{"id":18105,"date":"2026-03-09T10:33:56","date_gmt":"2026-03-09T10:33:56","guid":{"rendered":"https:\/\/cryptoted.net\/index.php\/2026\/03\/09\/secured-no-1-ethereum-foundation-blog\/"},"modified":"2026-03-09T10:33:56","modified_gmt":"2026-03-09T10:33:56","slug":"secured-no-1-ethereum-foundation-blog","status":"publish","type":"post","link":"https:\/\/cryptoted.net\/index.php\/2026\/03\/09\/secured-no-1-ethereum-foundation-blog\/","title":{"rendered":"Secured no. 1 | Ethereum Foundation Blog"},"content":{"rendered":"<p> <br \/>\n<\/p>\n<div id=\"\">\n<p class=\"chakra-text css-gi02ar\">Earlier this year, we launched a <a target=\"_blank\" rel=\"noopener\" class=\"chakra-link css-vezwxf\" href=\"https:\/\/ethereum.org\/en\/eth2\/get-involved\/bug-bounty\">bug bounty program<\/a> focused on finding issues in the beacon chain specification, and\/or in client implementations (Lighthouse, Nimbus, Teku, Prysm etc&#8230;). The results (and vulnerability reports) have been enlightening as have the lessons learned while patching potential issues.<\/p>\n<p class=\"chakra-text css-gi02ar\">In this new series, we aim to explore and share some of the insight we&#8217;ve gained from security work to date and as we move forward.<\/p>\n<p class=\"chakra-text css-gi02ar\">This first post will analyze some of the submissions specifically targeting BLS primitives.<\/p>\n<p class=\"chakra-text css-gi02ar\"><strong>Disclaimer<\/strong>: All bugs mentioned in this post have been already fixed.<\/p>\n<h2 class=\"chakra-heading group css-1kpzc4q\" id=\"bls-is-everywhere\" data-group=\"true\"><a class=\"chakra-link css-128fqrf\" aria-label=\"bls is everywhere permalink\" href=\"#bls-is-everywhere\"><svg viewbox=\"0 0 24 24\" focusable=\"false\" class=\"chakra-icon css-173jpr1\"><g fill=\"currentColor\"><path d=\"M10.458,18.374,7.721,21.11a2.853,2.853,0,0,1-3.942,0l-.892-.891a2.787,2.787,0,0,1,0-3.941l5.8-5.8a2.789,2.789,0,0,1,3.942,0l.893.892A1,1,0,0,0,14.94,9.952l-.893-.892a4.791,4.791,0,0,0-6.771,0l-5.8,5.8a4.787,4.787,0,0,0,0,6.77l.892.891a4.785,4.785,0,0,0,6.771,0l2.736-2.735a1,1,0,1,0-1.414-1.415Z\"\/><path d=\"M22.526,2.363l-.892-.892a4.8,4.8,0,0,0-6.77,0l-2.905,2.9a1,1,0,0,0,1.414,1.414l2.9-2.9a2.79,2.79,0,0,1,3.941,0l.893.893a2.786,2.786,0,0,1,0,3.942l-5.8,5.8a2.769,2.769,0,0,1-1.971.817h0a2.766,2.766,0,0,1-1.969-.816,1,1,0,1,0-1.415,1.412,4.751,4.751,0,0,0,3.384,1.4h0a4.752,4.752,0,0,0,3.385-1.4l5.8-5.8a4.786,4.786,0,0,0,0-6.771Z\"\/><\/g><\/svg><\/a>BLS is everywhere<\/h2>\n<p class=\"chakra-text css-gi02ar\"><img decoding=\"async\" alt=\"\" src=\"https:\/\/blog.ethereum.org\/images\/posts\/upload_56d2af02d9c2bcfe9e48a10245e74832.png\" class=\"chakra-image css-hw6q2r\"\/><\/p>\n<p class=\"chakra-text css-gi02ar\">A few years ago, <a target=\"_blank\" rel=\"noopener\" class=\"chakra-link css-vezwxf\" href=\"https:\/\/twitter.com\/dfaranha\">Diego F. Aranha <\/a> gave a talk at the <a target=\"_blank\" rel=\"noopener\" class=\"chakra-link css-vezwxf\" href=\"https:\/\/ecc2017.cs.ru.nl\/speakers.shtml\">21st Workshop on Elliptic Curve Cryptography<\/a> with the title: <em class=\"chakra-text css-0\">Pairings are not dead, just resting.