By Key Points
- Ethereum is planning a $2 million hackathon in order to audit blockchain security.
- The event will look for weaknesses through crowdsourcing.
- Immunefi will release findings post-event.
- Each hard fork will be followed by similar hackathons on Ethereum.
Ethereum is preparing for an unprecedented security endeavor: the $2 million “Attackathon.” This first-of-its-kind hackathon aims to become the largest crowdsourced security audit of the Ethereum blockchain’s codebase.
With a prize pool of $2 million, the four-week event invites security researchers to dive into Ethereum’s code, discover vulnerabilities, and contribute to enhancing its security.
Ethereum to launch first $2M protocol-wide ‘Attackathon’ https://t.co/E6YlRpnzgK #eth #ethereum #hackathon #attackathon #securityaudit
— Entrepreneur_cm (@entrepreneur_cm) July 9, 2024
The Attackathon Details
The “Attackathon” is intended to be a comprehensive and rigorous security review that will be facilitated by the Ethereum Protocol Security (EPS) research team.
As stated in their July 8 blog post, there will be a technical walkthrough of the blockchain’s code at the beginning of the event to ensure participants are equipped with what they need in order to identify and understand potential vulnerabilities throughout it.
There are specific rules that participants must follow, and only impactful rule-compliant reports will be rewarded. This structured approach ensures high-quality security findings while promoting competitive collaboration between hackers looking for bugs within Ethereum’s network infrastructure.
Gathering Results
Upon completion of the “Attackathon”, bug bounty platform Immunefi will compile an extensive report on all findings made during this period; It will provide details about each vulnerability discovered as well as offer suggestions on how best they can be fixed or patched up so that future attacks like these might not succeed again.
Immunefi has run several large bounties before which have resulted in successful remediation action being taken against those particular issues identified; thus it is expected that they would also play such a role here too since many actionable insights could come out from their analysis work done on various types vulnerability reports submitted throughout this event.
Funding and Future Plans
The EPS team has put together a prize pool of $500,000 with sponsors expected to contribute an additional $1.5 million by August 1st; which further emphasizes community involvement when it comes to securing our shared networks against malicious actors who would exploit them for personal gain or other nefarious purposes.
Looking ahead, after each Ethereum hard fork the EPS team plans to host similar hackathons; where there are changes made to the codebase then continuous comprehensive security audits need to be carried out so as not to leave any stone unturned in terms of finding bugs within software systems that power these decentralized applications (apps) built atop such smart contracting platforms like Ethereum etcetera.
These events will cover every change in the codebase following each Ethereum hard fork; which ensures constant thorough security audits take place thereby making sure that no vulnerability goes undetected within this blockchain technology environment.
The next major one called “Pectra” combines both “Prague” and “Electra” upgrades and is expected to launch in late 2022 or early 2023 – It includes significant user-facing features such as a social recovery mechanism.
Where people can recover their private wallet keys using friends’ public keys instead of having to remember those long strings themselves also adding more powerful functions into wallets akin to smart contracts etcetera.
The Wider Picture
Hackathons and bug bounties are standard industry practice in tech companies across all sectors where they offer rewards for identifying vulnerabilities within their system architecture designs leading onto remediation steps being taken afterward but mainly based around financial incentives as motivation factor behind it too thus driving up overall levels IT security awareness among developers working these areas.
For example, LayerZero awarded $15m prizes associated with finding severe security weaknesses in its network protocols.
Not only does Ethereum’s ‘Attackathon’ seek to strengthen its defenses but also establishes a precedent for other blockchain platforms. By continuously involving the community in security audits, Ethereum aims to create a resilient ecosystem that can withstand the changing face of cyber threats.
What's your reaction?
