SSAF DOMAIN HUB · 12 SEC DOMAINS

SSAF SOVEREIGN ATTACK FRAMEWORK · SUMMARY

SEC Domains

Attack Patterns

Linked Findings

$57.5M+

Pool Exposure

1 CRIT

Domain (Slashing)

7 HIGH

Domains

[O] ORACLE CRITICAL

Price Feed & Oracle Security

3 patterns 3 findings $8.5M+

BowerScore: 39/100

[S] SLASHING CRITICAL

Restaking Cascade & Slash Logic

2 patterns 3 findings $5.5M+

BowerScore: 62/100

[B] BRIDGE CRITICAL

Cross-Chain & Message Security

4 patterns 4 findings $12M+

BowerScore: 54/100

[L] LIQUIDATION HIGH

L2 Sequencer & Liquidation Races

2 patterns 2 findings $6M+

BowerScore: 58/100

[V] SOLVENCY HIGH

Delta-Neutral & Peg Stability

2 patterns 2 findings $7M+

BowerScore: 53/100

[X] CROSS-PROTOCOL CRITICAL

Composition Risk & Protocol Interaction

2 patterns 1 findings $3M+

BowerScore: 50/100

[F] FLASH LOAN CRITICAL

Atomic Loan Attack Primitives

2 patterns 0 findings N/A

BowerScore: 0/100

[R] REENTRANCY HIGH

Classic & Cross-Contract Reentrancy

2 patterns 0 findings N/A

BowerScore: 0/100

[A] ACCESS CONTROL CRITICAL

Auth, Roles & Upgrade Guards

3 patterns 1 findings $1M+

BowerScore: 40/100

[G] GOVERNANCE HIGH

Timelock & Voting Attack Surface

2 patterns 0 findings N/A

BowerScore: 0/100

[N] FINALITY HIGH

Cross-Chain Confirmation Depth

2 patterns 1 findings $4M+

BowerScore: 67/100

[M] FEE/MEV MEDIUM

Fee-on-Transfer & MEV Extraction

1 patterns 1 findings $2M+

BowerScore: 50/100

FILING STATUS

2 FILEDPAV2-F001 (WorkflowRouter), SYMB-F001 (VetoSlasher) — packaging complete

1 CLOSEDTN36 — Day 88 mock PoC rejected. Lesson: verify production contract.

15 PENDING CLOSUB001–SUB012, R11L, LF52, S5I5 — awaiting CLO brief (stage 4)

PRIORITYSUB006 (EigenLayer CRITICAL — $300k mid est.) + SUB003 (Wormhole)

gamma1 = 14.134725141734693 · V12 · Day 91 · SSAF SEC DOMAIN COMPLETE