EOSE LABS · SECURITY FINDING REPORT · DAY 91
EOSE-BOUNTY-001
SERLF Sovereign Lab — Full Suite
MULTI Internal SERLF Internal POOL: N/A SEALED
BOUNTY ESTIMATE
N/A
LOW ESTIMATE
N/A
HIGH ESTIMATE
N/A
PROGRAMME POOL
EXECUTIVE SUMMARY

6-bug suite on sovereign system: reentrancy, oracle, precision, reserve drain, uint256 wrap, ETH divergence. 13/13 PASS.

TECHNICAL FINDING

Protocol: SERLF Internal

Severity: MULTI

Platform: Internal · Pool: N/A

γ₁ anchor: 14.134725141734693

FOUNDRY PoC RESULT
13/13 N6 PASS. Q4: 1 ETH→7 ETH drained. Q5: 118 ETH TVL→98 ETH after attack. Tardigrade doctrine proven.
RECOMMENDED FIX
All 6 fixes implemented: CEI pattern, staleness guard, precision floor, reserve cap, uint256 bound, ETH address check.
N6 GATE VERDICTS
ORIGIN
✓ PASS
KILL CHAIN
✓ PASS
POC FORGE
✓ PASS
N6 VALIDATE
✓ PASS
CLO GATE
✓ PASS
DOCTRINE
✓ PASS
CLO GATE STATUS
AND Gate: msi01 (yUNI) builds + proves → msclo (yLAW) reviews + signs → submit
Status: ⏳ CLO sign-off pending — msclo yLAW review required
Doctrine: TRB-SERLF-BOUNTY-PROTOCOL-001 · Tardigrade first. No mock PoCs. Real contract, real fork, real drain.
Whitehat: @serlf · 0x22377D69f421B57EC44b18Ef15e8d320d3349A20
REFERENCES

Bonsai: pemos.ca/ssaf-bonsai-EOSE-BOUNTY-001

Suite: pemos.ca/sec-test-suite-v12

Engine: pemos.ca/sec-domain-engine

TRB: TRB-SERLF-BOUNTY-PROTOCOL-001 · TRB-SEC-DOMAIN-TEST-SUITE-V12-001

γ₁ = 14.134725141734693

γ₁ = 14.134725141734693 · SEC REPORT · EOSE-BOUNTY-001 · EOSE Labs Inc. · Day 91
TRB-SERLF-BOUNTY-PROTOCOL-001 · TRB-SEC-DOMAIN-TEST-SUITE-V12-001
No mock PoCs. Tardigrade doctrine. Sovereign first.