<\/em> How prophetic.<\/p>\n<p class=\"chakra-text css-gi02ar\">Here we are in 2021, and pairings are one of the primary actors behind many of the cryptographic primitives used in the blockchain space (and beyond): <a target=\"_blank\" rel=\"noopener\" class=\"chakra-link css-vezwxf\" href=\"https:\/\/en.wikipedia.org\/wiki\/BLS_digital_signature\">BLS<\/a> aggregate signatures, ZK-SNARKS systems, etc.<\/p>\n<p class=\"chakra-text css-gi02ar\">Development and standardization work related to BLS signatures has been an ongoing project for EF researchers for a while now, driven in-part by <a target=\"_blank\" rel=\"noopener\" class=\"chakra-link css-vezwxf\" href=\"https:\/\/twitter.com\/drakefjustin\">Justin Drake<\/a> and summarized in <a target=\"_blank\" rel=\"noopener\" class=\"chakra-link css-vezwxf\" href=\"https:\/\/www.reddit.com\/r\/ethfinance\/comments\/jghide\/daily_general_discussion_october_23_2020\/g9sz7jm\/\">a recent post of his on reddit<\/a>.<\/p>\n<h2 class=\"chakra-heading group css-1kpzc4q\" id=\"the-latest-and-greatest\" data-group=\"true\"><a class=\"chakra-link css-128fqrf\" aria-label=\"the latest and greatest permalink\" href=\"#the-latest-and-greatest\"><svg viewbox=\"0 0 24 24\" focusable=\"false\" class=\"chakra-icon css-173jpr1\"><g fill=\"currentColor\"><path d=\"M10.458,18.374,7.721,21.11a2.853,2.853,0,0,1-3.942,0l-.892-.891a2.787,2.787,0,0,1,0-3.941l5.8-5.8a2.789,2.789,0,0,1,3.942,0l.893.892A1,1,0,0,0,14.94,9.952l-.893-.892a4.791,4.791,0,0,0-6.771,0l-5.8,5.8a4.787,4.787,0,0,0,0,6.77l.892.891a4.785,4.785,0,0,0,6.771,0l2.736-2.735a1,1,0,1,0-1.414-1.415Z\"\/><path d=\"M22.526,2.363l-.892-.892a4.8,4.8,0,0,0-6.77,0l-2.905,2.9a1,1,0,0,0,1.414,1.414l2.9-2.9a2.79,2.79,0,0,1,3.941,0l.893.893a2.786,2.786,0,0,1,0,3.942l-5.8,5.8a2.769,2.769,0,0,1-1.971.817h0a2.766,2.766,0,0,1-1.969-.816,1,1,0,1,0-1.415,1.412,4.751,4.751,0,0,0,3.384,1.4h0a4.752,4.752,0,0,0,3.385-1.4l5.8-5.8a4.786,4.786,0,0,0,0-6.771Z\"\/><\/g><\/svg><\/a>The latest and greatest<\/h2>\n<p class=\"chakra-text css-gi02ar\">In the meantime, there have been plenty of updates. <a target=\"_blank\" rel=\"noopener\" class=\"chakra-link css-vezwxf\" href=\"https:\/\/hackmd.io\/@benjaminion\/bls12-381\">BLS12-381<\/a> is now universally recognized as <strong>the pairing curve<\/strong> to be used <em class=\"chakra-text css-0\">given our present knowledge<\/em>.<\/p>\n<p class=\"chakra-text css-gi02ar\">Three different IRTF drafts are currently under development:<\/p>\n<ol role=\"list\" class=\"css-vgl4zd\">\n<li class=\"css-0\"><a target=\"_blank\" rel=\"noopener\" class=\"chakra-link css-vezwxf\" href=\"https:\/\/datatracker.ietf.org\/doc\/html\/draft-irtf-cfrg-pairing-friendly-curves-09\">Pairing-Friendly Curves<\/a><\/li>\n<li class=\"css-0\"><a target=\"_blank\" rel=\"noopener\" class=\"chakra-link