Here’s how Arbitrum recently averted a catastrophic crisis

ambcrypto.com:

Arbitrum, one of Ethereum’s most popular layer 2 scaling solutions, averted a catastrophic crisis when a white hat hacker alerted the platform about a critical bug he had discovered on the Arbitrum Nitro upgrade.

The hacker, who goes by the name Riptide (@0xriptide) on Twitter, discovered the “multi-million dollar” vulnerability on the Ethereum-Arbitrum Nitro bridge. The bug would’ve enabled any bad actor to hijack incoming ETH deposits from users attempting to bridge to Arbitrum.

Riptide scanned the Arbitrum Nitro code before its intended release, to look for flaws. Upon execution of the “initializer”, he realized that the contract was “completely vulnerable” and opened the door for hackers to exploit the thousands of ETH deposits that the platform accepted every day. 

Developers in the community are not particularly a fan of initializers and have criticized their use in codes.

Riptide often looks for bug bounties and focuses mainly on searching for vulnerabilities solely within smart contracts written in Solidity. 

Being a white hat hacker, Riptide chose to inform Arbitrum of his discovery rather than exploiting the bug for personal gain. Of course, there is a bug bounty in place by several platforms to incentivize hackers to report such events. 

In this case, Arbitrum rewarded the hacker with 400 ETH, which is a little more than half a million dollars. As per Riptide’s calculations, his efforts saved the platform more than $470 million, $225 million of which are associated with a single transaction. 

He believes that his discovery was eligible for the maximum tier bounty of $2 million. “if you post a $2mm bounty- be prepared to pay it when it’s justified. Otherwise just say the max bounty is 400 ETH and be done with it.” he