SecHive CRM Bonixer — Bounty Vault · γ₁

🔐 SecHive CRM Bonixer — Bounty Vault

Kay Joffe + EOSE Fleet Mathematics Collective · γ₁ = 14.134725141734693 · Day 117 · 2026-05-29

🔴 IMMUNEFI PERMANENTLY BANNED — @serlf account banned (Day 114) for mainnet PoC violation (#79388 f620e094...). ALL Immunefi-targeted findings must be re-routed: LayerZero → security@layerzero.network · Others → direct contact or H1/C4. Do NOT create new Immunefi account. Appeal: support@immunefi.com.

✅ HackerOne @kay_j_j UNAFFECTED — MAR-002 #3762137 OPEN in triage · MM-005/MM-006 CLO-authorized Day 115, NOT YET FILED · UNI-EXT-001 CLO-authorized Day 115, NOT YET FILED

🚨 File NOW (CLO✅)

Open Triage (H1)

Direct Contact

10+

Staged (re-route)

Closed Dup

$80K–$400K

Priority target

🚨 FILE THESE NOW — CLO Authorized, Clock Running

MM-005 MetaMask DelegationManager non-inheritance H1 MetaMask · HIGH · $10K–$50K → FILE H1 NOW

MM-006 MetaMask validateDelegation guard bypass H1 MetaMask · HIGH · $10K–$50K → FILE H1 NOW

UNI-EXT-001 Uniswap Extension Permit2 drain — 18,979 unlimited approvals H1 Uniswap · CRITICAL · $20K–$100K → FILE H1 NOW

MAR-003 LayerZero TON storage double-subtract (#79388) DIRECT · HIGH · $10K–$50K → security@layerzero.network

