Arbitrum announces a bug bounty reward of 400 ETH
This morning, details on a vulnerability and reward offered by Arbitrum surfaced. The corrected vulnerability may have compromised over $250 million.
“0xriptide,” a pseudonymous solidity bounty hunter, uncovered the flaw. According to 0xriptide, it might have impacted any user who tried to transfer money from Ethereum to Arbitrum Nitro.
Arbitrum has compensated 0xriptide 400 ETH (about $520,000) for reporting to the issue. 0xriptide’s daily activities consist of scanning ImmuneFi, a bug bounty site that has topped $20 billion in cyberattacks. In a recent study, he said that his major emphasis has been on avoiding cross-chain exploitation owing to the “honeypot” nature of most bridge protocols, which puts a far higher amount of assets in danger.
Prior to the release of the Arbitrum Nitro update, he started his first hunt for an Arbitrum exploits some weeks ago. During his first examination, he discovered that the bridging contract could receive deposits even if it had been started before.
The bridge achievement
0xriptide discovered, after investigating the uninitialized address, that a hacker may put their own address as the bridge, imitating the genuine contract, and steal any incoming ETH deposits from Ethereum to Arbitrum Nitro.
The hacker would have had the option of targeting bigger ETH deposits to conceal their activity or initiating a guerrilla-style operation to steal all incoming cash.
During the time when the exploit may have happened, the highest deposit was around 168,000 ETH, or $250 million. In each 24-hour period during which the vulnerability might have been exploited, the average deposits ranged from 1,000 to 5,000 ETH.