Resources

People often ask me "How did you learn how to hack?" The answer: by reading. This page is a collection of the blog posts and other articles that I have accumulated over the years of my journey. Enjoy!

Optimism is a L2 sidechain of Ethereum. There are several bridges that allow for the taking of assets from L1 to L2 by creating a wrapped variant of the asset. One of these bridges is BitBTC.

When going from L2 to L1, a user can specify the token in which they would like unwrap. Part of the unwrapping is finding the proper L1 token to use when going back to the other chain, Ethereum.

The L1 bridge completely ignores the L2 token and simply mints the L1 token! This means that an attacker can create an arbitrary token on Optimism (which anybody can do) with all of the supply and set the L1Tokens address to be the L1 address. Using this, they could steal all of the tokens from BitBTC.

Luckily, this bug would take 7 days to exploit... where somebody would likely notice. The author posted this on Twitter, hoping that the BitBTC team would respond. Eventually, they did and fixed the bug.

It's amazing how bad the security of many of these platforms is. You think that handling this much money would require a deep look into the implications of the code written.