{"id":5837,"date":"2024-12-08T05:47:16","date_gmt":"2024-12-08T04:47:16","guid":{"rendered":"https:\/\/wsj-crypto.com\/?p=5837"},"modified":"2024-12-08T05:47:16","modified_gmt":"2024-12-08T04:47:16","slug":"public-vulnerability-disclosures-a-fresh-update-on-secured-5","status":"publish","type":"post","link":"https:\/\/wsj-crypto.com\/index.php\/2024\/12\/08\/public-vulnerability-disclosures-a-fresh-update-on-secured-5\/","title":{"rendered":"Public Vulnerability Disclosures: A Fresh Update on Secured #5"},"content":{"rendered":"\n<div id=\"\">\n<p class=\"chakra-text css-gi02ar\">Today, we have <!-- --><a target=\"_blank\" rel=\"noopener\" class=\"chakra-link css-ug8vf0\" href=\"https:\/\/github.com\/ethereum\/public-disclosures\/\">revealed<!-- --><\/a> the second batch of vulnerabilities from the Ethereum Foundation Bug Bounty Program! \ud83e\udd73 These vulnerabilities were previously identified and directly reported to the Ethereum Foundation.<!-- --><\/p>\n<p><!-- --><\/p>\n<p class=\"chakra-text css-gi02ar\">When bugs are submitted and confirmed, the Ethereum Foundation facilitates disclosures to impacted teams and assists in validating vulnerabilities across all clients. The Bug Bounty Program currently receives reports for the following client applications:<!-- --><\/p>\n<p><!-- --><\/p>\n<ul role=\"list\" class=\"css-1onhfjo\">\n<li class=\"css-cvpopp\">Erigon<!-- --><\/li>\n<li class=\"css-cvpopp\">Go Ethereum<!-- --><\/li>\n<li class=\"css-cvpopp\">Lodestar<!-- --><\/li>\n<li class=\"css-cvpopp\">Nethermind<!-- --><\/li>\n<li class=\"css-cvpopp\">Lighthouse<!-- --><\/li>\n<li class=\"css-cvpopp\">Prysm<!-- --><\/li>\n<li class=\"css-cvpopp\">Teku<!-- --><\/li>\n<li class=\"css-cvpopp\">Besu<!-- --><\/li>\n<li class=\"css-cvpopp\">Nimbus<!-- --><\/li>\n<\/ul>\n<p><!-- --><\/p>\n<p class=\"chakra-text css-gi02ar\">Alongside client software, the Bug Bounty Program also encompasses the Deposit Contract, Execution Layer &amp; Consensus Layer Specifications, and Solidity. \ud83d\ude4f<!-- --><\/p>\n<p><!-- --><\/p>\n<h2 class=\"chakra-heading css-1w54o5f\" id=\"repository--vulnerability-list\">Repository &amp; vulnerability list<!-- --><\/h2>\n<p><!-- --><\/p>\n<p class=\"chakra-text css-gi02ar\">Since the last vulnerability announcement has been quite eventful with occasions such as the Merge \ud83d\udc3c and the maximum bounty reward raised to $250,000. \ud83d\udcb0<!-- --><\/p>\n<p><!-- --><\/p>\n<p class=\"chakra-text css-gi02ar\">The largest paid reward during this timeframe was $50,000. This was conferred to <!-- --><strong>scio<!-- --><\/strong> for reporting an issue that resulted in Lighthouse beacon nodes crashing due to malicious <!-- --><span class=\"chakra-text css-ons8vw\">BlocksByRange<\/span> messages containing a excessively large <!-- --><span class=\"chakra-text css-ons8vw\">count<\/span> value. More information about this specific vulnerability can be found <!-- --><a target=\"_blank\" rel=\"noopener\" class=\"chakra-link css-ug8vf0\" href=\"https:\/\/notes.ethereum.org\/mw-M7HxuRM-09nSPVqp52A\">here<!-- --><\/a>. \ud83d\udca5<!-- --><\/p>\n<p><!-- --><\/p>\n<p class=\"chakra-text css-gi02ar\">Another significant range of vulnerabilities has emerged regarding fork choice attacks. EF researchers and client teams investigated and resolved <!-- --><a target=\"_blank\" rel=\"noopener\" class=\"chakra-link css-ug8vf0\" href=\"https:\/\/notes.ethereum.org\/@djrtwo\/2023-fork-choice-reorg-disclosure\">attacks that could induce lengthy reorgs<!