Security

Today, we are excited to announce the start of the Fusaka audit contest, co-sponsored by Gnosis and Lido, hosted on Sherlock, and running for four weeks from September 15th. The goal is simple: maximize scrutiny of the Fusaka upgrade and surface vulnerabilities before they can impact the network. To raise the stakes, valid findings reported in the first week have a 2x multiplier applied to their points rewarded, and those in the second week have a 1.5x multiplier. To help security researchers, we’ve prepared a Fusaka auditor guide.

Since announcing the Trillion Dollar Security project, we have surveyed the ecosystem to understand which improvements are highest priority to every layer of the Ethereum stack and community. Now it is time to begin the next phase of this initiative: acting on the highest priority issues we face. For this first wave of actions, we will mostly focus on UX issues. Our research showed these to be the most urgent issues facing both individual and institutional users of Ethereum and Ethereum-based applications. During this first wave we will kick off a range of work targeting crucial areas in UX security. The work we begin today is a combination of high leverage short-term actions and long-term projects that we expect will continue for years. We intend to regularly

Ethereum is the most secure blockchain ecosystem. This is the result of 10 years of progress and iteration across every level of Ethereum’s technology stack, from wallet UX to developer tooling to consensus protocol security. But being the most secure platform in the crypto ecosystem isn’t enough. Ethereum’s ambition is far greater: to be civilization-scale infrastructure that securely underpins the internet and global economy, surpassing the safety and trustworthiness of the world’s legacy systems. Today we are announcing the Trillion Dollar Security initiative, an ecosystem-wide effort to upgrade Ethereum’s security to help bring the world onchain. Reaching “Trillion Dollar security” means a world where: Billions of individuals are each comfortable storing more than $1000 onchain, collectively amounting to trillions of dollars secured on Ethereum. Companies, institutions or governments

Thanks to Marius Van Der Wijden for creating the test case and statetest, and for helping the Besu team confirm the issue. Also, kudos to the Besu team, the EF security team, and Kevaundray Wedderburn. Additionally, thanks to Yuxiang Qiu, Justin Traglia, Marius Van Der Wijden, Benedikt Wagner, and Kevaundray Wedderburn for proofreading. If you have any other questions/comments, find me on twitter at @asanso tl;dr: Besu Ethereum execution client version 25.2.2 suffered from a consensus issue related to the EIP-196/EIP-197 precompiled contract handling for the elliptic curve alt_bn128 (a.k.a. bn254). The issue was fixed in release 25.3.0. Here is the full CVE report. N.B.: Part of this post requires some knowledge about elliptic curves (cryptography).

The security of the Ethereum protocol is continually being improved, and one recent effort is the external security review of the Pectra System Contracts. The results of this review can be found in the audits repository, and the TL;DR is that all discovered issues deemed relevant or important from these reviews have been addressed.

Today, we're excited to announce the Pectra Audit Competition, kicking off on Cantina! This month-long event will run from February 21 to March 24, and we're excited to see what issues the security community can find.

The Protocol Security Research Team and the Ecosystem Funding Initiative at the Ethereum Foundation are pleased to announce the launch of the first Ethereum protocol Attackathon with a reward pool of $1,500,000, hosted by Immunefi. The attackathon runs between November 25th and January 20th and aims to enhance the security of the Ethereum protocol through a large-scale crowdsourced security audit competition. We invite the entire Ethereum community — from auditing firms to individual security researchers — to participate in this important event to help secure the Ethereum Protocol. You can get started on your journey into understanding the Ethereum Protocol via live and pre-recorded technical walkthroughs through the Academy. The Attackathon is co-sponsored by: Bybit Wormhole Arbitrum The Graph GMX Base

The Ethereum Protocol Security (EPS) Research Team is pleased to announce the launch of the first Ethereum protocol Attackathon, hosted by Immunefi. This four-week event aims to enhance the security of the Ethereum protocol through a large-scale crowdsourced security audit competition. Our goal is to raise over 2 million USD for the reward pool, the EF has seeded the pool with an initial 500,000 USD.