A bug has been discovered, and fixed, which would have allowed create an unlimited amount of tokens ETH, the main cryptocurrency the Ethereum network relies on. The developer / hacker who reported the problem, known online as Saurik (also very active and well known in the iOS jailbreak scene, and founder of the now deceased Cydia app marketplace), received a reward of 2 million and 42 dollars (we strongly believe this is a reference to the Hitchhiker’s Guide to the Galaxy). It is one of the largest, if not the largest, ever publicly documented in the history of software bug hunting.
Some necessary clarifications: the bug was discovered in the Optimism protocol, a project to make the blockchain much more scalable than it has been until now. In the past few months, the update known as EIP 1559 has been released which has more or less the same effect, but Optimism promises a much greater magnitude impact. According to the calculations, the technology of optimistic rollup has the potential of increase the scalability of the token by well over 100 times. Those who connect their wallet to Optimism are able to make “transactions in milliseconds”, and “commissions 10-100x lower”, says the official website of the initiative.
We’re incredibly thankful to saurik for spending so much time analyzing our protocol over the year – enough to find such an important fix! We highly recommend you check out his in-depth breakdown of him. We’ll award the full $ 2,000,042 promised in our bug bounty. https://t.co/536XK2Bfa5 pic.twitter.com/p8PZujKaDg
– Optimism (@optimismPBC) February 10, 2022
The concept is rather complicated but, simplifying a lot, the gist of the idea is compress a series of operations into a single block that doesn’t have to be checked every time. The compressed package becomes part of the blockchain and can be decompressed and analyzed if necessary. This saves computing power. The platform is virtually compatible with every app that runs on the Ethereum network.
The developers working on Optimism have confirmed the existence of the bug and have also corrected it in various forks arising from the original code; there is no evidence that the bug was actively exploited to arbitrarily generate ETH – an operation that has the potential to irretrievably compromise the value of the crypto. It is however interesting to observe the extreme speed of reaction of the parties involved: the fix was distributed just a few hours after receipt of the notification.