Recently, a Twitter account with the title “riptide” published an short article connected to a vulnerability in the bridge involving Ethereum – Arbitrum Nitro.
This white hat hacker then immediately contacted the Arbitrum group, therefore resolving the aforementioned vulnerability and obtaining a bug bounty on ImmuneFi.
My bug bounty create-up on a important vulnerability I found on Arbitrum Nitro that permitted an attacker to steal all incoming ETH deposits on the L1-> L2 bridge
https://t.co/WuR4RYUL3L@icodeblockchain @ samiamka2 @Mudit__Gupta @ 0xRecruiter @BowTiedCrocodil @BowTiedDevil
– riptide (@ 0xriptide) September 20, 2022
Consequently, this vulnerability could make it possible for hackers to steal the total volume of ETH loaded in the bridge involving Layer-one (e.g. mainnet Ethereum) and Layer-two (right here is the Arbitrum Nitro model).
This white hat hacker claimed that the initialize () perform that aids end users signal transactions and send encryption requests to the sequencer (validation unit) has encountered some vulnerabilities. The 1st two storage spaces (positions and one) of this perform are empty, which suggests that the hacker can impersonate the consumer and then send the authentication message to the Sequencer.
This initialization-connected vulnerability appeared earlier in Nomad’s sensible contract.
> See much more: Nomad cross-chain bridge breached and “soiled” with much more than $ 176 million in harm
Fortunately, this vulnerability was immediately acknowledged by the Arbitrum group and a reward of 400 ETH was sent to the aforementioned white hat hacker.
Synthetic currency 68
Maybe you are interested: