The Ethereum Foundation and bug bounty platform Immunefi have teamed up to launch a security audit competition dubbed the “Attackathon” that aims to be “the largest crowdsourced security audit.”
In a blog post on July 8, the Ethereum Foundation said the four week event would be open to developers and projects, who are invited to participate in a time-bound audit to search for vulnerabilities in the Ethereum protocol’s code.
The Ethereum Foundation has seeded the reward pool with an initial $500,000, but has a goal of raising more than $2 million from contributors until Aug. 1, when the final pool will be locked.
The sponsored pool will deposit directly into the Attackathon vault on Immunefi, which has been designed to transparently display the allocation of a program’s funds and streamline the payment process between projects and security researchers, according to a press release.
Ethereum’s protocol security research lead Fredrik Svantes commented that the team was “excited to launch the first audit competition targeting the protocol itself” as part of their efforts to further secure the protocol.
“Top performing whitehats will have their skills recognized in front of the entire Ethereum community,” said Immunefi on X.
The hackathon is the second to be announced by Immunefi this week — the platform is facilitating a $1 million bug bounty reward pool for developers that identify bugs in a new Solana validator client built by Jump Crypto.
The largest bug bounty on record was a $15 million reward pool from LayerZero last May. The cross-chain messaging protocol also partnered with Immunefi to set it up, with critical vulnerability payouts earning developers a minimum of $250,000 and a maximum of $15 million for finding bugs in “group one” chains such as Ethereum and Avalanche.
So far, Immunefi claims to have paid out more than $100 million in bounties and averted $25 billion in hack damage.
Update, Friday, July 12, 8:45 am ET: The article’s title originally stated “Ethereum,” not “Ethereum Foundation.” Unchained regrets the error.