December 8, 2022


Arbitrum, one of the most popular second layer expansion solutions in Ethereum, avoided a catastrophic crisis when a white-hat hacker alerted the platform to a critical error it had discovered in the Arbitrum Nitro upgrade.

discovery

The hacker, who goes by the name Riptide (@0xriptide) on Twitter, Discover The “Million Dollar” Vulnerability on the Ethereum-Arbitrum Nitro Bridge. The bug would have enabled a bad actor to hijack ETH deposits received from users trying to communicate with Arbitrum.

Riptide scanned the Arbitrum Nitro code before its intended release, looking for flaws. Upon executing the “config” he realized that the contract was “completely weak” and opened the door for hackers to exploit the thousands of ETH deposits the platform accepts every day.

The developers in the community are not particularly fans of the creators and have Criticize Use them in icons.

Riptide often looks for bug bounties and primarily focuses on finding vulnerabilities only in smart contracts written in Solidity.

the prize

Being a white-hat hacker, Riptide chose to inform Arbitrum of his discovery rather than exploit the bug for personal gain. Of course, there is a bug bounty implemented by many platforms to incentivize hackers to report such events.

In this case, Arbitrum rewarded the hacker with 400 ETH, which is just over half a million dollars. According to Riptide’s calculations, his efforts saved the platform more than $470 million, of which $225 million was linked to a single transaction.

He believes his discovery was eligible for a maximum reward of $2 million. “If you post a bonus of 2mm, be prepared to pay it when it is justified. Otherwise, just say the maximum bonus is 400 ETH and be done with it.” He added while saying that shortening the reward for honest work does little to prevent the white hat from straying down a malicious path.

Earlier this year in March, TreasureDAO, the Arbutrum-based NFT marketplace exploited to the tune of $1.4 million after hackers managed to steal over 100 NFTs from the platform.

Increase bridge penetration

Blockchain intelligence firm Chainalysis mentioned In the past month, cross-chain bridge vulnerabilities like the ones mentioned above have emerged as a major security risk.

More than $1.3 billion has been lost to hacks this year. Among the most prominent breakthroughs in the 2022 bridge are Ronin, Nomad and Warmhol.

Nomad’s protocol came under fire last month after touting an NFT award Scheme To incentivize hackers to return their share of the $190 million they lost in the August 2 hack.





Source link

Leave a Reply

Your email address will not be published. Required fields are marked *