| Finding | Target | Severity | Est. Payout | Status |
|---|---|---|---|---|
| Luno test_bridge.html bridge-enumeration / P3 info-disclosure floor | Luno (Bugcrowd) | P3 (P2 ceiling pending Cycle 21 runtime retry) | P3 floor ~$250-$1,500 (Bugcrowd Luno range); P2 ceiling ~$1-5K if Cycle 21 confirms LimitlessAuthoriseBid silent execution | BANKED 2026-05-12 via Cycle 20 static-deep-trace. P1 fund-withdrawal ceiling COLLAPSED (dispatcher allowlist rejects InitiateInstantBuy + InitiateWithdrawal). P3 floor CONFIRMED (test_bridge.html shipped to prod + dispatcher enumeration discloses production endpoint paths + gRPC service paths + payload structures). Kingsley deciding: ship-P3-now OR Cycle 21 runtime retry on BlueStacks/rooted Android for P2 upgrade. |
| Date | Target | Reason | Saved |
|---|---|---|---|
| 2026-05-12 | Day 27 actuator corpus (Allstate qa-roadside + IDnow video.test pair) | Cycle 18: 3 Tier-1 candidates only serve banner-grabbing endpoints (health/info/prometheus/metrics). High-value endpoints (env/heapdump/loggers/shutdown) all return 404. Rule 33 = unsubmittable. Day 27 249-host corpus retrospectively pre-classified. | ~30 min Buddy time + decisive Rule 33 calibration; don't re-audit Day 27 corpus |
| 2026-05-12 | Polymarket multi-audit Sub-rule 38.4 sweep (Cantina BB $5M pool) | Cycle 19: 1 DRIFT found = M-01 DELAY_PERIOD=0 (audit recommended INCREASING, team removed via PR #33), but that's the closed-Duplicate #570 finding per brief constraint. ALL other audit-asserted invariants HOLD in current HEAD across ChainSecurity Exchange + UMA + Multi-Outcome. | ~50 min Buddy time + Polymarket Sub-rule 38.4 surface confirmed saturated |
| 2026-05-12 | Luno test_bridge.html runtime PoC (Bugcrowd) | Cycle 20: P1 fund-withdrawal ceiling COLLAPSED via static-deep-trace. Dispatcher allowlist rejects InitiateInstantBuy + InitiateWithdrawal. Day 25 P1 hypothesis bust. P3 floor confirmed instead. | ~30 min + saved from false-P1-submission deposit burn |
| 2026-05-11 | Veda + Lombard + Aera + Renzo NatSpec Sub-rule 38.5 (Cycle 17) | 4/4 walk-clean on 38.5 retroactive sweep. ~697 NatSpec entries examined. Yield zone refined to un-audited-rich-NatSpec only. | ~60 min Buddy time + Sub-rule 38.5 yield zone decisively calibrated |
| 2026-05-11 | Hyperlane CCTP downstream deployers (Cycle 16, Sub-rule 38.3) | Hyperlane registry only contains Hyperlane-owned routes. 3rd-party CCTP warp-routes require chain-explorer bytecode-signature scanning (ARGUS-class multi-cycle). Banked for ARGUS EYE 13. | ~30 min + EYE 13 spec confirmed needed |
| 2026-05-11 | Hyperlane core Sub-rule 38.4 (Cycle 15-B) | Audit-asserted invariants HOLD on Hyperlane canonical deployments. Bug visible in source-only deployments (PR #8519 TokenBridgeCctp) walks Hyperlane's own scope. | ~45 min + Hyperlane 38.4 surface clean |
| 2026-05-11 | Aera v3 Sub-rule 38.4 (Cycle 14) | All audit-asserted invariants HOLD on current HEAD. Multi-firm audit discipline confirmed. | ~50 min |
| 2026-05-11 | Lombard Finance Sub-rule 38.4 (Cycle 13) | All audit-asserted invariants HOLD on current HEAD. | ~45 min |
| # | Rule | Date | Summary |
|---|---|---|---|
| RULE 43 | Rule 38 yield-targeting filter | 2026-05-11 | Pre-cycle audit-discipline scoring filters target list. Veda-class (multi-firm + recent cadence + clean prior outcomes) = HIGH-discipline LOW-yield = skip Rule 38 cycle entirely. Calibrated against 9 walks across Tier-1 Solidity perimeter. |
