Friday, November 22, 2024

Secured #2: Public Vulnerability Disclosures

At this time, we disclosed the primary set of vulnerabilities from the Ethereum Basis’s Bug Bounty Packages. These vulnerabilities had been beforehand found and reported on to the Ethereum Basis or consumer groups by way of the Bug Bounty Packages for each the Execution Layer and Consensus Layer.

By its Bug Bounty Packages, which permit the Ethereum Basis (EF) to coordinate and cross-check vulnerabilities throughout purchasers, the EF at the moment accepts vulnerability reviews for Nimbus, Teku, Lighthouse, Prysm, Lodestar, Go Ethereum, Nethermind, Erigon and Besu.

New repository & vulnerability record

The total record of vulnerabilities, together with extra info, might be discovered in a git repository right here.

The brand new disclosures repository catalogues all identified vulnerabilities that had been patched previous to the newest hardforks on the Execution Layer and Consensus Layer.

We wish to give a large shout out to everybody concerned within the discovery and reporting of vulnerabilities, in addition to to the groups chargeable for fixing them. Whereas now we have tried to incorporate the names or aliases of the reporters, there are numerous builders and researchers throughout the consumer groups and within the Ethereum Basis who discovered and corrected vulnerabilities exterior of the bounty program. There are additionally many unsung heroes reminiscent of consumer staff builders, neighborhood members, and plenty of extra who’ve spent numerous hours triaging, cross-checking, and mitigating vulnerabilities earlier than they may very well be exploited.

For extra info, and to be taught extra about disclosure insurance policies, timelines, and cataloging, head over to the brand new disclosures repository.

Your immense efforts have been instrumental to making sure Ethereum’s safety. Thanks!

Related Articles

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest Articles