On April 25, developers of the L2 solution Optimism addressed two critical vulnerabilities in the fraud-proof mechanism deployed in the test network.
The errors were initially highlighted by the Offchain Labs team. On March 22, the company reported this to OP Labs, the entity behind the protocol.
On March 25, Optimism developers confirmed the vulnerabilities but requested Offchain Labs not to disclose the information until they were fixed.
According to the statement, the discovered exploits allowed attackers to inject fake transaction history or interfere with the system’s ability to verify it.
Offchain Labs indicated that the vulnerability arose from improper handling of timers:
“These issues are difficult to fix. Although the initial design of Optimism was subject to attacks, [developers] made some changes to the timer handling code that eliminate the disclosed exploits. At this time, we have not conducted a security analysis of their modified protocol.”
The company emphasized that if the unpatched version of the protocol had been launched on the main network, it would have posed a serious risk to users’ funds.
Previously, developers at Nethermind resolved a critical bug in the Ethereum execution client, which caused a failure in block processing by validators.
Earlier in April, the team behind Binance’s Trust Wallet warned iOS users about a zero-day exploit targeting the iMessage service.