Today, we revealed the initial collection of vulnerabilities from the Ethereum Foundation’s Bug Bounty Initiatives. These vulnerabilities were earlier identified and communicated directly to the Ethereum Foundation or client teams through the Bug Bounty Initiatives for both the Execution Layer and Consensus Layer.
Through its Bug Bounty Initiatives, which enable the Ethereum Foundation (EF) to organize and verify vulnerabilities across clients, the EF is presently accepting vulnerability submissions for Nimbus, Teku, Lighthouse, Prysm, Lodestar, Go Ethereum, Nethermind, Erigon, and Besu.
Fresh repository & vulnerability inventory
The comprehensive list of vulnerabilities, along with further details, can be accessed in a git repository here.
The new disclosures repository catalogs all known vulnerabilities that were resolved prior to the most recent hardforks on the Execution Layer and Consensus Layer.
We would like to extend a tremendous thank you to everyone who participated in the identification and reporting of vulnerabilities, as well as to the teams accountable for rectifying them. While we have endeavored to include the names or aliases of the reporters, countless developers and researchers within the client teams and in the Ethereum Foundation found and fixed vulnerabilities outside of the bounty initiative. There are also many unsung champions such as client team developers, community participants, and many more who have dedicated countless hours to evaluating, verifying, and mitigating vulnerabilities before they could be misused.
For additional information, and to learn more about disclosure practices, timelines, and inventorying, visit the new disclosures repository.
Your tremendous contributions have been vital to upholding Ethereum’s security. We appreciate you!