-- --><\/a>. \ud83d\udc40<!-- --><\/p>\n<p><!-- --><\/p>\n<p class=\"chakra-text css-gi02ar\"><strong>Guido Vranken<!-- --><\/strong> maintains the top ranking for the most positive reports in this timeframe. Concurrently, Guido succeeded in accumulating the most points for the Bug Bounty Leaderboard! \ud83c\udfc6<!-- --><\/p>\n<p><!-- --><\/p>\n<p class=\"chakra-text css-gi02ar\">We also have two bounty hunters who opted to donate their rewards to charitable organizations: <!-- --><strong>nrv<!-- --><\/strong> and <!-- --><strong>PwningEth<!-- --><\/strong>! \ud83d\udd25<!-- --><\/p>\n<p><!-- --><\/p>\n<p class=\"chakra-text css-gi02ar\">The complete list of new vulnerabilities, with full details, can be accessed in the <!-- --><a target=\"_blank\" rel=\"noopener\" class=\"chakra-link css-ug8vf0\" href=\"https:\/\/github.com\/ethereum\/public-disclosures\/\">disclosures repository<!-- --><\/a>.<!-- --><\/p>\n<p><!-- --><\/p>\n<p class=\"chakra-text css-gi02ar\">All vulnerabilities included in the disclosures catalogue have been resolved before the recent hardforks on the Execution Layer and Consensus Layer.<!-- --><\/p>\n<p><!-- --><\/p>\n<p class=\"chakra-text css-gi02ar\">For additional information, and to learn more about disclosure policies, timelines, and cataloging, please visit the <!-- --><a target=\"_blank\" rel=\"noopener\" class=\"chakra-link css-ug8vf0\" href=\"https:\/\/github.com\/ethereum\/public-disclosures\/\">disclosures repository<!-- --><\/a>.<!-- --><\/p>\n<p><!-- --><\/p>\n<h2 class=\"chakra-heading css-1w54o5f\" id=\"thank-you\">Thank you \ud83d\ude4f<!-- --><\/h2>\n<p><!-- --><\/p>\n<p class=\"chakra-text css-gi02ar\">We would like to extend our heartfelt thanks to everyone involved in the discovery and reporting of vulnerabilities, as well as to the teams responsible for addressing them. While we have aimed to include the names or aliases of all reporters, there are numerous developers and researchers within the client teams and the Ethereum Foundation who identified and rectified vulnerabilities outside of the bounty initiative. Additionally, many unsung heroes such as client team developers, community members, and numerous others have invested countless hours on triaging, validating, and mitigating vulnerabilities before they could be exploited.<!-- --><\/p>\n<p><!-- --><\/p>\n<p class=\"chakra-text css-gi02ar\">Your tremendous efforts have been crucial in ensuring Ethereum&#8217;s security. <!-- --><strong>Thank you!<!-- --><\/strong><\/p>\n<\/div>\n<p><br \/>\n<br \/><a href=\"https:\/\/blog.ethereum.org\/en\/2023\/05\/03\/secured-5-disclosures-update\">Source link <\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Today, we have revealed the second batch of vulnerabilities from the Ethereum Foundation Bug Bounty Program! \ud83e\udd73 These vulnerabilities were previously identified and directly reported to the Ethereum Foundation. When bugs are submitted and confirmed, the Ethereum Foundation facilitates disclosures to impacted teams and assists in validating vulnerabilities across all clients. The Bug Bounty Program<\/p>\n","protected":false},"author":3,"featured_media":5838,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[23],"tags":[335],"class_list":{"0":"post-5837","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-ethereum","8":"tag-return-a-list-of-comma-separated-tags-from-this-title-secured-5-public-vulnerability-disclosures-update"},"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v26.3 