| RULE 42 | Walk-clean is a VALID verdict | 2026-05-11 | Walks compound methodology + indirect revenue (Securva positioning, Cantina rep, banked rules) even at $0 direct payout. Dual-revenue compound model. |
| RULE 41 | BB-velocity-favorable for Rule 38 | 2026-05-11 | Continuous BB programs (Immunefi/H1/BC/Cantina BB) > private contests (Cantina/C4/Sherlock) for Rule 38. Per-tier fixed rewards vs pool-split contest economics. dYdX (continuous BB, $1M Critical) > Polymarket (contest, $5M pool but cluster-split). |
| RULE 40 | Private-contest dup-blindness structural Gate 4 cap | 2026-05-11 | Cantina/C4/Sherlock SEAL submissions during contest window. Gate 4 cannot fire reliably. Polymarket #570 founder case (8-finder cluster). Dup-economics flatten upside even for 1st-finder. |
| RULE 38.5 | NatSpec / inline-doc implementation drift (Sub-rule) | 2026-05-12 (yield-zone-calibrated) | Code-only sister of 38.4. NatSpec/godoc/JSDoc/docstring claims vs implementation. Yield zone = un-audited-rich-NatSpec ONLY (skip already-audited per Cycle 17 4/4 walk). Skill v0.2 shipped. |
| RULE 38.4 | Audit-documented safety-net break (Sub-rule) | 2026-05-11 | Audit prose asserts invariant as established fact -> post-audit PR silently breaks it. HIGH-Critical regression class. dYdX V4 founder case (PR #2099 inverted DecommissionNonPositiveEquityVaults, broke line-980 invariant). Skill v0.1 shipped. |
| Tier | EYE | Type | Target | Detected |
|---|---|---|---|---|
| Tier-2 | EYE 10 | all-a-records-migrated | itunes.apple.com | 39m ago |
| Tier-2 | EYE 10 | all-a-records-migrated | link.x.immutable.com | 39m ago |
| Tier-2 | EYE 10 | cname-migration-detected | api.pinterest.com | 39m ago |
| Tier-2 | EYE 10 | all-a-records-migrated | api.pinterest.com | 39m ago |
| Tier-2 | EYE 10 | all-a-records-migrated | chrome.google.com | 39m ago |
| Tier-2 | EYE 10 | all-a-records-migrated | www.shffls.com | 39m ago |
| Tier-2 | EYE 10 | all-a-records-migrated | passport.immutable.com | 39m ago |
| Tier-2 | EYE 10 | all-a-records-migrated | api.us1.fga.dev | 39m ago |
| Tier-2 | EYE 10 | all-a-records-migrated | wiki.atom-lens.com | 39m ago |
| Tier-2 | EYE 10 | all-a-records-migrated | www.sophos.com | 39m ago |
| Tier-2 | EYE 10 | all-a-records-migrated | docs.sophos.com | 39m ago |
| Tier-2 | EYE 10 | all-a-records-migrated | www.assurancewireless.com | 39m ago |
| Tier-2 | EYE 10 | all-a-records-migrated | docsite.vistarmedia.com | 39m ago |
| Tier-2 | EYE 10 | all-a-records-migrated | digits.t-mobile.com | 39m ago |
| Tier-2 | EYE 10 | all-a-records-migrated | sprint.com | 39m ago |
| Tier-2 | EYE 10 | all-a-records-migrated | tfb.t-mobile.com | 39m ago |
| Tier-2 | EYE 10 | all-a-records-migrated | devedge.t-mobile.com | 39m ago |
| Tier-2 | EYE 10 | all-a-records-migrated | account.t-mobile.com | 39m ago |
| Tier-2 | EYE 4 | github-commit-new | https://github.com/anza-xyz/agave | 1h ago |
| Tier-2 | EYE 4 | github-commit-new | https://github.com/anza-xyz/agave | 3h ago |
| Tier-2 | EYE 4 | github-commit-new | https://github.com/anza-xyz/agave | 4h ago |
| Tier-2 | EYE 4 | github-commit-new | https://github.com/anza-xyz/agave | 4h ago |
| Tier-2 | EYE 10 | all-a-records-migrated | chrome.google.com | 6h ago |
| Tier-2 | EYE 10 | all-a-records-migrated | passport.immutable.com | 6h ago |
