ETHEREUM Bounty Program

The Ethereum Bounty Program provides bounties for bugs. We call on our community and all bug bounty hunters to help identify bugs in the protocols and clients. Earn rewards for finding a vulnerability and get a place on our leaderboard. See Rules & Rewards section for details.

Leaderboard

1.
Sam Sun
samczsun
35000 pts
2.
Martin Holst Swende*
holiman
33500 pts
3.
ChainSecurity
chainsecurity
21000 pts
4.
Juno Im
junorouse
20500 pts
5.
Yoonho Kim (team Hithereum)
uknowy
20000 pts
6.
John Youngseok Yang (Software Platform Lab)
johnyangk
20000 pts
7.
Guido Vranken
guidovranken
18000 pts
8.
PeckShield
peckshield
17000 pts
9.
ItsUnixIKnowThis
itsunixiknowthis
15000 pts
10.
Bertrand Masius
catageek
15000 pts
11.
Tin
tintinweb
12500 pts
12.
Ralph Pichler
12500 pts
13.
Bob Conan
12000 pts
14.
Łukasz Matczak
lukaszmatczak
11000 pts
15.
Heilman/Marcus/Goldberg
10000 pts
16.
Jonas Nick
jonasnick
10000 pts
17.
Sebastian Henningsen
8000 pts
18.
Dominic Brütsch
7500 pts
19.
Harry Roberts
HarryR
5000 pts
20.
Peter Stöckli
p-
5000 pts
21.
Neville Grech
Dedaub
5000 pts
22.
John Toman
jtoman
5000 pts
23.
EthHead
EthHead
5000 pts
24.
Daniel Perez
danhper
2500 pts
25.
Yaron Velner
yaronvel
2000 pts
26.
Whit Jackson
whitj00
2000 pts
27.
Ming Chuan Lin
2000 pts
28.
Melonport team
melonport
2000 pts
29.
Maurelian
maurelian
2000 pts
30.
Christoph Jentzsch
CJentzsch
2000 pts
31.
DVP (dvpnet.io)
DVPNET
1200 pts
32.
Vasily Vasiliev
1000 pts
33.
talko
talko
1000 pts
34.
Steve Waldman
swaldman
1000 pts
35.
Panu Kekäläinen
ptk
1000 pts
36.
Josselin Feist
montyly
1000 pts
37.
henrit
henrit
1000 pts
38.
Marc Bartlett
BlameByte
1000 pts
39.
Barry Whitehat
1000 pts
40.
Lucas Ryan
badmofo
1000 pts
41.
Alex Groce
agroce
1000 pts
42.
Daniel Briskin
n0thingness
750 pts
43.
Daenam Kim
daenamkim
750 pts
44.
Myeongjae Lee
500 pts
45.
Marcin Noga (Cisco/Talos Security)
500 pts
46.
jazzybedi
500 pts
47.
Feeker - 360 ESG Codesafe Team
feeker
500 pts
48.
Jonathan Brown
ethernomad
500 pts
49.
David Murdoch
davidmurdoch
500 pts
50.
Alexander Wade
wadeAlexC
500 pts
51.
Luis Schliesske
gitpusha
200 pts

* No longer eligible for bounties, since October 2016. Martin now works for the Ethereum Foundation and, among other things, manages the bug bounty program.

