Charlie Osborne, November 19, 2020 at 2:29 pm UTC
Updated: November 19, 2020 at 2:34 pm UTC
Bug hunters can earn up to $ 50,000 for finding flaws in the cryptocurrency platform
The Ethereum 2.0 bug bounty program has increased rewards for researchers who submit valid vulnerability reports before switching to a Proof of Stake model.
Bug hunters can earn up to $ 50,000 for critical vulnerabilities in the highly anticipated Ethereum 2.0 update.
The Ethereum Foundation bug bounty panel will decide on the financial rewards issued and will lean on the OWASP risk model when making decisions.
Loosely classified as low, medium and high severity, the most dangerous vulnerabilities can earn researchers up to 25,000 “points”, while high impact bugs can be worth 10,000 points.
Medium and low risk security holes can result in the issuance of up to 5,000 and 1,000 points, respectively.
Points-based system
Each “point” earned in the program is the equivalent of $ 2, made in the cryptocurrency Ethereum (ETH) or the stablecoin Dai (DAI).
The program is looking for vulnerabilities affecting the security of the base Eth2 Phase 0 specification, as well as purpose-breaking bugs, Denial-of-Service (DoS) vectors, and security issues related to validations, such as when “honest” validators I am influenced by calculation or parameter problems.
In addition, client implementations prysm, lighthouse and teku are within the scope.
Although more client implementations will join the list after passing preliminary audits, vulnerabilities associated with non-conformities, DoS attacks, crashes, and consent splits will be considered.
The rewards offered may also depend on the quality of the bug reports, the ease of reproduction, and whether or not the bug bounty hunters offered a way to fix the vulnerabilities.
Read more about the latest bug bounty news
In addition to the financial rewards, the Ethereum Foundation has created a ranking to showcase its best bug bounty hunters.
“The bug bounty program is an experimental and discretionary reward program for our active Ethereum community to encourage and reward those who are helping to improve the platform,” says the organization.
“It’s not a competition … the prizes are at the sole discretion of the Ethereum Foundation bug bounty panel.”
Previously, the program offered up to $ 10,000 for vulnerability disclosure.
Changes
The increase in premiums comes about two weeks before a planned transition from Proof-of-Work (PoW) to Proof-of-Stake (PoS) model.
PoW models allow users to mine cryptocurrencies via their computers by solving complex mathematical problems, however, the energy required to mine cryptocurrencies increases over time. PoS uses validators to give nodes voting rights based on a general consensus process.
The Ethereum Foundation has been working on a PoS system, dubbed Casper, since 2014, in what is known as the Serenity release. The transition to Phase 0 Beacon Chain is scheduled for December 1st.
The Daily Swig contacted the Ethereum Foundation and will update this article accordingly.
YOU MIGHT LIKE IT Google Project Zero to form a “crystal ball” prediction panel to improve vulnerability disclosure