On February 10, the well-known developer of Cydia and iOS Jailbreak, Jay Freeman, otherwise known as Saurik, published a Twitter thread about a bug he found in the Layer-2 (L2) scaling protocol known as Optimism. According to Freeman, the vulnerability, which has been patched, could have allowed an attacker to create an infinite amount of tokens.
Cydia Creator ‘Saurik’ Discovers Optimism L2 Vulnerability
Jay Freeman is a prominent software developer who is well known for his iOS Jailbreak and Cydia tools. Freeman’s Cydia graphical user interface (GUI) was released in February 2008, and it gives users with jailbroken iPhones the ability to download unauthorized software for the Apple smartphone operating system iOS. Freeman recently published a blog post called “Attacking an Ethereum L2 with Unbridled Optimism,” which explains how he reported a critical security issue to the developers of the L2 scaling solution Optimism.
Optimism’s L2 solution allows users to move ethereum for a fraction of the cost. Currently, moving ether using Optimism can cost $0.56 per transfer as opposed to the L1 gas fees today which are $3.29 per transaction. To swap coins onchain using L1 it will cost a user $16.47 in ether but using Optimism to swap coins will cost $0.83. Freeman reported the Optimism vulnerability on February 2, 2022 and the bug has since been patched.
The attack would have allowed “an attacker to replicate money on any chain using their “OVM 2.0” fork of go-ethereum (which they call l2geth),” Freeman said. The developer further explained that he plans to talk about the Optimism vulnerability on February 18th at Ethdenver 2022. Freeman was also awarded a $2,000,042 bounty for discovering the bug and disclosing it to the team. The software engineer’s blog post describes how the attacker could mint an arbitrary quantity of tokens before the bug was patched.
“The bug presented here — which I dub ‘Unbridled Optimism’ — can maybe be (crudely) modelled as a bug on the far side of a ‘bridge,’” Freeman wrote. “But is actually a bug in the virtual machine that executes smart contracts on Optimism. Exploiting this enables the attacker to have access to an effectively unbounded number of tokens (aka, the IOUs) on the far side of the bridge. It is my contention that this is more dangerous than merely tricking the reserves into allowing a withdrawal.” The developer continued:
Further, with your unbounded supply of IOUs, you could go to every decentralized exchange running on the L2 and mess with their economies, buying up vast quantities of other tokens while devaluing the chain’s own currency. Using your access to infinite capital, you could further manipulate onchain pricing oracles to leverage for other attacks; and, until someone finally realizes your money is counterfeit, arbitragers will flock to the network to sell you their assets.
The Pessimism Surrounding Cross-Chain Applications
In addition to the vulnerability found in Optimism, Freeman discussed cross-chain bridge technology in great detail. The developer mentioned that the same day he disclosed the bug to Optimism, the Wormhole bridge was attacked. Freeman also touched upon the Poly Network hack in his post. “Even when hackers do steal money from a bridge, the ramifications are limited,” Freeman’s blog post explains.
Freeman discovering the Optimism bug follows the slew of hacks against cross-chain bridges and the community’s newfound concern over the security of this up-and-coming technology. The Cydia developer’s blog post mentions concepts like “’insurance policies’ against crypto hacks.” Moreover, Ethereum (ETH) co-founder Vitalik Buterin recently discussed concerns tied to the security of cross-chain bridge platforms. “I am pessimistic about cross-chain applications,” a recent Reddit post by Buterin declares.
What do you think about Jay Freeman’s Optimism bug discovery? Let us know what you think about this subject in the comments section below.
Check live crypto rates here
Start trading today – See our list of exchanges
wonderful post, very informative. I wonder why the other experts of this sector do not notice this. You should continue your writing. I am confident, you’ve a great readers’ base already!
order accutane 20mg generic buy stromectol ivermectin 6 mg pills for humans
Hmm it appears like your website ate my first comment (it was super long) so I guess I’ll just sum it up what I had written and say, I’m thoroughly enjoying your blog. I as well am an aspiring blog writer but I’m still new to the whole thing. Do you have any tips for novice blog writers? I’d certainly appreciate it.
Good write-up, I’m normal visitor of one’s blog, maintain up the excellent operate, and It is going to be a regular visitor for a long time.
generic doxycycline 100mg doxycycline 200mg sale order lasix online
I am impressed with this site, very I am a big fan .
Great remarkable issues here. I am very happy to look your article. Thanks a lot and i am taking a look forward to touch you. Will you kindly drop me a mail?
whoah this weblog is excellent i like studying your posts. Stay up the good paintings! You recognize, lots of individuals are searching round for this info, you can help them greatly.
Excellent goods from you, man. I have understand your stuff previous to and you’re just too great. I actually like what you have acquired here, really like what you are stating and the way in which you say it. You make it enjoyable and you still care for to keep it sensible. I cant wait to read much more from you. This is actually a wonderful web site.
I must express some appreciation to you for bailing me out of this type of instance. Right after exploring through the online world and obtaining methods which are not pleasant, I figured my entire life was well over. Living minus the answers to the difficulties you have sorted out through your entire website is a serious case, as well as those that could have in a negative way affected my entire career if I hadn’t noticed the blog. Your ability and kindness in handling all the things was helpful. I don’t know what I would have done if I had not discovered such a subject like this. It’s possible to at this time look forward to my future. Thanks so much for your expert and effective help. I won’t think twice to endorse your web page to any person who needs guidelines on this issue.
I conceive you have mentioned some very interesting points, regards for the post.
I’ve been exploring for a bit for any high quality articles or weblog posts on this kind of area . Exploring in Yahoo I finally stumbled upon this site. Reading this info So i am satisfied to express that I’ve an incredibly just right uncanny feeling I discovered exactly what I needed. I such a lot unquestionably will make certain to do not overlook this website and provides it a look regularly.
Hello, of course this paragraph is truly nice and I
have learned lot of things from it on the topic of blogging.
thanks.