Immediately, now we have disclosed the second set of vulnerabilities from the Ethereum Basis Bug Bounty Program! 🥳 These vulnerabilities had been beforehand found and reported on to the Ethereum Basis.
When bugs are reported and validated, the Ethereum Basis coordinates disclosures to affected groups and helps cross-check vulnerabilities throughout all shoppers. The Bug Bounty Program at present accepts reviews for the next shopper software program:
- Erigon
- Go Ethereum
- Lodestar
- Nethermind
- Lighthouse
- Prysm
- Teku
- Besu
- Nimbus
Along with shopper software program, the Bug Bounty Program additionally covers the Deposit Contract, Execution Layer & Consensus Layer Specs and Solidity. 🙏
Repository & vulnerability checklist
Because the final vulnerability disclosure has been fairly eventful with occasions such because the Merge 🐼 and the max bounty reward improve to $250,000. 💰
The best paid reward throughout this era was $50,000. This was awarded to scio for reporting a problem through which Lighthouse beacon nodes crashed by way of malicious BlocksByRange messages containing an excessively massive rely worth. You’ll be able to learn extra about this particular vulnerability right here. 💥
One other notable set of vulnerabilites has been round fork selection assaults. EF researchers and shopper groups investigated and patched assaults that had been in a position to trigger lengthy reorgs. 👀
Guido Vranken holds the highest spot most constructive reviews on this interval. On the similar time, Guido managed to gather probably the most factors for the Bug Bounty Leaderboard! 🏆
We even have two bounty hunters who determined to donate their rewards to charities: nrv and PwningEth! 🔥
The total checklist of latest vulnerabilities, together with full particulars, might be discovered within the disclosures repository.
All vulnerabilities added to the disclosures catalogue had been patched previous to the newest hardforks on the Execution Layer and Consensus Layer.
For extra info, and to be taught extra about disclosure insurance policies, timelines, and cataloging, head over to the disclosures repository.
Thanks 🙏
We want to give a large shout out to everybody concerned within the discovery and reporting of vulnerabilities, in addition to to the groups accountable for fixing them. Whereas now we have tried to incorporate the names or aliases of all reporters, there are lots of builders and researchers inside the shopper groups and within the Ethereum Basis who discovered and corrected vulnerabilities exterior of the bounty program. There are additionally many unsung heroes equivalent to shopper crew builders, group members, and lots of extra who’ve spent numerous hours triaging, cross-checking, and mitigating vulnerabilities earlier than they could possibly be exploited.
Your immense efforts have been instrumental to making sure Ethereum’s safety. Thanks!
/cdn.vox-cdn.com/uploads/chorus_asset/file/23641763/acastro_220614_5290_0001.jpg "18 states want the SEC to stop enforcing crypto regulation")
