[DEPRECATED] Public eth2 attacknets

Note: This attacknet program has been deprecated in favor of the more general eth2 bounty program. All previous bounty types in this repo qualify in the new program. Please use eth2bounty@ethereum.org for responsible disclosure.

All previous trophies will be ported to the long standing eth2 bounty program.

This repository tracks public "attacknets" maintained by the EF.

[DEPRECATED] Multi-client `beta-1` attacknet

A multi-client beta-1 attacknet composed of three clients is up with multiple tiers of bounties (up to $15k!). Read more for details about configuration, rules, and rewards.

Attacknet directory structure

Each attacknet is contained within it's own sub-directory within ./attacknets.

Within the attacknet directory, a README.md is provided with human readable, high-level configuration as well as the rules and any rewards associated with the attacknet.

The attacknet directory also provides configuration files that might be useful in running clients and connecting to the network.

prysm_config.yaml -- is a YAML configuration file that can be ingested by the Prysm client via the --chain-config-file commandline flag
teku_config.yaml -- is a YAML configuration file that can be ingested by the Teku client via the --network commandline flag
lighthouse -- is the testnet configuration directory that can be ingested by the Lighthouse client via the --testnet-dir commandline flag

General rules

In addition to attacknet specific rules provided for in each attacknet. The following are the general rules for the program. [Note: This program is in beta-0 and all rules are subject to change without prior notice].

The Ethereum Foundation is solely responsible for judging the attack and deciding on rewards
The Ethereum Foundation may reward "honorable mention" rewards of any denomination for interesting effects induced on testnets that do not necessarily meet the stated goal
Awards can be redeemed in ETH or DAI
Eth2 client teams are eligible to participate only on attacknets that do not contain their specific client

How to report

All claims on attacknet rewards must be reported as an issue in this repo.

Please follow this reporting structure to aid in prompt review:

If succeeded in a testnet goal and want to make a claim on the reward, prefix the name of the Issue/PR with "[{ATTACK_NET_NAME} Reward]" Use this template for convenience.
If want to share something interesting achieved outside of the goal, prefix the name of the Issue/PR with "[{ATTACK_NET_NAME} Issue]" Use this template for convenience.
Use the following structure for the body of the Issue/PR
- Description: High-level description of the attack [1 sentence]
- Attack scenario: More detailed description of the attack scenario and how it was carried out [1 to 3 sentences]
- Impact: Describe the effect had on the attacknet [1 to 2 sentences]
- Details: Very specific details about the attack including the specific slots/epochs where it can be observed

Privacy

The Ethereum Foundation is not responsible for any private information that might be leaked as a result of this program.

In the event that the reporting of an attack does leak private information (e.g. logs from a testnet containing IP addresses), we ask that you withhold any such information in the public report. Instead, please note that there are additional accompanying resources to be shared, and the attacknet evaluators will be in touch.

Important legal information

We give explicit permission to attack these attacknets over the internet.

This attacknet program is an experimental and discretionary rewards program for our active Ethereum community to encourage and reward those who are helping to improve the platform. It is not a competition. You should know that we can cancel the program at any time, and rewards are at the sole discretion of Ethereum Foundation. In addition, we are not able to issue rewards to individuals who are on sanctions lists or who are in countries on sanctions lists (e.g. North Korea, Iran, etc). You are responsible for all taxes. All rewards are subject to applicable law. Finally, your testing must not violate any law or compromise any data that is not yours.

Getting started

Running clients with custom config files

For each attacknet, a README.md and configuration files are provided to allow for easy running of clients. Note that a prysm_config.yaml, teku_config.yaml, and lighthouse directory are provided for each testnet regardless of the constituent clients making up the testnet. These are configuration files that you can use to run lighthouse, prysm, and/or teku on each testnet.

To run lighthouse, in addition to normal configuration commandline flags, use the following:

--testnet-dir {LIGHTHOUSE_TESTNET_DIR} where LIGHTHOUSE_TESTNET_DIR is the lighthouse directory found within the specific attacknet

To run prysm, in addition to normal configuration commandline flags, use the following:

--chain-config-file {PRYSM_CONFIG_FILE} where PRYSM_CONFIG_FILE is the prysm_config.yaml file found within the specific attacknet
--deposit-contract {DEPOSIT_CONTRACT_ADDR} where DEPOSIT_CONTRACT_ADDR is the 0x prefixed deposit contract address found in the specific attacknet README.md
--contract-deployment-block {DEPOSIT_CONTRACT_DEPLOY_NUMBER} where DEPOSIT_CONTRACT_DEPLOY_NUMBER is the block number at which the deposit contract was deployed, found in the attacknet README.md
--custom-genesis-delay {GENESIS_DELAY} where GENESIS_DELAY is the genesis delay param found in the attacknet README.md

To run teku, in addition to normal configuration commandline flags, use the following:

--network {TEKU_CONFIG_FILE} where TEKU_CONFIG_FILE is the teku_config.yaml file found within the specific attacknet
--eth1-deposit-contract-address {DEPOSIT_CONTRACT_ADDR} where DEPOSIT_CONTRACT_ADDR is the 0x prefixed deposit contract address found in the specific attacknet README.md

Rumor -- Eth2 interactive shell

@protolambda maintains rumor, an eth2 interactive shell for dynamically interacting with eth2 networks and data.

Check out the rumor README for basic documentation. We expect this tool to be invaluable in getting started, understanding networks, and constructing attacks.

Trophies 🏆

Here we immortalize, for all time, the successful attacks conducted by 1337 h4x0rz.

You, too, can achieve perpetual fame and glory. Read some code, run some nodes, and break some nets.

User	Attacknet	Attack	Reward
@jrhea	`prysm-attack-0`	DoS Attack on Prysm via Golang stdlib exploit stops finality	$5k (USD)
@holiman	`prysm-attack-0`	Remote crash nodes over p2p	~~$5k (USD)~~ No reward, EF Security Team
@AlexSSD7	`prysm-attack-0`	L4 Distributed Denial of Service attack stops finality	$5k (USD)
@jrhea	`teku-attack-0`	DoS Attack on Teku Stops Finality	$5k (USD)
@jrhea	`lighthouse-attack-0`	Network agent crashes lighthouse discovery	$1k (USD)
@tintinweb	`teku-attack-0`	DoS Attack on Teku via gossipsub	$5k (USD)
@atoulme	`teku-attack-0`	DoS Attack: UDP random 46 bytes packets	$5k (USD)
@atoulme	`teku-attack-0`	Crash discovery service with malformed WHOAREYOU packet	$5k (USD)

Deprecated attacknets

Single-client `beta-0` attacknets

beta-0 attacknets are deprecated. All nodes are have been disabled and attacks/rewards are no longer eligible.

ethereum / public-attacknets

readme

[DEPRECATED] Public eth2 attacknets

[DEPRECATED] Multi-client `beta-1` attacknet

Attacknet directory structure

General rules

How to report

Privacy

Important legal information

Getting started

Running clients with custom config files

Rumor -- Eth2 interactive shell

Trophies 🏆

Deprecated attacknets

Single-client `beta-0` attacknets

ethereum / public-attacknets

readme

[DEPRECATED] Public eth2 attacknets

[DEPRECATED] Multi-client beta-1 attacknet

Attacknet directory structure

General rules

How to report

Privacy

Important legal information

Getting started

Running clients with custom config files

Rumor -- Eth2 interactive shell

Trophies 🏆

Deprecated attacknets

Single-client beta-0 attacknets

[DEPRECATED] Multi-client `beta-1` attacknet

Single-client `beta-0` attacknets