Safe #4: Bug Bounty Rewards Now Up To $250,000 USD

The Ethereum Basis Bug Bounty Program is among the earliest and longest operating applications of its form. It was launched in 2015 and targets the Ethereum PoW mainnet and related software program. In 2020, a second bug bounty program was launched for the brand new Proof-of-Stake consensus layer, operating alongside the unique bug bounty program.

The break up of those applications is historic as a result of approach the proof-of-stake consensus layer was designed individually and in parallel to the present execution layer (inside the PoW chain). Because the launch of the Beacon Chain in December 2020, apart from the deposit contract, the technical structure between the execution layer and the consensus layer has remained separate, so the 2 bug bounty applications stay separate.

In mild of the upcoming merger, as we speak we’re happy to announce that each of those occasions have been efficiently accomplished. Merged By the fantastic ethereum.org workforce, and the utmost bounty reward has been elevated considerably!

Merge (of the bug bounty program) ✨

Collectively merger is comingThe 2 beforehand separate bug bounty applications have been merged. One,

In type of execution layer And consensus layer With higher interconnectivity, it turns into extra helpful to mix the safety efforts of those layers. There are already many efforts being made by buyer groups and the neighborhood to additional improve data and experience at each ranges. Integrating the bounty program will additional improve visibility and coordinate efforts on figuring out and mitigating vulnerabilities.

Enhanced Rewards 💰

The utmost reward for the bounty program is now $250,000 (paid in ETH or DAI) for vulnerabilities in Realm. There’s additionally scope for a stay improve on the general public testnet and focused for a mainnet launch, throughout which the rewards are doubled, which means the utmost reward is$

General, it is a mark 10 fold improve from the earlier most payout on Consensus Layer bounties and a 20 fold improve From the earlier most payout on Execution Layer Bounties.

Affect Measurement 💥

The bug bounty program primarily focuses on securing the bottom layer of the Ethereum community. With this in thoughts, the influence of a vulnerability is straight associated to the influence it has on your complete community.

Nonetheless, for instance, <1% नेटवर्क द्वारा उपयोग किए जा रहे क्लाइंट में सेवा से इनकार की भेद्यता निश्चित रूप से इस क्लाइंट के उपयोगकर्ताओं के लिए समस्याएं पैदा करेगी, अगर वही भेद्यता मौजूद हो तो इसका एथेरियम नेटवर्क पर अधिक प्रभाव पड़ेगा। >Shopper utilized by 30% of the community.

Visibility 👀

Along with merging the bounty applications and rising the utmost bounty, a number of steps have been taken to make clear how vulnerabilities are reported.

github safety

repositories like ethereum/consensus-features And ethereum/go-ethereum Now consists of info on report vulnerabilities safety.md recordsdata.

safety.txt

safety.txt has been applied and consists of info on report vulnerabilities. file itself might be discovered right here,

dns safety txt

dns safety txt has been applied and consists of info on report vulnerabilities. This entry might be seen by operating dig _security.ethereum.org TXT,

How are you going to get began?

With 9 completely different purchasers written in numerous languages, solidity, specs, and deposit good contracts inside the scope of the bounty program, bounty hunters have rather a lot to supply.

Should you’re on the lookout for some concepts on the place to start out your bug searching journey, check out beforehand talked about weaknesses, It was final up to date in March and comprises all of the vulnerabilities reported in our information till the Altair Community improve.

We’re ready to your report!