Bug bounty quadruples for Ethereum network — Up to $1M payouts ahead of Merge


The Ethereum Foundation has announced it will be increasing the network’s bug bounty payouts fourfold ahead of the blockchain’s transition to proof-of-stake.

In a Wednesday blog post, the Ethereum Foundation said between Aug. 24 and Sept. 8, all “Merge-related bounties for vulnerabilities” will be quadrupled for white hats testing the network. According to the foundation, identifying “critical bugs” — those that have a high impact or likelihood of a high impact on the blockchain — will be worth up to $1 million. The bounty program also allows submissions for low, medium and high-risk bugs.

As part of the transition to proof-of-stake, the foundation said the Ethereum Network “must first be activated on the Beacon Chain with the Bellatrix upgrade,” an event expected to happen on Sept. 6, with the Merge likely following between Sept. 10 and 20. Core developers previously announced a tentative Merge date of Sept. 15 when the Total Terminal Difficulty, or TTD — the difficulty of the final mined block — will trigger the end of proof-of-work and the start of proof-of-stake.

“The incremental difficulty added per block is dependent on the network hash rate, which is volatile,” said the foundation. “If more hash rate joins the network, TTD will be reached sooner. Similarly, if hash rate leaves the network, TTD will be reached later.”

The foundation added that Ether (ETH) holders and users largely did not need to take any action prior to the Merge other than to “be on the lookout for scams.” Mining will no longer be possible following the transition, while stakers and node operators will both need to run an execution layer client, with the latter doing so with a consensus layer client.

In July 2020, the Ethereum Foundation announced it had launched public “attack networks” for Ethereum 2.0 for white hats to attempt to exploit potential issues in the clients, offering a $5,000 bounty at the time. However, in August 2021, a vulnerability affecting earlier versions of one of Ethereum’s software clients, Geth, caused more than half the network’s nodes to split. The Merge will require the latest version of Geth as an execution client.

Related: MakerDAO launches biggest ever bug bounty with $10M reward

Other projects have offered up to $1 million or more in bug bounties aimed at finding exploits resulting in the theft  or risk of losing millions, as Sky Mavis did in April 2022 following a $600-million hack on the Ronin Network. In June, Ethereum bridging and scaling solution Aurora paid a $6-million bounty to a white hat hacker who discovered a critical bug.

Articles You May Like

Ripple CEO Criticizes Political Divide On Crypto: ‘Republicans Playing Chess, Democrats Checkers’
ETH Derivates Volume Have Flatlined Despite Spot Ethereum ETFs Approval, What’s Going On?
Ripple Lawsuit Update: Former SEC Official Reveals Where They Are In Negotiations
Bitwise CIO Bullish On Ethereum ETFs Fueling Surge To Record Highs Above $5,000
CBOE Global Markets Lists Spot Ethereum ETFs, Confirms Launch Date