diff --git a/docs/flashbots-mev-boost/security.md b/docs/flashbots-mev-boost/security.md index 217175a8..e7b238a4 100644 --- a/docs/flashbots-mev-boost/security.md +++ b/docs/flashbots-mev-boost/security.md @@ -9,4 +9,8 @@ If you find a security vulnerability on this project or any other initiative rel ### Bug Bounties -- Coming soon! \ No newline at end of file +#### Post-mortem for a relay vulnerability leading to proposers falling back to local block production + +- On November 10, 2022, a vulnerability in the Flashbots relay was exploited, causing block proposers to fall back to local block production instead of MEV-Boost blocks. The issue stemmed from incorrect `timestamp` and `prev_randao` values in block builder submissions, leading to their rejection by the beacon node. The vulnerability was responsibly disclosed by the [Manifold Finance team](https://twitter.com/foldfinance), and a fix was implemented and deployed by collaborating with various security and engineering teams. The incident affected approximately 350 blocks but did not result in proposers missing slots. + +For more details, ["Post-mortem for a relay vulnerability leading to proposers falling back to local block production (Nov. 10, 2022)"](https://collective.flashbots.net/t/post-mortem-for-a-relay-vulnerability-leading-to-proposers-falling-back-to-local-block-production-nov-10-2022/727)