Freeman has a history of software development and hacking, notably playing a critical role in the development of software for jailbreaking iOS. His experience has proven to be priceless within the Wild West, open-source crypto industry. Just two weeks ago a smart contract vulnerability left the Wormhole bridge with a $350 million hole to repair – and that wasn't even the largest exploit in recent history. However, Freeman mentioned that bridge exploits are often found quickly as they are used often and watched over constantly by the teams responsible for maintaining them.
During the first week of February, Freeman discovered a critical bug within Optimism’s virtual machine – one that developers might not have been ready to patch quite as quickly. The bug was rooted in Optimism’s selfdestruct function that allows contracts to be destroyed and sends any remaining ether balance to a designated address.
It sounds dangerous, so why do blockchains contain the selfdestruct function? The function allows for obsolete or dangerous contracts to be removed from the chain while returning the ether balance to the rightful owner.
Unless there is a bug, of course.
Optimism’s selfdestruct function returned the ether balance to the designated address without ever burning the balance within a contract. According to Freeman, “This means that, when a contract self-destructs its balance is BOTH given to the beneficiary AND ALSO KEPT.” If attackers were able to successfully call the contract, they could create a loop that doubles their OETH balance until noticed and patched by Optimism developers.
Freeman noted that he was not the first person to find the bug after scanning previous selfdestruct calls on Optimism and tracking one wallet back to an employee of Etherscan. The employee had found and tested the bug, but apparently hadn’t understood the severity of the situation and let it be. The vulnerability had gotten worse over time as more funds were bridged to Optimism and other layer 2 systems copied the code Optimism had put in place. Layer 2s are companion networks connected but functionally separate from the base layer.
Consequently, Freeman noted, had he not found the bug, a minting vulnerability would have allowed an attacker to double their funds every time the selfdestruct function was called on Boba and Metis as well.
White Hats and DeFi
The need for friendly adversarialism
Decentralized finance continues to be a vulnerable industry with anonymous founders, open-source code and billions of dollars looking to take on risk. This enormous amount of capital has created an incentive system aligned with teams that build fast and release tokens.
Read More: Wonderland (and DeFi’s) Anonymity Problem
Conversely, caution and professionalism are a lot less exciting to traders and investors. The world economy has seen over and over again the effect of incessant risk taking, even though the market eventually punishes shortcuts. There is no reason to think this same outcome won’t continue to play out in crypto and decentralized finance, with only the most meticulous protocols coming out alive in the end.
Freeman has also contemplated where the middle ground between “Code is Law” and third-party trust falls. He raised the point that bug bounties are essential in incentivizing good actors to seek out and find vulnerabilities. By setting the reward for being a good actor on a similar scale as the payout for being a bad actor, that scale suddenly tilts the incentives toward white hatting.
As Freedman put it, this sort of “friendly adversarialism” can encourage ecosystem participants to be more open, honest and even pessimistic about new ideas.
That pessimism is key. Today, the environment is perhaps overly optimistic, getting investors and DeFi users excited about protocols that could never work or might even be dangerous. This lack of oversight, combined with the nature of open-source code, creates the perfect environment for hackers and scammers, an issue much of the crypto industry does not seem ready to admit.
The leader in news and information on cryptocurrency, digital assets and the future of money, CoinDesk is an award-winning media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. In November 2023, CoinDesk was acquired by Bullish group, owner of Bullish, a regulated, institutional digital assets exchange. Bullish group is majority owned by Block.one; both groups have interests in a variety of blockchain and digital asset businesses and significant holdings of digital assets, including bitcoin. CoinDesk operates as an independent subsidiary, and an editorial committee, chaired by a former editor-in-chief of The Wall Street Journal, is being formed to support journalistic integrity.