Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
eip-evrf: Ethereum Vulnerability Reporting Framework #679
This proposal is based on the latest revision of my original blog post here: https://dickolsson.com/evrf-ethereum-vulnerability-reporting-framework/
A few things that I'm still considering based on feedback from speaking to people in the community:
Thank you @dickolsson, this was a very much needed EIP.
Prior to this EIP being submitted I have already reflected my interest in devising a new, specific threat model, one that is way more focused in smart contracts and their immutable nature.
This is surely the best way to start these efforts going and I believe we're at the right phase to do it.
I also believe that, while being a huge endeavour, we should start devising that new threat model sooner rather than later for it won't be ready when we'll need it if we only start doing it then.
This would be a very valuable contribution to the ecosystem.
To summarize in a TLDR what projects would need to do:
That seems like a nice baby step towards establishing some standard opsec practices.
This is a courtesy notice to let you know that the format for EIPs has been modified slightly. If you want your draft merged, you will need to make some small changes to how your EIP is formatted:
If your PR is editing an existing EIP rather than creating a new one, this has already been done for you, and you need only rebase your PR.
In addition, a continuous build has been setup, which will check your PR against the rules for EIP formatting automatically once you update your PR. This build ensures all required headers are present, as well as performing a number of other checks.
Please rebase your PR against the latest master, and edit your PR to use the above format for frontmatter. For convenience, here's a sample header you can copy and adapt: