Arbitrum Will Pay Programmer to Find a Bug In ETH and Nitro Bridge

Arbitrum paid 400 ETH to a code bounty hunter (about $520,000) in exchange for finding a vulnerability between Ethereum, Arbitrum Nitro and other blockchains. This vulnerability could have affected more than $250,000,000, but was not discovered until any funds were stolen.

Arbitrum has released details about a vulnerability and a bounty. This exploit could have harmed more than $250 million.

The vulnerability was discovered by a pseudonymous solidity bounty hunters “0xriptide.” This could have affected anyone who tried to bridge funds between Ethereum and Arbitrum Nitro, 0xriptide stated.

Arbitrum vulnerability finder goes by the name of 0xriptide

Arbitrum paid 0xriptide 400 Ethereum (about $520,000) in compensation for being alerted to the vulnerability.

0xriptide’s day to-day consists of scanning ImmuneFi, which is a bug bounty platform that has stopped hacks worth more than $20 trillion. He has been focusing on cross-chain exploits as they present a greater risk to funds due to the honeypot structure of bridge protocols.

He began his search for the Arbitrum exploit a few weeks before the Arbitrum Nitro upgrade. After his initial investigation, he discovered a vulnerability in which the bridging contract could accept deposits even though it was initially created.

0xriptide said,

“When you find an uninitialized address in Solidity, you should take a moment and pause to investigate further. You never know if it was intentionally left uninitialized by mistake or purposely left unsanctioned.”

What the bridge exploit is

The hacker could have targeted larger ETH deposits to hide their actions or launched a guerrilla-style attack to siphon all funds coming in.

The maximum deposit made during the time the exploit was possible was 168,000 ETH or $250 million. In any 24-hour period where the vulnerability could be exploited, the average deposit was between 1,000 and 5,000 ETH.