The Ethereum Foundation estimates that finding “critical bugs,” or those that could potentially have a significant negative impact on the blockchain, could be valued up to $1 million.
The Ethereum Foundation stated it would quadruple the network’s bug bounty awards before the largest smart contracts blockchain platform switches to proof-of-stake.
The Ethereum Foundation announced in a blog post on Wednesday that from August 24 to September 8, all “Merge-related bounties for vulnerabilities” will be tripled for white hat network testers. Finding “critical bugs,” or flaws with a high possibility of having a large impact on the blockchain, will reportedly be worth up to $1 million, according to the foundation. Additionally, submissions for low, medium, and high-risk bugs are accepted under the reward program.
The Merge is anticipated to occur between September 10 and 20. The Ethereum Network “must first be activated on the Beacon Chain with the Bellatrix upgrade,” according to the Ethereum Foundation, as part of the switch to proof-of-stake. When the Total Terminal Difficulty, or TTD, the difficulty of the last mined block, triggers the end of proof-of-work and the beginning of proof-of-stake, Core developers previously revealed a potential Merge date of Sept. 15.
“The incremental difficulty added per block is dependent on the network hash rate, which is volatile,” said the foundation. “If more hash rate joins the network, TTD will be reached sooner. Similarly, if hash rate leaves the network, TTD will be reached later.”
The foundation said that, other than “to be on the lookout for frauds,” Ether (ETH) owners and users did not generally need to take any action prior to the Merge. Stakeholders and node operators will both need to run an execution layer client, with the latter doing so with a consensus layer client after the changeover, which will make mining impossible.
To encourage white hats to try and take advantage of any potential vulnerabilities in the clients, the Ethereum Foundation stated in July 2020 that it had opened public “attack networks” for Ethereum 2.0 and was paying a $5,000 bounty at the moment. However, a flaw in older versions of one of Ethereum’s software clients, Geth, led to the split of more than half of the network’s nodes in August 2021. The most recent Geth build will be needed as an execution client for The Merge.
Other projects, like Sky Mavis did in April 2022 after a $600-million hack on the Ronin Network, have given bug bounties of up to $1 million or more in an effort to find exploits that may lead to theft or the risk of losing millions. The Ethereum scaling and bridging solution Aurora awarded a $6 million prize in June to a white hat hacker who found a serious flaw.
Cointelegraph was used as a source for this article.