A
ARGUS
12-EYE recon + correlation engine
LIVE - Updated 2026-07-07T02:00:03Z
auto-refresh every 10 min
DAY 34 / 90 of 90-day challenge

Snapshot

Methodology Rules
46
cumulative since Day 1
Disclosures Sent
1
awaiting reply
Walks Averted
29
submission slots saved (30d)
Active Findings
1
pending submission/payout

Detail (click to expand)

🎯Active Findings 1
FindingTargetSeverityEst. PayoutStatus
Luno test_bridge.html bridge-enumeration / P3 info-disclosure floorLuno (Bugcrowd)P3 (P2 ceiling pending Cycle 21 runtime retry)P3 floor ~$250-$1,500 (Bugcrowd Luno range); P2 ceiling ~$1-5K if Cycle 21 confirms LimitlessAuthoriseBid silent executionBANKED 2026-05-12 via Cycle 20 static-deep-trace. P1 fund-withdrawal ceiling COLLAPSED (dispatcher allowlist rejects InitiateInstantBuy + InitiateWithdrawal). P3 floor CONFIRMED (test_bridge.html shipped to prod + dispatcher enumeration discloses production endpoint paths + gRPC service paths + payload structures). Kingsley deciding: ship-P3-now OR Cycle 21 runtime retry on BlueStacks/rooted Android for P2 upgrade.
Recent Walks (Methodology Defense) 29
DateTargetReasonSaved
2026-05-12Day 27 actuator corpus (Allstate qa-roadside + IDnow video.test pair)Cycle 18: 3 Tier-1 candidates only serve banner-grabbing endpoints (health/info/prometheus/metrics). High-value endpoints (env/heapdump/loggers/shutdown) all return 404. Rule 33 = unsubmittable. Day 27 249-host corpus retrospectively pre-classified.~30 min Buddy time + decisive Rule 33 calibration; don't re-audit Day 27 corpus
2026-05-12Polymarket multi-audit Sub-rule 38.4 sweep (Cantina BB $5M pool)Cycle 19: 1 DRIFT found = M-01 DELAY_PERIOD=0 (audit recommended INCREASING, team removed via PR #33), but that's the closed-Duplicate #570 finding per brief constraint. ALL other audit-asserted invariants HOLD in current HEAD across ChainSecurity Exchange + UMA + Multi-Outcome.~50 min Buddy time + Polymarket Sub-rule 38.4 surface confirmed saturated
2026-05-12Luno test_bridge.html runtime PoC (Bugcrowd)Cycle 20: P1 fund-withdrawal ceiling COLLAPSED via static-deep-trace. Dispatcher allowlist rejects InitiateInstantBuy + InitiateWithdrawal. Day 25 P1 hypothesis bust. P3 floor confirmed instead.~30 min + saved from false-P1-submission deposit burn
2026-05-11Veda + Lombard + Aera + Renzo NatSpec Sub-rule 38.5 (Cycle 17)4/4 walk-clean on 38.5 retroactive sweep. ~697 NatSpec entries examined. Yield zone refined to un-audited-rich-NatSpec only.~60 min Buddy time + Sub-rule 38.5 yield zone decisively calibrated
2026-05-11Hyperlane CCTP downstream deployers (Cycle 16, Sub-rule 38.3)Hyperlane registry only contains Hyperlane-owned routes. 3rd-party CCTP warp-routes require chain-explorer bytecode-signature scanning (ARGUS-class multi-cycle). Banked for ARGUS EYE 13.~30 min + EYE 13 spec confirmed needed
2026-05-11Hyperlane core Sub-rule 38.4 (Cycle 15-B)Audit-asserted invariants HOLD on Hyperlane canonical deployments. Bug visible in source-only deployments (PR #8519 TokenBridgeCctp) walks Hyperlane's own scope.~45 min + Hyperlane 38.4 surface clean
2026-05-11Aera v3 Sub-rule 38.4 (Cycle 14)All audit-asserted invariants HOLD on current HEAD. Multi-firm audit discipline confirmed.~50 min
2026-05-11Lombard Finance Sub-rule 38.4 (Cycle 13)All audit-asserted invariants HOLD on current HEAD.~45 min
📚Rules Banked 46
#RuleDateSummary
