One of the strengths of blockchains is undoubtedly security. When this is compromised, nothing goes. So when a bounty hunter announces a possible flaw in the system, Arbitrum doesn’t hesitate to see what it is and reward whoever found it.
The threat between Ethereum (ETH) and Arbitrum Nitro has been eliminated
As the crypto industry grows, it is important to emphasize network security to protect investors. At the end of August, Ethereum’s most popular layer 2 announced that it was getting a facelift with the rollout of Arbitrum Nitro.
Since the move to Proof of Stake (PoS) that there is no reduction in gas fees, layer 2 is forced to continue to thrive to help ETH offload part of its network. Until then, Nitro, Arbitrum’s solution works well, but some technical flaws are detected very quickly.
According to the data that surfaced on Tuesday morning, Arbitrum paid a bug bounty of ETH 400 ($520,000) to the Solidity bounty hunter known by the alias Oxriptide. The latter discovered a vulnerability that could put more than 250 million dollars at risk. According to Oxriptide, this flaw may have affected any user who attempted to transfer funds from Ethereum to Arbitrum Nitro.
Advantageous cultivation for layer 2
Oxriptide started its initial research a few weeks before the Arbitrum Nitro upgrade. His daily routine involves browsing ImmuneFi, a bug bounty platform that has prevented over $20 billion in hacks. But its main purpose has changed a bit recently. As he mentioned in a report, he recently focused on preventing cross-chain works.
According to him, they put a much larger amount of funds at risk because of the honeycomb structure of most protocols. Therefore, during his investigation, he found a flaw where the bridge contract could accept deposits even if the contract was previously reset. He claims that when you come across an uninitialized address variable in Solidity, you have to think about it a few times because you never know why it is that way.
So, after further researching the unpublished address, he discovered that by mimicking the actual contract, a hacker could set his own address as the bridge and steal all incoming ETH deposits from Ethereum to Arbitrum Nitro. The hacker could then launch a guerilla style attack to siphon off all incoming funds or target larger ETH deposits to hide their actions.
Arbitrum pays a bug bounty of 400 ETH for detecting a bridge vulnerability. But this is nothing compared to the amount of layer 2 that would have been lost if Oxriptide had not alerted it. In fact, he could have lost between 1,000 and 5,000 ETH over a period of 24 hours where the hacker would have used the flaw.
Get a summary of the news in the world of cryptocurrencies by subscribing to our new servicedaily and weekly so you don’t miss any of the essential Cointribune!
The world is changing and adaptation is the best weapon to survive in this turbulent world. As a crypto community manager at the base, I am interested in everything directly or indirectly related to the blockchain and its derivatives. To share my experience and express an area of interest to me, there is nothing better than writing articles that are informative and entertaining at the same time.