The Ethereum Basis Bug Bounty Program is without doubt one of the earliest and longest working applications of its type. It was launched in 2015 and focused the Ethereum PoW mainnet and associated software program. In 2020, a second Bug Bounty program was launched for the brand new Proof-of-Stake consensus layer, working alongside the unique Bug Bounty program.
The separation of those applications is historic because of the manner the Proof-of-Stake Consensus Layer was designed individually and in parallel with the prevailing Execution Layer (inside the PoW chain). For the reason that launch of the Beacon Chain in December 2020, the technical structure between the execution layer and the consensus layer has been completely different, aside from the escrow contract, so the 2 bug allocation applications have remained separate.
In gentle of the upcoming merger, we’re happy to announce as we speak that these two applications have been profitable linked by the superior workforce at ethereum.org, and that the utmost reward for the reward has been considerably elevated!
Merging (Bug Bounty Program) ✨
WITH The merger is approachingtwo beforehand completely different error task applications had been merged into one.
As Govt layer and Consensus layer develop into more and more interconnected, it’s more and more priceless to mix the safety efforts of those layers. Shopper groups and the neighborhood are already enterprise quite a few efforts to additional enhance information and experience throughout the 2 layers. Consolidating the Bounty program will additional enhance visibility and coordination of efforts to establish and mitigate vulnerabilities.
Elevated rewards 💰
Bounty program most reward is now 500,000 in these intervals!
In whole, this means a 10x magnification from the earlier most payout on Consensus Layer awards ia 20x magnification from the earlier most payout on execution layer rewards.
Measuring affect 💥
The Bug Bounty Program is primarily targeted on securing the bottom layer of the Ethereum community. With this in thoughts, the affect of a vulnerability is instantly correlated to the affect on the community as a complete.
Whereas, for instance, a denial of service vulnerability can be discovered within the consumer it makes use of <1% mreže sigurno uzrokovala probleme korisnicima ovog klijenta, imala bi veći utjecaj na Ethereum mrežu da ista ranjivost postoji u klijent koji koristi >30% of the community.
Visibility 👀
Together with merging the bounty program and rising the utmost reward, extra steps have been taken to make clear find out how to report vulnerabilities.
Github Safety
Repositories akin to ethereum/consensus-spec and ethereum/go-ethereum now include data on find out how to report vulnerabilities within the SIGURNOST.md information.
safety.txt
safety.txt has been applied and comprises data on find out how to report vulnerabilities. The file itself could be discovered right here.
DNS Safety TXT
DNS Safety TXT has been applied and comprises data on find out how to report vulnerabilities. You possibly can see this entry by working it dig _security.ethereum.org TXT.
How are you going to get began? 🔨
With 9 completely different purchasers written in numerous languages, Solidity, Specs and a sensible deposit contract all inside the scope of the bounty program, there’s lots for bounty hunters to get pleasure from.
Should you’re on the lookout for some concepts on the place to begin your bug searching journey, have a look beforehand reported vulnerabilities. This was final up to date in March and comprises all of the reported vulnerabilities we’ve, till the Altair community improve.
We look ahead to your reviews! 🐛