Arbitrum Rewards Hacker With 400 ETH For Detecting a Critical $400M Vulnerability

Arbitrum, one the most popular Layer 2 solutions for Ethereum paid 400 Ethereum (around $560,000) to a white-hat hacker who discovered a vulnerability in its code.

Riptide is a white-hat hacker who finds flaws in Solidity smart contracts. Riptide stated that the vulnerability could be multi-million dollars in nature and could affect anyone who wants to exchange funds between Ethereum and Arbitrum Nitro.

It’s not a big deal, just to bridge a cool $470mm through the exact same Inbox contract

You should definitely be eligible to receive a maximum bounty

— riptide (@0xriptide) September 20, 2022

Millions of dollars in losses prevented by rbitrum

A few weeks prior to the release of Arbitrum Nitro, the hacker thoroughly checked the code and checked the contracts to “see if it had been successful.”

Riptide discovered some problems with the bridge’s operation after the upgrade. Riptide discovered that the inbox sequencer was experiencing delays.

A client can send a message through the Sequencer by signing an L1 transaction and publishing it in the Arbitrum chain’s Delayed Inbox. This function is used most often to deposit ETH or tokens through a bridge.

Riptide discovered that Riptide and another malicious hacker had exploited a critical flaw in the contract to gain millions of dollars. They diverted incoming ETH deposits from L1 to L2 bridge into their wallets.

My bug bounty write-up on a critical vulnerability I discovered on Arbitrum Nitro which allowed an attacker to steal all incoming ETH deposits to the L1->L2 bridge[email protected] @samiamka2 @Mudit__Gupta @0xRecruiter @BowTiedCrocodil @BowTiedDevil

— riptide (@0xriptide) September 20, 2022

Riptide, however, decided to report the vulnerability to the hacker and request a reward. It was 400ETH rather than the $2 million reward Arbitrum offered at its highest tier. The hacker claimed that the reward was too low in relation to the severity of the bug and the risks it represented.

I am pointing out that you should be ready to pay $2mm bounty if it is justified. If you don’t want to pay it, just state that the maximum bounty is 400 ETH.

Hackers monitor which projects pay and which don’t

It is not a good idea for a whitehat or a blackhat to be incentivized by IMO

— riptide (@0xriptide) September 20, 2022

It’s worth noting that Arbitrum was the victim in March 2022 of an exploit where a hacker or group of hackers stole more 100 NFT from TreasureDAO with a value of at least $1.4 Million.

White Hat Hackers: A Profitable Business in Crypto-Land

Independent auditing is a crucial part of the crypto ecosystem. Many platforms have offered bounties to white-hat hackers who report vulnerabilities in their code and smart contracts over the course of the year.

Coinbase, for example, paid the largest bounty ever in its history ($250,000) in February to “Tree of Alpha”, a hacker who saved them from a loss of a billion dollars due to a bug in “Advanced Trading”.

Tree of Alpha expressed gratitude for the payment at the time and stated that it would serve him well in retirement. However, Riptide noted that a higher bounty might have been wise to discourage more gray hats exploiting vulnerabilities.

Jay “Saurik”, a decentralized VPN protocol Orchid user and a legend in iOS jailbreak, was also awarded over $2 million for reporting a flaw in Optimism (a “layer 2” scaling solution for Ethereum).

CryptoPotato’s first post, Arbitrum Rewards Hacker with 400 ETH for Detecting Critical $400M Vulnerability, appeared first on CryptoPotato.

Read More

2021's Most Anticipated Growth & Wealth-Building Opportunity

Join Thousands of Early Adopters Just Like You Who Want to Grow Capital and Truly Understand Cryptocurrency Together

Marla Brooks

Marla Brooks – Financial Analysis My name is Marla Brooks, and I am the mainstream behind the””  for the powerful and most delicate insights into the latest activities in the financial analysis category. I started my journey as an independent financial consultant. I had approximately nine years of experience in this field. I am free soul so; my passion for exploring the world has taken me to the nations across the globe and given me the chance to report for a portion of the best news associations. Currently, I am a full-time editor as experienced in finance and started to use my abilities.

2021's Most Anticipated Growth & Wealth-Building Opportunity

Join Thousands of Early Adopters Just Like You Who Want to Grow Capital and Truly Understand Cryptocurrency Together

Close Bitnami banner