Ethereum 2.0 Developer Announces New Bug Bounty Program

Jafrin  |  Oct 10, 2020

A new bug bounty program focused on powering up the much-anticipated launch of Ethereum 2.0's initial phase has been launched. The program was unveiled on October 9, 2020, by Ethereum 2.0 project lead, Danny Ryan.

Incentivizing the ETH Community

The program aims to incentivize the Ethereum community and other bug hunters to report on vulnerabilities and other shortcomings of the network. The bug bounty program in its website highlights both its Phase 0 specifications with specific kinds of software clients like Prysm, Lighthouse, and Teku.

The program site notes "The Eth2 Bounty Program provides bounties for Eth2 (a major upgrade to Ethereum's core consensus) bugs. We call on our community and all bug bounty hunters to help identify bugs in the protocols and clients. Earn rewards for finding a vulnerability and get a place on our leaderboard”.

The site further highlighted the following conditions before starting the hunt:

  • Issues that have already been submitted by another user or are already known to spec and client maintainers are not eligible for bounty rewards.
  • Public disclosure of a vulnerability makes it ineligible for a bounty.
  • Ethereum Foundation researchers and employees of Eth2 client teams are not eligible for rewards.
  • The Ethereum bounty program considers several variables in determining rewards. Determinations of eligibility, score, and all terms related to an award are at the sole and final discretion of the Ethereum Foundation bug bounty panel.
  • Key Step For Any Network Launch

    The launch period of Eth2’s Phase zero reportedly ranges between the beginning of November to January of 2021, depending on its pace of development.

    In July, the Ethereum Foundation's Justin Drake had highlighted the Eth2-focused bug bounty program as a key step ahead of any network launch. The program aims to make Ethereum 2.0 more resilient to bugs present in protocols and its clients.

    However, according to bug bounty hunting rules, anyone working with the codebase as a professional Ethereum developer will not be eligible for the bounty rewards. Moreover, Ethereum websites or even the Ethereum Foundation infrastructure, in general, are not part of the bounty program.

    Related News