Secured #2: Public Vulnerability Disclosures

Immediately, we disclosed the primary set of vulnerabilities from the Ethereum Basis’s Bug Bounty Applications. These vulnerabilities have been beforehand found and reported on to the Ethereum Basis or shopper groups through the Bug Bounty Applications for each the Execution Layer and Consensus Layer.

Via its Bug Bounty Applications, which permit the Ethereum Basis (EF) to coordinate and cross-check vulnerabilities throughout purchasers, the EF at the moment accepts vulnerability reviews for Nimbus, Teku, Lighthouse, Prysm, Lodestar, Go Ethereum, Nethermind, Erigon and Besu.

New repository & vulnerability checklist

The complete checklist of vulnerabilities, together with further info, will be discovered in a git repository right here.

The brand new disclosures repository catalogues all recognized vulnerabilities that have been patched previous to the most recent hardforks on the Execution Layer and Consensus Layer.

We want to give a large shout out to everybody concerned within the discovery and reporting of vulnerabilities, in addition to to the groups accountable for fixing them. Whereas we now have tried to incorporate the names or aliases of the reporters, there are numerous builders and researchers throughout the shopper groups and within the Ethereum Basis who discovered and corrected vulnerabilities outdoors of the bounty program. There are additionally many unsung heroes reminiscent of shopper group builders, group members, and lots of extra who’ve spent numerous hours triaging, cross-checking, and mitigating vulnerabilities earlier than they could possibly be exploited.

For extra info, and to study extra about disclosure insurance policies, timelines, and cataloging, head over to the brand new disclosures repository.

Your immense efforts have been instrumental to making sure Ethereum’s safety. Thanks!