Arbitrum, one of Ethereum’s most popular Layer 2 scaling solutions, averted a catastrophic crisis when a white hat hacker alerted the platform to a critical bug discovered in the Arbitrum Nitro upgrade.
discovery
The hacker, who goes by the name Riptide (@0xriptide) on Twitter, discovered “Multi-Million Dollar” Vulnerability in Ethereum-Arbitrum Nitro Bridge. The bug would enable any bad actor to hijack incoming ETH deposits from users trying to bridge to Arbitram.
To find riptide errors, Arbitrum Nitro scanned the code before its intended release. After executing the “initializer”, he realized that the contract was “completely vulnerable” and opened the door for hackers to exploit the thousands of ETH deposits the platform receives daily.
The developer community is not particularly fond of initializers and has criticized Their use in code.
Riptide often looks for bug bounties and focuses only on finding vulnerabilities within smart contracts written in Solidity.
reward
Being a white hat hacker, Riptide chose to notify Arbitrum of his discovery rather than exploit the bug for personal gain. Of course, there are bug bounties offered by various platforms to encourage hackers to report such events.
In this case, Arbitram awarded the hacker 400 ETH, which is a little over half a million dollars. According to Riptide’s calculations, his efforts have saved the platform more than $470 million, including $225 million associated with a single transaction.
He believed his invention was eligible for a maximum prize of $2 million. “If you post a $2mm donation – be prepared to pay it if it’s fair. Otherwise say the maximum bounty is 400 ETH and be done with it.” He added that shortening rewards for honest work doesn’t do much to deter white hats from straying down a malicious path.
Earlier this year in March, TreasureDAO, the Arbutrum-based NFT marketplace absorbed $1.4 million after hackers were able to steal over 100 NFTs from the platform.
Bridge hacks are on the rise
Blockchain intelligence firm Chainlysis Report Vulnerabilities in cross-chain bridges, such as the one mentioned above, emerged as a top security risk last month
Bridge hacks cost more than $1.3 billion this year. The most notable 2022 bridge hacks include Ronin, Nomad, and Wormhole.
The Nomad protocol came under fire after launching an NFT reward last month the plan to encourage hackers to return their share of the $190 million lost in an Aug. 2 hack.
