TLDR Breakdown
- Payouts available for hackers who point out critical vulnerabilities
- Ethereum supports smart contracts
- Developers debate disclosure protocols
Ethereum Bounty Program and payouts
Payouts of up to $50,000 have been offered for hackers who can bring attention to vulnerabilities that could break the chain and affect the protocol, and its clients: Lighthouse, Prysm and Teku. Under the Bounty Program, bounties will be presented for bugs identified in the protocol and clients.
The protocol has a clear goal – to deliver stable protocols and secure software upon release.
Hackers who identify these vulnerabilities will have a place on the leader board as well as a personal entry in the Genesis block . If a fault is identified, it could damage the reputation of the smart contracting platform, as well as calling into question the need of transiting to a new consensus algorithm.
The announcement has been made two weeks before Ethereum makes its transition to a Proof-of-Stake consensus algorithm,moving forward from the current Proof-of-Work consensus algorithm. As a result, validators will replace miners once the Proof-of-Work machine is powered off in 2021 during Phase 1.5. To qualify as a validator, you need to stake 32 ETH.
The goal is to secure maximum decentralization. A vital facet in the blockchain is complete decentralization, which in turn brings in resilience.
Ethereum supports smart contracts
There are many business advantages to using a smart contract, including trust, transparency, security, autonomy and accuracy.
A smart contract is a self-executing contract with the terms of the agreement between buyer and seller being directly written into lines of code. The code, and the agreements contained therein, exist across a distributed and decentralized blockchain network.
If implemented correctly, smart contracts provide transaction security superior to traditional contract law, reducing coordination costs of auditing and enforcement of such agreements.
The smart contract runs on the blockchain, which means that it is stored on a public database and can not be changed. The transactions that take place in a smart contract are processed by the blockchain, which means that they can be sent without a third party.
The logic inside of a smart contract will determine if a transaction is valid or not. An example of an invalid transaction would be not operating on the right level, such as attempting to spend tokens without having a sufficient balance. Invalid transactions are rejected by the network from being included in the blockchain. They could also be included, but marked as failed, depending on the various blockchain designs.
Smart contracts may also publish events as a way to inform the outside world. Event listeners are notified when the block containing the transaction gets committed to the blockchain on the node.
Developers debate disclosure protocols
According to a technical write up by Geth, the largest Ethereum client written in the Go language, a denial-of-service attack vector was intentionally triggered by a downstream user as a test- resulting in a 30-block minority chain.
In early October, Geth had fixed the bug following a disclosure. But the bug still existed in prior versions of Geth. Developers are reordering the disclosure process for security vulnerabilities in the aftermath of what some developers have labelled as the biggest threat against the protocol since the 2016 attack on The DAO.
Summa founder James Prestwich stated: “A common ethos in open-sourced software is that vendors are tasked to notify those affected by vulnerabilities in a timely manner. In other words, the responsibility lies with Geth to give dependent users the heads-up on possible complications.
Blockchains are at their core financial settlement mechanisms. The concerning factor is that traditional methods of disclosing bugs in OSS can lead to undesirable outcomes for players with money on the line.
Prestwich concluded: “Disclosure is a complex topic and user safety is paramount.”