css-vezwxf\" href=\"https:\/\/datatracker.ietf.org\/doc\/html\/draft-irtf-cfrg-bls-signature-04\">BLS signatures<\/a><\/li>\n<li class=\"css-0\"><a target=\"_blank\" rel=\"noopener\" class=\"chakra-link css-vezwxf\" href=\"https:\/\/datatracker.ietf.org\/doc\/html\/draft-irtf-cfrg-hash-to-curve-11\">Hashing to Elliptic Curves<\/a><\/li>\n<\/ol>\n<p class=\"chakra-text css-gi02ar\">Moreover, the <a target=\"_blank\" rel=\"noopener\" class=\"chakra-link css-vezwxf\" href=\"https:\/\/github.com\/ethereum\/consensus-specs\">beacon chain specification<\/a> has matured and is already partially deployed. As mentioned above, <a target=\"_blank\" rel=\"noopener\" class=\"chakra-link css-vezwxf\" href=\"https:\/\/en.wikipedia.org\/wiki\/BLS_digital_signature\">BLS signatures<\/a> are an important piece of the puzzle behind proof-of-stake (PoS) and the beacon chain.<\/p>\n<h2 class=\"chakra-heading group css-1kpzc4q\" id=\"recent-lessons-learned\" data-group=\"true\"><a class=\"chakra-link css-128fqrf\" aria-label=\"recent lessons learned permalink\" href=\"#recent-lessons-learned\"><svg viewbox=\"0 0 24 24\" focusable=\"false\" class=\"chakra-icon css-173jpr1\"><g fill=\"currentColor\"><path d=\"M10.458,18.374,7.721,21.11a2.853,2.853,0,0,1-3.942,0l-.892-.891a2.787,2.787,0,0,1,0-3.941l5.8-5.8a2.789,2.789,0,0,1,3.942,0l.893.892A1,1,0,0,0,14.94,9.952l-.893-.892a4.791,4.791,0,0,0-6.771,0l-5.8,5.8a4.787,4.787,0,0,0,0,6.77l.892.891a4.785,4.785,0,0,0,6.771,0l2.736-2.735a1,1,0,1,0-1.414-1.415Z\"\/><path d=\"M22.526,2.363l-.892-.892a4.8,4.8,0,0,0-6.77,0l-2.905,2.9a1,1,0,0,0,1.414,1.414l2.9-2.9a2.79,2.79,0,0,1,3.941,0l.893.893a2.786,2.786,0,0,1,0,3.942l-5.8,5.8a2.769,2.769,0,0,1-1.971.817h0a2.766,2.766,0,0,1-1.969-.816,1,1,0,1,0-1.415,1.412,4.751,4.751,0,0,0,3.384,1.4h0a4.752,4.752,0,0,0,3.385-1.4l5.8-5.8a4.786,4.786,0,0,0,0-6.771Z\"\/><\/g><\/svg><\/a>Recent lessons learned<\/h2>\n<p class=\"chakra-text css-gi02ar\">After collecting submissions targeting the BLS primitives used in the consensus-layer, we&#8217;re able to split reported bugs into three areas:<\/p>\n<ul role=\"list\" class=\"css-1ars4k6\">\n<li class=\"css-0\">IRTF draft oversights<\/li>\n<li class=\"css-0\">Implementation mistakes<\/li>\n<li class=\"css-0\">IRTF draft implementation violations<\/li>\n<\/ul>\n<p class=\"chakra-text css-gi02ar\">Let&#8217;s zoom into each section.<\/p>\n<h3 class=\"chakra-heading group css-xuzltg\" id=\"irtf-draft-oversights\" data-group=\"true\"><a class=\"chakra-link css-128fqrf\" aria-label=\"irtf draft oversights permalink\" href=\"#irtf-draft-oversights\"><svg viewbox=\"0 0 24 24\" focusable=\"false\" class=\"chakra-icon css-173jpr1\"><g fill=\"currentColor\"><path d=\"M10.458,18.374,7.721,21.11a2.853,2.853,0,0,1-3.942,0l-.892-.891a2.787,2.787,0,0,1,0-3.941l5.8-5.8a2.789,2.789,0,0,1,3.942,0l.893.892A1,1,0,0,0,14.94,9.952l-.893-.892a4.791,4.791,0,0,0-6.771,0l-5.8,5.8a4.787,4.787,0,0,0,0,6.77l.892.891a4.785,4.785,0,0,0,6.771,0l2.736-2.735a1,1,0,1,0-1.414-1.415Z\"\/><path