/industry-wired/media/agency_attachments/2024/12/04/2024-12-04t130344212z-iw-new.png)
/industry-wired/media/agency_attachments/2024/12/04/2024-12-04t130332454z-iw-new.jpg)
/industry-wired/media/post_attachments/wp-content/uploads/2022/08/1-Million-US-Dollars-will-Be-Yours-if-You-Find-Faults-in-ETH-Merge.jpg)
Ethereum announces long-awaited ETH Merge and offers $1M bug bounty if critical flaws are found
The Ethereum Foundation has announced that the long-awaited ETH Merge will take place between September 10 and September 20. This means that the historic transition from a proof-of-work blockchain to a proof-of-stake blockchain could occur a few days earlier than previously announced. It comes after a string of delays and it's worth noting that this milestone was supposed to be reached in 2019. Because of this, those who staked Ether in order to run a validator node have had to wait a long time while their crypto was locked up in the deposit contract. In other news, the foundation has announced that it will quadruple the bug bounties awarded to people who find vulnerabilities before the ETH Merge. All of this means that those who find critical bugs could be awarded $1 million.
As part of the transition to proof-of-stake, the Ethereum Network must first be activated on the Beacon Chain with the Bellatrix upgrade which is expected on September 6. Core developers previously stated that the Total Terminal Difficulty, or TTD and the difficulty of the final mined block would trigger the end of proof-of-work and the start of proof-of-stake on Sept. 15. According to the foundation, the incremental problem added per block is dependent on the network hash rate, which is volatile. TTD will be reached sooner if more hash rate joins the network. TTD will be called later if the hash rate leaves the network.
The foundation also stated that Ether (ETH) holders and users did not need to do anything prior to the Merge except being on the lookout for scams. Following the transition, mining will no longer be possible, and stakes and node operators will both need to run an execution layer client, with the latter using a consensus layer client. The Ethereum Foundation announced in July 2020 that it had launched public "attack networks" for Ethereum 2.0 for white hats to try to exploit potential issues in the clients, with a $5,000 bounty at the time. In August 2021, however, a vulnerability in earlier versions of one of Ethereum's software clients, Geth, caused more than half of the network's nodes to split. As an execution client, the Merge will require the most recent version of Geth.
Other projects, such as Sky Mavis, have offered up to $1 million or more in bug bounties for finding exploits that result in theft or the risk of losing millions, as Sky Mavis did in April 2022 in response to a $600-million hack on the Ronin Network. Aurora, an Ethereum bridging and scaling solution, paid a $6 million bounty to a white hat hacker in June for discovering a critical bug