- Ethereum Bug Bounty quadrupled for white hat hackers to spot a bug. The open-source code availability is a great opportunity for keen programmers to win $1 million ahead of the Ethereum merge.
Ethereum foundation was offering a bounty of $250,000 to the developers for spotting bugs and errors. However, as the Ethereum merge nears, the ‘Bug Bounty’ has been increased by 4x. Anyone who is able to spot a critical bug that can malfunction the network, or discredit users or validators will be awarded as much as $1 million.
Ethereum Bug Bounty
The Ethereum Bug bounty is open for submission. The winners will not only receive a huge amount of money but also win a spot on the leaderboard displayed on the Ethereum website. Ethereum foundation defines the scope of these bugs in the following words,
Our bug bounty program spans end-to-end: from the soundness of protocols (such as the blockchain consensus model, the wire and p2p protocols, proof of work, proof of stake, etc.) and protocol/implementation compliance to network security and consensus integrity. Classical client security, as well as security of cryptographic primitives, are also part of the program.
Even though the amount of $1 million is for major bugs spotted in Ethereum scope, white hat hackers can still claim a huge amount for finding minor bugs that can be used to infiltrate Ethereum security. The amount paid will depend on the quality of description of the bug, quality of reproducibility, and quality of fixed offered.
However, there are certain bugs that are not covered in this bounty. You might see yourself as a nerd and write it to Ethereum and still not get anything. The Ethereum bug bounty does not cover the bugs spotted in infrastructure, DNS, Webpages, and Email. Also, the bugs in ERC20-based tokens are not the main part of this bug bounty. Since ENS (Ethereum Name Service), the Web 3.0 version of Domain Name System (DNS), is offered by ENS Foundation so any bug found in ENS is not covered in Ethereum bug bounty.
This is great encouragement from the Ethereum foundation and might save the entire network. There’s a chance that the core developer might miss something so the white hat hackers can inform the core team before the final implementation or the widespread exploitation. But what if someone finds a really critical bug that can win him more than just $1 million? It’s just a thought but it left me concerned about the upcoming major update.
more to read
Disclaimer: This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.