- Arbitrum has rewarded a white hat hacker for discovering a vulnerability in its payment code.
- The hacker has been rewarded 400 ETH.
- Arbitrum saw daily transactions hitting an all-time high during the month of September.
A popular Layer 2 solution for Ethereum, Arbitrum has rewarded a white hat hacker 400 ETH for discovering a vulnerability in Arbitrum’s payment code, which otherwise could have cost Arbitrum nearly $470 million.
The white hat hacker, who goes by the name Riptide, wrote on Twitter:
My bug bounty write-up on a critical vulnerability I discovered on Arbitrum Nitro which allowed an attacker to steal all incoming ETH deposits to the L1->L2 bridge
https://t.co/WuR4RYUL3L@icodeblockchain @samiamka2 @Mudit__Gupta @0xRecruiter @BowTiedCrocodil @BowTiedDevil
— riptide (@0xriptide) September 20, 2022
Riptide, who discovers vulnerabilities within smart contracts, said that the million-dollar vulnerability could have potentially affected anyone who wanted to exchange funds from Ethereum to Arbitrum Nitro.
After discovering the vulnerability, the hacker chose to report it and ask for a reward. In return, they asked for 400 ETH, which is nearly $540,000, whereas Arbitrum offered a $2 million reward as its maximum tier.
In August, Arbitrum went through a major update. Riptide thoroughly scanned the Arbitrum Nitro code a few weeks before the release. While doing so, the hacker found a vulnerability where the bridging contract was able to accept deposits, even though the contract was initialized previously.
Riptide further commented:
A client can send a message to the sequencer by signing and publishing an L1 transaction in the Arbitrum chain’s Delayed Inbox. This functionality is most commonly used for depositing ETH or tokens via a bridge.
Nonetheless, Arbitrum saw its activity quadruple after the Nitro upgrade, which took place on August 31. The Layer 2 solution saw daily transactions hitting an all-time high during the month of September.
Meanwhile, OpenSea is also set to launch support for the Arbitrum layer and new NFT projects on September 21, 2022. It will support collections like Smolverse, the GMX Blueberry Club, and Diamond Pepes by dopex_io. The Arbitrum NFT support will go live today on OpenSea, where creators have been suggested to set their creator fees before any transactions occur.