ETHEREUM Bounty Program

The Ethereum Bounty Program provides bounties for bugs. We call on our community and all bug bounty hunters to help identify bugs in the protocols and clients. Earn rewards for finding a vulnerability and get a place on our leaderboard. See Rules & Rewards section for details.

Submit a Vulnerability

Leaderboard

1.
Martin Holst Swende
holiman
33500 pts
2.
Bertrand Masius
catageek
15000 pts
3.
Tin
tintinweb
12000 pts
4.
Jonas Nick
jonasnick
10000 pts
5.
Harry Roberts
HarryR
5000 pts
6.
Juno Im
junorouse
5000 pts
7.
EthHead
EthHead
5000 pts
8.
Yaron Velner
yaronvel
2000 pts
9.
Whit Jackson
whitj00
2000 pts
10.
Christoph Jentzsch
CJentzsch
2000 pts
11.
talko
talko
1000 pts
12.
Steve Waldman
swaldman
1000 pts
13.
Panu Kekäläinen
ptk
1000 pts
14.
henrit
henrit
1000 pts
15.
Marc Bartlett
BlameByte
1000 pts
16.
Lucas Ryan
badmofo
1000 pts
17.
Jonathan Brown
ethernomad
500 pts

News & Updates

  • 2017-09-19: In order to get some extra eyes on the Byzantium implementations, we’ve temporarily increased the rewards: Between now and the Byzantium mainnet hardfork, we will double the ratio of points-to-USD for any vulnerabilities affecting cross-client consensus or Geth denial-of-service. A ‘High’ can thus yield up to $30K USD, and ‘Critical’ up to $50K USD. All Byzantium functionality is considered in-scope, as if it was already enabled on the mainnet.
  • 2017-09-14: Harry Roberts has been awarded 5000 points for discovering a bug in how Solidity implemented ecrecover. See release notes for v0.4.14 for further details.
  • 2017-07-28: Juno Im has been awared 5000 points for a Mist-vulnerability regarding importing of maliciously crafted wallet-files.
  • 2017-05-31: Whit Jackson has been awarded 2000 points for hex-encoding ambiguities in EthereumJS, Christoph Jentzsch has been awarded 2000 points for the solidity optimizer bug, and ‘Tintin’ was awarded another 2000 points for a bug in a third-party component for CPP-ethereum.
  • 2017-05-02: Yaron Velner has been awarded 1000 points for an ENS-submission, where by ENS second price could be manipulated via replay, forcing winners to pay the full amount offered.
  • 2017-04-07: EthHead and Steve Waldman have been added to the leaderboard for their ENS findings. Bug 1 and bug 2
  • 2017-04-07: ENS is now officially included in the program.
  • 2016-12-01: Solidity is now officially included within the bug bounty program.
  • 2016-11-10 We’re please to have three new names on the leaderboard, Bertrand Masius (Solidity bug), tintinweb (Mist vulnerabilities) and Yaron Velner (EXP opcode mispriced).
  • 2016-07-15: The Ethereum hard fork code is in scope of the Ethereum bounty program. Please see the latest hard fork specification.
  • 2016-01-26: BTC RELAY is now in scope of the Ethereum bounty program. Please see BTC RELAY Bounty Program and BTC RELAY Spec for more info and exact scope.
  • 2015-09-02: With Martin (@mhswende) finding another consensus protocol bug in the Python client, he’s now climbed ahead of nickler and we have a new leader on the leaderboard! We’ve also clarified reference to the Python client and it’s scope within the bounty program (see link below in the references).
  • 2015-07-30: As we are launching Frontier, we will continue the bounty program throughout and at least until Homestead. One extension, and one change: From now on, core CPP libraries will be in scope as well. The genesis block inscription reward is altered to an entry in the namereg. Happy hunting!
  • 2015-06-11: As the Ethereum clients are becoming more stable and secure, we’re happy to announce Proof-of-Work (Ethash) and the Go P2P implementation are now also in scope and eligibile for rewards. The develop branch is the target.
  • 2015-03-19: The bounty program will remain running for at least the duration of the upcoming Ethereum frontier release. Please see the Ethereum blog for more information about Frontier!
  • 2015-02-27: These scripts by Jonas Nick can be helpful to build the Ethereum Go client and test it. Please see the bash scripts for build commands and the python script for a simple example of calling the JSON-RPC API. Please note the currently known issues
  • 2015-02-27: Another major vulnerability found by Jonas Nick. Awarded with 5 BTC, this exploit triggers a bug in the Ethereum VM to create ether out of thin air.
  • 2015-01-30: Friendly reminder: Ethereum websites are out of scope for the bounty program and not eligible for rewards. With that said, we are thankful for submissions relating to webpage security and will work to fix these issues.

