The Ethereum Foundation (EF) and audit platform Sherlock have launched a $2 million audit contest to harden the code for Ethereum’s upcoming Fusaka upgrade. The four-week competition began Sept. 15 and invites security researchers worldwide to find vulnerabilities before the final testnet phase.
“The Protocol Research Security Team specifically wants to encourage all security researchers to join the competition, which is why the contest pot is so attractive,” an EF Protocol Research Security Team spokesperson told Blockworks. “Making [Ethereum] secure, no matter the cost, is crucial for the entire ecosystem. We’ve seen that large contest pots attract top security researchers, and they often clear their schedules in advance to make sure they can participate.”
The call for robust testing echoes a broader industry recognition that Ethereum security is systemic risk management. A report from Etherealize, released Monday, argued that Wall Street needs a blockchain like Ethereum.
“The question is not whether financial markets will move onchain: that outcome is increasingly certain,” the report said, citing Ethereum’s track record of 100% uptime since genesis and validator decentralization as good reasons for global finance to standardize around it.
Test, test, and retest
Monday also marked the 3-year anniversary of The Merge, one of the most significant software engineering feats in history. Three years and three mainnet forks later, efforts like Fusaka’s audit contest are a critical layer of assurance to keep the network’s spotless upgrade record going.
The contest launch coincided with Monday’s All Core Devs Testing (ACDT) call, where developers reported mixed results from Devnet-5 — the final devnet for Fusaka before testnet forks begin. Barnabás Busa of the EF said the network is unusual in that it’s being relaunched daily, raising blob limits aggressively in stages throughout this week. The goal is to stress-test PeerDAS, Fusaka’s new data availability sampling mechanism.
Developers also flagged real-world issues that underscore the importance of additional security review. “We currently see quite some orphan blocks,” Busa said, attributing part of the spike to a misconfigured MEV builder rate limit that was fixed just hours before the call. Nimbus and Nevermind engineers said they are also patching minor issues encountered during the tests.
Running an open contest on protocol-level code introduces new challenges for Sherlock.
“One of the main challenges of having a contest for such a protocol is the guidelines, which are designed to cover dApps, and require adjustments to fit the contest for a chain,” Sherlock CEO Jack Sanford told Blockworks. “Other challenges also include working with several teams at the same time, while regular contests require working with only one team.”
Sherlock emphasized that the contest is structured to encourage full-scope coverage across Fusaka’s new features, including PeerDAS, a higher gas limit, secp256r1 precompile, and blob-parameter-only forks.
“All the features are equally incentivized for auditors to look at, and it doesn’t matter where exactly auditors find an issue, but the severity of the issues they find,” Sanford explained.
Findings will be triaged quickly to maximize the time available for fixes. “Once the issues are submitted, they’re judged by the Lead Judge, picked specifically for this contest, and by the Ethereum Foundation, and then assigned to the specific team that is responsible for this part of the code,” Sanford said. “Additionally, the issues are graded by severity and issues that have higher impact on the code have higher priority in fixing.”
Sponsors including Gnosis and Lido have contributed $125,000 to the rewards pool, signaling broad ecosystem support. The contest, which concludes in mid-October, offers researchers a chance to help harden Ethereum’s most ambitious upgrade yet, before it hits mainnet in November.
Get the news in your inbox. Explore Blockworks newsletters:
- The Breakdown: Decoding crypto and the markets. Daily.
- 0xResearch: Alpha in your inbox. Think like an analyst.
- Empire: Crypto news and analysis to start your day.
- Forward Guidance: The intersection of crypto, macro and policy.
- The Drop: Apps, games, memes and more.
- Lightspeed: All things Solana.
- Supply Shock: Bitcoin, bitcoin, bitcoin.
