Insured #5: Updated public vulnerability disclosures cryptoforbs

We have today

a statement The second set of vulnerabilities in the Ethereum Foundation’s Bug Bounty program! These vulnerabilities were previously discovered and reported directly to the Ethereum Foundation.

When bugs are reported and validated, the Ethereum Foundation coordinates disclosures to affected teams and helps verify vulnerabilities across all clients. Bug Bounty is currently accepting reports for the following client programs:

• Eragon
• Go to Ethereum
• lodestar
• It doesn’t matter
• Lighthouse
• Prism
• Tico
• Biso
• Nimbus

In addition to the client software, Bug Bounty also covers the deposit contract, execution layer, consensus layer specifications, and hardness.

Repository and vulnerability list

Since the recent disclosure of the vulnerability, it has been eventful with events such as the merge and the maximum reward being increased to $250,000.

The highest bonus paid during this period was $50,000. This was granted to scio To report an issue where Lighthouse signaling nodes were downed via malware

BlocksByRange Messages that are too large number value. You can read more about this specific vulnerability here.

Another notable set of vulnerabilities relates to fork selection attacks. EF researchers and customer teams investigated and corrected Attacks that were capable of causing long reorganizations.

Guido Franken It ranks first in the most positive reports in this period. Meanwhile, Guido managed to collect the most points on the Bug Bounty leaderboard!

We also have two bounty hunters who have decided to donate their bounties to charity: nrv And PwningEth!

The full list of new vulnerabilities, along with full details, can be found at Disclosures repository.

All vulnerabilities that were added to the disclosure catalog prior to the most recent hard forks in the implementation layer and consensus layer have been patched.

For more information, and to learn more about disclosure policies, timelines, and indexing, head to Disclosures repository.

Thanks

We would like to give a big shout out to everyone involved in discovering and reporting the vulnerabilities, as well as to the teams responsible for fixing them. While we have tried to include the names or pseudonyms of all reporters, there are many developers and researchers within customer teams and within the Ethereum Foundation who have discovered and patched vulnerabilities outside of the bounty program. There are also many unsung heroes such as customer team developers, community members, and others who have spent countless hours triaging, verifying, and mitigating vulnerabilities before they can be exploited.

Your tremendous efforts have been instrumental in ensuring the security of Ethereum. Thank you!