Security issues

For any security related issues, follow responsible disclosure standards. Do not file public issues.

Please file a report at the Ethereum bug bounty program in order to receive a reward for your findings.

When in doubt, please send an encrypted email to [email protected] and ask (gpg key).

Security related issues are (sufficient but not necessary criteria):

Soundness of protocols (consensus model, p2p protocols): consensus liveness and integrity.
Errors and failures in the cryptographic primitives
RCE vulnerabilities
Any issues causing consensus splits from the rest of the network
Denial of service (DOS) vectors
Broken Access Control
Memory Errors
Security Misconfiguration
Vulnerable Dependencies
Authentication Failures
Data Integrity Failures
Logging and Monitoring Vulnerabilities