A self-styled “grey hat” hacker figured out how to trick Ethereum scaling solution Optimism into effectively printing unlimited Ether earlier this month.
Software engineer Jay Freeman (who goes by Saurik online) didn’t leverage the exploit. Instead, he reported the issue to Optimism’s dev team, who paid him a $2-million bug bounty.
Freeman is probably best known for his work on Cydia, the app store for jailbroken iPhones. However, more recently he’s been looking for bugs on blockchains.
According to a breakdown on Freemans’ website, he discovered the glitch while looking into so-called “nano payment protocols.”
Optimism is one of these protocols. They allow users to send small amounts of crypto with little transactions fees, albeit with security tradeoffs.
Similarly to blockchain bridges like Wormhole, the platform mints alternative Ether tokens that exist only on Optimism’s network.
Users first lock their ETH inside a smart contract as collateral to receive their tokens, which double as IOUs.
These tokens can be then be transacted quicker and cheaper compared to on-chain transactions (almost instantly), which makes Optimism a potential “layer 2” (L2) solution for scaling Ethereum.
When Optimism users want to cash out their IOUs, they must first wait one week before their “real” Ether tokens are released.
Hackers printing fake Ether is bad for real Ether
Freeman discovered a glitch in a section of Optimism’s code which forces smart contracts to delete themselves and return related Ether to the sender.
Optimism’s “SELFDESTRUCT” function returned crypto to the sender but kept their related off-chain Ether IOUs.
This could be exploited to trick smart contracts into looping through the glitch — thus minting infinite “layer 2” crypto.
The Ether created by the bug was counterfeit but Freeman suggested it could wreak havoc across the wider crypto ecosystem.
“With your unbounded supply of IOUs, you could go to every decentralized exchange running on the L2 and mess with their economies, buying up vast quantities of other tokens while devaluing the chain’s own currency,” wrote Freeman.
These security flaws are known as overflow bugs. Back in 2010 (when Bitcoin was still a baby), someone exploited the code to mint 184 billion BTC.
It took a soft fork to reset the blockchain and return it to its hardcoded limit of 21 million BTC, as Satoshi Nakamoto intended.
Others knew about the glitch
Interestingly, Freeman said someone from Ethereum blockchain explorer Etherscan had stumbled across the bug before, on Christmas Eve last year, but may not have realized its potential.
“It frankly felt like someone had noticed the bug — seeing that Etherscan left the balance in place after the contract was destroyed — and even played with it a bit but hadn’t realized it was exploitable.”
Freeman believes that the “high stakes” nature of crypto means bugs that undermine security shouldn’t make it to deployment in the first place.
Freeman noted that he sometimes “balks” at assisting blockchain projects with “basic issues of decentralization or security,” as those core tenets of the technology which “can’t be afterthoughts.”
“This stuff is too important to be releasing quickly and adjusting the design in the field,” he wrote (our emphasis).
“And yet, we see crypto project after crypto project trying to externalize the cost of their core design to people being only indirectly compensated, rather than building a team around mathematicians, economists, and security experts.”