d=\"M22.526,2.363l-.892-.892a4.8,4.8,0,0,0-6.77,0l-2.905,2.9a1,1,0,0,0,1.414,1.414l2.9-2.9a2.79,2.79,0,0,1,3.941,0l.893.893a2.786,2.786,0,0,1,0,3.942l-5.8,5.8a2.769,2.769,0,0,1-1.971.817h0a2.766,2.766,0,0,1-1.969-.816,1,1,0,1,0-1.415,1.412,4.751,4.751,0,0,0,3.384,1.4h0a4.752,4.752,0,0,0,3.385-1.4l5.8-5.8a4.786,4.786,0,0,0,0-6.771Z\"\/><\/g><\/svg><\/a>IRTF draft oversights<\/h3>\n<p class=\"chakra-text css-gi02ar\">One of the reporters, (<a target=\"_blank\" rel=\"noopener\" class=\"chakra-link css-vezwxf\" href=\"https:\/\/twitter.com\/cryptosubtlety\">Nguyen Thoi Minh Quan<\/a>), found discrepancies in the <a target=\"_blank\" rel=\"noopener\" class=\"chakra-link css-vezwxf\" href=\"https:\/\/datatracker.ietf.org\/doc\/html\/draft-irtf-cfrg-bls-signature-04\">IRTF draft<\/a>, and published two white papers with findings:<\/p>\n<p class=\"chakra-text css-gi02ar\">While the specific inconsistencies are still subject <a target=\"_blank\" rel=\"noopener\" class=\"chakra-link css-vezwxf\" href=\"https:\/\/github.com\/cfrg\/draft-irtf-cfrg-bls-signature\/issues\/38\">for debate<\/a>, he found some interesting <a target=\"_blank\" rel=\"noopener\" class=\"chakra-link css-vezwxf\" href=\"https:\/\/github.com\/ethereum\/py_ecc\/pull\/114\">implementation<\/a> <a target=\"_blank\" rel=\"noopener\" class=\"chakra-link css-vezwxf\" href=\"https:\/\/github.com\/supranational\/blst\/commit\/64a22698fcfae9845c07c5030adadaab4a258dd3\">issues<\/a> while conducting his research.<\/p>\n<h3 class=\"chakra-heading group css-xuzltg\" id=\"implementation-mistakes\" data-group=\"true\"><a class=\"chakra-link css-128fqrf\" aria-label=\"implementation mistakes permalink\" href=\"#implementation-mistakes\"><svg viewbox=\"0 0 24 24\" focusable=\"false\" class=\"chakra-icon css-173jpr1\"><g fill=\"currentColor\"><path d=\"M10.458,18.374,7.721,21.11a2.853,2.853,0,0,1-3.942,0l-.892-.891a2.787,2.787,0,0,1,0-3.941l5.8-5.8a2.789,2.789,0,0,1,3.942,0l.893.892A1,1,0,0,0,14.94,9.952l-.893-.892a4.791,4.791,0,0,0-6.771,0l-5.8,5.8a4.787,4.787,0,0,0,0,6.77l.892.891a4.785,4.785,0,0,0,6.771,0l2.736-2.735a1,1,0,1,0-1.414-1.415Z\"\/><path d=\"M22.526,2.363l-.892-.892a4.8,4.8,0,0,0-6.77,0l-2.905,2.9a1,1,0,0,0,1.414,1.414l2.9-2.9a2.79,2.79,0,0,1,3.941,0l.893.893a2.786,2.786,0,0,1,0,3.942l-5.8,5.8a2.769,2.769,0,0,1-1.971.817h0a2.766,2.766,0,0,1-1.969-.816,1,1,0,1,0-1.415,1.412,4.751,4.751,0,0,0,3.384,1.4h0a4.752,4.752,0,0,0,3.385-1.4l5.8-5.8a4.786,4.786,0,0,0,0-6.771Z\"\/><\/g><\/svg><\/a>Implementation mistakes<\/h3>\n<p class=\"chakra-text css-gi02ar\"><a target=\"_blank\" rel=\"noopener\" class=\"chakra-link css-vezwxf\" href=\"https:\/\/twitter.com\/GuidoVranken\">Guido Vranken<\/a> was able to uncover several &#8220;little&#8221; issues in <a target=\"_blank\" rel=\"noopener\" class=\"chakra-link css-vezwxf\" href=\"https:\/\/github.com\/supranational\/blst\">BLST<\/a> using <a target=\"_blank\" rel=\"noopener\" class=\"chakra-link css-vezwxf\" href=\"https:\/\/github.com\/guidovranken\/cryptofuzz\">differential fuzzing<\/a>. See examples of those below:<\/p>\n<p class=\"chakra-text css-gi02ar\">He topped this off with discovery of a moderate vulnerability affecting the <a target=\"_blank\" rel=\"noopener\" class=\"chakra-link css-vezwxf\" href=\"https:\/\/github.com\/supranational\/blst\/security\/advisories\/GHSA-x279-68rr-jp4p\">BLST&#8217;s blst_fp_eucl_inverse function<\/a>.