For any security related issues, follow responsible disclosure standards. Do not file public issues.
Please file a report at the ethereum bug bounty program in order to receive a reward for your findings.
Security related issues are (sufficient but not necessary criteria):
- Soundness of protocols (consensus model, p2p protocols): consensus liveness and integrity.
- Errors and failures in the cryptographic primitives
- RCE vulnerabilities
- Any issues causing consensus splits from the rest of the network
- Denial of service (DOS) vectors
- Broken Access Control
- Memory Errors
- Security Misconfiguration
- Vulnerable Dependencies
- Authentication Failures
- Data Integrity Failures
- Logging and Monitoring Vulnerabilities