A white hat hacker has received a 400 ETH bounty worth more than $500,000 for finding a potential vulnerability on the Ethereum-based layer 2 scaling solution Arbitrum network.
The bug was reportedly shipped into production during a recent network upgrade and could have allowed the hacker to steal funds meant to be bridged to Arbitrum.
White Hat Hacker Finds a Possible Bug in Arbitrum After Upgrade
In a bug hunting report published Tuesday, a white hat hacker with the name Oxriptide revealed their experience in finding bugs in smart contracts written in Solidity, an Ethereum-native programming language also used on Arbitrum.
Oxriptide disclosed that he anticipated loopholes and certain vulnerabilities in the protocol after its Nitro upgrade. Completed earlier this month, the upgrade improved network functionality and helped scale throughput faster. The hacker further explained that such upgrades often birth certain vulnerabilities which the developers could overlook during the update window.
Upon research, Oxriptide discovered a critical bug in the network’s wipe storage slots and well-intentioned gas optimization that could affect investors trying to transfer funds from the Ethereum blockchain to Arbitrum Nitro through its bridge.
The white hat hacker claimed that exploiting the vulnerable delayed inbox contracts could result in a multi-million and possibly billion-dollar heist. A simulation of the hack transaction revealed that the white hat could intercept all incoming ETH deposits to the bridge contract and send it to an address defined by the hacker.
The bridge contract had received up to 168,000 ETH (over $250 million) in a single transaction at one point and also received deposits ranging from 1000 ($1.3 million) to 5000 ETH ($6.7 million). These were at-risk funds that a malicious attacker could siphon.
Meanwhile, the Arbitrum team acknowledged the vulnerability and paid out a 400 ETH( $530,000) bounty to Oxriptide through bug bounty platform Immunefi.
White Hats Saving the Day in Crypto
Oxriptide is not the only white hacker who has received compensation for helping to avert a possible security breach in the crypto space. In June, Confomania reported that a white hacker got $630,000 in cryptocurrencies and cash for preventing a $25 million potential attack on Port Finance, a Solana-based lending protocol.
Another white hacker also received $250,000 from cryptocurrency exchange Coinbase for saving the platform from possible exploits.