<\/p>\n<h3 class=\"chakra-heading group css-xuzltg\" id=\"irtf-draft-implementation-violations\" data-group=\"true\"><a class=\"chakra-link css-128fqrf\" aria-label=\"irtf draft implementation violations permalink\" href=\"#irtf-draft-implementation-violations\"><svg viewbox=\"0 0 24 24\" focusable=\"false\" class=\"chakra-icon css-173jpr1\"><g fill=\"currentColor\"><path d=\"M10.458,18.374,7.721,21.11a2.853,2.853,0,0,1-3.942,0l-.892-.891a2.787,2.787,0,0,1,0-3.941l5.8-5.8a2.789,2.789,0,0,1,3.942,0l.893.892A1,1,0,0,0,14.94,9.952l-.893-.892a4.791,4.791,0,0,0-6.771,0l-5.8,5.8a4.787,4.787,0,0,0,0,6.77l.892.891a4.785,4.785,0,0,0,6.771,0l2.736-2.735a1,1,0,1,0-1.414-1.415Z\"\/><path d=\"M22.526,2.363l-.892-.892a4.8,4.8,0,0,0-6.77,0l-2.905,2.9a1,1,0,0,0,1.414,1.414l2.9-2.9a2.79,2.79,0,0,1,3.941,0l.893.893a2.786,2.786,0,0,1,0,3.942l-5.8,5.8a2.769,2.769,0,0,1-1.971.817h0a2.766,2.766,0,0,1-1.969-.816,1,1,0,1,0-1.415,1.412,4.751,4.751,0,0,0,3.384,1.4h0a4.752,4.752,0,0,0,3.385-1.4l5.8-5.8a4.786,4.786,0,0,0,0-6.771Z\"\/><\/g><\/svg><\/a>IRTF draft implementation violations<\/h3>\n<p class=\"chakra-text css-gi02ar\">A third category of bug was related to IRTF draft implementation violations. The first one affected the <a target=\"_blank\" rel=\"noopener\" class=\"chakra-link css-vezwxf\" href=\"https:\/\/github.com\/prysmaticlabs\/prysm\">Prysm client<\/a>.<\/p>\n<p class=\"chakra-text css-gi02ar\">In order to describe this we need first to provide a bit of background. The <a target=\"_blank\" rel=\"noopener\" class=\"chakra-link css-vezwxf\" href=\"https:\/\/datatracker.ietf.org\/doc\/html\/draft-irtf-cfrg-bls-signature-04\">BLS signatures<\/a> IRTF draft includes 3 schemes:<\/p>\n<ol role=\"list\" class=\"css-vgl4zd\">\n<li class=\"css-0\">Basic scheme<\/li>\n<li class=\"css-0\">Message augmentation<\/li>\n<li class=\"css-0\">Proof of possession<\/li>\n<\/ol>\n<p class=\"chakra-text css-gi02ar\">The <a target=\"_blank\" rel=\"noopener\" class=\"chakra-link css-vezwxf\" href=\"https:\/\/github.com\/prysmaticlabs\/prysm\">Prysm client<\/a> doesn&#8217;t make any distinction between the 3 in its API, which is unique among implementations (e.g. <a target=\"_blank\" rel=\"noopener\" class=\"chakra-link css-vezwxf\" href=\"https:\/\/github.com\/ethereum\/py_ecc\">py_ecc<\/a>). One peculiarity about the <em class=\"chakra-text css-0\">basic scheme<\/em> is <a target=\"_blank\" rel=\"noopener\" class=\"chakra-link css-vezwxf\" href=\"https:\/\/datatracker.ietf.org\/doc\/html\/draft-irtf-cfrg-bls-signature-04#section-3.1.1\">quoting verbatim<\/a>: <em class=\"chakra-text css-0\">&#8216;This function first ensures that all