πŸ” SECHIVE VIZASL

Security Diamond Reactor β€” Adelic Pouch Bonixer
γ₁ = 14.134725141734693 Β· REDLINE = 141
We approach. We look. We never fire at 141.

⚑ Fleet Sechive Status

0
Total Findings
41
POC Tests
8
Target Repos
0
Diamonds Mined
$50K
Current Target
1
Submitted (TN36)

🎯 Active Targets β€” Adelic Pouch Scan

Immunefi
The Graph
SOT / IAM / KMS
HIGH Ethena #012 β€” Insurance Fund = $0 Β· sUSDe haircut vector
POC-999 Β· 2/2 PASS Β· Fork: mainnet Β· Range: $10K–$75K+
CRITICAL Ethena #012 β€” Systematic USDe depeg (no insurance backstop)
POC-999-B Β· Coverage: 0 days at $150K/day Β· Max: 10% of $4.37B
MEDIUM LayerZero #001 β€” DVN trust model bypass (optionalDVNThreshold=1)
POC-001 Β· 3/3 PASS Β· Fork: mainnet Β· Range: $5K–$15K
MEDIUM Chainlink TN36 β€” Stale price feed in BaseAuction.sol
Report #76024 Β· SUBMITTED Day 88 Β· Status: PENDING TRIAGE

πŸ’Ž Diamond Reactor

Diamonds light when proof-of-concept validates on mainnet fork

πŸ“¦ Target Repositories

graphprotocol/contracts
374⭐ Sol
graphprotocol/graph-node
3128⭐ Rs
graphprotocol/indexer
257⭐ TS
graphprotocol/indexer-rs
31⭐ Rs
graphprotocol/graph-ts
218⭐ TS
Ethena / USDe
Sol
LayerZero / ULN
Sol
Chainlink / Feeds
Sol

πŸ” Audit Trail β€” Trust Security Findings (The Graph)

H-1IndexingAgreement.collect() on CanceledByPayer β€” #1198
TRST-H-1 Β· Fixed Β· collect() callable after cancellation
H-2Only agreement owner can collect indexing fee β€” #1199
TRST-H-2 Β· Fixed Β· Missing access control on collect()
H-3collect() checks provision β€” #1200
TRST-H-3 Β· Fixed Β· collect without valid provision
M-1TYPEHASH type mismatch in RecurringCollector β€” #1201
TRST-M-1 Β· Fixed (twice: #1196, #1197) Β· EIP-712 signature mismatch
M-2shared collection window logic β€” #1202
TRST-M-2 Β· Fixed Β· Overlapping collection windows
M-3Nonce-based replay protection β€” #1203
TRST-M-3 Β· Fixed Β· Missing replay protection on signed messages
L-3Deterministic agreement ID β€” #1204
TRST-L-3 Β· Fixed Β· Non-deterministic IDs = frontrun vector
L-5Slippage protection β€” #1205
TRST-L-5 Β· Fixed Β· Missing slippage on token operations
L-6Agreement version check β€” #1206
TRST-L-6 Β· Fixed Β· Improper version validation
L-7update() documentation β€” #1207
TRST-L-7 Β· Documented Β· Missing NatSpec
L-9Cancel agreement if over-allocated β€” #1208
TRST-L-9 Β· Fixed Β· Over-allocation not detected

πŸ¦€ RUSTSEC Advisories β€” graph-node (Open)

