Hi all. A protocol bug was patched by the security committee, which was reported through the Livepeer Immunefi Bug Bounty program. This fix addresses a potential opportunity in which a bad actor could claim more ETH fees than intended via a series of successive steps through multiple rounds. Due to the patch no user funds are at risk, nor was this scenario intentionally exploited on the network in the past to our knowledge. A bounty of the critical level will be paid to the reporter, and we thank the reporter for their responsible disclosure.
The patch introduces a small functionality change to the protocol, and the security committee took this step in line with its mandate to take defensive action in the case when user funds are at risk. Previously, orchestrators could redeem winning tickets from a recent round even if they were no longer active. Now, only active O’s can redeem winning tickets. This introduces a potential edge case where a winning ticket is received at the very end of a round, the O is immediately deactivated, and then can’t redeem its ticket. This is rare, can be managed around, and deemed worth the risk temporarily in order to protect user funds from the potential exploit.
The security committee will continue to monitor the protocol in the coming days post fix, and analyze the protocol for any similar potential exploits, however at the time it is believed that no further action is necessary.
Thank you once again to the reporter on behalf of the whole community!