In the present day we now have uncovered the second set of vulnerabilities from the Ethereum Basis Bug Bounty Program! 🥳 These vulnerabilities have been beforehand found and reported on to the Ethereum Basis.
When bugs are reported and confirmed, the Ethereum Basis coordinates disclosures to affected groups and helps cross-check vulnerabilities on all purchasers. The Bug Bounty Program is presently accepting reviews for the next consumer software program:
- Erigon
- Go to Ethereum
- The guiding star
- A bum
- Lighthouse
- Prism
- They move
- Anger
- Nimbus
Along with the consumer software program, the Bug Bounty Program additionally covers the escrow contract, execution layer and consensus layer specs, and robustness. 🙏
Repository and listing of vulnerabilities
For the reason that final vulnerability disclosure, there have been fairly just a few occasions like Merge 🐼 and rising the utmost reward to $250,000. 💰
The very best paid prize in that interval was $50,000. That is assigned scio to report a problem the place beacon nodes crashed by way of malicious BlocksByRange messages that comprise too giant depend worth. You’ll be able to learn extra about this particular vulnerability right here. 💥
One other important set of vulnerabilities pertains to fork-choice assaults. EF researchers and consumer groups investigated and patched assaults that might trigger lengthy reorg. 👀
Guido Vranken holds the highest spot for probably the most constructive reviews on this interval. On the similar time, Guido managed to gather probably the most factors for the Bug Bounty Leaderboard! 🏆
We even have two bounty hunters who’ve determined to donate their prizes to charity: nerve and PwningEth! 🔥
The total listing of recent vulnerabilities, together with all the main points, will be discovered at publication repository.
All vulnerabilities added to the invention catalog have been patched earlier than the newest execution layer and consensus layer hardforks.
For extra info and to study extra about disclosure insurance policies, timelines, and cataloging, go to publication repository.
Thanks 🙏
We want to give a giant shout out to everybody concerned in discovering and reporting the vulnerabilities, in addition to the groups chargeable for fixing them. Whereas we now have tried to incorporate the names or pseudonyms of all reporters, there are numerous builders and researchers inside consumer groups and the Ethereum Basis who’ve discovered and patched vulnerabilities exterior of the bounty program. There are additionally many unsung heroes comparable to consumer workforce builders, neighborhood members, and lots of others who spent numerous hours triaging, cross-checking, and mitigating vulnerabilities earlier than they could possibly be exploited.
Your super efforts have been essential in making certain the safety of Ethereum. Thanks!
