{"id":404594,"date":"2022-02-11T05:54:15","date_gmt":"2022-02-11T02:54:15","guid":{"rendered":"https:\/\/en.buradabiliyorum.com\/ios-jailbreak-dev-wins-2m-bounty-for-finding-critical-optimism-bug\/"},"modified":"2022-02-11T05:54:15","modified_gmt":"2022-02-11T02:54:15","slug":"ios-jailbreak-dev-wins-2m-bounty-for-finding-critical-optimism-bug","status":"publish","type":"post","link":"https:\/\/buradabiliyorum.com\/en\/ios-jailbreak-dev-wins-2m-bounty-for-finding-critical-optimism-bug\/","title":{"rendered":"# iOS jailbreak dev wins $2M bounty for finding critical Optimism bug"},"content":{"rendered":"<p>&#8220;<strong># iOS jailbreak dev wins $2M bounty for finding critical Optimism bug <\/strong>&#8221;<br \/>\n<img decoding=\"async\" src=\"https:\/\/images.cointelegraph.com\/images\/840_aHR0cHM6Ly9zMy5jb2ludGVsZWdyYXBoLmNvbS91cGxvYWRzLzIwMjItMDIvNTE5M2M0NTUtYzA4YS00ZDkwLWEwYzYtOTFkZjg0ZjQzNWFhLmpwZw==.jpg\" \/><\/p>\n<div class=\"post-content\" data-v-128018ef>Developers from the Ethereum Layer 2 scaling project Optimism announced that a \u201ccritical bug\u201d had been identified and subsequently patched earlier this month. <\/p>\n<p>The bug, which could have enabled hackers to create as much \u2018ETH\u2019 in a Optimism account balance as they wished, was first discovered by white hat hacker and iOS jailbreak software Cydia developer <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/twitter.com\/saurik\">Jay Freeman<\/a>. <\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">Last week, I discovered (and reported) a critical bug (which has been fully patched) in <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/twitter.com\/optimismPBC?ref_src=twsrc%5Etfw\">@optimismPBC<\/a> (a &#8220;layer 2 scaling solution&#8221; for Ethereum) that would have allowed an attacker to print arbitrary quantity of tokens, for which I won a $2,000,042 bounty. <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/t.co\/J6KOlU8aSW\">https:\/\/t.co\/J6KOlU8aSW<\/a><\/p>\n<p>\u2014 Jay Freeman (saurik) (@saurik) <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/twitter.com\/saurik\/status\/1491821215924690950?ref_src=twsrc%5Etfw\">February 10, 2022<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><br \/>\nIn a deep-dive blog <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.saurik.com\/optimism.html\">post<\/a>, Freeman explained that the bug, \u201cwould allow an attacker to replicate money on any chain using their \u2018OVM 2.0\u2019 fork of go-ethereum\u201d. For his efforts Freeman was awarded one of <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/news.ycombinator.com\/item?id=30289240\">largest<\/a> bug bounties to date, netting a total reward amount of $2,000,042<\/p>\n<p>According to the Optimism team, \u201cThe bug made it possible to create ETH on Optimism by repeatedly triggering the SELFDESTRUCT opcode on a contract that held an ETH balance.\u201d<\/p>\n<p>In a blog <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/optimismpbc.medium.com\/disclosure-fixing-a-critical-bug-in-optimisms-geth-fork-a836ebdf7c94\">post<\/a>, the Optimism team noted that its chain history showed that the bug had not been exploited, except for an accidental activation by a staffer at Ethereum data startup Etherscan, but \u201cno usable excess was generated.\u201d<\/p>\n<p>\u201cA fix for the issue was tested and deployed to Optimism\u2019s Kovan and Mainnet networks (including all infrastructure providers) within hours of confirmation,\u201d the team said, thanking Infura, QuickNode, and Alchemy for their fast response times.<\/p>\n<blockquote><p>\u201cWe also alerted multiple vulnerable Optimism forks and bridge providers  to the presence of the issue. These projects have all <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/download-scripts-themes-apps\/\" data-internallinksmanager029f6b8e52c=\"9\" title=\"Download Scripts &amp; Themes &amp; Apps\" target=\"_blank\" rel=\"noopener\">app<\/a>lied the required fix.