RULE 43Rule 38 yield-targeting filter2026-05-11Pre-cycle audit-discipline scoring filters target list. Veda-class (multi-firm + recent cadence + clean prior outcomes) = HIGH-discipline LOW-yield = skip Rule 38 cycle entirely. Calibrated against 9 walks across Tier-1 Solidity perimeter.
RULE 42Walk-clean is a VALID verdict2026-05-11Walks compound methodology + indirect revenue (Securva positioning, Cantina rep, banked rules) even at $0 direct payout. Dual-revenue compound model.
RULE 41BB-velocity-favorable for Rule 382026-05-11Continuous BB programs (Immunefi/H1/BC/Cantina BB) > private contests (Cantina/C4/Sherlock) for Rule 38. Per-tier fixed rewards vs pool-split contest economics. dYdX (continuous BB, $1M Critical) > Polymarket (contest, $5M pool but cluster-split).
RULE 40Private-contest dup-blindness structural Gate 4 cap2026-05-11Cantina/C4/Sherlock SEAL submissions during contest window. Gate 4 cannot fire reliably. Polymarket #570 founder case (8-finder cluster). Dup-economics flatten upside even for 1st-finder.
RULE 38.5NatSpec / inline-doc implementation drift (Sub-rule)2026-05-12 (yield-zone-calibrated)Code-only sister of 38.4. NatSpec/godoc/JSDoc/docstring claims vs implementation. Yield zone = un-audited-rich-NatSpec ONLY (skip already-audited per Cycle 17 4/4 walk). Skill v0.2 shipped.
RULE 38.4Audit-documented safety-net break (Sub-rule)2026-05-11Audit prose asserts invariant as established fact -> post-audit PR silently breaks it. HIGH-Critical regression class. dYdX V4 founder case (PR #2099 inverted DecommissionNonPositiveEquityVaults, broke line-980 invariant). Skill v0.1 shipped.
📊Programs & Scope 943 programs
Programs
943
934 active / 9 suspended
In-Scope Assets
47,358
across all programs
Vendor Clusters
9
52 members
Total Signals
20,560
cumulative all EYEs
🚨Signal Tiers 41 T1 / 4175 T2 / 13,511 T3
Tier-1 Alerts
41
submission-worthy
Tier-2 Signals
4175
deferred / follow-up
Tier-3 Signals
13,511
tracking / informational
Unprocessed 24h
5
awaiting Brain
👁️EYE Breakdown 19,670 signals across 9 EYEs
EYE_0: 2047EYE_1: 3234EYE_2: 0EYE_3: 102EYE_4: 1723EYE_5: 10181EYE_10: 2364EYE_11: 9EYE_12: 10
📡Recent Tier-1 + Tier-2 Signals 30
TierEYETypeTargetDetected
Tier-2EYE 10all-a-records-migrateddocs.immutable.com1h ago
Tier-2EYE 10all-a-records-migratedapi.pinterest.com1h ago
Tier-2EYE 10all-a-records-migratedchrome.google.com1h ago
Tier-2EYE 10all-a-records-migratedwiki.atom-lens.com1h ago
Tier-2EYE 10all-a-records-migrateddigits.t-mobile.com1h ago
Tier-2EYE 10all-a-records-migratedapi.t-mobile.com1h ago
Tier-1EYE 14cantina-bb-new-launchOndo Perps5h ago
Tier-2EYE 4github-commit-newhttps://github.com/anza-xyz/agave5h ago
Tier-2EYE 4github-commit-newhttps://github.com/anza-xyz/agave5h ago
Tier-2EYE 4github-commit-newhttps://github.com/anza-xyz/agave7h ago
Tier-2EYE 10all-a-records-migratedwww.microsoft.com7h ago
Tier-2EYE 10all-a-records-migrateditunes.apple.com7h ago
Tier-2EYE 10all-a-records-migrateddocs.immutable.com7h ago
Tier-2EYE 10all-a-records-migratedchrome.google.com7h ago
Tier-2EYE 10all-a-records-migratedwiki.atom-lens.com7h ago
Tier-2EYE 10all-a-records-migrateddigits.t-mobile.com7h ago
Tier-2EYE 4github-commit-newhttps://github.com/anza-xyz/agave8h ago
Tier-2EYE 4github-commit-newhttps://github.com/anza-xyz/agave8h ago
Tier-2EYE 4github-commit-newhttps://github.com/anza-xyz/agave9h ago