News & Updates

  • 2021-11-01: We’re happy to announce that the inibitible Sam Sun has taken over the top spot in the bounty list! This time with two separate vulnerbilities, the details of which we cannot yet be made public. Congratulations, and a big Thank You! to Sam Sun!
  • 2021-09-07: We welcome Guido Vranken to the bounty-list. Guido has already reported several vulnerabilities in the ETH2 space, and also previously worked with the EF security team to do cross-client fuzzing. Guido enters with 18K points; 15K for this, and another 3K for issues found in py-evm.
  • 2021-07-13: In order to get more eyes on the changes coming in the London upgrade, all bounties for vulnerabilites related to London upgrade will be doubled, up until the upgrade happens. Examples of issues that would be eligible for a doubly are cross-client consensus issues between the following clients: Geth, Besu, Nethermind, OpenEthereum and Erigon.
  • 2021-07-12: We welcome Bob Conan to the bounty list. Team (?) Bob Conan identified a number of as of yet undisclosed issues with go-ethereum transaction pool internals.
  • 2021-04-09: John Toman (Certora) got another 1K points due to “ABIDecodeTwoDimensionalArrayMemory” security vulnerability that was fixed in Solidity version 0.8.4.
  • 2020-12-09: Welcome John Toman (Certora) to the bounty-list! John found the “empty bytearray copy bug” aswell as the “dynamic array cleanup bug” in Solidity, each worth 2K points. Also, Łukasz Matczak earned another 5K points for a DoS in the LES server, patched for v1.9.25.
  • 2020-10-05: We welcome John Youngseok Yang (Software Platform Lab) to the leaderboard. John reported two serious vulnerabilities related to geth, each of which scored 10K points. Congratulations and well done!
  • 2020-09-18: David Murdoch and Martin Ortner earned 500 points each. David found an RPC vulnerability in geth, and Martin found a remote DoS (instacrash) in the discovery implementation of Trinity.
  • 2020-08-26: Sam Sun managed to obtain another 2K points through a protocol-level vulnerability, the details of which needs to remain obscure for a while yet. Also, we welcome Luis Schliesske to the bountylist, with 200 points for findings concerning Solidity.
  • 2020-05-29: ItsUnixIKnowThis was awarded 10K for a Clef-related vulnerability, and 5K for a Geth-related vulnerabilty. Another 1K points were awarded Alex Groce, for several vulnerabilities reported to the Solidity team.
  • 2020-03-03: Sam Sun, the prolific bounty-hunter who has managed to find 0-days in both smart contracts and client implementations, earned another 10K bounty points for the ENS vulnerability which necessitated migrating all records to a new registrar. Congratulations Sam!
  • 2020-01-07: Towards the end of 2019, we paid out several bounties. ChainSecurity earned another 8500 points, for three separate reports; 1000 points for a slow execution on Geth, due to an unnecessary copying of data when CALL variants were made with with large calldata. They also earned 5000 points out of from the ‘pot’ of money allocated towards EIP reviews, with their help in assessing the security of EIp-1884; which also earned Neville Gretch (contract-library.com) 5000 points. And finally, together with Daniel Perez (split 50/50), they submitted a DoS vector for Geth/Parity which earned them 2500 points each. Congratulations to all new members on the top list, we’re looking forward to more high quality bounties during 2020!
  • 2019-10-16: Josselin Feist was awarded 1000 points for a Vyper vulnerability concerning function id collisions, reported in July 2019 (sorry about the delay!). Reminder: Vyper is still considered experimental!
  • 2019-09-30: Maurelian has been awarded 2000 points for a vulnerability concerining Vyper. Vyper did not propely handle the cases where two separate nonreentrant() decorators were specified. Reminder: Vyper is still considered experimental!
  • 2019-08-22: The Ethereum 2.0 Team has announced a bounty regarding Legendre PRF. Head over there to check the details!
  • 2019-07-30: Ming Chuan Lin reported about bugs in the encoding of Solidity storage arrays, earning 2000 points. Welcome to the list!
  • 2019-06-24: Sebastian Henningsen reported to us about a P2P eclipse attack, and earned 8K points for that. Well done!
  • 2019-05-03: Juno Im / Theori found a DoS vulnerability in the Geth p2p layer, and was awarded 10K points. Congratulations!
  • 2019-04-23: Sam Sun managed to find a severe vulnerability in the consensus area, and earned 10K points. Congratulations and welcome to the leaderboard! Also, The Melonport team (Travis Jacobs & Jenna Zenk) and the Melon Council (Nick Munoz-McDonald, Martin Lundfall, Matt di Ferrante & Adam Kolar) reported the Solidity ABIEncoderV2 bug which awarded them 2000 points.
  • 2019-03-09: Łukasz Matczak earned another 1000 on a peer-DoS through supplying malformed data, Myeongjae Lee earned 500 points by reporting a phisher-stash of stolen data.
  • 2019-03-02: Łukasz Matczak earned 5000 points through vulnerabilities in the p2p layers in Geth, which could lead to amplification attacks. ChainSecurity and Ralph Pichler have been awarded 25K points for the vulnerability report that caused postponing the Constantinople fork, which was properly submitted via the bounty program before released publically. The Ethereum Foundation has chosen to double that reward, and put another $25K to be used for future security audits of EIPs.
  • 2018-10-16: Peckshield has climbed higher on the leaderboard, with another 5K points for geth DoS vulnerabilities, and also identified Constantinople flaws (1200 points) which were submitted through the DVP vulnerability platform. Also, Feeker earned 500 points for a Geth DoS via RPC.
  • 2018-08-09: We have updated the scope of the bounty program, to be more explicit about what we are interested in – what is included in the scope and what is not.
  • 2018-08-02: PeckShield has been awarded 12000 points for three separate reports.
    • Geth DoS via discovery protocol (2000 points)
    • LES Server DoS via malicious query (5000 points)
    • LES Server DoS via AnnouceMsg (5000 points)
  • 2018-03-28: Several new entries on the leaderboard! Congratulations, and thanks!
    • First off, we have awarded 10 000 points to the researchers from Boston University: Sharon Goldberg, Yuval Marcus and Ethan Heilman, for their research about eclipse attacks on geth nodes. The fixes were included in 1.8.0.
    • Dominic Brütsch was awarded 7500 points for a vulnerability which could be used to trigger slow block processing in geth, which has been fixed in 1.8.3.
    • Two DoS vulnerabilities in geth RPC methods were reported by Vasily Vasiliev, awarded 500 points each.
    • We also awarded ‘jazzybedi’ with 500 points for alerting us about DNS rebind vulnerabiliites, which were also fixed in 1.8.0.
  • 2018-02-12: Barry Whitehat has been added to the leaderboard, for a discrepancy in how Geth vs Parity treated ‘future’ blocks. The discrepancy could potentially cause a mining minority be at a disadvantage. This has been fixed by aligning how Geth and Parity treats such blocks.
  • 2018-01-16: See the blog for a security announcement concerning the Mist Browser. The Mist browser is not considered production software, and we will not pay full rewards for upstream bugs.
  • 2017-12-13: Yoonho Kim, of team Hithereum, has scored another 5000 points; again for an RCE in Mist/Electron. Also, Peter Stöckli submitted a Mist-vulnerability which granted him 5000 points. Congratulations both! A very important reminder: the Mist browser is not secure for browsing the internet. Marcin Noga of Cisco/Talos security also submitted some issues to cpp-ethereum, which gained him 500 points.
  • 2017-11-28: Juno Im, has scored another 5000 points; again for an RCE in Mist/Electron.
  • 2017-10-09: Yoonho Kim, of team Hithereum, has scored 15000 points for a 0-day vulnerability (remote command execution) in Mist/Electron, which was subsequently patched upstream and made into the last Mist-release. Juno Im has been awarded another 500 points for a Geth access control issue.
  • 2017-09-19: In order to get some extra eyes on the Byzantium implementations, we’ve temporarily increased the rewards: Between now and the Byzantium mainnet hardfork, we will double the ratio of points-to-USD for any vulnerabilities affecting cross-client consensus or Geth denial-of-service. A ‘High’ can thus yield up to $30K USD, and ‘Critical’ up to $50K USD. All Byzantium functionality is considered in-scope, as if it was already enabled on the mainnet.
  • 2017-09-14: Harry Roberts has been awarded 5000 points for discovering a bug in how Solidity implemented ecrecover. See release notes for v0.4.14 for further details.
  • 2017-07-28: Juno Im has been awared 5000 points for a Mist-vulnerability regarding importing of maliciously crafted wallet-files.
  • 2017-05-31: Whit Jackson has been awarded 2000 points for hex-encoding ambiguities in EthereumJS, Christoph Jentzsch has been awarded 2000 points for the solidity optimizer bug, and ‘Tintin’ was awarded another 2000 points for a bug in a third-party component for CPP-ethereum.
  • 2017-05-02: Yaron Velner has been awarded 1000 points for an ENS-submission, where by ENS second price could be manipulated via replay, forcing winners to pay the full amount offered.
  • 2017-04-07: EthHead and Steve Waldman have been added to the leaderboard for their ENS findings. Bug 1 and bug 2
  • 2017-04-07: ENS is now officially included in the program.
  • 2016-12-01: Solidity is now officially included within the bug bounty program.
  • 2016-11-10 We’re please to have three new names on the leaderboard, Bertrand Masius (Solidity bug), tintinweb (Mist vulnerabilities) and Yaron Velner (EXP opcode mispriced).
  • 2016-07-15: The Ethereum hard fork code is in scope of the Ethereum bounty program. Please see the latest hard fork specification.
  • 2016-01-26: BTC RELAY is now in scope of the Ethereum bounty program. Please see BTC RELAY Bounty Program and BTC RELAY Spec for more info and exact scope.
  • 2015-09-02: With Martin (@mhswende) finding another consensus protocol bug in the Python client, he’s now climbed ahead of nickler and we have a new leader on the leaderboard! We’ve also clarified reference to the Python client and it’s scope within the bounty program (see link below in the references).
  • 2015-07-30: As we are launching Frontier, we will continue the bounty program throughout and at least until Homestead. One extension, and one change: From now on, core CPP libraries will be in scope as well. The genesis block inscription reward is altered to an entry in the namereg. Happy hunting!
  • 2015-06-11: As the Ethereum clients are becoming more stable and secure, we’re happy to announce Proof-of-Work (Ethash) and the Go P2P implementation are now also in scope and eligibile for rewards. The develop branch is the target.
  • 2015-03-19: The bounty program will remain running for at least the duration of the upcoming Ethereum frontier release. Please see the Ethereum blog for more information about Frontier!
  • 2015-02-27: These scripts by Jonas Nick can be helpful to build the Ethereum Go client and test it. Please see the bash scripts for build commands and the python script for a simple example of calling the JSON-RPC API. Please note the currently known issues
  • 2015-02-27: Another major vulnerability found by Jonas Nick. Awarded with 5 BTC, this exploit triggers a bug in the Ethereum VM to create ether out of thin air.
  • 2015-01-30: Friendly reminder: Ethereum websites are out of scope for the bounty program and not eligible for rewards. With that said, we are thankful for submissions relating to webpage security and will work to fix these issues.

