The Ethereum Foundation stated it would quadruple the network’s bug bounty awards with prizes worth up to $1 million for white hat hackers ahead of the Merge upgrade.
The Ethereum Foundation announced in a blog post on Wednesday that from August 24 to September 8, all “Merge-related bounties for vulnerabilities” will be tripled for white hat network testers.
Finding “critical bugs,” or flaws with a high possibility of having a large impact on the blockchain will reportedly be worth up to $1 million, according to the foundation. Additionally, submissions for low, medium and high-risk bugs are accepted under the reward program.
The Merge is anticipated to occur between September 10 and 20. The Ethereum Network “must first be activated on the Beacon Chain with the Bellatrix upgrade,” according to the Ethereum Foundation, as part of the switch to proof-of-stake.
When the Total Terminal Difficulty, or TTD, the difficulty of the last mined block, triggers the end of proof-of-work and the beginning of proof-of-stake, Core developers previously revealed a potential Merge date of Sept. 15.
According to the foundation, “the network hash rate is based on the incremental difficulty introduced per block, which is unstable.” “TTD will be attained sooner if the network gains greater hash rate. Similar to this, TTD will be reached later if the hash rate abandons the network.
The foundation said that, aside from “being on the lookout for frauds,” Ether (ETH) owners and users did not generally need to take any action prior to the Merge.
Stakeholders and node operators will both need to run an execution layer client, with the latter doing so with a consensus layer client after the changeover, which will make mining impossible.
To encourage white hats to try and take advantage of any potential vulnerabilities in the clients, the Ethereum Foundation stated in July 2020 that it had opened public “attack networks” for Ethereum 2.0 and was paying a $5,000 bounty at the moment.
However, a flaw in older versions of one of Ethereum’s software clients, Geth, led to the split of more than half of the network’s nodes in August 2021. The most recent Geth build will be needed as an execution client for The Merge.
Other projects, like Sky Mavis did in April 2022 after a $600-million hack on the Ronin Network, have given bug bounties of up to $1 million or more in an effort to find exploits that may lead to theft or the risk of losing millions.
Aurora, an Ethereum scaling and bridging solution, awarded a $6 million prize in June to a white hat hacker who found a serious flaw.