EF Blog

ETH top background starting image
ETH bottom background ending image
Skip to content

Jutta’s update on bug bounty program and security audit

Posted by Jutta Steiner on March 20, 2015

Jutta’s update on bug bounty program and security audit

Hi, Jutta writing again – I initially introduced myself when we started the bounty program earlier this year and I’m happy to provide you with an update on what’s happening on the security side prior and throughout launch.

We have had some high quality submissions by bounty hunters – kudos for the creative exploits sent along that the bugs made possible. The number of submissions recently rose. Hence we decided and are announcing that we will continue the bounty program at least throughout the Frontier phase of Ethereum’s launch plan – see Gav's and Vinay's respective blog posts.

Please go to our bounty website for more information on the bounty program and make sure check out our lead hunter’s repository here for helpful testing scripts before starting the hunt.

Not only do we rely on individual bug hunters and the community: together with EthDev’s  Gustav Simonsson, I had started the process of selecting professional security experts, academics and blockchain experts for our external security audits late last year. Gustav is now working with auditors and the Ethereum Go dev team to track all security issues tagged here and work out fixes for them. We want to keep good track of all issues and only close them once fully resolved and solutions sufficiently tested. Every bug we find is taken care of and will be fixed before Frontier release. Feel free to follow us on github if you want to keep an eye on the progress.

The first round of work from security auditors is finishing in a couple of weeks, and bug fixing is already well underway. Working through all issues will take the time it takes. It’s a security-driven not schedule-driven process, after all.

Subscribe to Protocol Announcements

Sign up to receive email notifications for protocol-related announcements, such as network upgrades, FAQs or security issues. You can opt-out of these at any time.