RULES & REWARDS

Please have a look at the bullets below before starting your hunt!

  • Issues that have already been submitted by another user or are already known to the Ethereum team are not eligible for bounty rewards.
  • Public disclosure of a vulnerability makes it ineligible for a bounty.
  • You can start or fork a private chain for bug hunting. Please respect the Ethereum main and test networks and refrain from attacking them.
  • Ethereum’s core development team, employees and all other people paid by the Ethereum project, directly or indirectly, are not eligible for rewards.
  • Anyone who works with the codebase as a professional Ethereum developer is not eligible for rewards.
  • Ethereum websites or Ethereum Foundation infrastructure in general, are NOT part of the bounty program.
  • Ethereum bounty program considers a number of variables in determining rewards. Determinations of eligibility, score and all terms related to an award are at the sole and final discretion of the Ethereum Foundation bug bounty panel.

The value of rewards paid out will vary depending on Severity. The severity is calculated according to the OWASP risk rating model based on Impact and Likelihood :

severity

Reward sizes are guided by the rules below, but are in the end, determined at the sole discretion of the Ethereum Foundation bug bounty panel.

  • Critical: up to 25 000 points
  • High: up to 15 000 points
  • Medium: up to 10 000 points
  • Low: up to 2 000 points
  • Note: up to 500 points

1 point currently corresponds to 1 USD (payable in ETH or BTC), something which may change without prior notice.

OBS! Between 2017-09-19 and Byzantium hard-fork on Mainnet, each point corresponds to 2 USD for issues related to cross-client consensus or geth DoS vulnerabilities.

Beyond monetary rewards, every bounty is also eligible for listing on our leaderboard with points accumulating over the course of the program.

In addition to Severity, other variables are also considered when the Ethereum Foundation bug bounty panel decides the score, including (but not limited to):

  • Quality of description. Higher rewards are paid for clear, well-written submissions.
  • Quality of reproducibility. Please include test code, scripts and detailed instructions. The easier it is for us to reproduce and verify the vulnerability, the higher the reward. Please see the wiki and repos to learn more about our test suite in the official documentation.
  • Quality of fix, if included. Higher rewards are paid for submissions with clear description of how to fix the issue.

Important Legal Information

The bug bounty program is an experimental and discretionary rewards program for our active Ethereum community to encourage and reward those who are helping to improve the platform. It is not a competition. You should know that we can cancel the program at any time, and awards are at the sole discretion of Ethereum Foundation bug bounty panel. In addition, we are not able to issue awards to individuals who are on sanctions lists or who are in countries on sanctions lists (e.g. North Korea, Iran, etc). You are responsible for all taxes. All awards are subject to applicable law. Finally, your testing must not violate any law or compromise any data that is not yours.

OPEN BOUNTIES

Our bug bounty program spans end-to-end: from soundness of protocols (such as the blockchain consensus model, the wire and p2p protocols, proof of work, etc) and protocol/implementation compliance to network security and consensus integrity. Classical client security as well as security of cryptographic primitives are also part of the program. Details on the scope follow:

Protocol security

The idea for Ethereum was initially published in the White Paper. This concept has been realized in a few protocols and algorithms up for scrutiny:

  • The blockchain consensus protocol, state engine and virtual machine as well as encodings and Merkle Patricia trees as specified in the Yellow Paper

Help identify flaws such as ones found in the yellow paper, relating to:

  • Conceptual security issues in the formal specification of the Ethereum protocol.
  • Misaligned / unintended economic incentives and game theoretic flaws.
  • Security weaknesses / attacks on the PoW algorithm.
  • A concrete example could be a contract that consumes very little gas but leads to a lot of computational effort effectively opening the door for DoS attacks.

Implementation security

Client protocol implementation security

Assuming that the protocols and algorithms are flawless, does a client implementation conform to the formal protocol specification? Issues could include:

  • Validations of blocks, transactions and messages
  • Ethereum Virtual Machine code execution
  • Transaction execution
  • Contract creation
  • Message calls
  • Calculation and enforcement of gas and fees

An example of a potential issue in this category is Bitcoin’s “zero-day” flaw, which required a hard-fork.

