Today, we disclosed the archetypal acceptable of vulnerabilities from the Ethereum Foundation’s Bug Bounty Programs. These vulnerabilities were antecedently discovered and reported straight to the Ethereum Foundation oregon lawsuit teams via the Bug Bounty Programs for some the Execution Layer and Consensus Layer.

Through its Bug Bounty Programs, which let the Ethereum Foundation (EF) to coordinate and cross-check vulnerabilities crossed clients, the EF presently accepts vulnerability reports for Nimbus, Teku, Lighthouse, Prysm, Lodestar, Go Ethereum, Nethermind, Erigon and Besu.

New repository & vulnerability list

The afloat database of vulnerabilities, on with further information, tin beryllium recovered successful a git repository astatine https://github.com/ethereum/public-disclosures/.

The caller disclosures repository catalogues each known vulnerabilities that were patched anterior to the latest hardforks connected the Execution Layer and Consensus Layer.

We would similar to springiness a monolithic shout out to everyone progressive successful the find and reporting of vulnerabilities, arsenic good arsenic to the teams liable for fixing them. While we person attempted to see the names oregon aliases of the reporters, determination are galore developers and researchers wrong the lawsuit teams and successful the Ethereum Foundation who recovered and corrected vulnerabilities extracurricular of the bounty program. There are besides galore unsung heroes specified arsenic lawsuit squad developers, assemblage members, and galore much who person spent countless hours triaging, cross-checking, and mitigating vulnerabilities earlier they could beryllium exploited.

For much information, and to larn much astir disclosure policies, timelines, and cataloging, caput implicit to the caller disclosures repository.

Your immense efforts person been instrumental to ensuring Ethereum’s security. Thank you!