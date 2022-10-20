A cross-chain bridge between BitBTC and Ethereum layer-2 network Optimism has been able to get over a potentially cost exploit on account of an observation made by a Twitter user, as reported by Cointelegraph.

According to Cointelegraph, the custom cross-chain bridge provides a ramp for users to send assets between Optimism’s network and BitAnt’s decentralised finance (DeFi) ecosystem, which includes yield services, non-fungible tokens (NFTs), swaps and the BitBTC token. It is believed that the BitBTC bridge bug was pointed out by Lee Bousfield, technology lead, Arbitrum, a L2 network, through an October Twitter post.

On the basis of information by Cointelegraph, Bousfield stated that the BitBTC bridge carried a bug that to permit an attacker to mint fake tokens on one side of the bridge and make a swap for real ones on the other side.

“The Optimism L2 side of the bridge lets you withdraw any token, and it let’s that token pick the L1Token address passed to the L1 side of the bridge. However, the L1 bridge completely ignores what the L2 token was, and just goes ahead and mints the arbitrary L1 token! That means an attacker could deploy their own token on Optimism, give themselves all the supply, and set that token’s L1 Token to the real BitBTC L1 address,” Bousfield stated.

Moreover, Cointelegraph noted that Kevin Fichter, developer, Optimism, on Oct 18, 2022, provided the confirmation that the bug was present on BitBTC’s side of things, as it utilised its own custom bridge in opposition to Optimism’s standard bridge it offers to partners. Reportedly, Fichter mentioned that assets other than BitBTC are not considered to be at risk, adding that there was a specific amount of time and energy placed into the standard bridge, and provided encouragement to people for using the standard bridge.

