A
ARGUS
12-EYE recon + correlation engine
LIVE - Updated 2026-05-12T08:00:01Z
auto-refresh every 10 min
DAY 33 / 90 of 90-day challenge

Snapshot

Methodology Rules
43
cumulative since Day 1
Disclosures Sent
1
awaiting reply
Walks Averted
22
submission slots saved (30d)
Active Findings
1
pending submission/payout

Detail (click to expand)

🎯Active Findings 1
FindingTargetSeverityEst. PayoutStatus
dYdX V4 GetMegavaultEquity asymmetric mutation #261dYdX V4 (Cantina BB)CRITICAL (Likelihood High, Impact High)HIGH band 0K-150K modal (45%); CRITICAL 50K-500K possible (35%); confidence-weighted ~140KSUBMITTED Cantina Finding #261 - 2026-05-12 05:02 UTC, Status New (awaiting triage). 5 evidence pillars + REDTEAMER POV + Why-not-informational pre-emption. Severity rationale maps to dYdX-published Critical-tier (unauthorized minting/printing of value).
Luno test_bridge.html bridge-enumeration / P3 info-disclosure floorLuno (Bugcrowd)P3 (P2 ceiling pending Cycle 21 runtime retry)P3 floor ~$250-$1,500 (Bugcrowd Luno range); P2 ceiling ~$1-5K if Cycle 21 confirms LimitlessAuthoriseBid silent executionBANKED 2026-05-12 via Cycle 20 static-deep-trace. P1 fund-withdrawal ceiling COLLAPSED (dispatcher allowlist rejects InitiateInstantBuy + InitiateWithdrawal). P3 floor CONFIRMED (test_bridge.html shipped to prod + dispatcher enumeration discloses production endpoint paths + gRPC service paths + payload structures). Kingsley deciding: ship-P3-now OR Cycle 21 runtime retry on BlueStacks/rooted Android for P2 upgrade.
Recent Walks (Methodology Defense) 22
DateTargetReasonSaved
2026-05-12Day 27 actuator corpus (Allstate qa-roadside + IDnow video.test pair)Cycle 18: 3 Tier-1 candidates only serve banner-grabbing endpoints (health/info/prometheus/metrics). High-value endpoints (env/heapdump/loggers/shutdown) all return 404. Rule 33 = unsubmittable. Day 27 249-host corpus retrospectively pre-classified.~30 min Buddy time + decisive Rule 33 calibration; don't re-audit Day 27 corpus
2026-05-12Polymarket multi-audit Sub-rule 38.4 sweep (Cantina BB $5M pool)Cycle 19: 1 DRIFT found = M-01 DELAY_PERIOD=0 (audit recommended INCREASING, team removed via PR #33), but that's the closed-Duplicate #570 finding per brief constraint. ALL other audit-asserted invariants HOLD in current HEAD across ChainSecurity Exchange + UMA + Multi-Outcome.~50 min Buddy time + Polymarket Sub-rule 38.4 surface confirmed saturated
2026-05-12Luno test_bridge.html runtime PoC (Bugcrowd)Cycle 20: P1 fund-withdrawal ceiling COLLAPSED via static-deep-trace. Dispatcher allowlist rejects InitiateInstantBuy + InitiateWithdrawal. Day 25 P1 hypothesis bust. P3 floor confirmed instead.~30 min + saved from false-P1-submission deposit burn
2026-05-11Veda + Lombard + Aera + Renzo NatSpec Sub-rule 38.5 (Cycle 17)4/4 walk-clean on 38.5 retroactive sweep. ~697 NatSpec entries examined. Yield zone refined to un-audited-rich-NatSpec only.~60 min Buddy time + Sub-rule 38.5 yield zone decisively calibrated
2026-05-11Hyperlane CCTP downstream deployers (Cycle 16, Sub-rule 38.3)Hyperlane registry only contains Hyperlane-owned routes. 3rd-party CCTP warp-routes require chain-explorer bytecode-signature scanning (ARGUS-class multi-cycle). Banked for ARGUS EYE 13.~30 min + EYE 13 spec confirmed needed
2026-05-11Hyperlane core Sub-rule 38.4 (Cycle 15-B)Audit-asserted invariants HOLD on Hyperlane canonical deployments. Bug visible in source-only deployments (PR #8519 TokenBridgeCctp) walks Hyperlane's own scope.~45 min + Hyperlane 38.4 surface clean