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Public Vulnerability Disclosures: A Fresh Update on Secured #5 - WSJ-Crypto<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/wsj-crypto.com\/index.php\/2024\/12\/08\/public-vulnerability-disclosures-a-fresh-update-on-secured-5\/\" \/>\n<meta property=\"og:locale\" content=\"it_IT\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Public Vulnerability Disclosures: A Fresh Update on Secured #5 - WSJ-Crypto\" \/>\n<meta property=\"og:description\" content=\"Today, we have revealed the second batch of vulnerabilities from the Ethereum Foundation Bug Bounty Program! \ud83e\udd73 These vulnerabilities were previously identified and directly reported to the Ethereum Foundation. When bugs are submitted and confirmed, the Ethereum Foundation facilitates disclosures to impacted teams and assists in validating vulnerabilities across all clients. The Bug Bounty Program\" \/>\n<meta property=\"og:url\" content=\"https:\/\/wsj-crypto.com\/index.php\/2024\/12\/08\/public-vulnerability-disclosures-a-fresh-update-on-secured-5\/\" \/>\n<meta property=\"og:site_name\" content=\"WSJ-Crypto\" \/>\n<meta property=\"article:published_time\" content=\"2024-12-08T04:47:16+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/wsj-crypto.com\/wp-content\/uploads\/2024\/12\/upload_630d77544672a1e0df792c0d71489bd6.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1280\" \/>\n\t<meta property=\"og:image:height\" content=\"549\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"wsjcrypto\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Scritto da\" \/>\n\t<meta name=\"twitter:data1\" content=\"wsjcrypto\" \/>\n\t<meta name=\"twitter:label2\" content=\"Tempo di lettura stimato\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minuti\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/wsj-crypto.com\/index.php\/2024\/12\/08\/public-vulnerability-disclosures-a-fresh-update-on-secured-5\/\",\"url\":\"https:\/\/wsj-crypto.com\/index.php\/2024\/12\/08\/public-vulnerability-disclosures-a-fresh-update-on-secured-5\/\",\"name\":\"Public Vulnerability Disclosures: A Fresh Update on Secured #5 - WSJ-Crypto\",\"isPartOf\":{\"@id\":\"https:\/\/wsj-crypto.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/wsj-crypto.com\/index.php\/2024\/12\/08\/public-vulnerability-disclosures-a-fresh-update-on-secured-5\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/wsj-crypto.com\/index.php\/2024\/12\/08\/public-vulnerability-disclosures-a-fresh-update-on-secured-5\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/wsj-crypto.com\/wp-content\/uploads\/2024\/12\/upload_630d77544672a1e0df792c0d71489bd6.jpg\",\"datePublished\":\"2024-12-08T04:47:16+00:00\",\"author\":{\"@id\":\"https:\/\/wsj-crypto.com\/#\/schema\/person\/88a93723b30416db1a352d5a0096c4a7\"},\"breadcrumb\":{\"@id\":\"https:\/\/wsj-crypto.com\/index.php\/2024\/12\/08\/public-vulnerability-disclosures-a-fresh-update-on-secured-5\/#breadcrumb\"},\"inLanguage\":\"it-IT\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/wsj-crypto.com\/index.php\/2024\/12\/08\/public-vulnerability-disclosures-a-fresh-update-on-secured-5\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"it-IT\",\"@id\":\"https:\/\/wsj-crypto.com\/index.php\/2024\/12\/08\/public-vulnerability-disclosures-a-fresh-update-on-secured-5\/#primaryimage\",\"url\":\"https:\/\/wsj-crypto.com\/wp-content\/uploads\/2024\/12\/upload_630d77544672a1e0df792c0d71489bd6.jpg\",\"contentUrl\":\"https:\/\/wsj-crypto.com\/wp-content\/uploads\/2024\/12\/upload_630d77544672a1e0df792c0d71489bd6.jpg\",\"width\":1280,\"height\":549},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/wsj-crypto.com\/index.php\/2024\/12\/08\/public-vulnerability-disclosures-a-fresh-update-on-secured-5\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/wsj-crypto.