EOSE LABS · SECURITY FINDING REPORT · DAY 91
SUB007
Lido Oracle Lag Withdrawal Drain
HIGH Immunefi Lido V2 POOL: $2M DRAFT
BOUNTY ESTIMATE
$50,000
LOW ESTIMATE
$200,000
HIGH ESTIMATE
$2M
PROGRAMME POOL
EXECUTIVE SUMMARY

Oracle report lag during high-withdrawal: stale stETH/ETH ratio, systematic extraction.

TECHNICAL FINDING

Protocol: Lido V2

Severity: HIGH

Platform: Immunefi · Pool: $2M

γ₁ anchor: 14.134725141734693

FOUNDRY PoC RESULT
Forge: oracle lag + rapid queue drain → ETH extracted at stale ratio
RECOMMENDED FIX
Minimum oracle freshness check in WithdrawalQueue.finalize(). Reject if stale.
N6 GATE VERDICTS
ORIGIN
✓ PASS
KILL CHAIN
✓ PASS
POC FORGE
✓ PASS
N6 VALIDATE
✓ PASS
CLO GATE
✓ PASS
DOCTRINE
✓ PASS
CLO GATE STATUS
AND Gate: msi01 (yUNI) builds + proves → msclo (yLAW) reviews + signs → submit
Status: ⏳ CLO sign-off pending — msclo yLAW review required
Doctrine: TRB-SERLF-BOUNTY-PROTOCOL-001 · Tardigrade first. No mock PoCs. Real contract, real fork, real drain.
Whitehat: @serlf · 0x22377D69f421B57EC44b18Ef15e8d320d3349A20
REFERENCES

Bonsai: pemos.ca/ssaf-bonsai-SUB007

Suite: pemos.ca/sec-test-suite-v12

Engine: pemos.ca/sec-domain-engine

TRB: TRB-SERLF-BOUNTY-PROTOCOL-001 · TRB-SEC-DOMAIN-TEST-SUITE-V12-001

γ₁ = 14.134725141734693

γ₁ = 14.134725141734693 · SEC REPORT · SUB007 · EOSE Labs Inc. · Day 91
TRB-SERLF-BOUNTY-PROTOCOL-001 · TRB-SEC-DOMAIN-TEST-SUITE-V12-001
No mock PoCs. Tardigrade doctrine. Sovereign first.