RULES & REWARDS

Please have a look at the bullets below before starting your hunt!

  • Issues that have already been submitted by another user or are already known to the Ethereum team are not eligible for bounty rewards.
  • Public disclosure of a vulnerability makes it ineligible for a bounty.
  • You can start or fork a private chain for bug hunting. Please respect the Ethereum main and test networks and refrain from attacking them.
  • Ethereum’s core development team, employees and all other people paid by the Ethereum project, directly or indirectly, are not eligible for rewards.
  • Anyone who works with the codebase as a professional Ethereum developer is not eligible for rewards.
  • Ethereum websites or Ethereum Foundation infrastructure in general, are NOT part of the bounty program.
  • Ethereum bounty program considers a number of variables in determining rewards. Determinations of eligibility, score and all terms related to an award are at the sole and final discretion of the Ethereum Foundation bug bounty panel.

The value of rewards paid out will vary depending on Severity. The severity is calculated according to the OWASP risk rating model based on Impact and Likelihood :

severity

Reward sizes are guided by the rules below, but are in the end, determined at the sole discretion of the Ethereum Foundation bug bounty panel.

  • Critical: up to 25 000 points
  • High: up to 15 000 points
  • Medium: up to 10 000 points
  • Low: up to 2 000 points
  • Note: up to 500 points

1 point currently corresponds to 1 USD (payable in ETH or BTC), something which may change without prior notice.

OBS! Between 2017-09-19 and Byzantium hard-fork on Mainnet, each point corresponds to 2 USD for issues related to cross-client consensus or geth DoS vulnerabilities.

Beyond monetary rewards, every bounty is also eligible for listing on our leaderboard with points accumulating over the course of the program.

In addition to Severity, other variables are also considered when the Ethereum Foundation bug bounty panel decides the score, including (but not limited to):

  • Quality of description. Higher rewards are paid for clear, well-written submissions.
  • Quality of reproducibility. Please include test code, scripts and detailed instructions. The easier it is for us to reproduce and verify the vulnerability, the higher the reward. Please see the wiki and repos to learn more about our test suite in the official documentation.
  • Quality of fix, if included. Higher rewards are paid for submissions with clear description of how to fix the issue.

Important Legal Information

The bug bounty program is an experimental and discretionary rewards program for our active Ethereum community to encourage and reward those who are helping to improve the platform. It is not a competition. You should know that we can cancel the program at any time, and awards are at the sole discretion of Ethereum Foundation bug bounty panel. In addition, we are not able to issue awards to individuals who are on sanctions lists or who are in countries on sanctions lists (e.g. North Korea, Iran, etc). You are responsible for all taxes. All awards are subject to applicable law. Finally, your testing must not violate any law or compromise any data that is not yours.

