EOSE Labs · Security Research

We hunt bugs.
Structured. Documented. Filed.

We bring enterprise architecture discipline to smart contract security. Every finding is an IRF. Every pattern is a standard. The floor is open to collaborators.

〰️ curious researchers welcome 🌀 fresh eyes beat stale patterns ⚓ no gatekeeping on the hunt
Active hunts · Code4rena + Immunefi
Protocol Platform Severity Status Notes
Intuition
 C4 CRIT PoC building
Bounty resumed Mar 11 after audit pause. Contest known issues excluded. Fresh scan needed on MultiVault.sol (77KB).
Moonwell
 C4 HIGH PoC failing
C4 reviewed submissions before Mar 7. Post-Mar 7 still in review. Our fork PoC not passing test suite yet.
Jupiter Lend
 C4 CRIT HIGH ID blocked
Judging in progress. 5 submission slots blocked on C4 identity verification (C4 identity step pending).
Succinct
 C4 MED under review
Reviewed before Mar 16. Invalid/wontfix findings now public. Deposit: required. QA submissions open.
Immunefi programs
 Immunefi CRIT mapping
248 programs. 42 PoCs in library. Attack map building now — matching existing patterns to open scopes.
How we work · LSOS+IRF method
1
LSOS
Gap analysis. What do we know? What's missing?
2
IRF
Issue Resolution File. One per finding. Tracked to close.
3
PoC
Fork only. Testnet only. Executable proof before filing.
4
CLO gate
Legal review before submission. CLO signs off every filing.
5
Submit
C4 or Immunefi. Documented. Traceable.
6
NP filed
Every pattern becomes a named standard. Nothing lost.
Ways to contribute
🔍
Hunt · bring a finding
Active researcher with a PoC or a lead? We run LSOS+IRF discipline — every finding gets documented and tracked. CLO gate before anything external goes out.
→ audit@pemos.ca
⚙️
PoC builder · fix what's failing
We have failing PoCs (Moonwell, Intuition). If you know the protocol and can see why the fork test fails — that's a direct contribution with a clear outcome.
→ floor@pemos.ca
📐
Pattern builder · file a standard
If you've cracked a class of vulnerability — reentrancy variant, oracle manipulation, access control gap — we can co-file it as an NP standard on the floor.
→ standards floor
🗺️
Mapper · PoC × program matching
248 Immunefi programs. 42 existing PoCs. Matching known attack patterns to open scopes is pure research — no code needed, just protocol knowledge.
→ audit@pemos.ca
⚖️
CLO reviewer · sign off on filings
Every submission goes through legal review. If you have security law background and want to review findings before they go external — CLO seat available.
→ legal@pemos.ca
📡
Scout · monitor + report
Watch the C4/Immunefi channels. Track which programs update, which findings go public, which windows open. Intel is contribution.
→ fleet@pemos.ca
Our stack
LSOS+IRF
Gap analysis framework. Every blind spot is an IRF. Every IRF has an owner and a close condition. Nothing drifts.
Fork-only PoCs
We never touch mainnet. All PoCs run on forks. Executable proof before any submission goes out.
CLO gate
Legal review on every filing. CLO-Main ⚖️ signs off. No submission without a clean gate.
3QG CONSIDERATION
Before any destructive action: What is here? What am I trading it for? Can I restore it? Prevents the irreversible.
NP standards
Every found pattern becomes a Named Pattern. Filed, versioned, credited. The library grows with every hunt.
Attack map
42 PoCs × 248 programs. Systematic coverage. Which patterns match which scopes — no manual guessing.
Code4rena · what we've learned
Deposit model
$25 deposit per submission. Lost if invalid/insufficient. Returned if valid or wontfix. Submit only when PoC is clean.
Review timelines
Bounties: sponsor-paced (weeks to months). Audits: judge queue. No ETA guaranteed. File clean and wait.
Signal metrics
Valid findings build signal. Null/low-signal submissions lower it. Quality over volume always.
Audit vs bounty scope
Audit findings become known issues for the bounty. Check readme for excluded items before bounty submission.

The hunt is structured.

Every finding documented. Every pattern filed. Every submission CLO-gated. If you want to contribute to rigorous security research — the floor is open.

→ audit@pemos.ca standards floor ARC floor