Today, we disclosed the primary set of vulnerabilities from the Ethereum Foundation’s Bug Bounty Programs. These vulnerabilities had been beforehand found and reported on to the Ethereum Foundation or shopper groups through the Bug Bounty Programs for each the Execution Layer and Consensus Layer.
Through its Bug Bounty Programs, which permit the Ethereum Foundation (EF) to coordinate and cross-check vulnerabilities throughout purchasers, the EF at the moment accepts vulnerability stories for Nimbus, Teku, Lighthouse, Prysm, Lodestar, Go Ethereum, Nethermind, Erigon and Besu.
New repository & vulnerability listing
The full listing of vulnerabilities, together with further data, may be discovered in a git repository right here.
The new disclosures repository catalogues all identified vulnerabilities that had been patched previous to the most recent hardforks on the Execution Layer and Consensus Layer.
We wish to give an enormous shout out to everybody concerned within the discovery and reporting of vulnerabilities, in addition to to the groups accountable for fixing them. While we’ve tried to incorporate the names or aliases of the reporters, there are various builders and researchers throughout the shopper groups and within the Ethereum Foundation who discovered and corrected vulnerabilities exterior of the bounty program. There are additionally many unsung heroes corresponding to shopper crew builders, neighborhood members, and plenty of extra who’ve spent numerous hours triaging, cross-checking, and mitigating vulnerabilities earlier than they might be exploited.
For extra data, and to study extra about disclosure insurance policies, timelines, and cataloging, head over to the brand new disclosures repository.
Your immense efforts have been instrumental to making sure Ethereum’s safety. Thank you!