Tier-2EYE 11sherlock-contest-state-changeMetric9h ago
Tier-2EYE 4github-commit-newhttps://github.com/anza-xyz/solana-sdk10h ago
Tier-2EYE 4github-commit-newhttps://github.com/morpho-org/morpho-blue12h ago
Tier-2EYE 4github-commit-newhttps://github.com/morpho-org/morpho-blue12h ago
Tier-2EYE 4github-commit-newhttps://github.com/anza-xyz/agave12h ago
Tier-2EYE 4github-commit-newhttps://github.com/anza-xyz/agave12h ago
📂Sourcemap Captures (EYE 3) 15
HostPathSizeFilesRecovered
wallet.opensea.io/assets/index-ChUom2EN.js.map9237.2 KB12393d ago
wallet.opensea.io/assets/index-D7cAKYg5.js.map9237.2 KB12395d ago
wallet.opensea.io/assets/index-CAn_Zhwi.js.map9236.8 KB12397d ago
marketplace.auth0.com/_next/static/chunks/pages/_app-3c09d119...5731.2 KB12158d ago
wallet.opensea.io/assets/index-DY5DVyTs.js.map9350.8 KB12409d ago
wallet.opensea.io/assets/index-DW_IxaZN.js.map9350.8 KB124010d ago
marketplace.auth0.com/_next/static/chunks/webpack-bb40dc0513f...13.4 KB2111d ago
wallet.opensea.io/assets/index-BvT1YcQ5.js.map9350.8 KB124011d ago
marketplace.auth0.com/_next/static/chunks/pages/_app-d109e459...5731.2 KB121512d ago
wallet.opensea.io/assets/index-ClfwKH1w.js.map9350.8 KB124012d ago
marketplace.auth0.com/_next/static/chunks/pages/_app-93c7e69d...5729.9 KB121513d ago
wallet.opensea.io/assets/index-DV3hstRX.js.map9350.8 KB124013d ago
wallet.opensea.io/assets/index-DFJK-FQb.js.map9350.8 KB124014d ago
wallet.opensea.io/assets/index-idPQEQk7.js.map9350.8 KB124015d ago
wallet.opensea.io/assets/index-C1PFeTg7.js.map9350.8 KB124018d ago
🔧Recent High-Signal GitHub Commits (EYE 4) 15 of 23 watched repos
RepoLabelSHAMessageCommitted
babylonlabs-io/babyloncve_reference7791059177d9chore(deps): bump github.com/shamaton/msgpack/v2 from 2.2.0 to 2.4.1 in the go_modules gro5d ago
anza-xyz/agavesecurity05e0183465ffXdp Test Harness (#13359)9d ago
anza-xyz/agavegeneric_bypassb5b1f6ee2bc3xdp: use af-xdp for gossip egress traffic (#13141)11d ago
Truelayer/truelayer-signingghsa_advisoryc9603e84b053Python: bump cryptography upper bound from <45 to <47 (#389)18d ago
Truelayer/truelayer-signingsecurity42a37e392f03Pin third-party actions to commit SHAs (#418)18d ago
Truelayer/truelayer-signingsecurity33c9a810a2e5Run CodeQL only for languages changed in a PR (#409)20d ago
anza-xyz/agavegeneric_bypass9376529ed557rpc: fix WS pubsub subscription cap bypass via duplicate params (#12594)38d ago
anza-xyz/agavefix_class52e9e4b4ae5fblockstore_processor: fix BlockFooter race condition (#12780)40d ago
babylonlabs-io/babylonsecurityfe3dd3e8c59afix: backport wrong-epoch VE and stake-expansion early-unbond security fixes from release/40d ago
anza-xyz/solana-sdksecuritycbc1ecfe4375[BLS] update screening doc; improve security boundary (#709)53d ago
coinbase/smart-walletsecuritye7fde11a50faAdd SECURITY.md (#167)69d ago
Uniswap/v4-peripherygeneric_bypass9dafaaecc1e2fix: pin npm to specific version in deploy workflow (#520)95d ago
babylonlabs-io/babylonsecurityd00e68415909chore(deps): bump google.golang.org/grpc from 1.77.0 to 1.79.3 in the go_modules group acr104d ago
babylonlabs-io/babylonsecurity65d793a0a8b8ci: enhance backport workflow security (#1977)112d ago
Uniswap/UniswapXsecurity9c8f9017a694fix: resolve zizmor GitHub Actions security findings (#362)118d ago
⚖️Sherlock Contest Watcher (EYE 11) 1 active / 299 tracked / $121,000 active pool