Network security

This category focuses on generalized attacks on the whole network or a subset of it:

  • 51% and other X% attacks.
  • Finney attacks.
  • Sybil attacks.
  • Replay attacks.
  • Transaction / messages malleability.
  • (global) DoS.

Here is an example from bitcoin of a global network based DoS scenario.

Node security

Attacks on a single Go client relating to the Ethereum protocol:

  • DoS / resource abuse
  • Account / wallet address gathering/probing
  • Broadcast / withhold attacks

DoS example from bitcoin. DoS / Resource abuse example from bitcoin.

Client application security

This category addresses more classical security issues:

  • Data type overflow / wrap around, e.g. integer overflow.
  • Panics or not properly handled errors.
  • Concurrency, e.g. synchronization, state, races.
  • Issues related to external libraries used.

Here is an example of a problem hidden in an external library.

Cryptographic primitives security

This category includes:

  • Incorrect implementation / usage / configuration of:
  • Elliptic curve (secp256k1, ECDSA).
  • Hash algorithms (Keccak-256).
  • Merkle Patricia trees.

Here is an EC key generation example. Also have a look here.

Solidity language security

This category includes:

  • Incorrect behaviour of the Solidity code generator or optimizer, which could cause unintended functionality (bugs) in the generated contract code.

Here is an example of a submitted Solidity bug.

ENS security

This category includes:

  • Flaws making it possible to gain unauthorized access to, or prevent the authorized withdrawal of, funds locked in Deeds.
  • Flaws making it possible to interfere with, or make modifications to, an ENS-domain belonging to another user.
  • Flaws in the auction that affect the legitimacy of auction results.

Here is an example of a bug in the initial ENS registrar that would have allowed people to bid during the reveal period, thus affecting the legitimacy of auction results.

References

FAQ

So, what should a good vulnerability submission look like?

Here is an example of a real issue which was previously present in the Go client:

Description: Remote Denial-of-service using non-validated blocks

Attack scenario: An attacker can send blocks that may require a high amount of computation (the maximum gasLimit) but has no proof-of-work. If the attacker sends blocks continuously, the attacker may force the victim node to 100% CPU utilization.

Impact: An attacker can abuse CPU utilization on remote nodes, possibly causing full DoS.

Components: Go client version v0.6.8

Reproduction: Send a block to a Go node that contains many txs but no valid PoW.

Details: Blocks are validated in the method Process(Block, dontReact). This method performs expensive CPU-intensive tasks, such as executing transactions (sm.ApplyDiff) and afterward it verifies the proof-of-work (sm.ValidateBlock()). This allows an attacker to send blocks that may require a high amount of computation (the maximum gasLimit) but has no proof-of-work. If the attacker sends blocks continuously, the attacker may force the victim node to 100% CPU utilization.

Fix: Invert the order of the checks.

So, the bug bounty program is time limited?

No end date is currently set. See the “News & Updates” section above, and the Ethereum blog for the latest news.

How are bounties paid out?

Rewards are paid out in ETH or BTC after the submission has been validated, usually a few days later. Local laws require us to ask for proof of your identity. In addition, we will need your ETH/BTC address.

Can I donate my reward to charity?

Yes. We can donate your reward to an established charitable organization of your choice.

I reported an issue / vulnerability but have not received a response!

We aim to respond to submissions as fast as possible. Feel free to email us if you have not received a response within a day or two.

I want to be anonymous / I do not want my name or nick on the leader board.

Submitting anonymously or with a pseudonym is OK, but will make you ineligible for BTC rewards. To be eligible for BTC rewards, we require your real name and a proof of your identity. Donating your bounty to a charity doesn’t require your identity.

Please let us know if you do not want your name/nick displayed on the leader board.

What are the points in the leaderboard?

Every found vulnerability / issue is assigned a score. Bounty hunters are ranked on our leaderboard by total points.

I have further questions.

Email us at bounty@ethereum.org.

Do you have a PGP key?