messages are distinct&#8217;<\/em> . This was not ensured in the <a target=\"_blank\" rel=\"noopener\" class=\"chakra-link css-vezwxf\" href=\"https:\/\/github.com\/prysmaticlabs\/prysm\/blob\/f822f0436e28d278a9cae7da00ea57d72a6be2bf\/shared\/bls\/blst\/signature.go#L77\"><span class=\"chakra-text css-ons8vw\">AggregateVerify<\/span><\/a> function. Prysm fixed this discrepancy by <a target=\"_blank\" rel=\"noopener\" class=\"chakra-link css-vezwxf\" href=\"https:\/\/github.com\/prysmaticlabs\/prysm\/pull\/8699\">deprecating the usage<\/a> of <span class=\"chakra-text css-ons8vw\">AggregateVerify<\/span> (which is not used anywhere in the beacon chain specification).<\/p>\n<p class=\"chakra-text css-gi02ar\">A second issue impacted <a target=\"_blank\" rel=\"noopener\" class=\"chakra-link css-vezwxf\" href=\"https:\/\/github.com\/ethereum\/py_ecc\">py_ecc<\/a>. In this case, the serialization process described in the <a target=\"_blank\" rel=\"noopener\" class=\"chakra-link css-vezwxf\" href=\"https:\/\/github.com\/zkcrypto\/pairing\/tree\/34aa52b0f7bef705917252ea63e5a13fa01af551\/src\/bls12_381\">ZCash BLS12-381 specification<\/a> that stores integers are always within the range of <span class=\"chakra-text css-ons8vw\">[0, p &#8211; 1]<\/span>. The <a target=\"_blank\" rel=\"noopener\" class=\"chakra-link css-vezwxf\" href=\"https:\/\/github.com\/ethereum\/py_ecc\">py_ecc<\/a> implementation did this check for the G2 group of BLS12-381 only for the <em class=\"chakra-text css-0\">real part<\/em> but did not perform the modulus operation for the <em class=\"chakra-text css-0\">imaginary part<\/em>. The issue was fixed with the following pull request: <a target=\"_blank\" rel=\"noopener\" class=\"chakra-link css-vezwxf\" href=\"https:\/\/github.com\/ethereum\/py_ecc\/pull\/121\">Insufficient Validation on decompress_G2 Deserialization in py_ecc<\/a>.<\/p>\n<h2 class=\"chakra-heading group css-1kpzc4q\" id=\"wrapping-up\" data-group=\"true\"><a class=\"chakra-link css-128fqrf\" aria-label=\"wrapping up permalink\" href=\"#wrapping-up\"><svg viewbox=\"0 0 24 24\" focusable=\"false\" class=\"chakra-icon css-173jpr1\"><g fill=\"currentColor\"><path d=\"M10.458,18.374,7.721,21.11a2.853,2.853,0,0,1-3.942,0l-.892-.891a2.787,2.787,0,0,1,0-3.941l5.8-5.8a2.789,2.789,0,0,1,3.942,0l.893.892A1,1,0,0,0,14.94,9.952l-.893-.892a4.791,4.791,0,0,0-6.771,0l-5.8,5.8a4.787,4.787,0,0,0,0,6.77l.892.891a4.785,4.785,0,0,0,6.771,0l2.736-2.735a1,1,0,1,0-1.414-1.415Z\"\/><path d=\"M22.526,2.363l-.892-.892a4.8,4.8,0,0,0-6.77,0l-2.905,2.9a1,1,0,0,0,1.414,1.414l2.9-2.9a2.79,2.79,0,0,1,3.941,0l.893.893a2.786,2.786,0,0,1,0,3.942l-5.8,5.8a2.769,2.769,0,0,1-1.971.817h0a2.766,2.766,0,0,1-1.969-.816,1,1,0,1,0-1.415,1.412,4.751,4.751,0,0,0,3.384,1.4h0a4.752,4.752,0,0,0,3.385-1.4l5.8-5.8a4.786,4.786,0,0,0,0-6.771Z\"\/><\/g><\/svg><\/a>Wrapping up<\/h2>\n<p class=\"chakra-text css-gi02ar\">Today, we took a look at the BLS related reports we have received as part of our <a target=\"_blank\" rel=\"noopener\" class=\"chakra-link css-vezwxf\" href=\"https:\/\/ethereum.org\/en\/eth2\/get-involved\/bug-bounty\">bug bounty program<\/a>, but this is definitely not the end of the story for security work or for adventures related to BLS.