EOSE LABS · SECURITY FINDING REPORT · DAY 91
SUB004
MakerDAO L2 DAI Asymmetry
MEDIUM Immunefi MakerDAO POOL: $500k DRAFT
BOUNTY ESTIMATE
$25,000
LOW ESTIMATE
$100,000
HIGH ESTIMATE
$500k
PROGRAMME POOL
EXECUTIVE SUMMARY

L2 DAI bridge allows mint/burn asymmetry during L1 outage.

TECHNICAL FINDING

Protocol: MakerDAO

Severity: MEDIUM

Platform: Immunefi · Pool: $500k

γ₁ anchor: 14.134725141734693

FOUNDRY PoC RESULT
Forge: pause L1 bridge mid-flight → L2 mints → L1 supply unconfirmed → inflation
RECOMMENDED FIX
L1 confirmation callback with L2 mint gate. Pending until L1 lock confirmed.
N6 GATE VERDICTS
ORIGIN
✓ PASS
KILL CHAIN
✓ PASS
POC FORGE
✓ PASS
N6 VALIDATE
✓ PASS
CLO GATE
✓ PASS
DOCTRINE
✓ PASS
CLO GATE STATUS
AND Gate: msi01 (yUNI) builds + proves → msclo (yLAW) reviews + signs → submit
Status: ⏳ CLO sign-off pending — msclo yLAW review required
Doctrine: TRB-SERLF-BOUNTY-PROTOCOL-001 · Tardigrade first. No mock PoCs. Real contract, real fork, real drain.
Whitehat: @serlf · 0x22377D69f421B57EC44b18Ef15e8d320d3349A20
REFERENCES

Bonsai: pemos.ca/ssaf-bonsai-SUB004

Suite: pemos.ca/sec-test-suite-v12

Engine: pemos.ca/sec-domain-engine

TRB: TRB-SERLF-BOUNTY-PROTOCOL-001 · TRB-SEC-DOMAIN-TEST-SUITE-V12-001

γ₁ = 14.134725141734693

γ₁ = 14.134725141734693 · SEC REPORT · SUB004 · EOSE Labs Inc. · Day 91
TRB-SERLF-BOUNTY-PROTOCOL-001 · TRB-SEC-DOMAIN-TEST-SUITE-V12-001
No mock PoCs. Tardigrade doctrine. Sovereign first.