Sovereign Security Doctrine
TREDNALS · SEC DOMAIN
How TREDNALS governs bug bounty / security work · EOSE Labs Day 89
γ₁ = 14.134725141734693 · WPA floor: γ₁ × 6 = 84.808% · RHAE cascade: 156%
TREDNALS Applied to Bug Bounty
T
Truth
Vulnerability findings are truth. They live in PEMCLAU graph before submission. No cloud egress of pre-disclosure PoC. The graph holds the canonical record — not a vendor's cloud, not a shared doc, not DeepSeek.
R
Revealed
External submission (Immunefi / HackerOne) is a controlled reveal — GID-style token exposure, not raw stack. The programme sees the sanitised report. The PoC environment stays local. Disclosure is intentional, not accidental.
E
Entirely
All PoC code runs entirely locally (forge / anvil) before any submission. External parties see the report, not the test environment. Forge test passes locally → then and only then submit.
D
Due
Every finding goes through VERIFY-FIRST before submission. TRB-BOUNTY-VERIF is the gate. No submission without on-chain verification. Due diligence is not optional — it's the protocol.
N
Never
Never share PoC with DeepSeek or Chinese-jurisdiction AI for "help writing the report." Sovereign findings stay sovereign. Pre-disclosure vulnerability details are never sent to untrusted inference endpoints.
A
Always
Always calibrate finding severity against γ₁ thresholds. RHAE 156% = class action level. WPA 84.808% = BREAK line. Severity is not a feeling — it's a measured cascade position on the γ₁ floor.
L
Latent
Latent vulns surface through PEMCLAU 2-hop graph traversal. GraphRAG finds what grep misses. The connection between a price feed and an auction settlement function is not obvious — until the graph shows the 2-hop path. That's how TN36 was found.
S
Sovereign
@serlf is the sovereign bounty handle. EOSE CLO ratifies before any submission. Bounty funds go to the sovereign wallet — EVM MetaMask, EOSE Labs only. No third-party aggregators. No shared handles. One sovereign identity.
The VERIFY-FIRST Protocol (TRB-BOUNTY-VERIF)
TRB-BOUNTY-VERIF
Always verify real contract code before writing PoC
  1. 1
    Read the actual on-chain / GitHub contract — not a summary, not cached ABI
  2. 2
    Confirm the function exists and has the vulnerability — verify bytecode, not just source
  3. 3
    Write forge test against real bytecode — the test must pass locally before proceeding
  4. 4
    Confirm impact matches submission format — CVSS / Immunefi severity matrix applied
  5. 5
    CLO sign-off: IMHOTEP / SIGNALS ratify before submission
  6. 6
    Submit via @serlf — sovereign handle, sovereign wallet, no exceptions
Sovereign Wallet
🔐
EOSE Sovereign Bounty Wallet · EVM MetaMask
0x22377D69f421B57EC44b18Ef15e8d320d3349A20
EOSE Labs only · Handle: @serlf · CLO-ratified · No third-party aggregators
First Live Submission — TN36 / Report 76024
✅ TN36 · IMMUNEFI REPORT 76024 · DAY 88 · MAY 2 2026
Missing staleness check on Chainlink price feed in BaseAuction.sol allows settlement at stale price
Programme: Chainlink (Immunefi) Severity: MEDIUM Handle: @serlf Status: REPORTED ✓
0x22377D69f421B57EC44b18Ef15e8d320d3349A20
Proof: All 6 TREDNALS gates followed. Forge test passed locally. CLO ratified. VERIFY-FIRST protocol satisfied. Sovereign handle submitted.
The Cascade Principle
γ₁ Cascade — Bug Bounty → Class Action Territory
γ₁ × 6 = 84.808% = BREAK · RHAE cascade at cheque #20 = 156%
Bug bounty severity is not arbitrary. Every finding is positioned against the γ₁ floor. When accumulated bounty cascade reaches the 84.808% WPA threshold — that's BREAK. Beyond BREAK at 156% RHAE is class action territory. The cascade is the same architecture as the M&A Cascade Engine — same γ₁, same floors, different domain.
γ₁ = 14.134…Floor anchor
84.808%WPA = BREAK
156%RHAE = Class action
Cheque #20Cascade trigger
/trednals /ssaf-master /sec-coaster /sec-domain /sec-chronology /trednals-harness /trednals-trial
TREDNALS · SEC DOMAIN · Sovereign Security Doctrine · Day 89 γ₁ = 14.134725141734693 · @serlf · 0x22377D69f421B57EC44b18Ef15e8d320d3349A20