BitBTC-Optimism Bridge Vulnerability Fixed Timely Thanks To Twitter Users
A user has discovered a BitBTC-Optimism Bridge vulnerability that allows an attacker to generate fake tokens on one side of the bridge and exchange them for real tokens on the other side. The bug was identified on the BitBTC side. After 10 hours, the vulnerability was patched.
On October 18, a user with Twitter account @PlasmaPower0 prevented a possible future cross-chain bridge attack of BitBTC-Optimism Bridge.
The vulnerability he discovered could allow an attacker to generate fake tokens on one side of the bridge and exchange them for real tokens on the other side.
“The Optimism L2 side of the bridge lets you withdraw any token, and it let’s that token pick the L1Token address passed to the L1 side of the bridge. However, the L1 bridge completely ignores what the L2 token was, and just goes ahead and mints the arbitrary L1 token”He wrote
For the exploit to be successful, Bousfield pointed out that it would take 7 days to cross, during which the L1 bridge could be fixed through an upgrade.
Shortly after noting that, someone went on to test that theory, with an attacker attempting to withdraw “200 billion fake BitBTC from Optimism”. Fortunately, the hacker claimed that it was just a test to expose the vulnerability to developers.
After 10 hours of trying to contact the BitBTC team, the vulnerability has also been fixed.
Optimism developer Kevin Fichter on October 18 confirmed that the bug was on BitBTC’s side as it used its own custom bridge instead of Optimism’s standard bridge that it provides to partners and encourages people to use the standard bridge ‘unless you know what you’re doing”.
DISCLAIMER: The Information on this website is provided as general market commentary and does not constitute investment advice. We encourage you to do your own research before investing.
Join us to keep track of news: https://linktr.ee/coincu