Ethereum offers up to $2 million for Fusaka vulnerabilities: 4-week global contest begins

The Ethereum Foundation has launched a bounty program with up to $2 million in prizes for finding bugs in Fusaka over four weeks.

A race against time and technical ingenuity begins: the Ethereum Foundation has launched a four-week audit competition with incentives of up to $2 million for those who identify flaws in the Fusaka update. This challenge seeks to strengthen confidence in the protocol ahead of one of the most anticipated updates by the end of 2025.

The initiative combines community and professional resources, integrating Sherlock and co-sponsors such as Gnosis y Lido to ensure a thorough, public, and accountable review. The financial reward is attractive, but the priority is mitigate critical risks that could affect millions of users and nodes.

Boosting safety with a responsible rewards program

The call is open to researchers and security teams that meet the eligibility rules defined by the Ethereum Foundation and SherlockParticipants must register their intent, agree to responsible disclosure terms, and follow the published technical scope to avoid out-of-scope reporting.

According to publication of the Foundation, the submission of a vulnerability must be accompanied by clear and complete documentation: from steps that allow the failure to be reproduced to its expected impact, including a proof of concept and proposals to mitigate the problem. Sherlock will be responsible for filtering and evaluating these reports, analyzing their validity and severity before deciding on the allocation of rewards.

On the other hand, the reward will be assigned based on the criticality of the discovery and the quality of the report; criteria such as reproducibility, scope, and systemic risk influence the assessment. Tests that demonstrate practical exploits or consensus vectors will receive the highest rewards, the Foundation said.

Finally, the rules also contemplate exclusions and restrictions. For example, the Foundation stated that results that violate laws, irreversibly compromise third-party funds, or publish exploits before the official patch are released will not be rewarded. Transparency in the process seeks to balance incentives and accountability.

The collaboration between Sherlock, Gnosis, and Lido strengthens security on Ethereum.

Within this reward program, collaboration between experts and top-tier technology allows for efficient and secure handling of vulnerabilities detected in the next Ethereum update. In this sense, Sherlock will contribute not only its infrastructure to manage rewards, but also its ability to classify and prioritize security breach reports. 

According to the Foundation, this will expedite the identification and correction of the most critical issues, while providing an impartial technical assessment to maintain transparency. By reducing the administrative burden, the Ethereum Foundation's work will also be facilitated, making the entire process more fluid.

For its part, Gnosis will be responsible for ensuring that the distribution of rewards be done securely and on time. Thanks to its advanced multisig solutions and key escrow expertise, it will ensure that payments to researchers are prompt and that delays caused by operational issues or security risks on the blockchain are avoided.

Additionally, Lido, a key player in the world of liquid staking, will provide in-depth insight into the risks associated with the staking and validation layer. Its participation in this rewards program is key to examining potential attack vectors affecting staking protocols and liquid tokens, as well as coordinating tests that simulate the real participation of validators, which adds a valuable strategic focus to the entire process.

Together, these organizations form a robust alliance where vulnerability detection, validation, and remediation are carried out with precision and accountability. Their coordinated work expands the scope of audits and covers gaps that might otherwise be overlooked if they operated separately, thus strengthening security and trust throughout the Ethereum ecosystem.

Fusaka, building Ethereum's security and stability

Fusaka, the update that expected by the end of 2025, will bring significant changes to consensus, client improvements, and optimizations to the execution layer, transforming key aspects of Ethereum. However, each of these adjustments, however fundamental, also expands the potential for vulnerabilities, so subjecting the code to a thorough audit is essential to avoid serious flaws that could compromise block completion or the economic security of the network.

Vulnerabilities in staking components, client-to-client messaging, or finalization logic can lead to network outages, loss of funds, or prolonged forks. Therefore, identifying issues before deployment will help reduce systemic risk and protect the integrity of the network and validators.

Beyond specific patches, the competition promotes more robust engineering practices: cross-checking, resilience testing, and expanded bug hunting—all cultural and technical improvements that will improve the overall quality of the Ethereum ecosystem.

Finally, transparent communication and responsible disclosure play a key role. A coordinated and carefully communicated rollout of fixes will prevent early attacks and maintain the trust of users, exchanges, and decentralized financial services that require a secure and stable network to operate smoothly.