Arbitrum Rewards Hacker With 400 ETH For Detecting a Critical $400M Vulnerability



On September 19, Arbitrum, one of the most popular Layer 2 solutions for Ethereum, paid 400 ETH (about $560,000) to a white hat hacker who found a potential vulnerability in its code.

The white hat hacker, known on Twitter as Riptide, finds vulnerabilities within smart contracts written in Solidity. Riptide said the “multi-million dollar vulnerability” could potentially affect anyone who wanted to exchange funds from Ethereum to Arbitrum Nitro.

Arbitrum Prevented Millions of Dollars in Losses

The hacker thoroughly scanned the Arbitrum Nitro code a few weeks before it was released, checking the contracts so they could “see if the update had been a success.”

After the upgrade, Riptide noticed some errors that prevented the bridge from working correctly. Upon further inspection, Riptide noticed that the inbox sequencer was experiencing a delay.

“A client can send a message to the Sequencer by signing and publishing an L1 transaction in the Arbitrum chain’s Delayed Inbox. This functionality is most commonly used for depositing ETH or tokens via a bridge.”

After rescanning the contract, Riptide confirmed that the inbox sequencer bug allowed a critical vulnerability in the contract by which Riptide or another malicious hacker could have obtained millions of dollars by diverting incoming ETH deposits from the L1 to the L2 bridge into their wallets before being detected.

However, Riptide decided to report the vulnerability and apply for a reward instead, which to their surprise, was just 400 ETH instead of the $2 million reward Arbitrum offered as its maximum tier. Upon receiving the reward, the hacker argued that it was not in line with the importance of the bug and the risk it entailed.

It is worth mentioning that in March 2022, Arbitrum was the victim of an exploit in which a hacker or a group of hackers stole more than 100 NFT from TreasureDAO, with a valuation of at least $1.4 million.

White Hat Hackers: A Lucrative Business in Crypto-Land

Independent auditing is of huge importance in the crypto ecosystem. Over the course of the year, several platforms have opted to pay bounties to white hat hackers who report potential vulnerabilities in their code or smart contracts.

For example, in mid-February, Coinbase paid “the largest bounty in its history” ($250,000) to a hacker named “Tree of Alpha” for saving them from a billion-dollar loss due to a flaw in the “Advanced Trading” feature.

At the time, Tree of Alpha was grateful for the payment stating that it could serve him well in retirement; however, like Riptide, he noted that “a higher bounty might have been smart to deter more gray hats from exploiting vulnerabilities.”

Also,  Jay “Saurik” Freeman —who works with the decentralized VPN protocol Orchid and is a legend in the iOS jailbreak community—received over $2 million for reporting a vulnerability in Optimism, a “layer 2 scaling solution” for Ethereum.

SPECIAL OFFER (Sponsored)
Binance Free $100 (Exclusive): Use this link to register and receive $100 free and 10% off fees on Binance Futures first month (terms).

PrimeXBT Special Offer: Use this link to register & enter POTATO50 code to receive up to $7,000 on your deposits.



