Ethereum Foundation doubles bug bounty to half a million dollars as Shapella upgrade nears

Quick Take

  • The Ethereum Foundation increased its maximum bug bounty to $500,000 for issues affecting the Shapella upgrade.
  • The upgrade is scheduled for April 12 and will enable validator staking withdrawals on the main network.

In anticipation of the upcoming Ethereum blockchain upgrade known as Shapella, the Ethereum Foundation has doubled the maximum bug bounty to $500,000 for identifying related vulnerabilities.

The highly-anticipated Shapella upgrade, also referred to as Shanghai-Capella, is scheduled for release on the mainnet on April 12 at 10:27 a.m. UTC, at block number 6,209,536. Its main feature is Ethereum Improvement Proposal-4895, which will enable validator staking withdrawals on the main network for the first time. It also includes three other improvements aimed at optimizing gas costs for specific activities.

In a developers meeting on Thursday, Fredrik Svantes, a security researcher at the Ethereum Foundation, highlighted the increased reward as part of the last-minute testing efforts.

"There's a 2x multiplier for any vulnerabilities that affect the Shapella codebase. Go ahead and start looking for more vulnerabilities as the max bounty payout for Shapella-specific issues is now up to half a million dollars," Svantes said.

A bug bounty is a program offered by organizations to incentivize individuals or groups to identify and report security vulnerabilities in their software or systems. The rewards may vary depending on the severity and potential impact of the bug identified.

The doubling of the maximum bounty for identifying Shapella vulnerabilities may be seen as a precautionary step in ensuring the security of the network. The Foundation's bug bounty program covers vulnerabilities in various aspects of the network, including the blockchain consensus model, proof of stake, network security and consensus integrity, per the official website.

Final 'shadow fork' before mainnet


Keep up with the latest news, trends, charts and views on crypto and DeFi with a new biweekly newsletter from The Block's Frank Chaparro

By signing-up you agree to our Terms of Service and Privacy Policy
By signing-up you agree to our Terms of Service and Privacy Policy

Parithosh Jayanthi, a devops engineer for the Ethereum Foundation, said that once final client software releases are out, developers will launch one final mainnet "shadow fork" to test these releases.

In the context of Ethereum, a software fork is a test done on the mainnet rather than a testnet, allowing developers to see if a piece of code from the proposed upgrade will work correctly on the real blockchain. There have also been multiple shadow forks conducted before in preparation for Shapella and a final one is needed to test client releases, Jayanthi explained at yesterday's meeting. 

"Once all the [client] releases are done, we'd have a mainnet shadow fork, and I guess that would be the last attempt at the transition publicly before we hit mainnet," Jayanthi said.

Developers have also conducted extensive public testing on three test networks, or testnets, namely Sepolia, Zhejiang and Goerli. On March 14, Shapella was deployed on the Goerli testnet as the final dress rehearsal prior to the mainnet launch.

During the Thursday meeting, developers also urged all node operators on the Ethereum network upgrade their nodes ahead of the launch to ensure a smooth transition. Overall, the Ethereum core team is taking a comprehensive approach to testing and ensuring the security of the upcoming Shapella upgrade, in anticipation of its launch.

© 2023 The Block. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.

About Author

Vishal Chawla is The Block’s crypto ecosystems editor and has spent over six years covering tech protocols, cybersecurity, artificial intelligence and cloud computing. Vishal likes to delve deep into blockchain intricacies to ensure readers are well-informed about the continuously evolving crypto landscape. He is also a staunch advocate for rigorous security practices in the space. Before joining The Block, Vishal held positions at IDG ComputerWorld, CIO, and Crypto Briefing. He can be reached on Twitter at @vishal4c and via email at [email protected]


To contact the editor of this story:
Andrew Rummer at
[email protected]