Offchain Labs discloses two serious vulnerabilities in OP Stack fraud proofs

CoinVoice has recently learned that according to the latest official information, Arbitrum R&D team Offchain Labs announced that on March 22, the team disclosed to the OP Labs team two serious security vulnerabilities it found on the Optimism testnet. These vulnerabilities exist in the Optimism fraud proof system deployed by OP Labs. Offchain Labs provided the OP Labs team with demonstration exploit code for the attack.

On March 25, OP Labs confirmed the validity of the two issues and the two parties coordinated the time for vulnerability disclosure. OP Labs asked Offchain Labs not to publicly disclose the vulnerabilities until they were resolved. Late yesterday (April 25), the Optimism testnet was updated, and today Offchain Labs disclosed the vulnerabilities for the first time.

These vulnerabilities allow a malicious party to force the OP Stack fraud proof mechanism to accept a fraudulent chain history, or prevent the OP Stack fraud proof mechanism from accepting the correct chain history. These issues stem from flaws in the OP fraud proof design in handling timers. [Original link]