right now we disclosed Second set of vulnerabilities from the Ethereum Basis Bug Bounty Program! ๐ฅณ These vulnerabilities have been beforehand found and reported on to the Ethereum Basis.
As soon as a bug is reported and verified, the Ethereum Basis will coordinate disclosures to affected groups and assist cross-check all purchasers for vulnerabilities. The bug bounty program presently accepts experiences for the next consumer software program:
- Erigon
- go to ethereum
- roadster
- nethermind
- lighthouse
- prism
- Ocean
- vest
- cloud
Along with consumer software program, the bug bounty program additionally covers deposit contracts, execution and consensus layer specs, and Solidity. ๐
Repository and Vulnerability Checklist
Since our final vulnerability disclosure, there have been some very eventful occasions, together with occasions like merges ๐ผ and the utmost bounty being elevated to $250,000. ๐ฐ
The very best reward for this era was $50,000.This was awarded to Shio For reporting a difficulty the place a Lighthouse beacon node crashed in a malicious manner Blocks By Vary Too huge rely value.You’ll be able to learn extra about this explicit vulnerability at right here.๐ฅ
One other notable vulnerability considerations the fork choice assault. Researched and patched by EF researchers and consumer groups Assaults that might trigger lengthy reorganizations.
Guido Franken It holds the highest of most constructive experiences for this era. On the similar time, Guido was capable of rating essentially the most factors on his Bug Bounty Leaderboard!๐
There are additionally two bounty hunters who’ve determined to donate their winnings to charity. no and Pwning Eth!๐ฅ
For an entire record and particulars of latest vulnerabilities, go to Disclosure repository.
All vulnerabilities added to the disclosure catalog have been patched previous to the newest onerous fork of the execution and consensus layers.
For extra data, in addition to disclosure insurance policies, timelines and stock, please go to: Disclosure repository.
Thanks ๐
A giant thanks to everybody concerned find and reporting vulnerabilities, and to the groups answerable for fixing them. Now we have tried to incorporate the names or aliases of all reporters, however there are numerous builders and researchers inside our consumer workforce and throughout the Ethereum Basis who’ve discovered and stuck vulnerabilities outdoors of our bounty applications. There are additionally many unsung heroes who’ve spent numerous hours triaging, cross-checking, and mitigating vulnerabilities earlier than they have been exploited, together with builders on consumer groups and neighborhood members.
Your immense efforts have helped make sure the safety of Ethereum. thanks!