Clients featured in the bounties











In Scope
Our bug bounty program spans end-to-end: from soundness of protocols (such as the blockchain consensus model, the wire and p2p protocols, proof of stake, etc.) and protocol/implementation compliance to network security and consensus integrity. Classical client security as well as security of cryptographic primitives are also part of the program. All bug disclosures and vulnerability submissions must be made through our bug submission form (opens in a new tab).
Vulnerability severity qualifications
Severity is assessed based on a each discovered vulnerability's unique ability to do the following:
Submit a bug
Execution Layer Bug Bounty leaderboard
Find execution layer bugs to get added to this leaderboard
Consensus Layer Bug Bounty leaderboard
Find consensus layer bugs to get added to this leaderboard
Frequently asked questions
Submitting anonymously or with a pseudonym is OK, but will make you ineligible for ETH/DAI rewards. To be eligible for ETH/DAI rewards, we require your real name and a proof of your identity to be sent, encrypted using PGP on our secure drop website, to our legal team at the Ethereum Foundation who are the sole reviewers of the documentation. Donating your bounty to a charity doesn’t require your identity.
Please let us know if you do not want your name/nick displayed on the leader board.


























































































