Immediately, we now have disclosed the second set of vulnerabilities from the Ethereum Basis Bug Bounty Program! 🥳 These vulnerabilities had been beforehand found and reported on to the Ethereum Basis.
When bugs are reported and validated, the Ethereum Basis coordinates disclosures to affected groups and helps cross-check vulnerabilities throughout all purchasers. The Bug Bounty Program at the moment accepts stories for the next consumer software program:
- Erigon
- Go Ethereum
- Lodestar
- Nethermind
- Lighthouse
- Prysm
- Teku
- Besu
- Nimbus
Along with consumer software program, the Bug Bounty Program additionally covers the Deposit Contract, Execution Layer & Consensus Layer Specs and Solidity. 🙏
Repository & vulnerability checklist
For the reason that final vulnerability disclosure has been fairly eventful with occasions such because the Merge 🐼 and the max bounty reward enhance to $250,000. 💰
The best paid reward throughout this era was $50,000. This was awarded to scio for reporting a difficulty by which Lighthouse beacon nodes crashed through malicious BlocksByRange messages containing a very massive rely worth. You possibly can learn extra about this particular vulnerability here. 💥
One other notable set of vulnerabilites has been round fork selection assaults. EF researchers and consumer groups investigated and patched attacks that were able to cause long reorgs. 👀
Guido Vranken holds the highest spot most optimistic stories on this interval. On the identical time, Guido managed to gather essentially the most factors for the Bug Bounty Leaderboard! 🏆
We even have two bounty hunters who determined to donate their rewards to charities: nrv and PwningEth! 🔥
The complete checklist of latest vulnerabilities, together with full particulars, may be discovered within the disclosures repository.
All vulnerabilities added to the disclosures catalogue had been patched previous to the most recent hardforks on the Execution Layer and Consensus Layer.
For extra info, and to study extra about disclosure insurance policies, timelines, and cataloging, head over to the disclosures repository.
Thanks 🙏
We wish to give an enormous shout out to everybody concerned within the discovery and reporting of vulnerabilities, in addition to to the groups chargeable for fixing them. Whereas we now have tried to incorporate the names or aliases of all reporters, there are various builders and researchers throughout the consumer groups and within the Ethereum Basis who discovered and corrected vulnerabilities outdoors of the bounty program. There are additionally many unsung heroes reminiscent of consumer workforce builders, group members, and lots of extra who’ve spent numerous hours triaging, cross-checking, and mitigating vulnerabilities earlier than they might be exploited.
Your immense efforts have been instrumental to making sure Ethereum’s safety. Thanks!
Source link