Ethereum is set to launch its first-ever hackathon with a slated reward pool of $2 million that “aims to be the largest crowdsourced security audit” of the blockchain’s codebase.
The so-called “Attackathon” will see security researchers “actively search for vulnerabilities in the protocol’s code” in a four-week “time-bound audit challenge,” the Ethereum Protocol Security (EPS) research team explained in a July 8 blog post.
“They will follow specific rules set for the competition, and only impactful and rule-compliant reports will be rewarded,” it added.
The event would start with a technical walkthrough of the blockchain’s code so “participants are well-prepared to identify and understand potential vulnerabilities.”
After the event wraps, its host — bug bounty platform Immunefi — will gather the findings into a report detailing the discovered vulnerabilities.
One audit competition to rule them all
— Immunefi (@immunefi) July 8, 2024
Immunefi, in collaboration with the @Ethereum Foundation, presents the first-ever Attackathon to enhance Ethereum’s protocol security.
Become a sponsor and help make history ✨
1/4#EFxImmunefi pic.twitter.com/m1HtH6G2r0
The team said it pitched in $500,000 to the competition’s prize pool and called for sponsors to raise another $1.5 million by Aug. 1, when it will share more details.
The EPS team plans on hosting similar hackathons “at every hard fork covering changes to the codebase.”
Ethereum’s next “Pectra” hard fork is expected to go live sometime late this year or early next and combines the “Prague” and “Electra” upgrades.
The planned major updates for users include a “social recovery” feature that could eliminate the need to remember the up to 24-word private wallet key — a hallmark of the technology since its creation — and give wallets smart contract-like features.
Hackathons are common in the tech world, and crypto has seen its share of the events, with other blockchains and projects hosting similar hacking sprints.
Crypto projects also offer a constant roster of bug bounties aiming to entice hackers to share their exploits instead of maliciously undertaking them. Immunefi’s website shows most bounties are in the tens to hundreds of thousands of dollars, with the largest reward offered by LayerZero reaching $15 million.