With the much-anticipated Shapella upgrade just around the corner, the Ethereum Foundation has increased the bug bounty.
According to the latest developers’ call, the reward was updated as part of the last-minute testing efforts.
In the 105th All Core Developers Consensus (ACDC) call, Security Researcher at the Ethereum Foundation – Fredrik Svantes – revealed that the maximum bug bounty for identifying a vulnerability in the Shanghai/Capella upgrade has been doubled from $250,000 to $500,000 between now and the time of the fork.
This isn’t the first time the organization has ramped up its bug bounty program. The Ethereum Foundation announced increasing the payouts fourfold ahead of the blockchain’s transition to proof-of-stake for all “Merge-related bounties for vulnerabilities” for white hats testing the network.
The bug bounty program offers financial compensation to individuals or groups who find security flaws or vulnerabilities in an organization’s systems. In the case of Ethereum, the rewards depend on severity which is calculated according to the OWASP risk rating model based on impact on the network as well as likelihood.
Its bug bounty program includes soundness of protocols (the blockchain consensus model, the wire and peer-to-peer protocols, proof of stake, etc.) and protocol/implementation compliance to network security and consensus integrity. It further includes classical client security and security of cryptographic primitives.
On the other hand, targets such as infrastructure (including webpages, DNS, email, etc,), as well as ERC20 contract bugs, are not part of the bounty scope.
Ethereum’s Shapella Upgrade
The final dress rehearsal for the Shapella upgrade was executed on March 14th on the Goerli test network, setting the stage for staked ETH withdrawals to activate on the mainnet.
The Goerli testnet initially experienced low network participation after its upgrade. During this time, less than two-thirds of validators had upgraded their software clients in time, while a majority of testnet validators updated their nodes following the update. Shapella finalized the very next day, enabling the Goerli users to fully or partially withdraw staked ETH from the testnet’s Beacon Chain.
The preparation of the upgrade – which is also referred to as Shanghai-Capella – is in full swing and is scheduled to go live on April 12th at block number 6,209,536. While the main focus centers around Ethereum Improvement Proposal-4895, it will also encompass other improvements that aim to optimize gas costs for certain activities.
Furthermore, the developers encouraged all the node operators on the Ethereum network to upgrade their nodes in advance of the upgrade.