As one of the after-merge solutions, Ethereum added Arbitrum to its layer-2 mainnet. The Ethereum network expects the Arbitrum scaling tool to eliminate the problem of high transaction fees and optimize network scalability.
Arbitrum scaling tool enables users access to DeFi applications. Arbitrum network makes token swap almost extremely cheap at 0.60 cents.
The recent white hat hack attack on the Arbitrum network signifies some vulnerability on the Arbitrum network. It Looks like Arbitrum neglected a fire while chasing the rat.
Arbitrum failed to notice a deviation in its latest version while trying to help Ethereum lower transaction costs. The vulnerability would have left the network porous and allowed hackers to steal funds from the Ethereum network.
Bridge Attacks Accounts For $1 Billion Stolen Fund In Crypto Industry
Arbutrum was lucky to have Oxriptide hack into the system and discover the bug. The white Hat hacker got rewarded with 400 ETH for helping to flag the bug.
According to Oxriptide, the issue was the method of processing and submitting transactions on the network. The hacker explained that the vulnerability is critical and could enable the stealing of all incoming ETH deposits on the Layer1-layer2 bridge. He made the revelation in a tweet.
The bridge is a tool for transaction submission and processing. Bridge enables users to transfer tokens from one blockchain to another. One major security threat in the crypto industry is bridge attacks, which account for nearly $1 billion in theft in the past year.
Details Of Arbitrum Vulnerability
Oxriptide made a striking discovery from his attack on the network. One of the most important ones is Nitro malfunction. The hacker discovered that all incoming transactions pass through the bridge by message to a Delayed Inbox on the Arbitrum blockchain.
Arbitrum Nitro is a second–generation layer-2 roll-up protocol. It is a newly upgraded scaling tool that provides more efficient dispute resolution and higher throughput than previous rollups.
Arbitrum Nitro was implemented on Ethereum’s Layer-2 for better scalability. In addition, it was designed to support cross-chain transactions and transaction verification, among other functions.
A delayed Inbox is a tool for checking all transactions to verify the processing status of their smart contracts. Oxriptide noticed that data storage slots were empty due to the Nitro malfunction. This malfunction could allow anyone to manipulate the bridge’s smart contracts.
The malfunction occurred because the developers removed a code that protects against vulnerability to enable cheap transactions. However, the developers did not detect the threat.
Failure to detect this problem would have cost Ethereum hundreds of millions of dollars. The inbox records per day, but the largest is 168,000 ETH (approx. $250mm).
Featured image from Pixabay and chart from TradingView.com