Please use AE96 ED96 9E47 9B00 84F3 E17F E88D 3334 FA5F 6A0A

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v2

mQINBFgl3tgBEAC8A1tUBkD9YV+eLrOmtgy+/JS/H9RoZvkg3K1WZ8IYfj6iIRaY
neAk3Bp182GUPVz/zhKr2g0tMXIScDR3EnaDsY+Qg+JqQl8NOG+Cikr1nnkG2on9
L8c8yiqry1ZTCmYMqCa2acTFqnyuXJ482aZNtB4QG2BpzfhW4k8YThpegk/EoRUi
m+y7buJDtoNf7YILlhDQXN8qlHB02DWOVUihph9tUIFsPK6BvTr9SIr/eG6j6k0b
fUo9pexOn7LS4SojoJmsm/5dp6AoKlac48cZU5zwR9AYcq/nvkrfmf2WkObg/xRd
EvKZzn05jRopmAIwmoC3CiLmqCHPmT5a29vEob/yPFE335k+ujjZCPOu7OwjzDk7
M0zMSfnNfDq8bXh16nn+ueBxJ0NzgD1oC6c2PhM+XRQCXChoyI8vbfp4dGvCvYqv
QAE1bWjqnumZ/7vUPgZN6gDfiAzG2mUxC2SeFBhacgzDvtQls+uuvm+FnQOUgg2H
h8x2zgoZ7kqV29wjaUPFREuew7e+Th5BxielnzOfVycVXeSuvvIn6cd3g/s8mX1c
2kLSXJR7+KdWDrIrR5Az0kwAqFZt6B6QTlDrPswu3mxsm5TzMbny0PsbL/HBM+GZ
EZCjMXxB8bqV2eSaktjnSlUNX1VXxyOxXA+ZG2jwpr51egi57riVRXokrQARAQAB
tDlFdGhlcmV1bSBGb3VuZGF0aW9uIFNlY3VyaXR5IFRlYW0gPHNlY3VyaXR5QGV0
aGVyZXVtLm9yZz6JAj4EEwECACgFAlgl3tgCGwMFCQHhM4AGCwkIBwMCBhUIAgkK
CwQWAgMBAh4BAheAAAoJEOiNMzT6X2oKmUMP/0hnaL6bVyepAq2LIdvIUbHfagt/
Oo/KVfZs4bkM+xJOitJR0kwZV9PTihXFdzhL/YNWc2+LtEBtKItqkJZKmWC0E6OP
XGVuU6hfFPebuzVccYJfm0Q3Ej19VJI9Uomf59Bpak8HYyEED7WVQjoYn7XVPson
wus/9+LDX+c5vutbrUdbjga3KjHbewD93X4OwVVoXyHEmU2Plyg8qvzFbNDylCWO
7N2McO6SN6+7DitGZGr2+jO+P2R4RT1cnl2V3IRVcWZ0OTspPSnRGVr2fFiHN/+v
8G/wHPLQcJZFvYPfUGNdcYbTmhWdiY0bEYXFiNrgzCCsyad7eKURWN9QmxqmyqLD
jUEDJCAh19ES6Vg3tqGwXk+uNUCoF30ga0TxQt6UXZJDEQFAGeASQ/RqE/q1EAuL
v8IGM8o7IqKO2pWfLuqsY6dTbKBwDzz9YOJt7EOGuPPQbHxaYStTushZmJnm7hi8
lhVGjT7qsEJdE95Il+I/mHWnXsCevaXjZugBiyV9yvOq4Hwwe2s1zKfrnQ4u0cad
vGAh2eIqum7MY3o6nD47aJ3YmEPX/WnhI56bACa2GmWvUwjI4c0/er3esSPYnuHn
M9L8Am4qQwMVSmyU80tCMI7A9e13Mvv+RRkYFLJ7PVPdNpbW5jqX1doklFpKf6/X
M+B+ngYneU+zgCUBtDRFdGhlcmV1bSBGb3VuZGF0aW9uIEJ1ZyBCb3VudHkgPGJv
dW50eUBldGhlcmV1bS5vcmc+iQI+BBMBAgAoBQJYJeE7AhsDBQkB4TOABgsJCAcD
AgYVCAIJCgsEFgIDAQIeAQIXgAAKCRDojTM0+l9qCs3/D/4iCne+1h026eKTDfIe
dh8mSbQyZowNQz2a2xpdU3rFv2fbk3ddrcZYKmZ2xthnzffi0j+hDj80er9sQjlY
UfkXVoWQySbkAlUu5SSKkK2YJnk2RtE8kD2XS41RQTq64VcGF/h127uNvSMx61EX
