Immunefi
Published in

Immunefi

Optimism Infinite Money Duplication Bugfix Review

Summary

Intro to L2

Optimistic Rollups

Optimism

Vulnerability Analysis

SelfDestruct

  1. Create an exploit contract that contains two internal functions. One with selfdestruct, and a second that withdraws the balance of the contract to the caller. The function with selfdestruct sends the contract’s balance to itself. This inflates the value due to the bug in Optimism’s Geth implementation
  2. The attacker deploys the contracts and in the constructor makes calls to the selfdestruct function multiple times in a loop
  3. After the loop is finished, the constructor calls the second internal function of the exploit contract to transfer the inflated funds to the attacker
  4. The exploit contract is destroyed at the end of the transaction

Vulnerability Fix

Acknowledgments

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Immunefi

Immunefi is the premier bug bounty platform for smart contracts, where hackers review code, disclose vulnerabilities, get paid, and make crypto safer.