BOUNTY SCOPE

Our bug bounty program spans end-to-end: from soundness of protocols (such as the blockchain consensus model, the wire and p2p protocols, proof of work, etc) and protocol/implementation compliance to network security and consensus integrity. Classical client security as well as security of cryptographic primitives are also part of the program. When in doubt, send an email to bounty@ethereum.org and ask us.

Below some guidance can be found on what we are typically interested in hearing about.

Geth security

Geth is an Ethereum client written in Go. Areas that typically are in scope are:

  • Consensus protocol compliance: are there any flaws that would make Geth deviate from consensus?
    • This are includes EVM operations, precompiles, block validation etc.
  • Account management flaws: flaws which would put end-user accounts at risk.
  • DoS issues: flaws that makes Geth crash or perform very slowly.
    • Includes suboptimal EVM operation, failure to handle attacks on the protocol stack

Some areas of Geth are ‘experimental’, and not yet enabled by default. Yes, these are also included, but the ‘Impact’ of issues in the areas below will be counted as low.

LES

The LES (light clients) parts of Geth are twofold: server and client. For LES, we are interested in

  • LES Server or Client: RCE-type of vulnerabilities
  • LES Server: DoS vulnerabilities

Py-evm/Trinity

Py-evm is a python implementation of the Ethereum Virtual Machine, and the basis for Trinity. The Trinity client is currently in an alpha release stage and is not suitable for mission critical production use cases. Both of these components are included in the bounty scope, but any issues reported will have a lowered Impact since there are already known issues and they are not considered production release.

Solidity language security

See Solidity SECURITY.MD for more details about what is included in this scope.

Solidity does not hold security guarantees regarding compilation of untrusted input – and we do not issue rewards for crashes of the solc compiler on maliciously generated data.

Out of scope

Whisper

Whisper is out of scope.

LLL language security

LLL is not included in the bug bounty.

Pyethereum/Pyethapp

Pyethereum is a legacy Ethereum implementation, and the basis for the Pyethapp python client implementation. Both of these are now deprecated, in favour of py-evm/Trinity, and not not in scope of the bounty program.

Vyper language security

The Vyper language is a new, experimental programming language for the EVM. It is still beta software, and as such is not expected to be bug-free, and is therefore not included in the bug bounty.

Swarm

Swarm used to be part of geth, but has since moved out to it’s own organization.

EthereumJ/Harmony

EthereumJ EthereumJ is a legacy pure-Java implementation of the Ethereum protocol, and the basis of Harmony, but is no longer actively maintained.

Aleth

Aleth is an implementation of an Ethereum node in C++. This client is not included, as the development has ceased and Aleth is not going to implement future forks.

ENS security

ENS is maintained by the ENS foundation, and is not part of the bounty scope.

Other clients/things

Clients not developed by the Ethereum Foundation would typically not be covered by the bounty program. For Parity, please visit their bounty program.

ERC20 contract bugs are typically not included in the bounty scope. However, we can help reach out to affected parties, such as authors or exchanges in such cases.

Ethereum.org infrastructure

Our infrastructure; such as webpages, dns, email etc, are not part of the bounty-scope.

FAQ

So, what should a good vulnerability submission look like?

Here is an example of a real issue which was previously present in the Go client:

Description: Remote Denial-of-service using non-validated blocks

Attack scenario: An attacker can send blocks that may require a high amount of computation (the maximum gasLimit) but has no proof-of-work. If the attacker sends blocks continuously, the attacker may force the victim node to 100% CPU utilization.

Impact: An attacker can abuse CPU utilization on remote nodes, possibly causing full DoS.

Components: Go client version v0.6.8

Reproduction: Send a block to a Go node that contains many txs but no valid PoW.

Details: Blocks are validated in the method Process(Block, dontReact). This method performs expensive CPU-intensive tasks, such as executing transactions (sm.ApplyDiff) and afterward it verifies the proof-of-work (sm.ValidateBlock()). This allows an attacker to send blocks that may require a high amount of computation (the maximum gasLimit) but has no proof-of-work. If the attacker sends blocks continuously, the attacker may force the victim node to 100% CPU utilization.

Fix: Invert the order of the checks.

So, the bug bounty program is time limited?

No end date is currently set. See the “News & Updates” section above, and the Ethereum blog for the latest news.

How are bounties paid out?

Rewards are paid out in ETH or BTC after the submission has been validated, usually a few days later. Local laws require us to ask for proof of your identity. In addition, we will need your ETH/BTC address.

Can I donate my reward to charity?

Yes. We can donate your reward to an established charitable organization of your choice.

I reported an issue / vulnerability but have not received a response!

We aim to respond to submissions as fast as possible. Feel free to email us if you have not received a response within a day or two.

I want to be anonymous / I do not want my name or nick on the leader board.

Submitting anonymously or with a pseudonym is OK, but will make you ineligible for BTC rewards. To be eligible for BTC rewards, we require your real name and a proof of your identity. Donating your bounty to a charity doesn’t require your identity.

Please let us know if you do not want your name/nick displayed on the leader board.

What are the points in the leaderboard?

Every found vulnerability / issue is assigned a score. Bounty hunters are ranked on our leaderboard by total points.

I have further questions.

Email us at bounty@ethereum.org.

Do you have a PGP key?

