Arbitrum, one of Ethereum’s most popular Layer 2 scaling solutions, averted a catastrophic crisis when a white hat hacker reported to the platform a critical bug he found in the Arbitrum Nitro upgrade.
Hacker, known on Twitter as Riptide (@0xriptide), Find “Million Dollars” Vulnerability in the Ethereum-Arbitrum Nitro Bridge. The bug would enable any bad actor to hijack the ETH deposits of users trying to bridge to Arbitrum.
Riptide scanned the Arbitrum Nitro code for bugs prior to its scheduled release. After performing an “initialization procedure,” he realized that the contract was “completely vulnerable” and opened the door for hackers to take advantage of the thousands of ETH deposits the platform accepts every day.
Developers in the community are not particularly fond of initializers and have criticize their use in code.
Riptide is often looking for bug bounties, mainly focusing on searching for bugs only in smart contracts written in Solidity.
As a white hat hacker, Riptide chose to inform Arbitrum of his findings rather than exploit the vulnerability for personal gain. Of course, several platforms offer bug bounties to incentivize hackers to report such incidents.
In this case, Arbitrum rewarded the hacker with 400 ETH, or over a million dollars. According to Riptide’s calculations, his efforts saved the platform more than $470 million, of which $225 million was tied to a single transaction.
He believes his discoveries are eligible for awards of up to $2 million. “If you post a 2mm bounty, be prepared to pay it when it makes sense. Otherwise say the max bounty is 400 ETH and that’s fine,” he added, while noting that reducing rewards for honest work won’t prevent white hats from straying into malicious intent the way.
In early March this year, TreasureDAO, an Arbutrum-based NFT market exploited A total of $1.4 million came after hackers managed to steal more than 100 NFTs from the platform.
Added bridge hack
Blockchain intelligence firm Chainalysis report Vulnerabilities in cross-chain bridges like the one mentioned above have emerged as the biggest security risk in the last month.
Bridge hackers lost more than $1.3 billion this year. The most notable bridge hacks of 2022 include Ronin, Nomad, and Wormhole.
Nomad protocol came under fire last month after launching NFT rewards Program To incentivize hackers to return their share of the $190 million lost to the hack on August 2.