the Layer-2 (L2) scaling protocol known as Optimism. According to Freeman, the vulnerability, which has been patched, could have allowed an attacker to create an infinite amount of tokens. Cydia Creator ‘Saurik’ Discovers Optimism L2 Vulnerability


Jay Freeman is a prominent software developer who is well known for his iOS Jailbreak and Cydia tools. Freeman’s Cydia graphical user interface (GUI) was released in February 2008, and it gives users with jailbroken iPhones the ability to download unauthorized software for the Apple smartphone operating system iOS. Freeman recently published a blog post called “Attacking an Ethereum L2 with Unbridled Optimism,” which explains how he reported a critical security issue to the developers of the L2 scaling solution Optimism.


Optimism’s L2 solution allows users to move ethereum for a fraction of the cost. Currently, moving ether using Optimism can cost $0.56 per transfer as opposed to the L1 gas fees today which are $3.29 per transaction. To swap coins onchain using L1 it will cost a user $16.47 in ether but using Optimism to swap coins will cost $0.83. Freeman reported the Optimism vulnerability on February 2, 2022 and the bug has since been patched.


The attack would have allowed “an attacker to replicate money on any chain using their “OVM 2.0” fork of go-ethereum (which they call l2geth),” Freeman said. The developer further explained that he plans to talk about the Optimism vulnerability on February 18th at Ethdenver 2022. Freeman was also awarded a $2,000,042 bounty for discovering the bug and disclosing it to the team. The software engineer’s blog post describes how the attacker could mint an arbitrary quantity of tokens before the bug was patched.


“The bug presented here — which I dub ‘Unbridled Optimism’ — can maybe be (crudely) modelled as a bug on the far side of a ‘bridge,’” Freeman wrote. “But is actually a bug in the virtual machine that executes smart contracts on Optimism. Exploiting this enables the attacker to have access to an effectively unbounded number of tokens (aka, the IOUs) on the far side of the bridge. It is my contention that this is more dangerous than merely tricking the reserves into allowing a withdrawal.” The developer continued: Further, with your unbounded supply of IOUs, you could go to every decentralized exchange running on the L2 and mess with their economies, buying up vast quantities of other tokens while devaluing the chain’s own currency. Using your access to infinite capital, you could further manipulate onchain pricing oracles to leverage for other attacks; and, until someone finally realizes your money is counterfeit, arbitragers will flock to the network to sell you their assets. The Pessimism Surrounding Cross-Chain Applications


In addition to the vulnerability found in Optimism, Freeman discussed cross-chain bridge technology in great detail. The developer mentioned that the same day he disclosed the bug to Optimism, the Wormhole bridge was attacked. Freeman also touched upon the Poly Network hack in his post. “Even when hackers do steal money from a bridge, the ramifications are limited,” Freeman’s blog post explains.


Freeman discovering the Optimism bug follows the slew of hacks against cross-chain bridges and the community’s newfound concern over the security of this up-and-coming technology. The Cydia developer’s blog post mentions concepts like “’insurance policies’ against crypto hacks.” Moreover, Ethereum (ETH) co-founder Vitalik Buterin recently discussed concerns tied to the security of cross-chain bridge platforms. “I am pessimistic about cross-chain applications,” a recent Reddit post by Buterin declares. Tags in this story 1 million players, binance tracks hackers, Blockchain, Blog Post, Cryptocurrencies, Cydia Dev, Cydia Developer, Developer, Ethereum, Ethereum (ETH), Hacker, iOS Jailbreak, Jay Freeman, L2, L2 scaling, Optimism, Optimism bug, Optimism bug patched, Optimism vulnerability, Scaling, Tokens, Vitalik Buterin


What do you think about Jay Freeman’s Optimism bug discovery? Let us know what you think about this subject in the comments section below. Jamie Redman


Jamie Redman is the News Lead at Bitcoin.com News and a financial tech journalist living in Florida. Redman has been an active member of the cryptocurrency community since 2011. He has a passion for Bitcoin, open-source code, and decentralized applications. Since September 2015, Redman has written more than 5,000 articles for Bitcoin.com News about the disruptive protocols emerging today. Trudeau Warns Truckers Government Will "Respond With Whatever It Takes," 2 Freedom Convoy Crypto Fundraisers Reach Goals NEWS | 10 hours ago Russia Takes Down 4 Carding Sites With Over $260 Million in Crypto Turnover NEWS | 16 hours ago


