帮助翻译此页面

🌏

由于尚未翻译,本页面内容仍为英文。请帮助我们翻译此内容。

没有错误!🐛

此页面未翻译,因此特意以英文显示。

已开放供提交

共识层漏洞悬赏 🐛
发现共识层协议和客户端的错误,赚取高达 50,000 美元的奖励,并在排行榜上占有一席之地。

参与悬赏计划的客户端

有效漏洞

本漏洞悬赏计划专注于查找共识层信标链规范、Lighthouse、Nimbus、Teku、Prysm 和 Lodestar 等客户端实现中的漏洞。

📒

信标链规范漏洞

信标链规范详细说明了设计初衷和通过信标链升级对以太坊进行更改的建议。

阅读完整规范
Execution Layer Specifications

漏洞类型

  • 安全性/触发崩溃的确定性漏洞
  • 拒绝服务 (DOS) 的潜在漏洞
  • 假设的不一致,例如诚实的验证者被惩罚的情况
  • 计算或参数的不一致性
💻

共识层客户端漏洞

一旦升级完成部署,这些客户端将运行信标链。客户端需要遵循规范中规定的逻辑,并确保免受潜在攻击的破坏。我们想要查找与协议实施相关的漏洞。

目前,如果您发现 Lighthouse、Nimbus、Teku 和 Prysm 的漏洞,将有机会获得全部赏金奖励。Lodestar 也是其中之一,但在进一步的审计完成之前,积分和奖励被限制在 10%(最大报酬为 5000 DAI)。系统可能会添加更多的客户端,因为他们完成了审计,并为生产做好了准备。

漏洞类型

  • 规范不兼容问题
  • 意外崩溃或拒绝服务 (DOS) 漏洞
  • 导致共识与网络其他部分不可弥补地分裂的问题

帮助链接

Besu
Erigon
Geth
Lighthouse
Lodestar
Nimbus
Nethermind
Prysm
Teku
📖

Solidity bugs

See the Solidity SECURITY.MD for more details about what is included in this scope.

Solidity does not hold security guarantees regarding compilation of untrusted input – and we do not issue rewards for crashes of the solc compiler on maliciously generated data.

帮助链接

SECURITY.md
📜

Deposit Contract bugs

The specificiations and source code of the Beacon Chain Deposit Contract is part of the bug bounty program.

未包含

合并和分片链的升级仍在积极开发中,所以尚未纳入此悬赏计划。

提交漏洞

您每发现一个漏洞,都会得到积分奖励。您获得的积分取决于漏洞的严重程度。Lodestar 的漏洞目前可以奖励下面列出的 10% 的积分,因为更多的审计工作正在进行中,有待完成。以太坊基金会 (EF) 使用开放式网络应用程序安全项目方法来确定漏洞的严重程度。 查看开放式网络应用程序安全项目方法

以太坊基金会将基于以下规则奖励积分:

描述的质量:组织清晰、描述清楚的提交者可获得更高的奖励。

可复现能力的质量:请包含测试代码、脚本或者其它详细的指令。我们越容易复现并确认漏洞,您获得的奖励就越高。

修复质量(如果包含):清晰描述了如何修复问题的提交者可获得更高的奖励。

最多 2,000 DAI

最多 2,000 DAI

最多 1,000 积分

严重程度

  • 低影响力,中可能性
  • 中影响力,低可能性

示例

攻击者有时可以促使一个节点进入一种非正常的状态:以 1/100 的概率丢失验证者发来的证明信息。
提交低风险漏洞
最多 10,000 DAI

最多 10,000 DAI

最多 5,000 积分

严重程度

  • 高影响力,低可能性
  • 中影响力,中可能性
  • 低影响力,高可能性

示例

攻击者可以成功针对一类节点(对等点 ID 以 4 个 0 字节开头)发动日蚀攻击
提交中风险漏洞
最多 20,000 DAI

最多 20,000 DAI

最多 10,000 积分

严重程度

  • 高影响力,中可能性
  • 中影响力,高可能性

示例

两个客户端之间存在共识漏洞,但是它们并不容易成为攻击者的目标或这样做并不切实际。
提交高风险漏洞
最多 50,000 DAI

高危

最多 50,000 DAI

最多 25,000 积分

严重程度

  • 高影响力、高可能性

示例

当两个客户端之间存在共识漏洞,它们很容易成为攻击者的目标。
提交高危风险漏洞

漏洞悬赏规则

漏洞悬赏计划是针对我们活跃的以太坊社区的一项实验性和自由裁量的奖励计划,旨在鼓励和奖励那些正在帮助改善平台的人。这不是比赛。您需要知道我们可以随时取消该计划,并且奖励金额由以太坊基金会漏洞悬赏小组全权决定。此外,我们无法向在制裁名单上的个人或所在国家/地区(例如朝鲜、伊朗等)在制裁名单上的个人颁发奖励。您需要为奖金支付相应税赋。所有奖励均受适用法律的约束。最后,您的测试不得违反任何法律或损害任何非您拥有的数据。

  • 已经被其它参与者提交或者已经被规范提及的问题,以及客户端的维护者均不能参与悬赏计划。
  • 已经公开的漏洞不适用于悬赏计划。
  • 以太坊基金会的研究者和共识层客户端团队的雇员无法参与悬赏计划。
  • 以太坊悬赏计划将考虑一系列影响奖赏金额的因素。参与资格、分数以及所有奖赏相关的因素将由以太坊基金会漏洞悬赏小组全权决定。

常见问题

What should a good vulnerability submission look like?

See a real example of a quality vulnerability submission.

Description: Remote Denial-of-service using non-validated blocks

Attack scenario: An attacker can send blocks that may require a high amount of computation (the maximum gasLimit) but has no proof-of-work. If the attacker sends blocks continuously, the attacker may force the victim node to 100% CPU utilization.

Impact: An attacker can abuse CPU utilization on remote nodes, possibly causing full DoS.

Components: Go client version v0.6.8

Reproduction: Send a block to a Go node that contains many txs but no valid PoW.

Details: Blocks are validated in the method Process(Block, dontReact). This method performs expensive CPU-intensive tasks, such as executing transactions (sm.ApplyDiff) and afterward it verifies the proof-of-work (sm.ValidateBlock()). This allows an attacker to send blocks that may require a high amount of computation (the maximum gasLimit) but has no proof-of-work. If the attacker sends blocks continuously, the attacker may force the victim node to 100% CPU utilization.

Fix: Invert the order of the checks.

Is the bug bounty program is time limited?

No.

No end date is currently set. See the Ethereum Foundation blog for the latest news.

How are bounties paid out?

Rewards are paid out in ETH or DAI.

Rewards are paid out in ETH or DAI after the submission has been validated, usually a few days later. Local laws require us to ask for proof of your identity. In addition, we will need your ETH address.

Can I donate my reward to charity?

Yes!

We can donate your reward to an established charitable organization of your choice.

I reported an issue / vulnerability but have not received a response!

Please allow a few days for someone to respond to your submission.

We aim to respond to submissions as fast as possible. Feel free to email us at bounty@ethereum.org if you have not received a response within a day or two.

I want to be anonymous / I do not want my name on the leader board.

You can do this, but it might make you ineligble for rewards.

Submitting anonymously or with a pseudonym is OK, but will make you ineligible for ETH/DAI rewards. To be eligible for ETH/DAI rewards, we require your real name and a proof of your identity. Donating your bounty to a charity doesn’t require your identity.

Please let us know if you do not want your name/nick displayed on the leader board.

What are the points in the leaderboard?

Every found vulnerability / issue is assigned a score

Every found vulnerability / issue is assigned a score. Bounty hunters are ranked on our leaderboard by total points.

Do you have a PGP key?

Yes. Expand for details.

Please use AE96 ED96 9E47 9B00 84F3 E17F E88D 3334 FA5F 6A0A

PGP Key

有问题?

发邮件给我们: bounty@ethereum.org

✉️