\u201d<\/p><\/blockquote>\n<p>Late last year Optimism removed its <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/optimismpbc.medium.com\/all-gas-no-brakes-8b0f32afd466\">whitelist<\/a>, allowing for any developer to start building projects on the Optimism network. Prior to this, the network was only accessible to specific projects such as Uniswap and Synthetix. This limitation made it easier for developers to detect and resolve potential bugs<\/p>\n<p><strong><em>Related: <\/em><\/strong><strong><em>MakerDAO launches biggest ever bug bounty with $10M reward<\/em><\/strong><\/p>\n<p><a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.optimism.io\/\">Optimism<\/a> is a Layer 2 scaling solution for the Ethereum network, employing \u201c<a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/docs.ethhub.io\/ethereum-roadmap\/layer-2-scaling\/optimistic_rollups\/\">optimistic rollups<\/a>\u201d that aggregate transactions outside of the Ethereum blockchain. <\/p>\n<p>This provides the benefits of reducing slippage, decreasing transaction costs and vastly improving transaction speeds. However, as this bug has made clear, while Layer 2 protocols offer improvements in efficiency, security during ongoing development remains a common point of concern. <\/p>\n<p>While this bounty is one the largest to have been paid out so far, MakerDAO has just announced that it will be offering a maximum bounty of $10M to anyone who can point out critical security threats in its smart contracts. This is the largest <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/watch-movies-tv-seriess\/\" data-internallinksmanager029f6b8e52c=\"8\" title=\"Watch Movies &amp; TV Series\" target=\"_blank\" rel=\"noopener\">series<\/a> of bug bounties ever to have been hosted on bug bounty platform <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/immunefi.com\/bounty\/makerdao\/\">Immunefi<\/a>.<\/p>\n<p><template data-name=\"subscription_form\" data-type=\"markets_outlook\"><\/template><\/div>\n<blockquote><p><strong><span style=\"color: #ff6600;\">If you liked the article, do not forget to share it with your friends. Follow us on\u00a0<span style=\"color: #ff0000;\"><a style=\"color: #ff0000;\" href=\"https:\/\/news.google.com\/publications\/CAAqBwgKMLG0nwswvr63Aw\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Google News<\/a><\/span>\u00a0too, click on the star and choose us from your favorites.<\/span><\/strong><\/p><\/blockquote>\n<blockquote>\n<p style=\"text-align: center;\">For forums sites go to <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/forum.buradabiliyorum.com\/\" target=\"_blank\" rel=\"noopener\">Forum.BuradaBiliyorum.Com<\/a><\/span><\/strong>\n<\/p><\/blockquote>\n<blockquote>\n<p style=\"text-align: center;\"><strong>If you want to read more <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/news\/\" data-internallinksmanager029f6b8e52c=\"2\" title=\"News\" target=\"_blank\" rel=\"noopener\">News<\/a> articles, you can visit our <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/en.buradabiliyorum.com\/general\/\" target=\"_blank\" rel=\"noopener\">General category.<\/a><\/span><\/strong><\/p>\n<\/blockquote>\n<p><span style=\"color: black;\"><a style=\"color: #ff9900;\" href=\"https:\/\/cointelegraph.com\/news\/ios-jailbreak-dev-wins-2m-bounty-for-finding-critical-optimism-bug\" target=\"_blank\" rel=\"noopener\">Source<\/a><\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>&#8220;# iOS jailbreak dev wins $2M bounty for finding critical Optimism bug &#8221; Developers from the Ethereum Layer 2 scaling project Optimism announced that a \u201ccritical bug\u201d had been identified and subsequently patched earlier this month. The bug, which could have enabled hackers to create as much \u2018ETH\u2019 in a Optimism account balance as they&#8230;<\/p>\n","protected":false},"author":1,"featured_media":404595,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/images.cointelegraph.com\/images\/1200_aHR0cHM6Ly9zMy5jb2ludGVsZWdyYXBoLmNvbS91cGxvYWRzLzIwMjItMDIvNTE5M2M0NTUtYzA4YS00ZDkwLWEwYzYtOTFkZjg0ZjQzNWFhLmpwZw==.jpg","fifu_image_alt":"","footnotes":""},"categories":[1],"tags":[74894,74868,74882,95119,70944],"class_list":["post-404594","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-general","tag-blockchain","tag-defi","tag-hacks","tag-layer2","tag-hackers"],"_links":{"self":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/404594","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/comments?post=404594"}],"version-history":[{"count":0,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/404594\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media\/404595"}],"wp:attachment":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media?parent=404594"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/categories?post=404594"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/tags?post=404594"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}