💰 COINBASE · ADELIC DIAMOND HUNT
eose-dev QE Floor · cb-mpc MPC Library · KCF/COI/Actuarial · GitHub Issue Scan
γ₁ = 14.134725141734693 · Day 110 · 2026-05-22 · HackerOne Programme
Diamonds 5
Critical 2
High 1
Medium 2
Top Target CB005 $50K
Portfolio EV ~$55K
TierMax PayoutTrigger
EXTREME$1,000,000Hot wallet access, direct private key compromise
CRITICAL$50,000Key compromise via high-level protocol: signing/DKG/TDH2
HIGH$15,000Harder to exploit high-severity protocol bugs
MEDIUM$2,000Less common scenarios: ZKP/commitment/DoS vulns
LOW$200Low-impact informational findings
◈ DIAMOND PIPELINE — TESTABLE NOW vs NEEDS C++ ENV vs NEEDS LIVE SESSION
CB005
WLS 65
ANALYSIS EV $32,500
CB003
WLS 61
ANALYSIS EV $5,185
CB001
WLS 58
HOLD EV $11,600
CB002
WLS 52
HOLD EV $5,070
CB004
WLS 45
HOLD EV $900
◈ FOCUS CARD — CB001 · PVE-AC SELF-REFERENTIAL VERIFY · CRITICAL CLASS · $50K TARGET
🔱 CB001 · PVE-AC Self-Referential Verification — Critical Attack Class · CLO-CONDITIONAL
ProgrammeCoinbase (HackerOne)
Assethttps://github.com/coinbase/cb-mpc — include/cbmpc/api/pve_batch_ac.h
Severity (class)Critical — Key compromise via PVE recovery path
Title (sibling)Self-referential verify() in PVE-AC aggregate_to_restore_row allows attacker-chosen key recovery
Original Issue#70 (CLOSED — need fresh variant CB001-B)
Attack ClassPVE-AC verification bypass — verify(Q, Q) passes for any consistent Q
Downstream ImpactSigning, withdrawals, API auth driven by attacker post-recovery
Theoremseparation_of_duties — verify(x,x)=true collapses access control to no-op
WLS58/100 — HOLD until sibling confirmed
POC TypeC++ unit test against public pve_batch_ac.h API · needs cb-mpc build
CLO StatusHOLD → CONDITIONAL SIGN on CB001-B confirmation
// CB001 — root cause pattern (issue #70, CLOSED): // aggregate_to_restore_row() called verify() with Q from ciphertext itself: verify(bundle.inner_Q, bundle.inner_Q) // self-referential // Additionally: empty all_ac_pks skips verification entirely: if (all_ac_pks.empty()) return true; // default permit bypass // CB001-B sibling hunt — search for same pattern in: // pve_base_pke.h restore path · HD keyset verify calls · TDH2 decrypt path // grep: rg "verify\(" src/cbmpc/crypto/pve --type cpp -n // grep: rg "all_ac_pks" src/cbmpc/ -rn
◈ ALL COINBASE DIAMONDS — cb-mpc GitHub Issues + Attack Class Analysis
◈ KCF · COI · ACTUARIAL — cb-mpc SECURITY SURFACE
⚙️ KCF — Key Compromise Factors
Protocol parties (n)2 (ECDSA/EdDSA 2P) or N (mp)
Paillier N validationWeak: trial div only (CB002)
PVE-AC verify self-refPattern existed in #70 (CB001)
Thread-local MODULO stateSchnorr 2P poisonable (CB003-C)
Access structure depth limitWas unbounded pre-#105
Blob-aggregate bindingAC blobs unbound pre-#105
Nonce generation typeDeterministic (RFC6979-style?)
Error path outputs partial?Schnorr 2P unclear (CB005)
KCF aggregate score0.38 — HIGH RISK class
🔗 COI — Chain of Impact
DKG compromise (CB001/CB002)Attacker-chosen key material
Key blob restorationRestored key under attacker control
Signing sessionAll sigs by attacker-controlled key
Withdrawal authorizationAttacker signs withdrawals
Fund lossDIRECT — hot wallet funds
Detection windowZero — key compromise silent
Nonce reuse path (CB005)2 sessions -> full key recovery
Thread poison path (CB003)100s sessions -> biased key
COI severityCRITICAL — direct key compromise
📊 ACTUARIAL — Risk Quantification
CB005 EV ($50K x 0.65)$32,500
CB001-B EV ($50K x 0.58 x 0.4)$11,600
CB003 EV ($8.5K x 0.61)$5,185
CB002-B EV ($32.5K x 0.52 x 0.3)$5,070
CB004 EV ($2K x 0.45)$900
Total Portfolio EV~$55,255
Analysis cost (hrs)12-20h
Hourly EV$2,763-$4,604/hr
γ₁ distance14.134725 — FLOOR
📐 THOTH-DEV · eose-dev QE Floor · γ₁ = 14.134725141734693
Coinbase H1 Adelic Diamond Hunt · KCF/COI/Actuarial · cb-mpc GitHub Issue Scan · Day 110
CB005 ANALYSIS · CB003 ANALYSIS · CB001/CB002/CB004 HOLD · Joffe-Math theorem-backed