Please use AE96 ED96 9E47 9B00 84F3 E17F E88D 3334 FA5F 6A0A

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: SKS 1.1.6
Comment: Hostname: pgp.mit.edu

mQINBFgl3tgBEAC8A1tUBkD9YV+eLrOmtgy+/JS/H9RoZvkg3K1WZ8IYfj6iIRaYneAk3Bp1
82GUPVz/zhKr2g0tMXIScDR3EnaDsY+Qg+JqQl8NOG+Cikr1nnkG2on9L8c8yiqry1ZTCmYM
qCa2acTFqnyuXJ482aZNtB4QG2BpzfhW4k8YThpegk/EoRUim+y7buJDtoNf7YILlhDQXN8q
lHB02DWOVUihph9tUIFsPK6BvTr9SIr/eG6j6k0bfUo9pexOn7LS4SojoJmsm/5dp6AoKlac
48cZU5zwR9AYcq/nvkrfmf2WkObg/xRdEvKZzn05jRopmAIwmoC3CiLmqCHPmT5a29vEob/y
PFE335k+ujjZCPOu7OwjzDk7M0zMSfnNfDq8bXh16nn+ueBxJ0NzgD1oC6c2PhM+XRQCXCho
yI8vbfp4dGvCvYqvQAE1bWjqnumZ/7vUPgZN6gDfiAzG2mUxC2SeFBhacgzDvtQls+uuvm+F
nQOUgg2Hh8x2zgoZ7kqV29wjaUPFREuew7e+Th5BxielnzOfVycVXeSuvvIn6cd3g/s8mX1c
2kLSXJR7+KdWDrIrR5Az0kwAqFZt6B6QTlDrPswu3mxsm5TzMbny0PsbL/HBM+GZEZCjMXxB
8bqV2eSaktjnSlUNX1VXxyOxXA+ZG2jwpr51egi57riVRXokrQARAQABtDRFdGhlcmV1bSBG
b3VuZGF0aW9uIEJ1ZyBCb3VudHkgPGJvdW50eUBldGhlcmV1bS5vcmc+iQIcBBEBCAAGBQJa
FCY6AAoJEHoMA3Q0/nfveH8P+gJBPo9BXZL8isUfbUWjwLi81Yi70hZqIJUnz64SWTqBzg5b
mCZ69Ji5637THsxQetS2ARabz0DybQ779FhD/IWnqV9T3KuBM/9RzJtuhLzKCyMrAINPMo28
rKWdunHHarpuR4m3tL2zWJkle5QVYb+vkZXJJE98PJw+N4IYeKKeCs2ubeqZu636GA0sMzzB
Jn3m/dRRA2va+/zzbr6F6b51ynzbMxWKTsJnstjC8gs8EeI+Zcd6otSyelLtCUkk3h5sTvpV
Wv67BNSU0BYsMkxyFi9PUyy07Wixgeas89K5jG1oOtDva/FkpRHrTE/WA5OXDRcLrHJM+SwD
CwqcLQqJd09NxwUW1iKeBmPptTiOGu1Gv2o7aEyoaWrHRBO7JuYrQrj6q2B3H1Je0zjAd2qt
09ni2bLwLn4LA+VDpprNTO+eZDprv09s2oFSU6NwziHybovu0y7X4pADGkK2evOM7c86PohX
QRQ1M1T16xLj6wP8/Ykwl6v/LUk7iDPXP3GPILnh4YOkwBR3DsCOPn8098xy7FxEELmupRzt
Cj9oC7YAoweeShgUjBPzb+nGY1m6OcFfbUPBgFyMMfwF6joHbiVIO+39+Ut2g2ysZa7KF+yp
XqVDqyEkYXsOLb25OC7brt8IJEPgBPwcHK5GNag6RfLxnQV+iVZ9KNH1yQgSiQI+BBMBAgAo
AhsDBgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAUCWglh+gUJBaNgWAAKCRDojTM0+l9qCgQ2
D/4udJpV4zGIZW1yNaVvtd3vfKsTLi7GIRJLUBqVb2Yx/uhnN8jTl/tAhCVosCQ1pzvi9kMl
s8qO1vu2kw5EWFFkwK96roI8pTql3VIjwhRVQrCkR7oAk/eUd1U/nt2q6J4UTYeVgqbq4dsI
ZZTRyPJMD667YpuAIcaah+w9j/E5xksYQdMeprnDrQkkBCb4FIMqfDzBPKvEa8DcQr949K85
kxhr6LDq9i5l4Egxt2JdH8DaR4GLca6+oHy0MyPs/bZOsfmZUObfM2oZgPpqYM96JanhzO1j
dpnItyBii2pc+kNx5nMOf4eikE/MBv+WUJ0TttWzApGGmFUzDhtuEvRH9NBjtJ/pMrYspIGu
O/QNY5KKOKQTvVIlwGcm8dTsSkqtBDSUwZyWbfKfKOI1/RhM9dC3gj5/BOY57DYYV4rdTK01
ZtYjuhdfs2bhuP1uF/cgnSSZlv8azvf7Egh7tHPnYxvLjfq1bJAhCIX0hNg0a81/ndPAEFky
fSko+JPKvdSvsUcSi2QQ4U2HX//jNBjXRfG4F0utgbJnhXzEckz6gqt7wSDZH2oddVuO8Ssc
T7sK+CdXthSKnRyuI+sGUpG+6glpKWIfYkWFKNZWuQ+YUatY3QEDHXTIioycSmV8p4d/g/0S
V6TegidLxY8bXMkbqz+3n6FArRffv5MH7qt3cYkCPgQTAQIAKAUCWCXhOwIbAwUJAeEzgAYL
CQgHAwIGFQgCCQoLBBYCAwECHgECF4AACgkQ6I0zNPpfagrN/w/+Igp3vtYdNunikw3yHnYf