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Public Vulnerability Disclosures: A Fresh Update on Secured #5\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/wsj-crypto.com\/#website\",\"url\":\"https:\/\/wsj-crypto.com\/\",\"name\":\"WSJ-Crypto\",\"description\":\"Just Another Crypto News Website\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/wsj-crypto.com\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"it-IT\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/wsj-crypto.com\/#\/schema\/person\/88a93723b30416db1a352d5a0096c4a7\",\"name\":\"wsjcrypto\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"it-IT\",\"@id\":\"https:\/\/wsj-crypto.com\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/86fe8af82ea089646d6639ca2f87e0243d8688d957bd8e3ec22ec3c457cc16d4?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/86fe8af82ea089646d6639ca2f87e0243d8688d957bd8e3ec22ec3c457cc16d4?s=96&d=mm&r=g\",\"caption\":\"wsjcrypto\"},\"url\":\"https:\/\/wsj-crypto.com\/index.php\/author\/wsjcrypto\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Public Vulnerability Disclosures: A Fresh Update on Secured #5 - WSJ-Crypto","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/wsj-crypto.com\/index.php\/2024\/12\/08\/public-vulnerability-disclosures-a-fresh-update-on-secured-5\/","og_locale":"it_IT","og_type":"article","og_title":"Public Vulnerability Disclosures: A Fresh Update on Secured #5 - WSJ-Crypto","og_description":"Today, we have revealed the second batch of vulnerabilities from the Ethereum Foundation Bug Bounty Program! \ud83e\udd73 These vulnerabilities were previously identified and directly reported to the Ethereum Foundation. When bugs are submitted and confirmed, the Ethereum Foundation facilitates disclosures to impacted teams and assists in validating vulnerabilities across all clients. The Bug Bounty Program","og_url":"https:\/\/wsj-crypto.com\/index.php\/2024\/12\/08\/public-vulnerability-disclosures-a-fresh-update-on-secured-5\/","og_site_name":"WSJ-Crypto","article_published_time":"2024-12-08T04:47:16+00:00","og_image":[{"width":1280,"height":549,"url":"https:\/\/wsj-crypto.com\/wp-content\/uploads\/2024\/12\/upload_630d77544672a1e0df792c0d71489bd6.jpg","type":"image\/jpeg"}],"author":"wsjcrypto","twitter_card":"summary_large_image","twitter_misc":{"Scritto da":"wsjcrypto","Tempo di lettura stimato":"2 minuti"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/wsj-crypto.com\/index.php\/2024\/12\/08\/public-vulnerability-disclosures-a-fresh-update-on-secured-5\/","url":"https:\/\/wsj-crypto.com\/index.php\/2024\/12\/08\/public-vulnerability-disclosures-a-fresh-update-on-secured-5\/","name":"Public Vulnerability Disclosures: A Fresh Update on Secured #5 - WSJ-Crypto","isPartOf":{"@id":"https:\/\/wsj-crypto.