Arbitrum has announced a bug bounty reward of 400 ETH

By    23 Sep,2022

Arbitrum’s vulnerability and bounty were revealed this morning. The fixed exploit had the potential to compromise more than $250 million.


The vulnerability was found by “0xriptide,” a pseudonymous solidity bounty hunter. According to 0xriptide, it might have harmed any user who attempted to bridge funds from Ethereum to Arbitrum Nitro.

Arbitrum has compensated 0xriptide with 400 ETH (about $520,000) for reporting the issue.

0xriptide’s typical day consists of scouring ImmuneFi, a bug bounty program that has stopped more than $20 billion in hacks. According to the study, his primary focus recently has been on preventing cross-chain exploits, which put a far higher amount of assets in danger due to the “honeypot” structure of most bridge protocols.

His search for the Arbitrum exploit began a few weeks ago, in anticipation of the Arbitrum Nitro upgrade. During his initial examination, he discovered a vulnerability in which the bridging contract might take deposits even though it had previously been initialized.

According to 0xriptide,

“When you stumble upon an uninitialized address variable in Solidity — you should always take a moment to pause and investigate further because you never know if it was purposefully left uninitialized or by accident.”