On March 23, 2023, Ethereum developers gathered for their 105th All Core Developers Consensus (ACDC) call. Fredrik Svantes, a Security Researcher at the Ethereum Foundation, revealed that the maximum bug bounty for identifying a vulnerability in the Shanghai/Capella upgrade has been doubled from $250,000 to $500,000 between now and the time of the fork.

Bug reports can be submitted to the Ethereum Foundation through this website here.

The bug bounty program offers financial compensation to individuals or groups who discover security flaws or vulnerabilities in an organization's systems. For Ethereum, rewards are determined based on severity, calculated according to the OWASP risk rating model, which considers both the impact on the network and the likelihood of an attack.

Ethereum's bug bounty program covers the soundness of protocols, such as the blockchain consensus model, wire and peer-to-peer protocols, proof of stake, and protocol/implementation compliance to ensure network security and consensus integrity. Additionally, it addresses classical client security and security of cryptographic primitives.

However, the bug bounty program does not cover infrastructure targets, such as web pages, DNS, email, or ERC20 contract bugs, which are outside the program's scope.