Offchain Labs Reveals Discovery Of Two Critical Vulnerabilities In Optimism’s OP Stack’s Fraud Proofs
In Brief
Offchain Labs identified two security vulnerabilities within the Optimism fraud-proof system implemented by OP Labs.
Blockchain research and development firm Offchain Labs disclosed the identification of two security vulnerabilities on the Optimism testnet. The findings were promptly shared with OP Labs, the team responsible for the project development, on March 22nd. These vulnerabilities were identified within the Optimism fraud-proof system implemented by OP Labs.
Offchain Labs provided OP Labs with a demonstration exploit code to aid in the identification and comprehension of these security concerns. On March 25th, OP Labs verified the presence of these issues and coordinated the disclosure of the vulnerabilities with Offchain Labs.
As per the terms of the agreement between the two parties, Offchain Labs was required to refrain from publicly disclosing the vulnerability until it was resolved. The Optimism testnet underwent an update on April 25th, enabling the company to disclose the security vulnerabilities for the first time today.
The vulnerabilities enabled malicious entities to manipulate the fraud-proof mechanism of OP Stack to accept false chain history or prevent it from accepting the correct chain history. The issue originated from vulnerabilities in the design of OP Stack’s fraud-proof design in handling timers, leading to OP Stack’s fraud-proof system failing to improve security guarantees compared to the method relying solely on emergency intervention by the security council.
Offchain Labs Sheds Light On Challenges With Timers In Fraud-Proof Design
Offchain Labs emphasized that timers represent the most intricate aspects of the fraud-proof design. In the challenge game, an adversarial party may opt to refrain from taking any action, leading to the protocol needing to declare a timeout for a non-responsive player at some juncture. During this time-lapse, the protocol faces the challenge of discerning whether the player is genuinely experiencing censorship or is instead a bad actor pretending to be censored. Therefore, the protocol has to afford honest players adequate time flexibility to prevent losses due to censorship while also preventing malicious players from unduly delaying the protocol.
In the scenario involving Optimism, which involves numerous players participating, managing time credits is not straightforward.
The original deployment of the OP protocol on the testnet was vulnerable to traitor attacks of this nature because it permitted a traitor to acquire undeserved time credit. This vulnerability could have enabled a malicious actor to triumph in a fraud-proof game that it should have lost, potentially resulting in the acceptance of a fraudulent chain history or the rejection of a correct chain history.
Optimism operates as a Layer 2 blockchain built on the Ethereum network, utilizing Ethereum mainnet’s security features to boost scalability within the Ethereum ecosystem via optimistic rollups. The OP Stack constitutes the suite of software driving Optimism, presently supporting OP Mainnet and, in the future, evolving into the Optimism Superchain along with its governance structure. It is designed as a public resource to benefit both the Ethereum and Optimism ecosystems.
Disclaimer
In line with the Trust Project guidelines, please note that the information provided on this page is not intended to be and should not be interpreted as legal, tax, investment, financial, or any other form of advice. It is important to only invest what you can afford to lose and to seek independent financial advice if you have any doubts. For further information, we suggest referring to the terms and conditions as well as the help and support pages provided by the issuer or advertiser. MetaversePost is committed to accurate, unbiased reporting, but market conditions are subject to change without notice.
About The Author
Alisa, a dedicated journalist at the MPost, specializes in cryptocurrency, zero-knowledge proofs, investments, and the expansive realm of Web3. With a keen eye for emerging trends and technologies, she delivers comprehensive coverage to inform and engage readers in the ever-evolving landscape of digital finance.
More articlesAlisa, a dedicated journalist at the MPost, specializes in cryptocurrency, zero-knowledge proofs, investments, and the expansive realm of Web3. With a keen eye for emerging trends and technologies, she delivers comprehensive coverage to inform and engage readers in the ever-evolving landscape of digital finance.