Security #2: Disclosing public vulnerabilities

Today we disclosed the first set of vulnerabilities in the Ethereum Foundation’s bug bounty program. These vulnerabilities have been previously discovered and reported directly to the client team through the Ethereum Foundation or bug bounty program. execution layer and consensus layer.

Through its bug bounty program, which allows the Ethereum Foundation (EF) to coordinate and cross-check vulnerabilities across clients, EF is currently accepting vulnerability reports for Nimbus, Teku, Lighthouse, Prysm, Lodestar, Go Ethereum, Nethermind, Erigon, and Besu. I’m doing it.

New repository and vulnerability list

A full list of vulnerabilities along with additional information is available. Here in the git repository.

new public repository We catalog all known vulnerabilities in the execution layer and consensus layer that were patched before the latest hard fork.

We want to give a huge gift to yell This is visible to everyone involved in discovering and reporting the vulnerability, as well as to the team responsible for remediating the vulnerability. Although we have attempted to include the reporter’s name or pseudonym, there are many developers and researchers on our client team and the Ethereum Foundation who have discovered and fixed vulnerabilities outside of the bounty program. There are also countless unsung heroes, including client team developers and community members, who have spent countless hours triaging, cross-checking, and mitigating vulnerabilities before they are exploited.

Visit our new page for more information and to learn more about our disclosure policy, timeline, and listing creation. public repository.

Your tremendous efforts have been instrumental in ensuring the security of Ethereum. thank you!