Today we have disclosed This is the second batch of vulnerabilities that the Ethereum Foundation Bug Bounty Program has identified! 🥳 These vulnerabilities have been previously reported to the Ethereum Foundation.
The Ethereum Foundation helps to cross-check vulnerabilities in all clients when bugs are reported. The Bug Bounty Program accepts reports of the following client software currently:
- Erigon
- Go Ethereum
- Lodestar
- Nethermind
- Lighthouse
- Prysm
- Teku
- Besu
- Nimbus
In addition to client software, the Bug Bounty Program also covers the Deposit Contract, Execution Layer & Consensus Layer Specifications and Solidity. 🙏
Repository & vulnerability list
Since the last vulnerability disclosure has been quite eventful with events such as the Merge 🐼 and the max bounty reward increase to $250,000. 💰
The largest reward paid during this time was $50,000. The highest paid reward during this period was $50,000. scio For reporting a issue where Lighthouse beacons crashed due to malicious software BlocksByRange Messages containing an excessively large font Countdown value. This vulnerability is described in detail on the website. here. 💥
Fork-choice attacks are another notable vulnerability. EF researchers and clients teams investigated and fixed the vulnerabilities. attacks that were able to cause long reorgs. 👀
Guido Vranken The top most positive report in this time period is held by a company called microsoft. Guido also managed to earn the most points on the Bug Bounty Leaderboard! 🏆
Two bounty hunters have also donated their rewards to charity: nrv The following are some examples of how to get started: PwningEth! 🔥
Find the complete list of new vulnerabilities along with all details in this document. disclosures repository.
Before the last hardforks, the latest patches for the Consensus Layer and Execution Layer were released, all vulnerabilities that had been added to the Disclosures Catalogue had already been patched.
Visit the website to find out more about disclosure policies and timelines as well as cataloging. disclosures repository.
Thank you🙏
We would like a shout-out to all those who were involved in finding and reporting the vulnerabilities, as we well as the teams responsible for fixing the issues. Although we tried to include names or aliases, there were many developers and researchers in the Ethereum foundation and the client teams who discovered and corrected vulnerabilities without being part of the bounty programs. The Ethereum Foundation, client team developers and community members are among the unsung heroes who spent countless hours triaging and cross-checking vulnerabilities.
Your tireless efforts have played a vital role in ensuring Ethereum’s security. Please accept my sincere thanks
“This article is not financial advice.”
“Always do your own research before making any type of investment.”
Source: blog.ethereum.org