Source link

Leave a Reply

Your email address will not be published. Required fields are marked *

bitcoin
Bitcoin (BTC) $ 19,519.17
ethereum
Ethereum (ETH) $ 1,343.43
tether
Tether (USDT) $ 1.00
usd-coin
USD Coin (USDC) $ 1.00
bnb
BNB (BNB) $ 283.05
xrp
XRP (XRP) $ 0.448278
binance-usd
Binance USD (BUSD) $ 1.00
cardano
Cardano (ADA) $ 0.437433
solana
Solana (SOL) $ 33.50
dogecoin
Dogecoin (DOGE) $ 0.060790
polkadot
Polkadot (DOT) $ 6.44
shiba-inu
Shiba Inu (SHIB) $ 0.000011
dai
Dai (DAI) $ 1.00
staked-ether
Lido Staked Ether (STETH) $ 1,340.36
matic-network
Polygon (MATIC) $ 0.750015
tron
TRON (TRX) $ 0.059829
avalanche-2
Avalanche (AVAX) $ 17.28
uniswap
Uniswap (UNI) $ 6.49
wrapped-bitcoin
Wrapped Bitcoin (WBTC) $ 19,570.91
okb
OKB (OKB) $ 15.49
leo-token
LEO Token (LEO) $ 4.12
litecoin
Litecoin (LTC) $ 53.58
ethereum-classic
Ethereum Classic (ETC) $ 27.72
chainlink
Chainlink (LINK) $ 7.72
cosmos
Cosmos Hub (ATOM) $ 12.99
ftx-token
FTX (FTT) $ 24.22
crypto-com-chain
Cronos (CRO) $ 0.112141
near
NEAR Protocol (NEAR) $ 3.59
stellar
Stellar (XLM) $ 0.108839
monero
Monero (XMR) $ 148.16
algorand
Algorand (ALGO) $ 0.361217
bitcoin-cash
Bitcoin Cash (BCH) $ 114.92
terra-luna
Terra Luna Classic (LUNC) $ 0.000274
quant-network
Quant (QNT) $ 137.41
filecoin
Filecoin (FIL) $ 5.92
flow
Flow (FLOW) $ 1.66
apecoin
ApeCoin (APE) $ 5.39
vechain
VeChain (VET) $ 0.022968
chain-2
Chain (XCN) $ 0.074296
internet-computer
Internet Computer (ICP) $ 6.07
hedera-hashgraph
Hedera (HBAR) $ 0.058394
frax
Frax (FRAX) $ 1.00
tezos
Tezos (XTZ) $ 1.44
decentraland
Decentraland (MANA) $ 0.706303
the-sandbox
The Sandbox (SAND) $ 0.854557
chiliz
Chiliz (CHZ) $ 0.237870
eos
EOS (EOS) $ 1.15
axie-infinity
Axie Infinity (AXS) $ 12.47
elrond-erd-2
Elrond (EGLD) $ 47.69
theta-token
Theta Network (THETA) $ 1.09
aave
Aave (AAVE) $ 76.88
lido-dao
Lido DAO (LDO) $ 1.63
bitcoin-sv
Bitcoin SV (BSV) $ 50.24
compound-usd-coin
cUSDC (CUSDC) $ 0.022706
paxos-standard
Pax Dollar (USDP) $ 1.00
kucoin-shares
KuCoin (KCS) $ 9.24
true-usd
TrueUSD (TUSD) $ 1.00
iota
IOTA (MIOTA) $ 0.296557
ecash
eCash (XEC) $ 0.000041
usdd
USDD (USDD) $ 1.00
bittorrent
BitTorrent (BTT) $ 0.000001
cdai
cDAI (CDAI) $ 0.022132
the-graph
The Graph (GRT) $ 0.099453
zcash
Zcash (ZEC) $ 55.57
pancakeswap-token
PancakeSwap (CAKE) $ 4.87
huobi-token
Huobi (HT) $ 4.41
helium
Helium (HNT) $ 5.19
maker
Maker (MKR) $ 743.94
celsius-degree-token
Celsius Network (CEL) $ 1.47
tokenize-xchange
Tokenize Xchange (TKX) $ 7.75
gatechain-token
Gate (GT) $ 4.27
neo
NEO (NEO) $ 8.67
radix
Radix (XRD) $ 0.060774
klay-token
Klaytn (KLAY) $ 0.197076
havven
Synthetix Network (SNX) $ 2.45
fantom
Fantom (FTM) $ 0.228194
compound-ether
cETH (CETH) $ 26.81
evmos
Evmos (EVMOS) $ 1.75
nexo
NEXO (NEXO) $ 0.923983
bitdao
BitDAO (BIT) $ 0.478747
osmosis
Osmosis (OSMO) $ 1.12
pax-gold
PAX Gold (PAXG) $ 1,651.55
thorchain
THORChain (RUNE) $ 1.57
rocket-pool
Rocket Pool (RPL) $ 25.05
zilliqa
Zilliqa (ZIL) $ 0.031483
arweave
Arweave (AR) $ 9.30
enjincoin
Enjin Coin (ENJ) $ 0.463676
dash
Dash (DASH) $ 41.56
basic-attention-token
Basic Attention (BAT) $ 0.303708
kava
Kava (KAVA) $ 1.58
blockstack
Stacks (STX) $ 0.327515
defichain
DeFiChain (DFI) $ 0.731687
compound-governance-token
Compound (COMP) $ 62.05
ravencoin
Ravencoin (RVN) $ 0.035721
tether-gold
Tether Gold (XAUT) $ 1,682.64
mina-protocol
Mina Protocol (MINA) $ 0.598005
terra-luna-2
Terra (LUNA) $ 2.48
xdce-crowd-sale
XDC Network (XDC) $ 0.029438
ethereum-name-service
Ethereum Name Service (ENS) $ 15.71
kusama
Kusama (KSM) $ 44.25
Shares