News & Analyses

Offchain Labs discloses two serious security vulnerabilities in Optimism OP Stack


  • Offchain Labs team disclosed two serious security vulnerabilities in Optimism to OP Labs, occurred on March 22. 
  • The vulnerabilities were found in Optimism fraud proof system deployed on the testnet. 
  • OP wiped out nearly 2% of its value in the past day. 

Offchain Labs announced in a tweet on X and on a Medium blog that the firm identified two serious security vulnerabilities in Optimism’s OP Stack. The tweet explains that these were identified in Optimism’s fraud proof system deployed on the testnet. 

Optimism Stack security vulnerabilities

Offchain Labs informed market participants that on March 22 the team disclosed two serious security vulnerabilities to the OP Labs team. The issues were identified in Optimism fraud proof system deployed on OP’s testnet.

The blockchain research firm provided the OP Labs team with demonstration exploit code for the attacks. The team at OP confirmed the validity of these issues on March 25 and these were addressed. On April 25, Optimism updated its testnet and the team at Offchain Labs is disclosing this for the first time. 

The OP Stack could have faced an attack from a malicious party and this could force the Stack to accept a fraudulent chain history. This could prevent Optimism from accepting a correct chain history. 

If the chain was attacked and the vulnerabilities were not identified and addressed, Optimism would have relied on an emergency intervention by the security council. Offchain Labs is the research firm behind Arbitrum, a competitor for Layer 2 chain Optimism. The firm says, 

We’re all on team Ethereum, and happy to lend resources to make Ethereum safer for everyone.

Optimism told FXStreet,

Getting eyes on our testnet code is a critical part of the development process. We’ve shared our initial audit contest findings, as well as the details of Offchain Lab’s findings in this blog post.

At the time of writing, OP price is at $2.35, down over 2%, on Binance. 






Source link

News & Analyses Analyses