Ethereum Foundation raises reward for vulnerability detection to $500 000

In anticipation of the upcoming Ethereum blockchain upgrade known as Shapella, the Ethereum Foundation has doubled the maximum bug bounty to $500,000 for identifying related vulnerabilities.

The highly-anticipated Shapella upgrade, also referred to as Shanghai-Capella, is scheduled for release on the mainnet on April 12 at 10:27 a.m. UTC, at block number 6,209,536. Its main feature is Ethereum Improvement Proposal-4895, which will enable validator staking withdrawals on the main network for the first time. It also includes three other improvements aimed at optimizing gas costs for specific activities.

In a developers meeting on Thursday, Fredrik Svantes, a security researcher at the Ethereum Foundation, highlighted the increased reward as part of the last-minute testing efforts.

"There's a 2x multiplier for any vulnerabilities that affect the Shapella codebase. Go ahead and start looking for more vulnerabilities as the max bounty payout for Shapella-specific issues is now up to half a million dollars," Svantes said.

A bug bounty is a program offered by organizations to incentivize individuals or groups to identify and report security vulnerabilities in their software or systems. The rewards may vary depending on the severity and potential impact of the bug identified.

The doubling of the maximum bounty for identifying Shapella vulnerabilities may be seen as a precautionary step in ensuring the security of the network. The Foundation's bug bounty program covers vulnerabilities in various aspects of the network, including the blockchain consensus model, proof of stake, network security and consensus integrity, per the official website.

Final 'shadow fork' before mainnet

Parithosh Jayanthi, a devops engineer for the Ethereum Foundation, said that once final client software releases are out, developers will launch one final mainnet "shadow fork" to test these releases.

In the context of Ethereum, a software fork is a test done on the mainnet rather than a testnet, allowing developers to see if a piece of code from the proposed upgrade will work correctly on the real blockchain. There have also been multiple shadow forks conducted before in preparation for Shapella and a final one is needed to test client releases, Jayanthi explained at yesterday's meeting.

"Once all the [client] releases are done, we'd have a mainnet shadow fork, and I guess that would be the last attempt at the transition publicly before we hit mainnet," Jayanthi said.

Developers have also conducted extensive public testing on three test networks, or testnets, namely Sepolia, Zhejiang and Goerli. On March 14, Shapella was deployed on the Goerli testnet as the final dress rehearsal prior to the mainnet launch.

During the Thursday meeting, developers also urged all node operators on the Ethereum network upgrade their nodes ahead of the launch to ensure a smooth transition. Overall, the Ethereum core team is taking a comprehensive approach to testing and ensuring the security of the upcoming Shapella upgrade, in anticipation of its launch.

This material is taken from the website https://www.theblock.co.