at present, we now have publicity One other set of vulnerabilities within the Ethereum Basis bug bounty program! 🥳 These vulnerabilities had been found earlier and reported on to the Ethereum Basis.
When bugs are reported and verified, the Ethereum Basis coordinates disclosures for affected groups and helps examine vulnerabilities throughout all prospects. The Bug Bounty Program at present accepts experiences for the next shopper software program:
- Arizona
- go ethereum
- Lodestar
- nethermind
- lighthouse
- prism
- Sea
- Besut
- Cloud
Along with the shopper software program, the bug bounty program additionally consists of the deposit contract, execution layer and consensus layer specs, and Solidity.
Repository and Vulnerability Record
For the reason that final vulnerability disclosure has been fairly eventful with occasions like Merge 🐼 rising the utmost bounty reward to $250,000.
The best paid bounty throughout this era was $50,000. this award was given scientists To report a problem during which Lighthouse Beacon nodes crashed maliciously blocksbyrange extraordinarily giant messages depend value. You possibly can learn extra about this particular vulnerability Right here,
One other notable group of vulnerabilities has been round fork selection assaults. EF researchers and buyer groups examine and compromise Assaults that had been in a position to repel for a very long time,
guido franken It has topped the listing of most optimistic experiences throughout this era. On the identical time, Guido managed to gather probably the most factors for the Bug Bounty leaderboard!
We even have two bounty hunters who’ve determined to donate their prizes to charity: No And PwningEth,
The complete listing of latest vulnerabilities, with full particulars, will be discovered right here disclosure repository,
All vulnerabilities added to the Disclosure Catalog had been fastened previous to the newest hardfork on the execution layer and consensus layer.
For extra data, and to be taught extra about disclosure insurance policies, deadlines and cataloguing, go to disclosure repository,
Thanks 🙏
We want to specific our appreciation to everybody concerned in discovering and reporting vulnerabilities, in addition to the groups chargeable for fixing them. Whereas we now have tried to incorporate the names or surnames of all journalists, there are lots of builders and researchers inside buyer groups and the Ethereum Basis who discovered and glued vulnerabilities exterior of the bounty program. There are additionally many unsung heroes corresponding to shopper workforce builders, neighborhood members and plenty of others who’ve spent numerous hours investigating, cross-checking and mitigating vulnerabilities earlier than they’re exploited.
Your immense efforts have been instrumental in guaranteeing the safety of Ethereum. Thanks!