Bug bounty
White hat finds huge vulnerability in ETH to Arbitrum bridge: Wen max bounty?
A self-described white hat hacker has uncovered a “multi-million dollar vulnerability” in the bridge linking Ethereum and Arbitrum Nitro and received a 400 Ether (ETH) bounty for their find. Known as riptide on Twitter, the hacker described the exploit as the use of an initializing function to set their own bridge address, which would hijack all incoming ETH deposits from those trying to bridge funds from Ethereum to Arbitrum Nitro. Riptide explained the exploit in a Medium post on Sept. 20: “We could either selectively target large ETH deposits to remain undetected for a longer period of time, siphon up every single deposit that comes through the bridge, or wait and just front-run the next massive ETH deposit.” The hack could have potentially netted tens or even hundreds of millions worth...
Bug bounty quadruples for Ethereum network — Up to $1M payouts ahead of Merge
The Ethereum Foundation has announced it will be increasing the network’s bug bounty payouts fourfold ahead of the blockchain’s transition to proof-of-stake. In a Wednesday blog post, the Ethereum Foundation said between Aug. 24 and Sept. 8, all “Merge-related bounties for vulnerabilities” will be quadrupled for white hats testing the network. According to the foundation, identifying “critical bugs” — those that have a high impact or likelihood of a high impact on the blockchain — will be worth up to $1 million. The bounty program also allows submissions for low, medium and high-risk bugs. • Merge Bug Bounty Bonus: There is a 4X MULTIPLIER between now and 08 September on all bounties and vulnerabilities, with critical bugs worth up to $1mm USD • See full post for updated Execution Layer (E...
iOS jailbreak dev wins $2M bounty for finding critical Optimism bug
Developers from the Ethereum Layer 2 scaling project Optimism announced that a “critical bug” had been identified and subsequently patched earlier this month. The bug, which could have enabled hackers to create as much ‘ETH’ in a Optimism account balance as they wished, was first discovered by white hat hacker and iOS jailbreak software Cydia developer Jay Freeman. Last week, I discovered (and reported) a critical bug (which has been fully patched) in @optimismPBC (a “layer 2 scaling solution” for Ethereum) that would have allowed an attacker to print arbitrary quantity of tokens, for which I won a $2,000,042 bounty. https://t.co/J6KOlU8aSW — Jay Freeman (saurik) (@saurik) February 10, 2022 In a deep-dive blog post, Freeman explained that the bug, “would allow an attacker to re...
