Secured #4: Bug Bounty Rewards now as much as $250,000 USD

[ad_1]

The Ethereum Basis Bug Bounty Program is without doubt one of the earliest and longest operating applications of its form. It was launched in 2015 and focused the Ethereum PoW mainnet and associated software program. In 2020, a second Bug Bounty Program for the brand new Proof-of-Stake Consensus Layer was launched, operating alongside the unique Bug Bounty Program.

The break up of those applications is historic as a result of method the Proof-of-Stake Consensus Layer was architected individually and in parallel to the prevailing Execution Layer (contained in the PoW chain). For the reason that launch of the Beacon Chain in December of 2020, the technical structure between the Execution Layer and the Consensus Layer has been distinct, aside from the deposit contract, so the 2 bug bounty applications have remained separated.

In gentle of the approaching Merge, as we speak we’re comfortable to announce that these two applications have been efficiently merged by the superior ethereum.org group, and that the max bounty reward has been considerably elevated!

Merge (of the Bug Bounty Applications) ✨

With The Merge approaching, the 2 beforehand disparate bug bounty applications have been merged into one.

Because the Execution Layer and Consensus Layer turn out to be increasingly more interconnected, it’s more and more worthwhile to mix the safety efforts of those layers. There are already a number of efforts being organized by consumer groups and the group to additional improve data and experience throughout the 2 layers. Unifying the Bounty Program will additional improve visibility and coordination efforts on figuring out and mitigating vulnerabilities.

Elevated Rewards 💰

The max reward of the Bounty Program is now 250,000(paidoutinETHorDAI)forvulnerabilitiesinscope.UpgradesliveonpublictestnetsandtargetedforaMainnetreleasearealsoscope,andrewardsaredoubledduringthistime,whichmeansthatthemaxrewardis250,000 (paid out in ETH or DAI) for vulnerabilities in scope. Upgrades reside on public testnets and focused for a Mainnet launch are additionally scope, and rewards are doubled throughout this time, which signifies that the max reward is

In whole, this marks a 10x improve from the earlier most payout on Consensus Layer bounties and a 20x improve from the earlier max payout on Execution Layer bounties.

Affect Measurement 💥

The Bug Bounty Program is primarily targeted on securing the bottom layer of the Ethereum Community. With this in thoughts, the influence of a vulnerability is in direct correlation to the influence on the community as a complete.

Whereas, for instance, a Denial of Service vulnerability present in a consumer being utilized by <1% of the community would definitely trigger points for the customers of this consumer, it could have a better influence on the Ethereum Community if the identical vulnerability existed in a consumer utilized by >30% of the community.

Visibility 👀

Along with the merge of the bounty applications and improve of the max reward, a number of steps have been taken to make clear the best way to report vulnerabilities.

Github Safety

Repositories akin to ethereum/consensus-specs and ethereum/go-ethereum now include info on the best way to report vulnerabilities in SECURITY.md recordsdata.

safety.txt

safety.txt is applied and comprises details about the best way to report vulnerabilities. The file itself might be discovered right here.

DNS Safety TXT

DNS Safety TXT is applied and comprises details about the best way to report vulnerabilities. This entry might be seen by operating dig _security.ethereum.org TXT.

How are you going to get began? 🔨

With 9 completely different purchasers written in numerous languages, Solidity, the Specs, and the deposit good contract all throughout the scope of the bounty program, there’s a lots for bounty hunters to dig into.

For those who’re on the lookout for some concepts of the place to start out your bug searching journey, check out the beforehand reported vulnerabilities. This was final up to date in March and comprises all of the reported vulnerabilities we have now on file, up till the Altair community improve.

We’re wanting ahead to your studies! 🐛

[ad_2]

Damos valor à sua privacidade

Nós e os nossos parceiros armazenamos ou acedemos a informações dos dispositivos, tais como cookies, e processamos dados pessoais, tais como identificadores exclusivos e informações padrão enviadas pelos dispositivos, para as finalidades descritas abaixo. Poderá clicar para consentir o processamento por nossa parte e pela parte dos nossos parceiros para tais finalidades. Em alternativa, poderá clicar para recusar o consentimento, ou aceder a informações mais pormenorizadas e alterar as suas preferências antes de dar consentimento. As suas preferências serão aplicadas apenas a este website.

Cookies estritamente necessários

Estes cookies são necessários para que o website funcione e não podem ser desligados nos nossos sistemas. Normalmente, eles só são configurados em resposta a ações levadas a cabo por si e que correspondem a uma solicitação de serviços, tais como definir as suas preferências de privacidade, iniciar sessão ou preencher formulários. Pode configurar o seu navegador para bloquear ou alertá-lo(a) sobre esses cookies, mas algumas partes do website não funcionarão. Estes cookies não armazenam qualquer informação pessoal identificável.

Cookies de desempenho

Estes cookies permitem-nos contar visitas e fontes de tráfego, para que possamos medir e melhorar o desempenho do nosso website. Eles ajudam-nos a saber quais são as páginas mais e menos populares e a ver como os visitantes se movimentam pelo website. Todas as informações recolhidas por estes cookies são agregadas e, por conseguinte, anónimas. Se não permitir estes cookies, não saberemos quando visitou o nosso site.

Cookies de funcionalidade

Estes cookies permitem que o site forneça uma funcionalidade e personalização melhoradas. Podem ser estabelecidos por nós ou por fornecedores externos cujos serviços adicionámos às nossas páginas. Se não permitir estes cookies algumas destas funcionalidades, ou mesmo todas, podem não atuar corretamente.

Cookies de publicidade

Estes cookies podem ser estabelecidos através do nosso site pelos nossos parceiros de publicidade. Podem ser usados por essas empresas para construir um perfil sobre os seus interesses e mostrar-lhe anúncios relevantes em outros websites. Eles não armazenam diretamente informações pessoais, mas são baseados na identificação exclusiva do seu navegador e dispositivo de internet. Se não permitir estes cookies, terá menos publicidade direcionada.

Visite as nossas páginas de Políticas de privacidade e Termos e condições.