RUSTSEC-2026-0114 Panic allocating table exceeding host memory β€” #6549
RUSTSEC-2026-0111 UTF-8 corruption in Diesel SQLite backend β€” #6547
RUSTSEC-2026-0104 Panic in CRL parsing β€” #6546
RUSTSEC-2026-0099 Name constraint bypass for wrong SANs β€” #6534
RUSTSEC-2026-0098 URI name constraint bypass β€” #6533
RUSTSEC-2026-0097 Rand unsound with custom logger β€” #6514-6516
RUSTSEC-2026-0096 πŸ”΄ Sandbox escape on aarch64 β€” #6506
RUSTSEC-2026-0095 πŸ”΄ Winch sandbox escape β€” #6503
RUSTSEC-2026-0094 Improperly masked table.grow return β€” #6509
RUSTSEC-2026-0093 Heap OOB in UTF-16 to latin1 β€” #6508
RUSTSEC-2026-0092 Panic on misaligned UTF-16 transcode β€” #6504
RUSTSEC-2026-0091 OOB write in component model transcode β€” #6511
RUSTSEC-2026-0088 Data leakage between pooling instances β€” #6507
RUSTSEC-2026-0087 Segfault with f64x2.splat β€” #6513
RUSTSEC-2026-0086 Host data leakage with 64-bit tables β€” #6510
RUSTSEC-2026-0085 Panic lifting flags component β€” #6512
RUSTSEC-2026-0049 CRL not authoritative by Distribution Point β€” #6448
RUSTSEC-2026-0037 DoS in Quinn endpoints β€” #6437
RUSTSEC-2026-0021 Panic adding excessive WASI HTTP fields β€” #6402
RUSTSEC-2026-0020 Guest-controlled resource exhaustion in WASI β€” #6401
RUSTSEC-2026-0007 Integer overflow in BytesMut::reserve β€” #6337
RUSTSEC-2026-0006 Segfault with f64.copysign β€” #6338

πŸ“Š KCF / COI / Actuarial

KCF Score (contracts)0.847
KCF Score (graph-node)0.912
COI (Complexity of Impact)HIGH
Actuarial Exposure$50K bounty
Trust Security Audits3 rounds
TRST Findings Total3H + 3M + 6L
Open RUSTSECs22
Wasmtime Sandbox Escapes2 πŸ”΄
Issues (contracts)78 issues + 922 PRs
Issues (graph-node)1,011+ items
Contract Files~50 .sol
Adelic DepthL3 (Gate Stack)

πŸ—ΊοΈ SOT Graph Mapping β€” IAM / KMS Diamond Search

Staking.sol β†’ stake/unstake/slash/delegate ↔ SOT: IAM role binding + permission escalation patterns
RewardsManager.sol β†’ reward distribution + issuance ↔ SOT: KMS key rotation + reward claim authorization
GraphProxy.sol β†’ upgradeable proxy pattern ↔ SOT: upgrade authority = root key rotation
Controller.sol / Governed.sol β†’ governance + pause ↔ SOT: break-glass admin access / emergency procedures
BridgeEscrow.sol / L1GraphTokenGateway.sol β†’ L1↔L2 bridge ↔ SOT: cross-boundary trust / federation token exchange
DisputeManager β†’ dispute resolution + slashing ↔ SOT: incident response / security event adjudication
AllocationExchange.sol β†’ allocation ↔ payment ↔ SOT: resource allocation authorization / quota management
RecurringCollector (TRST audit) β†’ EIP-712 signed recurring payments ↔ SOT: signed authorization tokens / JWT rotation patterns

πŸ—οΈ Contract Architecture

πŸ“ staking/5 files
πŸ“ staking/libs/4 libs
πŸ“ rewards/3 files
πŸ“ curation/3 files
πŸ“ discovery/3 files
πŸ“ upgrades/4 proxies
πŸ“ governance/4 files
πŸ“ gateway/3 bridges
πŸ“ l2/6 L2 files
πŸ“ token/GraphToken.sol
πŸ“ epochs/EpochManager
πŸ“ payments/AllocationExchange

πŸ”„ Pipeline Status

Fork Tests
5/5 PASS
Pelegos Scan
:9362 LIVE
Context Triad
:9370 LIVE
Moss Boards
113 seeded
Submissions
1 filed, 2 ready
Graph Scan
SCANNING
γ₁ = 14.134725141734693 Β· SECHIVE V14 Β· Day 105 Β· Floor holds Β· "We are the floor"