White hat Jay Freeman (also known as saurik) has discovered and fixed a critical security issue in Ethereum's scaling solution called Optimism that would allow an attacker to issue an infinite amount of ether (ETH).

According to an explanation published in a blog post, the vulnerability allowed a bad actor to "replicate money" on any chain using "OVM 2.0" fork of go-ethereum. Here's how Freeman explains the nature of the bug from a high level:

With the ability to sneakily print IOUs (known on Optimism as OETH) on the other side of the bridge, you still can try to (slowly) withdraw money from the reserves, but now it will look like a legitimate transfer, making it easier to go unnoticed.

On the practical level, the vulnerability could have been exploited by triggering the "SELF-DESTRUCT" function that would delete smart contracts by themselves and return related ether to the sender.

Read also: Discord Bots of NFT Startups Hacked

But the most dangerous thing was that the function could be looped thus making an infinite amount of tokens.

I have not, myself, had time to verify that this was never triggered on the two known-to-me forks of Optimism: Boba and Metis.

After Freeman notified the Optimism team, the developers patched the bug and rolled out the updated version of the contract on Optimism's Kovan and Mainnet networks. As a result, Freeman was awarded over $2 million for discovering the bug, which makes it one of the largest bounties so far.