Image Credits: Shutterstock, Pixabay, Wiki Commons Previous articleHungary’s Central Bank Governor Calls for EU-Wide Ban on Cryptocurrency Trading and Mining Next articleSouth Korea Jails Seven Masterminds of Country’s ‘Largest Crypto Fraud Scheme’ Disclaimer: This article is for informational purposes only. It is not a direct offer or solicitation of an offer to buy or sell, or a recommendation or endorsement of any products, services, or companies. Bitcoin.com does not provide investment, tax, legal, or accounting advice. Neither the company nor the author is responsible, directly or indirectly, for any damage or loss caused or alleged to be caused by or in connection with the use of or reliance on any content, goods or services mentioned in this article. Read disclaimerShow comments More Popular NewsIn Case You Missed ItIndia Won"t Legalize or Ban Crypto at This Stage, Finance Minister Confirms


India"s finance minister has revealed the current status of crypto policy in India, including whether crypto will be legalized or banned in the country. The question surrounding the legitimacy of cryptocurrency was raised in parliament after the government announced that ... read more.Topps Plans to Auction Rare 1952 Mickey Mantle NFT Card Minted on Ethereum Global Regulators "Going Full Steam" on Crypto — Official Says "Current Structure Is No Longer Fit for the Purpose" Fitch Ratings Downgrades El Salvador Deeper Into Junk Status Citing Bitcoin Risks US Inflation Jumps to 7.5%, CPI Climbs at Fastest Rate in 40 Years, Citizens See Little Wage Growth

News Feed

Betting Your Coins Online? Be Sure to AskGamblers First
Betting Your Coins Online? Be Sure to AskGamblers First Visit AskGamblers.com before ever wagering your hard-earned coins in an online casino. AskGamblers is the
Dow Recoils After Trump Trade Guru Dangles 100% Tariff Threat
The Dow"s dramatic reversal sputtered on Thursday, as the post-Fed rally ran out of steam amid a burgeoning crisis in the Middle East and warnings that China tariffs could go as high as 100%.
The ‘Bitcoin Rich List’ Has Grown 30% in the Last Year, But Why?
The Bitcoin Rich List, or the number of addresses holding more than 1,000 BTC, has grown in the past 12 months, possibly reflecting an influx of high-net-worth investors.   The me
Are ‘ETF Paper Bitcoins’ Suppressing BTC Prices? Analyst Provides Answers
Este artículo también está disponible en español. In a new YouTube video titled “There Is No ETF Paper Bitcoin,” Fred Krueger, an investor at the crypto hedge
Prashant Jha4 hours agoMango Markets’ exploiter to face trial in April, and Coinflux shuts multichain: Finance RedefinedThe Mango Markets exploiter’s trial was first scheduled for December 2023; however, during one o
Russian Accused of Laundering Cryptocurrency From Ransomware Attacks Extradited to US
Russian Accused of Laundering Cryptocurrency From Ransomware Attacks Extradited to US A Russian national suspected of laundering ransomware payments in cryptocurrency on behalf of
SEC Chairman Gary Gensler Adds Crypto Adviser to Executive Staff
SEC Chairman Gary Gensler Adds Crypto Adviser to Executive Staff The U.S. Securities and Exchange Commission (SEC) has added a number of advisers to Chairman Gary Gensler’s
Amaka Nwaokocha11 hours agoSouth Korea strengthens crypto regulation with LEI adoption and crime unitThe decision was driven by the country’s concern over illicit activities in the crypto market and the desire to safeg
Bitcoin Eyes First Test of $7.2K Price Support Since April
View A high-volume range breakdown seen on the daily chart suggests scope for test of a long-term moving average at $7,200. A violation there would expose another major average support at $7,000. A corrective bounce abov
A Step-by-Step Guide to Splitting ABC Fork Tokens from Bitcoin Cash
A Step-by-Step Guide to Splitting ABC Fork Tokens from Bitcoin Cash On November 15, the Bitcoin Cash blockchain underwent a scheduled upgrade but also the chain
Smart Contract Platform Tokens See Double-Digit Gains, Boosting Defi TVL Above $40 Billion
Smart Contract Platform Tokens See Double-Digit Gains, Boosting Defi TVL Above $40 Billion Decentralized finance (defi) and smart contract platform tokens rallied on Monday morning
StarkWare verifies first zero-knowledge proof on Bitcoin
Josh O"Sullivan7 hours agoStarkWare verifies first zero-knowledge proof on BitcoinStarkWare’s milestone opens the door for ZK-based layer-2 solutions, enhancing Bitcoin’s scalability and global payment capabilities.1