Wazi kwa mawasilisho
Safu ya makubaliano na zawadi za wadudu
Jishindie mpaka USD 50,0000 na nafasi katika ubao wa viongozi kwa kutafuta hitalafu za safu ya makubaliano na programu.
Wateja walioangaziwa kwenye zawadi
Wadudu waliokubaliwa
Mpango huu wa fadhila za hitilafu unalenga kutafuta hitilafu katika vipimo vya msingi safu ya makubaliano ya Mnyororo Kioleza na utekelezaji wa mteja wa Lighthouse, Nimbus, Teku na Prysm.
Hitilafu za ubainishaji wa mnyororo kioleza
Mnyororo Kioleza hutoa maelezo ya vipimo vyenye mantiki ya uundaji na mabadiliko pendekezwa kwenye Ethereum kupitia maboresho ya mnyororo kioleza.
Execution Layer Specifications (opens in a new tab)
Itakuwa vizuri kuangalia maelezo yafuatayo:
Aina za hitalafu
- Hitimisho kuvunja wadudu
- Visababishi vya kunyimwa huduma (DOS)
- Kutofautiana kwa dhana, kama vile hali ambapo wathibitishaji waaminifu wanaweza kupunguzwa
- Hesabu au kutofautiana kwa uthabiti
Wadudu wa programu ya safu ya makubaliano
Wateja wataendesha mnyororo kioleza mara maboresho yatakapozinduliwa. Wateja watafuata mantiki iliyowekwa mahususi na kua salama dhidi ya mashambulizi. wadudu tunaotaka kupata ni wale wanaohusiana na utekelezaji wa itifaki.
Kwa sasa Lighthouse, Nimbus, Teku, na Prysm weanastahiki zawadi. Lodestar i8nastaahiki zawadi pia, lakini mpaka ukaguzi wa kina utakapofanyika pointi zao na zawadi zitakuwa asilimia kumi tu. ( malipo ya juu ni DAI 5,000). Wateja/Programu zingine zitaogezwa iwapo ukaguzi utafanyika na kuwa tayari kwa uzalishaji.
Aina za hitalafu
- Vipimo na masuala yasiyo ya kufuata
- Ajali zisizotarajiwa au kunyimwa kwa udhaifu wa huduma
- Masuala yoyote yanayosababisha makubaliano yasiyoweza kurekebishwa hugawanyika kutoka kwa mtandao wote
Viungo vya kusaidia
Language compiler bugs
The Solidity and Vyper compilers are in scope of the bug bounty program. Please include all details necessary to reproduce the vulnerability such as: Input program that triggers the bug, Compiler version affected, Target EVM version, Framework/IDE if applicable, EVM execution environment/client if applicable and Operating system, Please include steps to reproduce the bug you have found in as much detail as possible.
Solidity and Vyper does not hold security guarantees regarding compilation of untrusted input – and we do not issue rewards for crashes of the compiler on maliciously generated data.
Viungo vya kusaidia
Deposit Contract bugs
The specifications and source code of the Beacon Chain Deposit Contract is part of the bug bounty program.
Dependency bugs
Certain dependencies are crucial for the Ethereum Network to function, and some of these have been added to the bug bounty program. Currently, the list of dependencies included in the bug bounty program are C-KZG-4844 and Go-KZG-4844.
Haijajumuishwa
Muungano na maboresho ya mnyororo wa kigae viko kwenye hatua ya uundwaji na bado havijajumuishwa kama sehemu ya programu ya fadhila.
- ✕Infrastructure bugs—such as webpages, dns, email, etc.*
- ✕ERC-20 contract bugs*
- ✕Ethereum Naming Service (ENS) bugs (maintained by the ENS foundation)
- ✕Vulnerabilities requiring the user to have publicly exposed an API, such as JSON-RPC or the Beacon API
- ✕Typographical errors
- ✕Tests
- ✕High-effort (sustained, CPU or bandwidth intensive, and/or requires more than 1 packet or onchain transaction) single-peer DoS attacks
- ✕Any publicly known issues (includes forum posts, PRs, github issues, commits, blog posts, public discord messages, etc.)
- ✕Anything that does not currently have a direct impact on Ethereum mainnet.
*These are not included, however, we can sometimes help reach out to affected parties
Sheria za utafutaji wadudu
Mpango wa zawadi za hitilafu ni mpango wa siri wa majaribio na wa hiari kwa jumuiya yetu inayotumika ya Ethereum ili kuwatia moyo na kuwatuza wale wanaosaidia kuboresha jukwaa. Sio mashindano.Unapaswa kujua kwamba tunaweza kuondoa programu wakati wowote, na tuzo ni kwa uamuzi wa kidirisha cha fadhila jukwaa la Ethereum.Kwa kuongezea, hatuwezi kutoa tuzo kwa watu ambao wako kwenye orodha ya vikwazo au ambao wako katika nchi zilizo kwenye orodha ya vikwazo. Mfano( Korea kaskazini, Iran, na nyingine). Unawajibika kwa ushuru wote. Tuzo zote ziko chini ya sheria inayotumika. Hatimaye, jaribio lako lazima lisikiuke sheria yoyote au kuathiri data yoyote ambayo si yako.
- 1Masuala ambayo tayari yamewasilishwa na mtumiaji mwingine au tayari yanajulikana na wasimamizi wa mteja hayastahiki zawadi.
- 2Ufichuaji hadharani wa athari huifanya isistahiki kupata faida.
- 3Watafiti na wafanyakazi wa Msingi Ethereum na timu za programu za makubaliano hawastahiki zawadi.
- 4Mpango wa fadhila wa Ethereum huzingatia idadi ya vigezo katika kuamua zawadi. Maamuzi ya kustahiki, alama na masharti yote yanayohusiana na tuzo ni kwa uamuzi wa mwisho wa Msingi wa jukwaa la Ethereum.
Vulnerability severity qualifications
Severity is assessed based on a discovered vulnerability's ability to do the following:
- Slash >0.01% of validators
- Trivially cause network splits affecting >0.01% of the network
- Be able to bring down >0.01% of the network by sending a single network packet or an onchain transaction
- Slash >1% of validators
- Trivially cause network splits affecting >5% of the network
- Be able to bring down >5% of the network by sending a single network packet or an onchain transaction
- Slash >33% of validators
- Trivially cause network splits affecting >33% of the network
- Be able to bring down >33% of the network by sending a single onchain transaction
- Slash >50% of validators
- Exploit an EIP/specification or client bug to easily create an infinite amount of ETH which is finalized by the network
- Steal ETH from all EOAs
- Burn ETH from all EOAs
- Take down the entire network by sending a single malicious onchain transaction that ends up crashing all clients
Wasilisha mdudu
Wastani
Mpaka DAI 10,000
Mpaka pointi 5,000
Wasilisha hitilafu ya hatari ya wastani (opens in a new tab)Execution Layer Bug Bounty leaderboard
Find execution layer bugs to get added to this leaderboard
Ubao wa wanaoongoza wa uwindaji wa mende
Tafuta hitilafu za safu ya makubaliano ili uongezwe kwenye ubao huu wa wanaoongoza
Maswali yanayoulizwa mara kwa mara
Ukurasa ulihaririwa mwisho: 26 Februari 2026