All Findings — Shape × SOSTLE × joffe-math × Status

ID	Finding	Protocol	Platform	Shape	SOSTLE	Theorem	DRG	Severity	$Range	Status	Action
MAR-002 #3762137	cb-mpc PVE-AC self-referential verify skip_verify=false · forged Q passes against itself	Coinbase cb-mpc	HackerOne	S7 💀 zombie_verifier	L4	GovernanceProofs.lean	PASS	CRITICAL	$50K–$1M	OPEN TRIAGE	Monitor · add evidence if triage slow
MM-005	DelegationManager non-inheritance — base delegation not inherited by sub-delegators CATOMAIN V14 · Marasoon 6/6	MetaMask	HackerOne	S2 🌙 stale_watcher	L3	ZKProofs.lean	PASS	HIGH	$10K–$50K	CLO✅ NOT FILED	🚨 FILE NOW
MM-006	validateDelegation guard bypass — caveats evaluated without full context CATOMAIN V14 · Marasoon 6/6	MetaMask	HackerOne	S3 ⚡ regulator_fork	L3	AMMProofs.lean	PASS	HIGH	$10K–$50K	CLO✅ NOT FILED	🚨 FILE NOW
UNI-EXT-001	Uniswap Extension Permit2 drain — 18,979 unlimited approvals · 6,328 wallets 7d Patched Day 115 · CRITICAL upgrade	Uniswap Extension	HackerOne	S1 🌀 reentrancy_spiral	L2	ECDSAProofs.lean	PASS	CRITICAL	$20K–$100K	CLO✅ NOT FILED	🚨 FILE NOW
MAR-003 #79388	LayerZero TON storage double-subtract — STORAGEFEES SUB applied twice · f82c a1 bytecode "Wrong shoes, right footprint" · S9 = L7 sorry	LayerZero V2	Immunefi BANNED → Direct	S9 ⏱️+S4 🕳️ phase_order_drain	L7 🔴	TONPhaseOrder.lean (sorry)	WARN	HIGH	$10K–$50K	ESCALATED · DIRECT	→ security@layerzero.network
CL-SSRF-001	Chainlink json-rpc-adapter SSRF — data.url unvalidated · IMDS/k8s blast radius	Chainlink EA	Immunefi → Chainlink direct	S5 arbitrary_jump	L3	GovernanceProofs.lean	PASS	HIGH 0.88	$10K–$50K	RESEARCH→FILE	Re-route: Chainlink security contact
SOLV-NAV-001	Solv SolvBTC NAV compounding — 1000 calls = +65% · proven N=280 in 1 tx	Solv SolvBTC	Immunefi → Solv direct / Sherlock	S3 ⚡ regulator_fork	L3	AMMProofs.lean	PASS	CRITICAL 0.94	$50K–$250K	RESEARCH→FILE	Highest $ target after MAR-002
CB001	cb-mpc PVE-AC staged (MAR-002 is the H1 version)	Coinbase cb-mpc	HackerOne	S7 💀	L4	GovernanceProofs.lean	PASS	CRITICAL	$50K–$250K	STAGED	= MAR-002 already filed as #3762137
ARB-014	LayerZero TON storage double-count = MAR-003	LayerZero V2	Immunefi BANNED	S9 ⏱️	L7	TONPhaseOrder (sorry)	WARN	BANNED PLATFORM	$10K–$50K	→ DIRECT	Same as MAR-003. Direct only.
ARB-005	Aave L2 sequencer oracle	Aave	Immunefi → Aave direct / H1	S2 🌙	L3	ZKProofs.lean	PASS	HIGH	$10K–$50K	RE-ROUTE	Aave has own security channel
ARB-006	EigenLayer cascade slash	EigenLayer	Immunefi → EigenLayer direct / H1	S3 ⚡	L3	GovernanceProofs.lean	PASS	HIGH	$10K–$50K	RE-ROUTE	EigenLayer has bug bounty page
ARB-003	Wormhole finality race	Wormhole	Immunefi → Wormhole direct / H1	S3 ⚡	L3	AMMProofs.lean	PASS	HIGH	$10K–$50K	RE-ROUTE	Wormhole has Immunefi alt channels
MAR-001 #3756133	cb-mpc Schnorr 2P sign_batch oracle — sigs[] populated before verify	Coinbase cb-mpc	HackerOne	S2 🌙+S7 💀	L3	ZKProofs.lean	PASS	HIGH	$0	CLOSED DUPLICATE	Filed Day 110. Dup. No payout.
TN36 #76024	Chainlink staleness check missing in BaseAuction.sol	Chainlink	Immunefi BANNED	S2 🌙	L3	ZKProofs.lean	PASS	MEDIUM	$?	FILED Day 88	Immunefi banned — status unknown

joffe-math Theorem Coverage

ECDSAProofs.lean ✅

Covers: S1 reentrancy · UNI-EXT-001 · signature integrity

ZKProofs.lean ✅

Covers: S2 stale_watcher · MAR-001/TN36 · zero-knowledge state

AMMProofs.lean ✅

Covers: S3 regulator_fork · MM-006/SOLV/ARB-003 · AMM invariants

EVMBounds.lean ✅

Covers: S4/S6 shoe shapes · MAR-003 secondary · EVM execution floors

GovernanceProofs.lean ✅

Covers: S5/S7 hat shapes · MAR-002/CB001 · governance integrity

TONPhaseOrder.lean 🔴 SORRY

Covers: S9 phase_order_drain · MAR-003 primary · L7 execution convergence

= adelic_limit_self_adjoint at execution layer · pcdev closes

Immunefi Ban Re-Routing (All Staged ARB-series)

Finding	Protocol	Old target	New route	Contact
MAR-003/ARB-014/016	LayerZero	Immunefi	Direct email	security@layerzero.network
ARB-005	Aave	Immunefi	H1 Aave	hackerone.com/aave
ARB-006	EigenLayer	Immunefi	Direct / H1	security@eigenfoundation.org
ARB-003	Wormhole	Immunefi	Direct	security@wormhole.com
ARB-012	Ethena	Immunefi	Direct / Sherlock	security@ethena.fi
ARB-009	GMX	Immunefi	Code4rena	code4rena.com/gmx
CL-SSRF-001	Chainlink	Immunefi	H1 Chainlink	hackerone.com/chainlink