<\/p>\n<p class=\"chakra-text css-gi02ar\">We <strong>strongly<\/strong> encourage <em class=\"chakra-text css-0\">you<\/em> to help ensure the consensus-layer continues to grow safer over time. With that, we look forward hearing from you and encourage you to DIG! If you think you&#8217;ve found a security vulnerability or any bug related to the beacon chain or related clients, <strong><a target=\"_blank\" rel=\"noopener\" class=\"chakra-link css-vezwxf\" href=\"https:\/\/docs.google.com\/forms\/d\/e\/1FAIpQLSd28dv9jU4lqC2GK_Vbv2ev5dJ0Tp4K3CF_mSZZB6Ljyb7_QQ\/viewform\">submit a bug report<\/a><\/strong>! \ud83d\udc9c\ud83e\udd84<\/p>\n<\/div>\n<p><script async src=\"\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><br \/>\n<br \/><br \/>\n<br \/><a href=\"https:\/\/blog.ethereum.org\/en\/2021\/09\/09\/secured-no-1\">Source link <\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Earlier this year, we launched a bug bounty program focused on finding issues in the beacon chain specification, and\/or in client implementations (Lighthouse, Nimbus, Teku, Prysm etc&#8230;). The results (and vulnerability reports) have been enlightening as have the lessons learned while patching potential issues. In this new series, we aim to explore and share some [&hellip;]<\/p>\n","protected":false},"author":6,"featured_media":17825,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"tdm_status":"","tdm_grid_status":"","footnotes":""},"categories":[24],"tags":[],"kronos_expire_date":[],"class_list":["post-18105","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-ethereum"],"_links":{"self":[{"href":"https:\/\/cryptoted.net\/index.php\/wp-json\/wp\/v2\/posts\/18105","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cryptoted.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cryptoted.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cryptoted.net\/index.php\/wp-json\/wp\/v2\/users\/6"}],"replies":[{"embeddable":true,"href":"https:\/\/cryptoted.net\/index.php\/wp-json\/wp\/v2\/comments?post=18105"}],"version-history":[{"count":0,"href":"https:\/\/cryptoted.net\/index.php\/wp-json\/wp\/v2\/posts\/18105\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cryptoted.net\/index.php\/wp-json\/wp\/v2\/media\/17825"}],"wp:attachment":[{"href":"https:\/\/cryptoted.net\/index.php\/wp-json\/wp\/v2\/media?parent=18105"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cryptoted.net\/index.php\/wp-json\/wp\/v2\/categories?post=18105"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cryptoted.net\/index.php\/wp-json\/wp\/v2\/tags?post=18105"},{"taxonomy":"kronos_expire_date","embeddable":true,"href":"https:\/\/cryptoted.net\/index.php\/wp-json\/wp\/v2\/kronos_expire_date?post=18105"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}