2026-05-11Aera v3 Sub-rule 38.4 (Cycle 14)All audit-asserted invariants HOLD on current HEAD. Multi-firm audit discipline confirmed.~50 min
2026-05-11Lombard Finance Sub-rule 38.4 (Cycle 13)All audit-asserted invariants HOLD on current HEAD.~45 min
📚Rules Banked 43
#RuleDateSummary
RULE 43Rule 38 yield-targeting filter2026-05-11Pre-cycle audit-discipline scoring filters target list. Veda-class (multi-firm + recent cadence + clean prior outcomes) = HIGH-discipline LOW-yield = skip Rule 38 cycle entirely. Calibrated against 9 walks across Tier-1 Solidity perimeter.
RULE 42Walk-clean is a VALID verdict2026-05-11Walks compound methodology + indirect revenue (Securva positioning, Cantina rep, banked rules) even at $0 direct payout. Dual-revenue compound model.
RULE 41BB-velocity-favorable for Rule 382026-05-11Continuous BB programs (Immunefi/H1/BC/Cantina BB) > private contests (Cantina/C4/Sherlock) for Rule 38. Per-tier fixed rewards vs pool-split contest economics. dYdX (continuous BB, $1M Critical) > Polymarket (contest, $5M pool but cluster-split).
RULE 40Private-contest dup-blindness structural Gate 4 cap2026-05-11Cantina/C4/Sherlock SEAL submissions during contest window. Gate 4 cannot fire reliably. Polymarket #570 founder case (8-finder cluster). Dup-economics flatten upside even for 1st-finder.
RULE 38.5NatSpec / inline-doc implementation drift (Sub-rule)2026-05-12 (yield-zone-calibrated)Code-only sister of 38.4. NatSpec/godoc/JSDoc/docstring claims vs implementation. Yield zone = un-audited-rich-NatSpec ONLY (skip already-audited per Cycle 17 4/4 walk). Skill v0.2 shipped.
RULE 38.4Audit-documented safety-net break (Sub-rule)2026-05-11Audit prose asserts invariant as established fact -> post-audit PR silently breaks it. HIGH-Critical regression class. dYdX V4 founder case (PR #2099 inverted DecommissionNonPositiveEquityVaults, broke line-980 invariant). Skill v0.1 shipped.
📊Programs & Scope 892 programs
Programs
892
883 active / 9 suspended
In-Scope Assets
45,360
across all programs
Vendor Clusters
9
52 members
Total Signals
2,861
cumulative all EYEs
🚨Signal Tiers 12 T1 / 926 T2 / 1,923 T3
Tier-1 Alerts
12
submission-worthy
Tier-2 Signals
926
deferred / follow-up
Tier-3 Signals
1,923
tracking / informational
Unprocessed 24h
2
awaiting Brain
👁️EYE Breakdown 2,861 signals across 9 EYEs
EYE_0: 38EYE_1: 1069EYE_2: 0EYE_3: 20EYE_4: 684EYE_5: 818EYE_10: 231EYE_11: 0EYE_12: 1
📡Recent Tier-1 + Tier-2 Signals 30
TierEYETypeTargetDetected
Tier-2EYE 12cantina-contest-state-changeRoyco Dawn1h ago
Tier-2EYE 4github-commit-newhttps://github.com/anza-xyz/agave1h ago
Tier-2EYE 10all-a-records-migratedwww.microsoft.com1h ago
Tier-2EYE 10all-a-records-migrateditunes.apple.com1h ago
Tier-2EYE 10cname-migration-detectedapi.pinterest.com1h ago
Tier-2EYE 10all-a-records-migratedapi.pinterest.com1h ago
Tier-2EYE 10all-a-records-migratedchrome.google.com1h ago
Tier-2EYE 10all-a-records-migratedwww.shffls.com1h ago
Tier-2EYE 10all-a-records-migratedhub.immutable.com1h ago
Tier-2EYE 10all-a-records-migrateddocs.immutable.com1h ago
Tier-2EYE 10all-a-records-migratedapi.us1.fga.dev1h ago
Tier-2EYE 10all-a-records-migratedwiki.atom-lens.com1h ago
Tier-2EYE 10all-a-records-migratedwww.sophos.com1h ago
Tier-2EYE 10all-a-records-migrateddocs.sophos.com1h ago
Tier-2EYE 10all-a-records-migratedwww.assurancewireless.com1h ago
Tier-2EYE 10all-a-records-migrateddocsite.vistarmedia.com1h ago
Tier-2EYE 10all-a-records-migratedtranscodes-cdn.vistarmedia.com1h ago
Tier-2EYE 10all-a-records-migrateddigits.t-mobile.com1h ago
Tier-2EYE 10all-a-records-migratedapi.t-mobile.com1h ago
Tier-2EYE 10all-a-records-migratedtfb.t-mobile.com1h ago
