Secured #4: Bug Bounty Rewards now up to $250,000 USD

The Ethereum Basis Bug Bounty Program is among the earliest and longest working packages of its form. It was launched in 2015 and focused the Ethereum PoW mainnet and associated software program. In 2020, a second Bug Bounty Program for the brand new Proof-of-Stake Consensus Layer was launched, working alongside the unique Bug Bounty Program.

The cut up of those packages is historic because of the manner the Proof-of-Stake Consensus Layer was architected individually and in parallel to the prevailing Execution Layer (contained in the PoW chain). For the reason that launch of the Beacon Chain in December of 2020, the technical structure between the Execution Layer and the Consensus Layer has been distinct, apart from the deposit contract, so the 2 bug bounty packages have remained separated.

In gentle of the approaching Merge, at this time we’re glad to announce that these two packages have been efficiently merged by the superior ethereum.org workforce, and that the max bounty reward has been considerably elevated!

Merge (of the Bug Bounty Applications) ✨

With The Merge approaching, the 2 beforehand disparate bug bounty packages have been merged into one.

Because the Execution Layer and Consensus Layer turn out to be increasingly interconnected, it’s more and more precious to mix the safety efforts of those layers. There are already a number of efforts being organized by consumer groups and the group to additional improve information and experience throughout the 2 layers. Unifying the Bounty Program will additional improve visibility and coordination efforts on figuring out and mitigating vulnerabilities.

Elevated Rewards 💰

The max reward of the Bounty Program is now $250,000 (paid out in ETH or DAI) for vulnerabilities in scope. Upgrades stay on public testnets and focused for a Mainnet launch are additionally scope, and rewards are doubled throughout this time, which signifies that the max reward is$

In complete, this marks a 10x improve from the earlier most payout on Consensus Layer bounties and a 20x improve from the earlier max payout on Execution Layer bounties.

Affect Measurement 💥

The Bug Bounty Program is primarily targeted on securing the bottom layer of the Ethereum Community. With this in thoughts, the influence of a vulnerability is in direct correlation to the influence on the community as a complete.

Whereas, for instance, a Denial of Service vulnerability present in a consumer being utilized by 30% of the community.

Visibility 👀

Along with the merge of the bounty packages and improve of the max reward, a number of steps have been taken to make clear easy methods to report vulnerabilities.

Github Safety

Repositories reminiscent of ethereum/consensus-specs and ethereum/go-ethereum now comprise info on easy methods to report vulnerabilities in SECURITY.md recordsdata.

safety.txt

security.txt is carried out and accommodates details about easy methods to report vulnerabilities. The file itself can be found here.

DNS Safety TXT

DNS Security TXT is carried out and accommodates details about easy methods to report vulnerabilities. This entry could be considered by working dig _security.ethereum.org TXT.

How will you get began? 🔨

With 9 completely different shoppers written in numerous languages, Solidity, the Specs, and the deposit good contract all throughout the scope of the bounty program, there’s a lots for bounty hunters to dig into.

If you happen to’re in search of some concepts of the place to begin your bug searching journey, check out the previously reported vulnerabilities. This was final up to date in March and accommodates all of the reported vulnerabilities now we have on file, up till the Altair community improve.

We’re wanting ahead to your studies! 🐛