Ethereum

Secured #5: Public Vulnerability Disclosures Update

By cryptovortex

on

|

65

views

and

0

comments



Today, we have disclosed the second set of vulnerabilities from the Ethereum Foundation Bug Bounty Program! 🥳 These vulnerabilities were previously discovered and reported directly to the Ethereum Foundation.

When bugs are reported and validated, the Ethereum Foundation coordinates disclosures to affected teams and helps cross-check vulnerabilities across all clients. The Bug Bounty Program currently accepts reports for the following client software:

  • Erigon
  • Go Ethereum
  • Lodestar
  • Nethermind
  • Lighthouse
  • Prysm
  • Teku
  • Besu
  • Nimbus

In addition to client software, the Bug Bounty Program also covers the Deposit Contract, Execution Layer & Consensus Layer Specifications and Solidity. 🙏

Repository & vulnerability list

Since the last vulnerability disclosure has been quite eventful with events such as the Merge 🐼 and the max bounty reward increase to $250,000. 💰

The highest paid reward during this period was $50,000. This was awarded to scio for reporting an issue in which Lighthouse beacon nodes crashed via malicious BlocksByRange messages containing an overly large count value. You can read more about this specific vulnerability here. 💥

Another notable set of vulnerabilites has been around fork choice attacks. EF researchers and client teams investigated and patched attacks that were able to cause long reorgs. 👀

Guido Vranken holds the top spot most positive reports in this period. At the same time, Guido managed to collect the most points for the Bug Bounty Leaderboard! 🏆

We also have two bounty hunters who decided to donate their rewards to charities: nrv and PwningEth! 🔥

The full list of new vulnerabilities, along with full details, can be found in the disclosures repository.

All vulnerabilities added to the disclosures catalogue were patched prior to the latest hardforks on the Execution Layer and Consensus Layer.

For more information, and to learn more about disclosure policies, timelines, and cataloging, head over to the disclosures repository.

Thank you 🙏

We would like to give a massive shout out to everyone involved in the discovery and reporting of vulnerabilities, as well as to the teams responsible for fixing them. While we have attempted to include the names or aliases of all reporters, there are many developers and researchers within the client teams and in the Ethereum Foundation who found and corrected vulnerabilities outside of the bounty program. There are also many unsung heroes such as client team developers, community members, and many more who have spent countless hours triaging, cross-checking, and mitigating vulnerabilities before they could be exploited.

Your immense efforts have been instrumental to ensuring Ethereum’s security. Thank you!

cryptovortex
Share this
Tags

Must-read

Bitcoin

The Great Bitcoin Crash of 2024

Bitcoin Crash The cryptocurrency world faced the hell of early 2024 when the most popular Bitcoin crashed by over 80% in a matter of weeks,...
Bitcoin

Bitcoin Gambling: A comprehensive guide in 2024

Bitcoin Gambling With online currencies rapidly gaining traditional acceptance, the intriguing convergence of the crypto-trek and gambling industries is taking place. Cryptocurrency gambling, which started...
Bitcoin

The Rise of Bitcoin Extractor: A comprehensive guide 2024

Bitcoin Extractor  Crypto mining is resources-thirsty with investors in mining hardware and those investing in the resources needed as the main beneficiaries. In this sense,...

Recent articles

More like this

About Us

cryptovortexs is your cryptocurrency, bitcoin, business website. We provide you with the latest breaking news and videos straight from the cryptocurrency industry.

Copyright 2023 © cryptovortexs.com. All Rights Reserved