The Ethereum Foundation launched a four-week audit contest on Sept. 15 to find bugs in its next upgrade, Fusaka, and to push fixes before the code reaches mainnet, possibly as soon as the fourth quarter.
The program runs through Oct. 13 and is hosted on the web3 security platform Sherlock. Gnosis and Lido are co-sponsors. Rewards can total up to $2 million for valid findings, and week one pays 2x multipliers while week two pays 1.5x. The move aims to concentrate the review on the bundled EIPs and spot issues early.
Contest mechanics
The contest is open to security researchers and teams, and Sherlock will handle submissions and payouts. Valid bugs will get public post-mortems that feed into an official report.
The Foundation also keeps its standing bug bounty program active. That broader program still pays up to $250,000 for protocol-wide problems outside the contest.
Week one has larger reward multipliers to draw immediate attention. Week two keeps higher than normal payouts as well. Weeks three and four continue normal bounty levels. The structure is meant to focus effort early and then keep steady coverage while the code is refined.
Also Read: Cathie Wood Backs Ethereum Foundation’s Push For Scalability And Privacy
Why Fusaka matters?
Fusaka groups about a dozen EIPs aimed at improving security, throughput and efficiency. A headline feature is Peer Data Availability Sampling. That feature spreads blob data checks across nodes.
The goal is to grow capacity for rollups that handle many transactions off-chain. If Fusaka reaches mainnet, it should change how some rollups pack and verify data.
The upgrade is targeted for late 2025, but the Foundation’s co-executive director, Tomasz Stańczak, has said timelines could slip without closer coordination. That warning is part of the reason for a high-intensity audit push now.
Past work and context
Sherlock ran large-scale audits before and helped review last year’s Pectra bytecode changes. That work showed how collaborative contests can add another layer of assurance before upgrades.
The Foundation has mixed standing bounties with large pre-mainnet contests to widen scrutiny and reward deep findings.
The contest will collect findings, include write-ups and lessons learned, and publish a post-mortem. Those reports aim to help implementers and node operators prepare for any changes that Fusaka brings.
User experience track
The Foundation has also announced Protocol Update 003 titled Improve UX as part of broader reorganisation goals. Improve UX sits alongside Scale L1 and Scale Blobs as one of three strategic tracks announced after the June reorg.
The UX track aims to make Ethereum easier to use across wallets, explorers and developer tools. That effort runs alongside security and scaling work and may shape how upgrades are tested and rolled out.
What researchers will focus on?
Teams will dig into the code for the EIPs in the Fusaka bundle. They will test for logic errors, edge cases, and interactions that only show up under heavy load or unusual network conditions.
The peer sampling feature will get special attention because it changes how nodes check large data sets. Any flaw there could affect rollup data availability and user funds.
Audit contests reward both depth and speed. The early multiplier is designed to catch fresh eyes and fast finds. Post mortems will help others avoid repeating the same mistakes and will let node implementers adjust clients before a hard fork.
What to watch next?
The contest ends on Oct. 13, and after that, the Foundation will review findings, roll out fixes, and publish the report.
The hard fork timetable will depend on results and on coordination across client teams. If major issues turn up, the upgrade schedule could shift.