Today we disclosed the first set of vulnerabilities from the Ethereum Foundation’s Bug Bounty programs. These vulnerabilities were previously discovered and reported directly to the Ethereum Foundation or to customer teams via Bug Bounty programs for both Execution layer And Consensus layer.
Through its Bug Bounty programs, which allow the Ethereum Foundation (EF) to coordinate and cross-reference vulnerabilities across clients, EF currently accepts vulnerability reports for Nimbus, Teku, Lighthouse, Prysm, Lodestar, Go Ethereum, Nethermind, Erigon and Besu.
New repository and vulnerability list
The full list of vulnerabilities, along with additional information, can be found in a git repository here.
The new disclosure repository lists all known vulnerabilities that were patched before the latest hardforks on the execution layer and consensus layer.
We would like to give a huge shout to everyone involved in discovering and reporting vulnerabilities, as well as the teams responsible for fixing them. Although we have attempted to include journalists’ names or pseudonyms, many developers and researchers within the client teams and the Ethereum Foundation have found and fixed vulnerabilities outside of the bounty program. There are also many unsung heroes such as client team developers, community members, and many others who have spent countless hours sorting, cross-checking, and mitigating vulnerabilities before they can be exploited.
For more information and to learn about disclosure policies, deadlines and cataloging, visit the new disclosure repository.
Your immense efforts have been instrumental in keeping Ethereum secure. THANKS!