Tier-2EYE 10all-a-records-migrateddevedge.t-mobile.com1h ago
Tier-2EYE 10all-a-records-migratedaccount.t-mobile.com1h ago
Tier-2EYE 10all-a-records-migratedsprint.com1h ago
Tier-2EYE 3sourcemap-first-recoverywallet.opensea.io3h ago
Tier-2EYE 4github-commit-newhttps://github.com/anza-xyz/agave4h ago
📂Sourcemap Captures (EYE 3) 10
HostPathSizeFilesRecovered
wallet.opensea.io/assets/index-unKym5lB.js.map9197.9 KB12373h ago
wallet.opensea.io/assets/index-C_N1jGkP.js.map9197.9 KB12372d ago
marketplace.auth0.com/_next/static/chunks/pages/_app-5472c689...5696.1 KB12133d ago
marketplace.auth0.com/_next/static/chunks/pages/index-f374b1d...0.5 KB14d ago
marketplace.auth0.com/_next/static/chunks/framework-67c9938e3...183.8 KB94d ago
wallet.opensea.io/assets/index-DGk1JYWX.js.map9197.9 KB12374d ago
marketplace.auth0.com/_next/static/chunks/webpack-5aadf7b0e00...13.4 KB214d ago
marketplace.auth0.com/_next/static/chunks/main-7e69766e8eff35...656.8 KB1344d ago
clients.adstruc.com/static/js/main.45ab4b31.js.map15953.6 KB21414d ago
wallet.opensea.io/assets/index-BWT8Nbv7.js.map9197.9 KB12374d ago
🔧Recent High-Signal GitHub Commits (EYE 4) 12 of 23 watched repos
RepoLabelSHAMessageCommitted
coinbase/smart-walletsecuritye7fde11a50faAdd SECURITY.md (#167)13d ago
Uniswap/v4-peripherygeneric_bypass9dafaaecc1e2fix: pin npm to specific version in deploy workflow (#520)39d ago
babylonlabs-io/babylonsecurityd00e68415909chore(deps): bump google.golang.org/grpc from 1.77.0 to 1.79.3 in the go_modules group acr48d ago
babylonlabs-io/babylonsecurity65d793a0a8b8ci: enhance backport workflow security (#1977)56d ago
Uniswap/UniswapXsecurity9c8f9017a694fix: resolve zizmor GitHub Actions security findings (#362)62d ago
Uniswap/v4-peripherysecuritycfa74b47304dfix: resolve zizmor GitHub Actions security findings (#515)62d ago
babylonlabs-io/babylonsecurity0a2d17d8df02chore(deps): bump the go_modules group across 1 directory with 4 updates (#1974)70d ago
dydxprotocol/v4-chainsecurity07b2c964e689upgrade cometbft and cosmos-sdk for tachyon security fix (#3320)105d ago
Uniswap/UniswapXsecurity687d9e122082fix(DCA): dca allocation bug (#360)108d ago
Uniswap/UniswapXsecurity898d71736220ci: integrate Nethermind Audit Agent for automated security scanning (#357)110d ago
Truelayer/truelayer-signingsecurity868e7e7c04baBump Python library from 0.3.7 to 0.3.8 (#343)297d ago
Uniswap/v4-coresecurity5f00c8416c19Safer readme example (#961)404d ago
⚖️Sherlock Contest Watcher (EYE 11) 0 active / 297 tracked / $0 active pool

Top active contests

TitlePoolStatusEnds
No active Sherlock contests right now.

Recent state transitions

TitleTransitionPoolDetected
No Sherlock transitions yet.
🏆Cantina Contest Watcher (EYE 12) 0 active / 142 tracked / $0 active pool

Top active contests

TitlePoolStatusEnds
No active Cantina contests right now.

Recent state transitions

TitleTransitionPoolDetected
Royco Dawnjudging -> complete$50,0001h ago
🏢Vendor Clusters 9
ClusterMembers
FDJ-Kindred16
ByteDance-TLB8
Atlassian-Edge7
Salesforce-Experience-Cloud6
Apple-Geneva-Staging5
Intergamma4
IDnow2
Mozilla-allizom-Staging2
AutoDiscovered-GitRepo-intergamma/shopfront2
🔄Recent State Transitions 10
HostNoteDetected
-state changed active->suspended (feed-membership)12h ago
-state changed active->suspended (feed-membership)12h ago
-state changed active->suspended (feed-membership)12h ago
-state changed active->suspended (feed-membership)12h ago
-state changed active->suspended12h ago
-state changed active->suspended12h ago
-state changed active->suspended12h ago
-state changed active->suspended12h ago