Jkm0MmaMDUM9mtsaXVN6xb9n25N3Xa3GWCpmdsbYZ8334tI/oQ4/NHq/bEI5WFH5F1aFkMkm
5AJVLuUkipCtmCZ5NkbRPJA9l0uNUUE6uuFXBhf4ddu7jb0jMetRF/kifJHVCCo5fISUNhLp
7bwcWq9qgDQNZNYMOo4s9WX5Tl+5x4gTZdd2/cAYt49h/wnkw+huM+Jm0GojpLqIQ1jZiffm
otf5rF4L+JhIIdW0W4IIh1v9BhHVllXw+z9oj0PALstT5h8/DuKoIiirFJ4DejU85GR1KKAS
DeO19G/lSpWj1rSgFv2N2gAOxq0X+BbQTua2jdcY6JpHR4H1JJ2wzfHsHPgDQcgY1rGlmjVF
aqU73WV4/hzXc/HshK/k4Zd8uD4zypv6rFsZ3UemK0aL2zXLVpV8SPWQ61nS03x675SmDlYr
A80ENfdqvsn00JQuBVIv4Tv0Ub7NfDraDGJCst8rObjBT/0vnBWTBCebb2EsnS2iStIFkWdz
/WXs4L4Yzre1iJwqRjiuqahZR5jHsjAUf2a0O29HVHE7zlFtCFmLPClml2lGQfQOpm5klGZF
rmvus+qZ9rt35UgWHPZezykkwtWrFOwspwuCWaPDto6tgbRJZ4ftitpdYYM3dKW9IGJXBwrt
BQrMsu+lp0vDF+yJAlUEEwEIAD8CGwMGCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheAFiEErpbt
lp5HmwCE8+F/6I0zNPpfagoFAmEAEJwFCQycmLgACgkQ6I0zNPpfagpWoBAAhOcbMAUw6Zt0
GYzT3sR5/c0iatezPzXEXJf9ebzR8M5uPElXcxcnMx1dvXZmGPXPJKCPa99WCu1NZYy8F+Wj
GTOY9tfIkvSxhys1p/giPAmvid6uQmD+bz7ivktnyzCkDWfMA+l8lsCSEqVlaq6y5T+a6SWB
6TzC2S0MPb/RrC/7DpwyrNYWumvyVJh09adm1Mw/UGgst/sZ8eMaRYEd3X0yyT1CBpX4zp2E
qQj9IEOTizvzv1x2jkHe5ZUeU3+nTBNlhSA+WFHUi0pfBdo2qog3Mv2EC1P2qMKoSdD5tPbA
zql1yKoHHnXOMsqdftGwbiv2sYXWvrYvmaCd3Ys/viOyt3HOy9uV2ZEtBd9Yqo9x/NZj8QMA
nY5k8jjrIXbUC89MqrJsQ6xxWQIg5ikMT7DvY0Ln89ev4oJyVvwIQAwCm4jUzFNm9bZLYDOP
5lGJCV7tF5NYVU7NxNM8vescKc40mVNK/pygS5mxhK9QYOUjZsIv8gddrl1TkqrFMuxFnTyN
WvzE29wFu/n4N1DkF+ZBqS70SlRvB+Hjz5LrDgEzF1Wf1eA/wq1dZbvMjjDVIc2VGlYp8Cp2
8ob23c1seTtYXTNYgSR5go4EpH+xi+bIWv01bQQ9xGwBbT5sm4WUeWOcmX4QewzLZ3T/wK9+
N4Ye/hmU9O34FwWJOY58EIe0OUV0aGVyZXVtIEZvdW5kYXRpb24gU2VjdXJpdHkgVGVhbSA8
c2VjdXJpdHlAZXRoZXJldW0ub3JnPokCHAQRAQgABgUCWhQmOgAKCRB6DAN0NP5372LSEACT
wZk1TASWZj5QF7rmkIM1GEyBxLE+PundNcMgM9Ktj1315ED8SmiukNI4knVS1MY99OIgXhQl
D1foF2GKdTomrwwC4012zTNyUYCY60LnPZ6Z511HG+rZgZtZrbkz0IiUpwAlhGQND77lBqem
J3K+CFX2XpDA/ojui/kqrY4cwMT5P8xPJkwgpRgw/jgdcZyJTsXdHblV9IGU4H1Vd1SgcfAf
Db3YxDUlBtzlp0NkZqxen8irLIXUQvsfuIfRUbUSkWoK/n3U/gOCajAe8ZNF07iX4OWjH4Sw
NDA841WhFWcGE+d8+pfMVfPASU3UPKH72uw86b2VgR46Av6voyMFd1pj+yCA+YAhJuOpV4yL
QaGg2Z0kVOjuNWK/kBzp1F58DWGh4YBatbhE/UyQOqAAtR7lNf0M3QF9AdrHTxX8oZeqVW3V
Fmi2mk0NwCIUv8SSrZr1dTchp04OtyXe5gZBXSfzncCSRQIUDC8OgNWaOzAaUmK299v4bvye
uSCxOysxC7Q1hZtjzFPKdljS81mRlYeUL4fHlJU9R57bg8mriSXLmn7eKrSEDm/EG5T8nRx7
TgX2MqJs8sWFxD2+bboVEu75yuFmZ//nmCBApAit9Hr2/sCshGIEpa9MQ6xJCYUxyqeJH+Cc
Aja0UfXhnK2uvPClpJLIl4RE3gm4OXeE1IkCPgQTAQIAKAIbAwYLCQgHAwIGFQgCCQoLBBYC
AwECHgECF4AFAloJYfoFCQWjYFgACgkQ6I0zNPpfagr4MQ//cfp3GSbSG8dkqgctW67Fy7cQ
diiTmx3cwxY+tlI3yrNmdjtrIQMzGdqtY6LNz7aN87F8mXNf+DyVHX9+wd1Y8U+E+hVCTzKC
sefUfxTz6unD9TTcGqaoelgIPMn4IiKz1RZE6eKpfDWe6q78W1Y6x1bE0qGNSjqT/QSxpezF
