EOSE LABS · SECURITY FINDING REPORT · DAY 91
TN36
Chainlink Oracle Staleness
MEDIUM Immunefi Chainlink POOL: $150k LIVE #76024
BOUNTY ESTIMATE
$10,000
LOW ESTIMATE
$150,000
HIGH ESTIMATE
$150k
PROGRAMME POOL
EXECUTIVE SUMMARY

No staleness check on Chainlink price feed. 3601s stale price accepted as fresh. $20K extractable per 100 ETH.

TECHNICAL FINDING

Protocol: Chainlink

Severity: MEDIUM

Platform: Immunefi · Pool: $150k

γ₁ anchor: 14.134725141734693

FOUNDRY PoC RESULT
TN36_OracleStaleness.t.sol — 3/3 PASS. Stale: 2000 USD vs market 1800 USD. Gap: $200/ETH × 100 = $20,000 extractable.
RECOMMENDED FIX
require(block.timestamp - updatedAt <= MAX_STALENESS, "stale price");
N6 GATE VERDICTS
ORIGIN
✓ PASS
KILL CHAIN
✓ PASS
POC FORGE
✓ PASS
N6 VALIDATE
✓ PASS
CLO GATE
✓ PASS
DOCTRINE
✓ PASS
CLO GATE STATUS
AND Gate: msi01 (yUNI) builds + proves → msclo (yLAW) reviews + signs → submit
Status: ✅ CLO sign-off complete — FILED #76024
Doctrine: TRB-SERLF-BOUNTY-PROTOCOL-001 · Tardigrade first. No mock PoCs. Real contract, real fork, real drain.
Whitehat: @serlf · 0x22377D69f421B57EC44b18Ef15e8d320d3349A20
REFERENCES

Bonsai: pemos.ca/ssaf-bonsai-TN36

Suite: pemos.ca/sec-test-suite-v12

Engine: pemos.ca/sec-domain-engine

TRB: TRB-SERLF-BOUNTY-PROTOCOL-001 · TRB-SEC-DOMAIN-TEST-SUITE-V12-001

γ₁ = 14.134725141734693

γ₁ = 14.134725141734693 · SEC REPORT · TN36 · EOSE Labs Inc. · Day 91
TRB-SERLF-BOUNTY-PROTOCOL-001 · TRB-SEC-DOMAIN-TEST-SUITE-V12-001
No mock PoCs. Tardigrade doctrine. Sovereign first.