OffchainLabs publicly discloses two critical vulnerabilities in OPStack fraud proofs
Arbitrum R&D team Offchain Labs announced that it disclosed two serious security vulnerabilities discovered on the Optimism test network to the OP Labs team on March 22. These vulnerabilities exist in the Optimism fraud proof system deployed by OP Labs. Offchain Labs disclosed to OP Labs The team provided demonstration exploit code for the attack. On March 25, OP Labs confirmed the validity of these two issues, and the two parties coordinated the vulnerability disclosure time. OP Labs requested that Offchain Labs refrain from publicly disclosing these vulnerabilities until the vulnerabilities are resolved. Late yesterday (April 25), the Optimism testnet was updated, and today Offchain Labs disclosed the vulnerabilities for the first time. These vulnerabilities allow a malicious party to force the OP Stack fraud proof mechanism to accept a fraudulent chain history, or prevent the OP Stack fraud proof mechanism from accepting the correct chain history. These issues stem from flaws in the OP's fraud proof design in how it handles timers.
Release time
2024-04-26 10:05:36