The Ethereum Foundation has launched a four-week security audit contest on September 15, offering up to $2 million in rewards to global security researchers for identifying vulnerabilities in the upcoming Fusaka upgrade's codebase before its mainnet deployment, which is tentatively scheduled for late 2025.

The Fusaka upgrade's deployment is planned across multiple testnets—Holesky on September 29, Sepolia on October 13, and Hoodi on October 27—with mainnet activation dependent on successful testnet results and positive security analysis.

Organizing an open protocol-level security contest presents unique challenges, such as adapting guidelines for blockchain environments and coordinating multiple teams, with findings graded by severity to prioritize fixes.

The Fusaka upgrade is part of ongoing efforts following Ethereum's three-year anniversary of The Merge, involving stress tests on the network to address issues like orphan blocks and misconfigured MEV builder rate limits.

Despite the technical advancements, some experts question the timing of the security contest, suggesting it may be risky to launch while bugs are still being identified on devnets.

The timeline for Fusaka's upgrade remains tentative, with Ethereum Foundation officials warning that delays could occur without tighter coordination.

The security contest aims to strengthen Ethereum's systemic resilience, especially as it plays an increasingly vital role in global finance, supported by reports highlighting its high uptime and validator decentralization.

Fusaka's upgrade focuses on improving scalability and transaction throughput through features like Peer Data Availability Sampling (PeerDAS), revised gas limits, and refined blob parameters, along with about a dozen Ethereum Improvement Proposals.

The contest runs from September 15 to October 13 on the Sherlock testnet, with bonus points for early findings to incentivize prompt participation, and is co-sponsored by Gnosis and Lido, contributing a total of $125,000.

The goal of the contest is to maximize early vulnerability detection, with findings documented in an official report, supplementing the ongoing Ethereum Bug Bounty program that offers up to $250,000 for broader protocol issues.