Ethereum is perhaps the main Open Source platform with which developers can program blockchain smart contracts and, until a few days ago, it was also the most secure platform, or so it was thought.
In recent days, it became known that the platform had a critical flaw with which a cybercriminal would need only a few hours to create infinite cryptocurrencies. This flaw was found on February 2 by Jay Freeman, an "ethical hacker", who is mainly dedicated to computer security and auditing smart contracts on blockchains such as Ethereum.
Freeman, who in the tech world is known as "Saurik" was paid $2 million by the platform for reporting the bug.
But how was this bug generated in the platform? Ethereum works with two layers. The first layer stores the entire main blockchain architecture of the platform, while the second layer houses a network that was built on top of the first layer and works as an extension of it. In addition, there are two competing technologies on Ethereum. Optimism, which allows decentralized applications and promises lower fees, and Arbitrum, which is much more private and allows more transactions on the blockchain.
But, although these types of platforms have certain security criteria, they are not exempt from hacks and theft. Then, Freeman, the white hacker, detected that Optimism had a flaw that caused a major vulnerability in the platform that would have allowed any hacker to "print an arbitrary amount of tokens". Specifically, the flaw allowed Ethereum to be created indefinitely with the activation of the SELFDESTRUCT execution code to reload the balance.
"We analyzed the history of the Optimism chain and it showed that the bug was not exploited. The bug appears to have been accidentally triggered on one occasion by an Etherscan employee, but no excess usable ethers were generated," the official Ethereum blog reads.
To resolve this type of flaw and vulnerability in time, Optimism launched a system whereby white hat hackers will be rewarded for reporting this. Rewards are up to 2 million dollars. Moreover, with this new initiative Optimism aims to "win" the race against Arbitrum on Ethereum.
Even though Freeman detected the vulnerability last February 2, the flaw was only announced eight days later by the Optimism team, which managed to eliminate the vulnerability and launch a fix, while rewarding Freeman with $2 million for his accurate information.
Without a doubt, a happy ending for Ethereum.
What do you think of this story? If you liked it, share it and leave us your opinion in the comments box.
Comments
Post a Comment