Top active contests

TitlePoolStatusEnds
Metric Audit Contest$121,000RUNNING1785164400

Recent state transitions

TitleTransitionPoolDetected
Metric Audit ContestCREATED -> RUNNING$121,0009h ago
DRE App - dreUSDRUNNING -> JUDGING$48,00019d ago
DRE App - dreUSDCREATED -> RUNNING$48,00028d ago
XRP Ledger - April 2026ESCALATING -> SHERLOCK_JUDGING$519,00029d ago
XRP Ledger - April 2026SHERLOCK_JUDGING -> ESCALATING$519,00031d ago
XRP Ledger - April 2026ESCALATING -> SHERLOCK_JUDGING$519,00031d ago
XRP Ledger - April 2026SHERLOCK_JUDGING -> ESCALATING$519,00031d ago
🏆Cantina Contest Watcher (EYE 12) 1 active / 143 tracked / $400,000 active pool

Top active contests

TitlePoolStatusEnds
Morpho MidnightUSDC $400,000escalations24d ago

Recent state transitions

TitleTransitionPoolDetected
Morpho Midnightjudging -> escalations$400,0007d ago
Morpho Midnightlive -> judging$400,00024d ago
Reserve Governorescalations_ended -> complete$30,00025d ago
Revert Finance - StableSwap Hooksescalations_ended -> complete$50,00031d ago
Reserve Governorescalations -> escalations_ended$30,00040d ago
Revert Finance - StableSwap Hooksescalations -> escalations_ended$50,00045d ago
Reserve Governorjudging -> escalations$30,00048d ago
Revert Finance - StableSwap Hooksjudging -> escalations$50,00049d ago
🏢Vendor Clusters 9
ClusterMembers
FDJ-Kindred16
ByteDance-TLB8
Atlassian-Edge7
Salesforce-Experience-Cloud6
Apple-Geneva-Staging5
Intergamma4
IDnow2
Mozilla-allizom-Staging2
AutoDiscovered-GitRepo-intergamma/shopfront2
🔄Recent State Transitions 10
HostNoteDetected
-state changed suspended->active21d ago
-state changed suspended->active28d ago
-state changed suspended->active28d ago
-state changed suspended->active48d ago
-state changed suspended->active49d ago
-state changed suspended->active49d ago
-state changed suspended->active49d ago
-state changed suspended->active50d ago
🧠BRAIN State (Cycle 75) 4
EventDetail
[2026-07-07T00:30:03Z] BRAIN v1 tick complete: signals=55 R0=0 R1=0 R2=0 R3=0 R4=0 (retest passed=0 failed=0) R5=0 R6=0 R7=0
FIRED[2026-07-02T22:30:01Z] R3 fired: cisconetworking@bugcrowd - 12 Tier-3 signals in 24h
FIRED[2026-07-03T00:30:02Z] R3 fired: mondelez@hackerone - 10 Tier-3 signals in 24h
FIRED[2026-07-03T02:30:02Z] R3 fired: mondelez@hackerone - 63 Tier-3 signals in 24h
FIRED[2026-07-06T10:30:02Z] R3 fired: telenor-sweden-public-bug-bounty-program@yeswehack - 16 Tier-3 signals in 24h
🎯Skill Ecosystem 17
SkillVersionStatus
audit-documented-safety-net-checkv??
audit-saturation-pre-checkv??
clarity-audit-primitivesv??
cross-bridge-reconciliation-primitivesv0.3PRODUCTION
deep-invariant-analysisv??
hyperevm-audit-primitivesv0.3PRODUCTION