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/wsj-crypto.com\/index.php\/2024\/12\/08\/public-vulnerability-disclosures-a-fresh-update-on-secured-5\/#primaryimage"},"image":{"@id":"https:\/\/wsj-crypto.com\/index.php\/2024\/12\/08\/public-vulnerability-disclosures-a-fresh-update-on-secured-5\/#primaryimage"},"thumbnailUrl":"https:\/\/wsj-crypto.com\/wp-content\/uploads\/2024\/12\/upload_630d77544672a1e0df792c0d71489bd6.jpg","datePublished":"2024-12-08T04:47:16+00:00","author":{"@id":"https:\/\/wsj-crypto.com\/#\/schema\/person\/88a93723b30416db1a352d5a0096c4a7"},"breadcrumb":{"@id":"https:\/\/wsj-crypto.com\/index.php\/2024\/12\/08\/public-vulnerability-disclosures-a-fresh-update-on-secured-5\/#breadcrumb"},"inLanguage":"it-IT","potentialAction":[{"@type":"ReadAction","target":["https:\/\/wsj-crypto.com\/index.php\/2024\/12\/08\/public-vulnerability-disclosures-a-fresh-update-on-secured-5\/"]}]},{"@type":"ImageObject","inLanguage":"it-IT","@id":"https:\/\/wsj-crypto.com\/index.php\/2024\/12\/08\/public-vulnerability-disclosures-a-fresh-update-on-secured-5\/#primaryimage","url":"https:\/\/wsj-crypto.com\/wp-content\/uploads\/2024\/12\/upload_630d77544672a1e0df792c0d71489bd6.jpg","contentUrl":"https:\/\/wsj-crypto.com\/wp-content\/uploads\/2024\/12\/upload_630d77544672a1e0df792c0d71489bd6.jpg","width":1280,"height":549},{"@type":"BreadcrumbList","@id":"https:\/\/wsj-crypto.com\/index.php\/2024\/12\/08\/public-vulnerability-disclosures-a-fresh-update-on-secured-5\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/wsj-crypto.com\/"},{"@type":"ListItem","position":2,"name":"Public Vulnerability Disclosures: A Fresh Update on Secured #5"}]},{"@type":"WebSite","@id":"https:\/\/wsj-crypto.com\/#website","url":"https:\/\/wsj-crypto.com\/","name":"WSJ-Crypto","description":"Just Another Crypto News Website","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/wsj-crypto.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"it-IT"},{"@type":"Person","@id":"https:\/\/wsj-crypto.com\/#\/schema\/person\/88a93723b30416db1a352d5a0096c4a7","name":"wsjcrypto","image":{"@type":"ImageObject","inLanguage":"it-IT","@id":"https:\/\/wsj-crypto.com\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/86fe8af82ea089646d6639ca2f87e0243d8688d957bd8e3ec22ec3c457cc16d4?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/86fe8af82ea089646d6639ca2f87e0243d8688d957bd8e3ec22ec3c457cc16d4?s=96&d=mm&r=g","caption":"wsjcrypto"},"url":"https:\/\/wsj-crypto.com\/index.php\/author\/wsjcrypto\/"}]}},"amp_enabled":true,"_links":{"self":[{"href":"https:\/\/wsj-crypto.com\/index.php\/wp-json\/wp\/v2\/posts\/5837","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/wsj-crypto.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/wsj-crypto.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/wsj-crypto.com\/index.php\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/wsj-crypto.com\/index.php\/wp-json\/wp\/v2\/comments?post=5837"}],"version-history":[{"count":2,"href":"https:\/\/wsj-crypto.com\/index.php\/wp-json\/wp\/v2\/posts\/5837\/revisions"}],"predecessor-version":[{"id":5840,"href":"https:\/\/wsj-crypto.com\/index.php\/wp-json\/wp\/v2\/posts\/5837\/revisions\/5840"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/wsj-crypto.com\/index.php\/wp-json\/wp\/v2\/media\/5838"}],"wp:attachment":[{"href":"https:\/\/wsj-crypto.com\/index.php\/wp-json\/wp\/v2\/media?parent=5837"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/wsj-crypto.com\/index.php\/wp-json\/wp\/v2\/categories?post=5837"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/wsj-crypto.com\/index.php\/wp-json\/wp\/v2\/tags?post=5837"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}