Arbitrum Rewards Hacker With 400 ETH For Detecting a Critical $400M Vulnerability

On Sept. 19, Arbitrum, one of Ethereum’s most popular Layer 2 solutions, paid 400 ETH (about $560,000) to a white-hat hacker who discovered a potential vulnerability in its code.

The white hat hacker, known on Twitter as Riptide, discovered a vulnerability in a smart contract written in Solidity.torrent Say A “multi-million dollar bug” could affect anyone looking to swap funds from Ethereum to Arbitrum Nitro.

Arbitrum avoids multi-million dollar losses

The hackers thoroughly scanned the Arbitrum Nitro code in the weeks before the release, checking the contract so they could “see if the update was successful.”

After the upgrade, Riptide noticed some bugs that prevented the bridge from working properly. Upon further inspection, Riptide noticed a delay in the inbox sequencer.

“Clients can send messages to the Sequencer by signing and publishing L1 transactions in the Arbitrum chain’s delayed inbox. This feature is most commonly used to deposit ETH or tokens via bridges.”

After rescanning the contract, Riptide confirmed that the inbox sequencer vulnerability allows a critical vulnerability in the contract, through which Riptide or other malicious hackers could get into their wallets by transferring incoming ETH deposits from L1 to L2 bridge, Then it gets detected again, earning millions of dollars.

However, Riptide decided to report the bug and apply for a reward, and to their surprise, it was only 400 ETH, not the $2 million maximum reward offered by Arbitrum. After receiving the reward, the hacker argued that it did not correspond to the importance of the vulnerability and the risks it posed.

It is worth mentioning that in March 2022, Arbitrum fell victim to an attack where a hacker or group of hackers stole over 100 NFTs from TreasureDAO with a valuation of at least $1.4 million.

White Hat Hacking: A Profitable Business in Crypto-Land

Independent auditing is very important in the crypto ecosystem. During the year, some platforms opted to pay bounties to white hat hackers who report potential vulnerabilities in their code or smart contracts.

For example, in mid-February, Coinbase Payments The “largest bounty in its history” ($250,000) was given to a hacker named “Tree of Alpha” to save them from billions of dollars in losses due to a flaw in the “Advanced Transactions” feature.

At the time, Alpha Tree thanked the payment, saying it would serve him well in retirement. However, like Torrent, he noted that “higher bounties may be sensible to deter more grey hat exploits.”

In addition, Jay “Saurik” Freeman — who works with the decentralized VPN protocol Orchid, is a legend in the world. iOS Jailbreak CommunityReceived over $2 million For reporting vulnerabilities in Optimism, Ethereum’s “Layer 2 scaling solution”.

Special Offer (Sponsored)

Binance Free $100 (Exclusive): Use this link to sign up and get $100 for free and a 10% fee discount for your first month on Binance Futures (Terms).

PrimeXBT Special Offer: Use this link to sign up and enter code POTATO50 to get a deposit of up to $7,000.

Source link

Leave a Reply

Your email address will not be published.