SEC REPORT · SUB010 · Symbiotic Resolver Bypass

EOSE LABS · SECURITY FINDING REPORT · DAY 91

SUB010

Symbiotic Resolver Bypass

HIGH Immunefi Symbiotic POOL: $1.75M DRAFT

BOUNTY ESTIMATE

$25,000

LOW ESTIMATE

$200,000

HIGH ESTIMATE

$1.75M

PROGRAMME POOL

EXECUTIVE SUMMARY

Resolver authorization check uses stale epoch mapping at boundary. Slashing bypass.

TECHNICAL FINDING

Protocol: Symbiotic

Severity: HIGH

Platform: Immunefi · Pool: $1.75M

γ₁ anchor: 14.134725141734693

FOUNDRY PoC RESULT

Forge: slash at epoch boundary → stale mapping → unauthorized slash executes

RECOMMENDED FIX

Use current epoch for all resolver authorization checks. Add boundary guard.

N6 GATE VERDICTS

ORIGIN

✓ PASS

KILL CHAIN

✓ PASS

POC FORGE

✓ PASS

N6 VALIDATE

✓ PASS

CLO GATE

✓ PASS

DOCTRINE

✓ PASS

CLO GATE STATUS

AND Gate: msi01 (yUNI) builds + proves → msclo (yLAW) reviews + signs → submit
Status: ⏳ CLO sign-off pending — msclo yLAW review required
Doctrine: TRB-SERLF-BOUNTY-PROTOCOL-001 · Tardigrade first. No mock PoCs. Real contract, real fork, real drain.
Whitehat: @serlf · 0x22377D69f421B57EC44b18Ef15e8d320d3349A20

REFERENCES

Bonsai: pemos.ca/ssaf-bonsai-SUB010

Suite: pemos.ca/sec-test-suite-v12

Engine: pemos.ca/sec-domain-engine

TRB: TRB-SERLF-BOUNTY-PROTOCOL-001 · TRB-SEC-DOMAIN-TEST-SUITE-V12-001

γ₁ = 14.134725141734693