On three of Ethereum’s layer 2 networks, Jay Freeman prevented a potential $750 million vulnerability from being exploited.
Jay Freeman took the stage this past weekend at ETHDenver to discuss his almost billion-dollar bug discovery in the core code of Optimism, Boba, and Metis, which he termed “Unbridled Optimism.”
Freeman has a background in software development and hacking, having played a key part in the development of jailbreak software for iOS. Within the wild west of open-source encryption, his experience has proven invaluable. Only two weeks ago, a smart contract flaw caused a $350 million hole in the Wormhole bridge, and that wasn’t even the largest exploit in recent memory. Bridge exploits, on the other hand, are generally discovered quickly since they are utilised frequently and are continually monitored by the people in charge of maintaining them, according to Freeman.
Freeman detected a severe flaw in Optimism’s virtual machine during the first week of February, which developers may not have been able to fix as soon. The flaw was found in Optimism’s selfdestruct feature, which lets contracts to be terminated while also sending any remaining ether balance to a specified address.
Why do blockchains include a self-destruct function if it sounds dangerous? Obsolete or unsafe contracts can be removed from the chain using this function, which also returns the ether balance to the rightful owner.
Unless, of course, there is a bug.
Without actually burning the ether balance within a contract, Optimism’s selfdestruct method returned the ether balance to the chosen address. “This means that when a contract self-destructs, the balance is BOTH delivered to the beneficiary AND also kept,” says Freeman. If attackers were successful in calling the contract, they might set up a loop that doubled their OETH balance until Optimism devs recognised and patched it.
After examining past selfdestruct calls on Optimism and tracking one wallet back to an Etherscan employee, Freeman noticed that he was not the first to discover the problem. The employee had discovered and tested the flaw, but didn’t realise the gravity of the situation and left it alone. As additional funds were bridged to Optimism and other layer 2 systems duplicated the programming Optimism had put in place, the vulnerability had grown worse. Layer 2 networks are connected but functionally distinct from the foundation layer.
As a result, if Freeman hadn’t discovered the problem, a minting vulnerability would have let an attacker to double their money every time the selfdestruct function on Boba and Metis was invoked, according to Freeman.
DeFi and White Hats
Even if the Optimism team had detected and temporarily halted bridge transactions using the sequencer during a hypothetical attack, an attacker may still have wrecked layer 2 decentralised finance (DeFi). Any attacker might deplete decentralised exchanges and abuse lending platforms with worthless collateral using the forged OETH. The vulnerability would have likely caused irreversible damage to the Ethereum ecosystem, rendering layer 2 users’ cash unusable and leaving no assets on the other end of the bridge. On the day the vulnerability was discovered, Optimism, Boba, and Metis had roughly $750 million in DeFi locked up, almost all of which was at danger.
The necessity of friendly rivalry
With anonymous founders, open-source programming, and billions of dollars looking to take on risk, decentralised finance remains a risky business. This massive sum of money has established an incentive system that rewards organisations who build quickly and distribute tokens.
Traders and investors, on the other hand, find caution and professionalism less appealing. Even while the market finally punishes shortcuts, the world economy has witnessed the effects of constant risk taking time and time again. There’s no reason to believe the same thing won’t happen in crypto and decentralised finance, with only the most diligent protocols surviving in the end.
Freeman has also considered where the line between “Code is Law” and third-party trust should be drawn. Bug rewards, he argued, are critical in motivating good actors to seek for and exploit flaws. By putting the payoff for being a good actor on a par with the payoff for being a bad actor, the incentives for white hatting shift dramatically.
This type of “friendly adversarialism,” as Freedman described it, can encourage ecosystem players to be more transparent, honest, and even pessimistic about new ideas.
This pessimism is crucial. Today’s climate may be excessively optimistic, causing investors and DeFi users to become enthusiastic about protocols that may never work or possibly be dangerous. This lack of control, along with the open-source nature of the technology, offers the ideal setting for hackers and scammers, a problem that most of the crypto industry refuses to acknowledge.
Disclaimer: These are the writer’s opinions and should not be considered investment advice. Readers should do their own research.