module-pair-asymmetry-checkv??
natspec-implementation-drift-checkv0.4PRODUCTION
securva-operational-securityv??
skeptic-gate-7-automatorv0.1PRODUCTION
skill-to-eye-translatorv0.2PRODUCTION
solana-audit-primitivesv0.4PRODUCTION
soroban-foundry-equivalentv??
sub-agent-parallel-explorerv0.1PRODUCTION
submission-approval-tg-routerv0.1PRODUCTION
submission-body-templaterv0.1PRODUCTION
web2-differential-testingv??
💰Pre-Banked Inventory 6
CandidateTargetSeverityPayout rangeOrigin
hybra-drift-a-testnet-constantsHybra FinanceCritical$100,000 - $500,000Cycle 30
hybra-drift-b-gauge-bypassHybra FinanceMedium$10,000 - $50,000Cycle 30
sukukfi-h01-unauthorized-withdrawSukukFiCritical$100,000 - $500,000Cycle 31
megapot-h01-arbitrary-bridge-callMegapotHigh$20,000 - $100,000Cycle 35
megapot-m08-payout-calculator-temporalMegapotMedium$5,000 - $50,000Cycle 69
fresh-launch-immunefi-ssvnetworkSSV NetworkHIGH$10,000 - $100,000Cycle 0
👁EYE Ticker 22
EYEStatusLast fireLast line
eye-fresh-small-publicok99 min agofeed written: /home/babakinzo/bounty/coord/money-lane-leads.json
eye-to-idan-bridgeok0 min ago[2026-07-07T02:00:03Z] eye-bridge: tick complete scanned=0 inserted=0 capped=0
eye1ok55 min ago[2026-07-07T01:05:03Z] EYE 1 tick complete: programs+=0 assets+=0 probes_fired=0 tier1_hits=0
eye10ok99 min ago[2026-07-07T00:20:44Z] EYE 10 tick complete: hosts=200 new_baselines=0 drifts=6 (issuer=0, san=0, cname=0, a-records=6)
eye11ok29 min ago[2026-07-07T01:30:09Z] tick complete: contests=299 new_signals=0 tier_1=0
eye12ok25 min ago[2026-07-07T01:35:03Z] tick complete: contests=143 new_signals=0 tier_1=0
eye13ok114 min ago[2026-07-07T00:05:54Z] EYE 13 scan done: 3 tier-1 + 0 tier-2 pattern hits (0 new across all targets)
eye14ok20 min ago[2026-07-07T01:40:01Z] tick complete: programs=70 new_signals=0 tier_1=0
eye15ok114 min ago[2026-07-07T00:05:58Z] EYE 15 scan done: 4 tier-1 + 37 tier-2 Solana primitive hits (0 new across all targets)
eye16ok109 min ago[2026-07-07T00:10:32Z] EYE 16 scan done: 51 tier-1 + 93 tier-2 HyperEVM primitive hits (0 new)
eye17ok104 min ago[2026-07-07T00:15:22Z] EYE 17 scan done: 3 tier-1 + 17 tier-2 cross-bridge primitive hits (0 new)
eye19ok99 min ago[2026-07-07T00:20:22Z] EYE 19 v0.2 scan done
eye2-watchdogold5180 min ago[2026-07-03T11:40:01Z] watchdog: EYE 2 launched as PID 2265653
eye2ok0 min ago[2026-07-07T01:59:55Z] [*] sleeping 15s before reconnect
eye20ok95 min ago[2026-07-07T00:25:03Z] EYE 20 scan done
eye22ok89 min ago[2026-07-07T00:30:38Z] EYE 22 scan done
eye23ok75 min ago[2026-07-07T00:45:03Z] EYE 23 scan done
eye26ok117 min ago[2026-07-07T00:02:49Z] eye26: DONE total_new=0 total_tier1=0
