Ethereum Protocol Attackathon Audits & Known Issues

There may be other findings which are not exhaustively listed in this document. Whitehats are responsible for ensuring a vulnerability is not publicly disclosed in the respective clients known issues or any previous audits. Vulnerabilities must be tested against the respective clients latest release. Vulnerabilities which do not affect latest releases will be considered on a case by case basis, taking into account the immediate effect the vulnerability would have on the Ethereum network.
Client
Links
Layer
Consensus Layer
  •  https://github.com/ethereum/public-disclosures/blob/master/disclosures/CL-2021-12-01.md 
  •  https://github.com/ethereum/public-disclosures/blob/master/disclosures/CL-2023-05-03.md 
  •  https://github.com/ethereum/consensus-specs/issues 
Consensus
Execution Layer
  •  https://github.com/ethereum/public-disclosures/blob/master/disclosures/EL-2021-12-01.md 
  •  https://github.com/ethereum/public-disclosures/blob/master/disclosures/EL-2023-05-03.md 
  •  https://github.com/ethereum/execution-specs/issues 
Execution
Prysm
  •  https://docs.prylabs.network/docs/audits/phase0 
  •  https://github.com/prysmaticlabs/prysm/issues 
Consensus
Geth
  •  https://github.com/ethereum/go-ethereum/tree/master/docs/audits 
  •  https://github.com/ethereum/go-ethereum/issues 
  •  https://geth.ethereum.org/docs/vulnerabilities/vulnerabilities.json 
Execution
Lighthouse
  •  https://raw.githubusercontent.com/sigp/lighthouse/book-security/book/src/resources/2020-lh-trail-of-bits.pdf 
  • Beacon processor scheduling can be unfair and lead to starvation ( #6291 
  • During non-finality the database is likely to grow rapidly, and the node is more easily overwhelmed processing low quality side chains ( #6580 )
  • Unfettered access to the HTTP API can easily overwhelm the node ( #5112 )
  •  https://github.com/sigp/lighthouse/issues 
Consensus
Nethermind
  •  https://docs.nethermind.io/fundamentals/security 
  •  https://github.com/NethermindEth/nethermind/issues 
Execution
Teku
  •  https://cdn.consensys.io/uploads/teku-security-assessmnt-rfp.pdf 
  •  https://github.com/Consensys/teku/issues 
Consensus
Besu
  •  https://lf-hyperledger.atlassian.net/wiki/spaces/SEC/pages/20283630/Security+Code+Audits 
  •  https://github.com/hyperledger/besu/issues 
Consensus + Execution
Nimbus ETH2
  •  https://github.com/status-im/nimbus-eth2/labels?q=audit 
  •   https://github.com/status-im/nimbus-eth2/issues  
Consensus
Erigon
  •  https://github.com/erigontech/erigon/issues 
Consensus + Execution
Reth
  •  https://github.com/paradigmxyz/reth/tree/main/audit 
  •  https://github.com/paradigmxyz/reth/issues 
Execution
Lodestar
  •  https://github.com/ChainSafe/lodestar/issues 
Consensus
Solidity Compiler
  •  https://docs.soliditylang.org/en/develop/bugs.html 
  •  https://docs.soliditylang.org/en/latest/bugs.html 
  •  https://github.com/ethereum/solidity/issues 
Execution
Vyper Compiler
  •  https://github.com/vyperlang/vyper/security/advisories 
  •  https://github.com/vyperlang/vyper/issues 
  •  https://github.com/vyperlang/audits 
Execution