News Report Software Technology
April 26, 2024

Offchain Labs Reveals Discovery Of Two Critical Vulnerabilities In Optimism’s OP Stack’s Fraud Proofs

In Brief

Offchain Labs identified two security vulnerabilities within the Optimism fraud-proof system implemented by OP Labs.

Offchain Labs Reveals Discovery Of Two Critical Vulnerabilities In Optimism’s OP Stack's Fraud Proofs

Blockchain research and development firm Offchain Labs disclosed the identification of two security vulnerabilities on the Optimism testnet. The findings were promptly shared with OP Labs, the team responsible for the project development, on March 22nd. These vulnerabilities were identified within the Optimism fraud-proof system implemented by OP Labs.

Offchain Labs provided OP Labs with a demonstration exploit code to aid in the identification and comprehension of these security concerns. On March 25th, OP Labs verified the presence of these issues and coordinated the disclosure of the vulnerabilities with Offchain Labs.

As per the terms of the agreement between the two parties, Offchain Labs was required to refrain from publicly disclosing the vulnerability until it was resolved. The Optimism testnet underwent an update on April 25th, enabling the company to disclose the security vulnerabilities for the first time today.

The vulnerabilities enabled malicious entities to manipulate the fraud-proof mechanism of OP Stack to accept false chain history or prevent it from accepting the correct chain history. The issue originated from vulnerabilities in the design of OP Stack’s fraud-proof design in handling timers, leading to OP Stack’s fraud-proof system failing to improve security guarantees compared to the method relying solely on emergency intervention by the security council.

Offchain Labs Sheds Light On Challenges With Timers In Fraud-Proof Design

Offchain Labs emphasized that timers represent the most intricate aspects of the fraud-proof design. In the challenge game, an adversarial party may opt to refrain from taking any action, leading to the protocol needing to declare a timeout for a non-responsive player at some juncture. During this time-lapse, the protocol faces the challenge of discerning whether the player is genuinely experiencing censorship or is instead a bad actor pretending to be censored. Therefore, the protocol has to afford honest players adequate time flexibility to prevent losses due to censorship while also preventing malicious players from unduly delaying the protocol.

In the scenario involving Optimism, which involves numerous players participating, managing time credits is not straightforward.

The original deployment of the OP protocol on the testnet was vulnerable to traitor attacks of this nature because it permitted a traitor to acquire undeserved time credit. This vulnerability could have enabled a malicious actor to triumph in a fraud-proof game that it should have lost, potentially resulting in the acceptance of a fraudulent chain history or the rejection of a correct chain history.

Optimism operates as a Layer 2 blockchain built on the Ethereum network, utilizing Ethereum mainnet’s security features to boost scalability within the Ethereum ecosystem via optimistic rollups. The OP Stack constitutes the suite of software driving Optimism, presently supporting OP Mainnet and, in the future, evolving into the Optimism Superchain along with its governance structure. It is designed as a public resource to benefit both the Ethereum and Optimism ecosystems.

Disclaimer

In line with the Trust Project guidelines, please note that the information provided on this page is not intended to be and should not be interpreted as legal, tax, investment, financial, or any other form of advice. It is important to only invest what you can afford to lose and to seek independent financial advice if you have any doubts. For further information, we suggest referring to the terms and conditions as well as the help and support pages provided by the issuer or advertiser. MetaversePost is committed to accurate, unbiased reporting, but market conditions are subject to change without notice.

About The Author

Alisa, a dedicated journalist at the MPost, specializes in cryptocurrency, zero-knowledge proofs, investments, and the expansive realm of Web3. With a keen eye for emerging trends and technologies, she delivers comprehensive coverage to inform and engage readers in the ever-evolving landscape of digital finance.

More articles
Alisa Davidson
Alisa Davidson

Alisa, a dedicated journalist at the MPost, specializes in cryptocurrency, zero-knowledge proofs, investments, and the expansive realm of Web3. With a keen eye for emerging trends and technologies, she delivers comprehensive coverage to inform and engage readers in the ever-evolving landscape of digital finance.

Hot Stories

Missed Bitcoin’s Rise? Here’s What You Should Know

by Victoria d'Este
December 20, 2024
Join Our Newsletter.
Latest News

From Ripple to The Big Green DAO: How Cryptocurrency Projects Contribute to Charity

Let's explore initiatives harnessing the potential of digital currencies for charitable causes.

Know More

AlphaFold 3, Med-Gemini, and others: The Way AI Transforms Healthcare in 2024

AI manifests in various ways in healthcare, from uncovering new genetic correlations to empowering robotic surgical systems ...

Know More
Read More
Read more
Transak Increases Accessibility To Memecoins By Listing 11 New Tokens
Markets News Report Technology
Transak Increases Accessibility To Memecoins By Listing 11 New Tokens
December 20, 2024
Missed Bitcoin’s Rise? Here’s What You Should Know
Opinion Business Markets Technology
Missed Bitcoin’s Rise? Here’s What You Should Know
December 20, 2024
The Explosive Rise of Crypto Theft in 2024 with North Korea Leading the Charge
Opinion Business Markets Software Technology
The Explosive Rise of Crypto Theft in 2024 with North Korea Leading the Charge
December 20, 2024
Multiple Network Unveils Brand Upgrade, Focusing On Privacy Protection And Data Acceleration 
News Report Technology
Multiple Network Unveils Brand Upgrade, Focusing On Privacy Protection And Data Acceleration 
December 20, 2024