Skip to content

Security issues

For any security related issues, follow responsible disclosure standards. Do not file public issues.

Please file a report at the Ethereum bug bounty program in order to receive a reward for your findings.

When in doubt, please send an encrypted email to [email protected] and ask (gpg key).

Security related issues are (sufficient but not necessary criteria):

  • Soundness of protocols (consensus model, p2p protocols): consensus liveness and integrity.
  • Errors and failures in the cryptographic primitives
  • RCE vulnerabilities
  • Any issues causing consensus splits from the rest of the network
  • Denial of service (DOS) vectors
  • Broken Access Control
  • Memory Errors
  • Security Misconfiguration
  • Vulnerable Dependencies
  • Authentication Failures
  • Data Integrity Failures
  • Logging and Monitoring Vulnerabilities