E/OAm/t8RRxVxDtqz8LfH2zLea5zaC+ADj8EqgY9vX9TQa4DyVV8MgOyECCCadJQCD5O5hIA
B2gVDWwrAUw+KBwskXZ7Iq4reJTKLEmt5z9zgtJ/fABwaCFt66ojwg0/RjbO9cNA3ZwHLGwU
C6hkb6bRzIoZoMfYxVS84opiqf/Teq+t/XkBYCxbSXTJDA5MKjcVuw3N6YKWbkGP/EfQThe7
BfAKFwwIw5YmsWjHK8IQj6R6hBxzTz9rz8y1Lu8EAAFfA7OJKaboI2qbOlauH98OuOUmVtr1
TczHO+pTcgWVN0ytq2/pX5KBf4vbmULNbg3HFRq+gHx8CW+jyXGkcqjbgU/5FwtDxeqRTdGJ
SyBGNBEU6pBNolyynyaKaaJjJ/biY27pvjymL5rlz95BH3Dn16Z4RRmqwlT6eq/wFYginujg
CCE1icqOSE+Vjl7V8tV8AcgANkXKdbBE+Q8wlKsGI/kS1w4XFAYcaNHFT8qNeS8TSFXFhvU8
HylYxO79t56JAj4EEwECACgFAlgl3tgCGwMFCQHhM4AGCwkIBwMCBhUIAgkKCwQWAgMBAh4B
AheAAAoJEOiNMzT6X2oKmUMP/0hnaL6bVyepAq2LIdvIUbHfagt/Oo/KVfZs4bkM+xJOitJR
0kwZV9PTihXFdzhL/YNWc2+LtEBtKItqkJZKmWC0E6OPXGVuU6hfFPebuzVccYJfm0Q3Ej19
VJI9Uomf59Bpak8HYyEED7WVQjoYn7XVPsonwus/9+LDX+c5vutbrUdbjga3KjHbewD93X4O
wVVoXyHEmU2Plyg8qvzFbNDylCWO7N2McO6SN6+7DitGZGr2+jO+P2R4RT1cnl2V3IRVcWZ0
OTspPSnRGVr2fFiHN/+v8G/wHPLQcJZFvYPfUGNdcYbTmhWdiY0bEYXFiNrgzCCsyad7eKUR
WN9QmxqmyqLDjUEDJCAh19ES6Vg3tqGwXk+uNUCoF30ga0TxQt6UXZJDEQFAGeASQ/RqE/q1
EAuLv8IGM8o7IqKO2pWfLuqsY6dTbKBwDzz9YOJt7EOGuPPQbHxaYStTushZmJnm7hi8lhVG
jT7qsEJdE95Il+I/mHWnXsCevaXjZugBiyV9yvOq4Hwwe2s1zKfrnQ4u0cadvGAh2eIqum7M
Y3o6nD47aJ3YmEPX/WnhI56bACa2GmWvUwjI4c0/er3esSPYnuHnM9L8Am4qQwMVSmyU80tC
MI7A9e13Mvv+RRkYFLJ7PVPdNpbW5jqX1doklFpKf6/XM+B+ngYneU+zgCUBiQJVBBMBCAA/
AhsDBgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgBYhBK6W7ZaeR5sAhPPhf+iNMzT6X2oKBQJh
ABCQBQkMnJi4AAoJEOiNMzT6X2oKAv0P+gJ3twBp5efNWyVLcIg4h4cOo9uD0NPvz8/fm2gX
FoOJL3MeigtPuSVfE9kuTaTuRbArzuFtdvH6G/kcRQvOlO4zyiIRHCk1gDHoIvvtn6RbRhVm
/Xo4uGIsFHst7n4A7BjicwEK5Op6Ih5Hoq19xz83YSBgBVk2fYEJIRyJiKFbyPjH0eSYe8v+
Ra5/F85ugLx1P6mMVkW+WPzULns89riW7BGTnZmXFHZp8nO2pkUlcI7F3KRG7l4kmlC50ox6
DiG/6AJCVulbAClky9C68TmJ/R1RazQxU/9IqVywsydq66tbJQbm5Z7GEti0C5jjbSRJL2oT
1xC7Rilr85PMREkPL3vegJdgj5PKlffZ/MocD/0EohiQ7wFpejFD4iTljeh0exRUwCRb6655
9ib34JSQgU8Hl4JJu+mEgd9v0ZHD0/1mMD6fnAR84zca+O3cdASbnQmzTOKcGzLIrkE8TEnU
+2UZ8Ol7SAAqmBgzY1gKOilUho6dkyCAwNL+QDpvrITDPLEFPsjyB/M2KudZSVEn+Rletju1
qkMW31qFMNlsbwzMZw+0USeGcs31Cs0B2/WQsro99CExlhS9auUFkmoVjJmYVTIYOM0zuPa4
OyGspqPhRu5hEsmMDPDWD7Aad5k4GTqogQNnuKyRliZjXXrDZqFD5nfsJSL8Ky/sJGEMuQIN
BFgl3tgBEACbgq6HTN5gEBi0lkD/MafInmNi+59U5gRGYqk46WlfRjhHudXjDpgD0lolGb4h
YontkMaKRlCg2Rvgjvk3Zve0PKWjKw7gr8YBa9fMFY8BhAXI32OdyI9rFhxEZFfWAfwKVmT1
9BdeAQRFvcfd+8w8f1XVc+zddULMJFBTr+xKDlIRWwTkdLPQeWbjo0eHl/g4tuLiLrTxVbnj
26bf+2+1DbM/w5VavzPrkviHqvKe/QP/gay4QDViWvFgLb90idfAHIdsPgflp0VDS5rVHFL6
D73rSRdIRo3I8c8mYoNjSR4XDuvgOkAKW9LR3pvouFHHjp6Fr0GesRbrbb2EG66iPsR99MQ7
FqIL9VMHPm2mtR+XvbnKkH2rYyEqaMbSdk29jGapkAWle4sIhSKk749A4tGkHl08KZ2N9o6G