+SJ8kdUIKjl8hJQ2EuntvBxar2qANA1k1gw6jiz1ZflOX7nHiBNl13b9wBi3j2H/
CeTD6G4z4mbQaiOkuohDWNmJ9+ai1/msXgv4mEgh1bRbggiHW/0GEdWWVfD7P2iP
Q8Auy1PmHz8O4qgiKKsUngN6NTzkZHUooBIN47X0b+VKlaPWtKAW/Y3aAA7GrRf4
FtBO5raN1xjomkdHgfUknbDN8ewc+ANByBjWsaWaNUVqpTvdZXj+HNdz8eyEr+Th
l3y4PjPKm/qsWxndR6YrRovbNctWlXxI9ZDrWdLTfHrvlKYOVisDzQQ192q+yfTQ
lC4FUi/hO/RRvs18OtoMYkKy3ys5uMFP/S+cFZMEJ5tvYSydLaJK0gWRZ3P9Zezg
vhjOt7WInCpGOK6pqFlHmMeyMBR/ZrQ7b0dUcTvOUW0IWYs8KWaXaUZB9A6mbmSU
ZkWua+6z6pn2u3flSBYc9l7PKSTC1asU7CynC4JZo8O2jq2BtElnh+2K2l1hgzd0
pb0gYlcHCu0FCsyy76WnS8MX7LkCDQRYJd7YARAAm4Kuh0zeYBAYtJZA/zGnyJ5j
YvufVOYERmKpOOlpX0Y4R7nV4w6YA9JaJRm+IWKJ7ZDGikZQoNkb4I75N2b3tDyl
oysO4K/GAWvXzBWPAYQFyN9jnciPaxYcRGRX1gH8ClZk9fQXXgEERb3H3fvMPH9V
1XPs3XVCzCRQU6/sSg5SEVsE5HSz0Hlm46NHh5f4OLbi4i608VW549um3/tvtQ2z
P8OVWr8z65L4h6rynv0D/4GsuEA1YlrxYC2/dInXwByHbD4H5adFQ0ua1RxS+g+9
60kXSEaNyPHPJmKDY0keFw7r4DpAClvS0d6b6LhRx46eha9BnrEW6229hBuuoj7E
ffTEOxaiC/VTBz5tprUfl725ypB9q2MhKmjG0nZNvYxmqZAFpXuLCIUipO+PQOLR
pB5dPCmdjfaOhq31HoT/1dniS2qYdg4qBS9R8Ua8qysvNEECizCUXpMYoKvIK3lv
MQeM7n/TJLqLvkRzZqPD3mx4xbLS4oIg+v8z9nvuLVJq09PyUxjkoaBjJfEbdFUc
XTyJirp/uCzl23zsQKzkpGOot+foLIJJEstYEyRNAWN0vWrk+vmK4JWP01j0PSCc
VlTipU/t1iKecCbtmwSkONtFS6g2M5KFsrXpf2zNQAlLYqTIiFXlLNrhYkY6cwNV
stEByj03UrhpST0a33EAEQEAAYkCJQQYAQIADwUCWCXe2AIbDAUJAeEzgAAKCRDo
jTM0+l9qCk44D/9aIwlchsrxzC1IJ19M8K0eUNTOUShc+pB8Cozg1S0dyLKfCPd+
aE0Ldw2O8hQyOLdBqm2EUDLcXDRG+5momp4Strawl34T7Ovy9OIoIw3+Yk3Js2pl
zesZ4ecZM9OoWSSQjLruDLysQvTEBwlSgMI7MJf/R/SaiAVwGNxNpS6V+T/uYw2b
j8UvOqd/pOEa3afSkxl44rhJXjN8xpc+QS1snaqLznJOwtmioduxExaQ2GNM98kO
QLDycpNawK9MKx+vssJsFpc7kHsGr56y5ydjPIjBV6SIch3hCFP3+6PH/nUJO9q2
fQhs3XKooNs2vwUt82sGVoG79rwdnpTbCJZWC3Yq+OY8QTscdsrybxLruIJc+/Mu
KCUwkwGAGzJZXuYFXT5FXBsr71UvbYp50moiM7r1q2BylpZdbmD5tkNQg7NOj+SO
21BgF6YEC1If10ILsv9LFxlqltxUuScz/l4HEf+1AEr8AXR8pbmym3qhKQextbPp
vvAuu6jq3OxEL9yZstWAzpIRMjYoNa5o6ZS7oq97QtV/g+3R6Z+zSXu5zMBcdm9j
KTJCwPYzzwBj6f3pHLubMQnvhNCf+FBfvivgkVyMYLc1NlCX6fKfcfsoG8eah4p0
dLVUXSM792ZxrF638Z1n0jmgefNnFN1UTfSDcxx2sfBE2kFQ5xjubkGvhQ==
=gwRO
-----END PGP PUBLIC KEY BLOCK-----