google-play

Scan to Download iOS&Android APP


Who is Oxriptide? Bug bounty hunter collects ETH400 from Arbitrum for bridge vulnerability discovery

15:19, 22 September 2022

Share this article

What You Need to Know

The week ahead update on major market events in your inbox every week. Subscribe
A figure taking funds from a suspension bridge
Focused on cross-chain vulnerabilities, Oxriptide found the exploit in an Arbitrum bridge to Ethereum – Photo: Shutterstock

The code bounty hunter Oxriptide was paid ETH400, roughly $520,000, for detecting a vulnerability in the Aribtrum layer-two solution.

The liable code was found in a bridge between Ethereum and the newly upgraded Arbitrum Nitro. After being spotted by Oxriptide, the vulnerability was fixed before it was exploited, or any funds were stolen.

Who is Oxriptide?

Self-described as a white-hat hacker, Oxriptide is an anonymous coder who scours the Web3 bounty platform Immunefi for leads. The website is where they initially discovered the Arbitrum exploit.

The Medium post where Oxriptide outlined the Arbitrum vulnerability said: “I… focus mainly on searching for vulnerabilities solely within smart contracts written in Solidity.”

Focusing on smart contracts gives the hacker the opportunity for large bounties as often millions of dollars are at risk. They claim there is a clear need for bug hunters as contracts will always have issues, whether it is during deployment, development or upgrades.

Gold

1,647.55 Price
-0.790% 1D Chg, %
Long position overnight fee -0.0050%
Short position overnight fee 0.0018%
Overnight fee time 21:00 (UTC)
Spread 0.20

US100

11,408.50 Price
-0.630% 1D Chg, %
Long position overnight fee -0.0136%
Short position overnight fee 0.0041%
Overnight fee time 21:00 (UTC)
Spread 1.5

Oil - Crude

81.05 Price
-0.470% 1D Chg, %
Long position overnight fee 0.0189%
Short position overnight fee -0.0369%
Overnight fee time 21:00 (UTC)
Spread 0.03

XRP/USD

0.44 Price
-0.240% 1D Chg, %
Long position overnight fee -0.0500%
Short position overnight fee 0.0140%
Overnight fee time 21:00 (UTC)
Spread 0.00600

Going by riptide on Twitter, the coder recently shared that he was out of practice six months ago and spent every week researching. “I was dead set on my path of bounty hunting.”

The bounty hunter is currently working on cross-chain projects “due to the complexity involved for the developers of these projects and the significant amount of funds at risk due to the current ‘honeypot’ structure of most bridge implementations”.

Arbitrum vulnerability

The vulnerability that could have seen over $250m of ETH stolen was contained in a bridge between the Ethereum mainnet and Arbitrum’s layer-two network.

According to Oxriptide’s medium post, a bad actor could have exploited the code to steal incoming ETH deposits to the Arbitrum protocol.

The Medium post said: “The largest deposit recorded on the inbox contract was ETH168,000 (~$250mm) with typical total deposits in a 24-hour period ranging from ~ETH1,000 to ~ETH5,000.”

Further reading

What You Need to Know

The week ahead update on major market events in your inbox every week. Subscribe
The difference between trading assets and CFDs
The main difference between CFD trading and trading assets, such as commodities and stocks, is that you don’t own the underlying asset when you trade on a CFD.
You can still benefit if the market moves in your favour, or make a loss if it moves against you. However, with traditional trading you enter a contract to exchange the legal ownership of the individual shares or the commodities for money, and you own this until you sell it again.
CFDs are leveraged products, which means that you only need to deposit a percentage of the full value of the CFD trade in order to open a position. But with traditional trading, you buy the assets for the full amount. In the UK, there is no stamp duty on CFD trading, but there is when you buy stocks, for example.
CFDs attract overnight costs to hold the trades (unless you use 1-1 leverage), which makes them more suited to short-term trading opportunities. Stocks and commodities are more normally bought and held for longer. You might also pay a broker commission or fees when buying and selling assets direct and you’d need somewhere to store them safely.
Capital Com is an execution-only service provider. The material provided on this website is for information purposes only and should not be understood as an investment advice. Any opinion that may be provided on this page does not constitute a recommendation by Capital Com or its agents. We do not make any representations or warranty on the accuracy or completeness of the information that is provided on this page. If you rely on the information on this page then you do so entirely on your own risk.

Still looking for a broker you can trust?


Join the 450.000+ traders worldwide that chose to trade with Capital.com

1. Create & verify your account

2. Make your first deposit

3. You’re all set. Start trading