rfUehP/V2eJLaph2DioFL1HxRryrKy80QQKLMJRekxigq8greW8xB4zuf9Mkuou+RHNmo8Pe
bHjFstLigiD6/zP2e+4tUmrT0/JTGOShoGMl8Rt0VRxdPImKun+4LOXbfOxArOSkY6i35+gs
gkkSy1gTJE0BY3S9auT6+YrglY/TWPQ9IJxWVOKlT+3WIp5wJu2bBKQ420VLqDYzkoWytel/
bM1ACUtipMiIVeUs2uFiRjpzA1Wy0QHKPTdSuGlJPRrfcQARAQABiQIlBBgBAgAPAhsMBQJa
CWIIBQkFo2BYAAoJEOiNMzT6X2oKgSwQAKKs7BGF8TyZeIEO2EUK7R2bdQDCdSGZY06tqLFg
3IHMGxDMb/7FVoa2AEsFgv6xpoebxBB5zkhUk7lslgxvKiSLYjxfNjTBltfiFJ+eQnf+OTs8
KeR51lLa66rvIH2qUzkNDCCTF45H4wIDpV05AXhBjKYkrDCrtey1rQyFp5fxI+0IQ1UKKXvz
ZK4GdxhxDbOUSd38MYy93nqcmclGSGK/gF8XiyuVjeifDCM6+T1NQTX0K9lneidcqtBDvlgg
JTLJtQPO33o5EHzXSiud+dKth1uUhZOFEaYRZoye1YE3yB0TNOOE8fXlvu8iuIAMBSDL9ep6
sEIaXYwoD60I2gHdWD0lkP0DOjGQpi4ouXM3Edsd5MTi0MDRNTij431kn8T/D0LCgmoUmYYM
BgbwFhXr67axPZlKjrqR0z3F/Elv0ZPPcVg1tNznsALYQ9Ovl6b5M3cJ5GapbbvNWC7yEE1q
Scl9HiMxjt/H6aPastH63/7wcN0TslW+zRBy05VNJvpWGStQXcngsSUeJtI1Gd992YNjUJq4
/Lih6Z1TlwcFVap+cTcDptoUvXYGg/9mRNNPZwErSfIJ0Ibnx9wPVuRN6NiCLOt2mtKp2F1p
M6AOQPpZ85vEh6I8i6OaO0w/Z0UHBwvpY6jDUliaROsWUQsqz78Z34CVj4cy6vPW2EF4iQIl
BBgBAgAPBQJYJd7YAhsMBQkB4TOAAAoJEOiNMzT6X2oKTjgP/1ojCVyGyvHMLUgnX0zwrR5Q
1M5RKFz6kHwKjODVLR3Isp8I935oTQt3DY7yFDI4t0GqbYRQMtxcNEb7maianhK2trCXfhPs
6/L04igjDf5iTcmzamXN6xnh5xkz06hZJJCMuu4MvKxC9MQHCVKAwjswl/9H9JqIBXAY3E2l
LpX5P+5jDZuPxS86p3+k4Rrdp9KTGXjiuEleM3zGlz5BLWydqovOck7C2aKh27ETFpDYY0z3
yQ5AsPJyk1rAr0wrH6+ywmwWlzuQewavnrLnJ2M8iMFXpIhyHeEIU/f7o8f+dQk72rZ9CGzd
cqig2za/BS3zawZWgbv2vB2elNsIllYLdir45jxBOxx2yvJvEuu4glz78y4oJTCTAYAbMlle
5gVdPkVcGyvvVS9tinnSaiIzuvWrYHKWll1uYPm2Q1CDs06P5I7bUGAXpgQLUh/XQguy/0sX
GWqW3FS5JzP+XgcR/7UASvwBdHylubKbeqEpB7G1s+m+8C67qOrc7EQv3Jmy1YDOkhEyNig1
rmjplLuir3tC1X+D7dHpn7NJe7nMwFx2b2MpMkLA9jPPAGPp/ekcu5sxCe+E0J/4UF++K+CR
XIxgtzU2UJfp8p9x+ygbx5qHinR0tVRdIzv3ZnGsXrfxnWfSOaB582cU3VRN9INzHHax8ETa
QVDnGO5uQa+FiQI8BBgBCAAmAhsMFiEErpbtlp5HmwCE8+F/6I0zNPpfagoFAmEAELYFCQyc
mN4ACgkQ6I0zNPpfagoqAQ/+MnDjBx8JWMd/XjeFoYKx/Oo0ntkInV+ME61JTBls4PdVk+TB
8PWZdPQHw9SnTvRmykFeznXIRzuxkowjrZYXdPXBxY2b1WyD5V3Ati1TM9vqpaR4osyPs2xy
I4dzDssh9YvUsIRL99O04/65lGiYeBNuACq+yK/7nD/ErzBkDYJHhMCdadbVWUACxvVIDvro
yQeVLKMsHqMCd8BTGD7VDs79NXskPnN77pAFnkzS4Z2b8SNzrlgTc5pUiuZHIXPIpEYmsYzh
ucTU6uI3dN1PbSFHK5tG2pHb4ZrPxY3L20Dgc2Tfu5/SDApZzwvvKTqjdO891MEJ++H+ssOz
i4O1UeWKs9owWttan9+PI47ozBSKOTxmMqLSQ0f56Np9FJsV0ilGxRKfjhzJ4KniOMUBA7mP
+m+TmXfVtthJred4sHlJMTJNpt+sCcT6wLMmyc3keIEAu33gsJj3LTpkEA2q+V+ZiP6Q8HRB
402ITklABSArrPSE/fQU9L8hZ5qmy0Z96z0iyILgVMLuRCCfQOMWhwl8yQWIIaf1yPI07xur
epy6lH7HmxjjOR7eo0DaSxQGQpThAtFGwkWkFh8yki8j3E42kkrxvEyyYZDXn2YcI3bpqhJx
PtwCMZUJ3kc/skOrs6bOI19iBNaEoNX5Dllm7UHjOgWNDQkcCuOCxucKano=
=arte
-----END PGP PUBLIC KEY BLOCK------