eye27-scope-db-staleness-detectorstale1317 min ago[2026-07-06T04:02:44Z] eye27: DONE processed=67 programs_with_diffs=3
eye3stale1312 min ago[2026-07-06T04:07:21Z] EYE 3 tick complete: hosts_scanned=100 new_recoveries=0 new_diffs=0 tier2_signals=0
eye4ok29 min ago[2026-07-07T01:30:09Z] EYE 4 tick complete: polled=22 errors=1 new_commits=0 high_signal=0
eye5ok119 min ago[2026-07-07T00:00:25Z] EYE 5 tick complete: members=52 new-baselines=0 drift=8 new-exposures=0
🏆Recent Cycle Wins 8
CycleVerdict
Cycle 141unknown
Cycle 132unknown
Cycle 131unknown
Cycle 130unknown
Cycle 129unknown
Cycle 128unknown
Cycle 128unknown
Cycle 128unknown
Cycle 126unknown
Cycle 126unknown
🤖Idan Investigations (Tier 3 v0.1) 5
When (UTC)NoveltyTaxonomyConfidenceBrief
2026-07-03 08:34:02NEAR-NOVELW-PATHTRAV,W-RCENORMALDulwich recursive-clone submodule path traversal drops .git/hooks payload -> RCE; hunt repo-ingesting services.
2026-07-03 08:33:11KNOWN-IN-TAXONOMY-LOWEYE 23 web3-launch ping, empty payload, no URL - nothing to investigate.
2026-07-03 08:32:54KNOWN-IN-TAXONOMY-LOWEYE-11 tick: 1 new tier-1 Sherlock contest detected; needs contest-level resolution before analysis.
2026-07-03 08:32:20NEAR-NOVELW1NORMALSteeltoe kid-only JWKS cache lets one IdP's key validate another's tokens; Web2 auth lane.
2026-07-03 08:31:42KNOWN-IN-TAXONOMYW1,O1NORMALSimpleSAMLphp SAML XPath-transform DoS; Web2 SSO lane, transform-allowlist class, DoS-only low yield.
🔬Idan (multi-modal autonomous researcher) open full view →
18
total candidates banked
3
hunts confirmed
14
novel primitives promoted
3
modalities active
Web3 (5) / Web2 (12) / Mobile (1) | novel-primitive triager →
🌐Cross-Modal Stats (Cycle 123) 3 lanes
ModalityCandidatesHUNT ConfirmedConversion
Web35360.0%
Web21200.0%
Mobile100.0%
🆕Novel-Primitive Candidates (Operator review queue) 14 promoted / 149 total
Triage summary: PROMOTED 14 | DEFERRED 93 | ARCHIVED 42
CodeNameModalityPrioritySource Book
PROP_LAYER7SLOWLORISASYMMETRICLayer7SlowlorisAsymmetricweb20.772Chang Tan - Ultimate Cyberwarf
PROP_SLOWLORISAPPLICATIONDDOSSlowlorisApplicationDDoSinfra0.676Chang Tan - Ultimate Cyberwarf
PROP_SOCIAL_MEDIA_PROFILE_TARGSocial-Media-Profile-Targetingweb20.670threathuntingwithelasticstack.
PROP_DOM_CLOBBERINGDOM-Clobberingweb20.666Web_Hacking_Arsenal.pdf
PASTE_JWTKIDPATHTRAVERSALEMPTYJWTKidPathTraversalEmptyKeyweb20.666manual_paste_podcast
PROP_PASSIVEOSINTSURFACEMAPPINPassiveOSINTSurfaceMappingweb20.658CEH_v12_Certified_Ethical_Hack
PROP_TROJANIZEDTHIRDPARTYINSTATrojanizedThirdPartyInstallercross-domain0.658Hacking the Hacker.pdf
PROP_TLS_DOWNGRADE_STRIPTLS-Downgrade-Stripweb20.658Security + 701 Book.pdf