The “Attackathon” runs four weeks, with participants actively finding Ethereum protocol flaws; only impactful, compliant reports get rewards.
Ethereum Launches $2M ‘Attackathon’ for Code Security Audit
Ethereum plans to launch its inaugural “Attackathon,” offering a $2 million reward pool to encourage security researchers to conduct a large-scale crowdsourced security audit of its codebase.
The Ethereum Protocol Security (EPS) research team announced the event in a blog post on July 8. The “Attackathon” will last four weeks, during which participants will actively search for flaws in Ethereum’s protocol code. Only impactful and rule-compliant reports will receive rewards.
The event kicks off with a technical walkthrough of the blockchain’s code, helping participants identify and understand potential vulnerabilities. After the event, the bug bounty platform Immunefi will compile a report detailing the discovered vulnerabilities.
EPS has contributed $500,000 to the prize pool and is seeking sponsors to raise an additional $1.5 million by August 1, when more details will be shared. The EPS team plans to host similar hackathons for every hard fork to cover changes to the codebase.
Ethereum’s upcoming “Pectra” hard fork, expected to go live late this year or early next, combines the “Prague” and “Electra” upgrades. Key updates include a “social recovery” feature that could eliminate the need for the traditional 24-word private wallet key, giving wallets smart contract-like features.
In the tech world, hackathons are commonplace, with the crypto industry hosting frequent events, alongside ongoing bug bounties incentivizing hackers to disclose exploits rather than exploit them maliciously, with LayerZero offering the highest reward of $15 million on Immunefi’s site.
Ethereum’s “Attackathon” is set to boost the blockchain’s security by leveraging the expertise of the global security research community.