As of late, we now have disclosed the second one set of vulnerabilities from the Ethereum Basis Malicious program Bounty Program! 🥳 Those vulnerabilities have been in the past came upon and reported at once to the Ethereum Basis.
When insects are reported and validated, the Ethereum Basis coordinates disclosures to affected groups and is helping cross-check vulnerabilities throughout all shoppers. The Malicious program Bounty Program recently accepts stories for the next shopper instrument:
- Erigon
- Pass Ethereum
- Lodestar
- Nethermind
- Lighthouse
- Prysm
- Teku
- Besu
- Nimbus
Along with shopper instrument, the Malicious program Bounty Program additionally covers the Deposit Contract, Execution Layer & Consensus Layer Specs and Solidity. 🙏
Repository & vulnerability checklist
Because the remaining vulnerability disclosure has been rather eventful with occasions such because the Merge 🐼 and the max bounty praise building up to $250,000. 💰
The very best paid praise throughout this era used to be $50,000. This used to be awarded to scio for reporting a subject during which Lighthouse beacon nodes crashed by the use of malicious BlocksByRange messages containing a very huge depend worth. You’ll be able to learn extra about this particular vulnerability right here. 💥
Some other notable set of vulnerabilites has been round fork selection assaults. EF researchers and shopper groups investigated and patched assaults that have been in a position to reason lengthy reorgs. 👀
Guido Vranken holds the highest spot maximum sure stories on this length. On the identical time, Guido controlled to gather probably the most issues for the Malicious program Bounty Leaderboard! 🏆
We even have two bounty hunters who determined to donate their rewards to charities: nrv and PwningEth! 🔥
The whole checklist of latest vulnerabilities, at the side of complete main points, will also be discovered within the disclosures repository.
All vulnerabilities added to the disclosures catalogue have been patched previous to the newest hardforks at the Execution Layer and Consensus Layer.
For more info, and to be informed extra about disclosure insurance policies, timelines, and cataloging, head over to the disclosures repository.
Thanks 🙏
We want to give a large shout out to everybody concerned within the discovery and reporting of vulnerabilities, in addition to to the groups chargeable for solving them. Whilst we now have tried to incorporate the names or aliases of all newshounds, there are lots of builders and researchers inside the shopper groups and within the Ethereum Basis who discovered and corrected vulnerabilities outdoor of the bounty program. There also are many unsung heroes similar to shopper group builders, group participants, and plenty of extra who’ve spent numerous hours triaging, cross-checking, and mitigating vulnerabilities earlier than they might be exploited.
Your immense efforts were instrumental to making sure Ethereum’s safety. Thanks!