Optimism has fixed two critical vulnerabilities in its testnet at least weeks after learning about the issues. Offchain Labs, which first discovered the vulnerabilities, said on Friday that Optimism updated its testnet on April 25. The fixed security holes would have allowed malicious actors to manipulate the chain's history and perform other "subtle attacks," the software company said.
On March 22, Offchain Labs reported two issues with its testnet to Optimism: a malicious actor could force the OP Stack fraud proof mechanism to accept a fraudulent chain history, and an exploit could prevent it from accepting a correct chain history.
"These are difficult problems to solve," Offchain Labs, a competitor to Optimism, said in a statement. It added that the design of the fraud proof protocol and its timing aspects is "notoriously difficult." Optimism has since modified its timing handling code to fix the vulnerabilities, according to Offchain Labs.