| Tier-2 | EYE 10 | all-a-records-migrated | docs.immutable.com | 6h ago |
| Host | Path | Size | Files | Recovered |
|---|---|---|---|---|
| marketplace.auth0.com | /_next/static/chunks/pages/_app-dcb5e865... | 5708.1 KB | 1213 | 1d ago |
| wallet.opensea.io | /assets/index-unKym5lB.js.map | 9197.9 KB | 1237 | 2d ago |
| wallet.opensea.io | /assets/index-C_N1jGkP.js.map | 9197.9 KB | 1237 | 4d ago |
| marketplace.auth0.com | /_next/static/chunks/pages/_app-5472c689... | 5696.1 KB | 1213 | 5d ago |
| marketplace.auth0.com | /_next/static/chunks/pages/index-f374b1d... | 0.5 KB | 1 | 6d ago |
| marketplace.auth0.com | /_next/static/chunks/framework-67c9938e3... | 183.8 KB | 9 | 6d ago |
| wallet.opensea.io | /assets/index-DGk1JYWX.js.map | 9197.9 KB | 1237 | 6d ago |
| marketplace.auth0.com | /_next/static/chunks/webpack-5aadf7b0e00... | 13.4 KB | 21 | 6d ago |
| marketplace.auth0.com | /_next/static/chunks/main-7e69766e8eff35... | 656.8 KB | 134 | 6d ago |
| clients.adstruc.com | /static/js/main.45ab4b31.js.map | 15953.6 KB | 2141 | 6d ago |
| wallet.opensea.io | /assets/index-BWT8Nbv7.js.map | 9197.9 KB | 1237 | 6d ago |
| Repo | Label | SHA | Message | Committed |
|---|---|---|---|---|
| coinbase/smart-wallet | security | e7fde11a50fa | Add SECURITY.md (#167) | 15d ago |
| Uniswap/v4-periphery | generic_bypass | 9dafaaecc1e2 | fix: pin npm to specific version in deploy workflow (#520) | 41d ago |
| babylonlabs-io/babylon | security | d00e68415909 | chore(deps): bump google.golang.org/grpc from 1.77.0 to 1.79.3 in the go_modules group acr | 50d ago |
| babylonlabs-io/babylon | security | 65d793a0a8b8 | ci: enhance backport workflow security (#1977) | 58d ago |
| Uniswap/UniswapX | security | 9c8f9017a694 | fix: resolve zizmor GitHub Actions security findings (#362) | 64d ago |
| Uniswap/v4-periphery | security | cfa74b47304d | fix: resolve zizmor GitHub Actions security findings (#515) | 64d ago |
| babylonlabs-io/babylon | security | 0a2d17d8df02 | chore(deps): bump the go_modules group across 1 directory with 4 updates (#1974) | 72d ago |
| dydxprotocol/v4-chain | security | 07b2c964e689 | upgrade cometbft and cosmos-sdk for tachyon security fix (#3320) | 107d ago |
| Uniswap/UniswapX | security | 687d9e122082 | fix(DCA): dca allocation bug (#360) | 110d ago |
| Uniswap/UniswapX | security | 898d71736220 | ci: integrate Nethermind Audit Agent for automated security scanning (#357) | 112d ago |
| Truelayer/truelayer-signing | security | 868e7e7c04ba | Bump Python library from 0.3.7 to 0.3.8 (#343) | 299d ago |
| Uniswap/v4-core | security | 5f00c8416c19 | Safer readme example (#961) | 406d ago |
| Title | Pool | Status | Ends |
|---|---|---|---|
| No active Sherlock contests right now. | |||
| Title | Transition | Pool | Detected |
|---|---|---|---|
| No Sherlock transitions yet. | |||
| Title | Pool | Status | Ends |
|---|---|---|---|
| No active Cantina contests right now. | |||
| Title | Transition | Pool | Detected |
|---|---|---|---|
| Royco Dawn | judging -> complete | $50,000 | 2d ago |
| Cluster | Members |
|---|---|
| FDJ-Kindred | 16 |
| ByteDance-TLB | 8 |
| Atlassian-Edge | 7 |
| Salesforce-Experience-Cloud | 6 |
| Apple-Geneva-Staging | 5 |
| Intergamma | 4 |
| IDnow | 2 |
| Mozilla-allizom-Staging | 2 |
| AutoDiscovered-GitRepo-intergamma/shopfront | 2 |
| Host | Note | Detected |
|---|---|---|
| - | state changed suspended->active | 17h ago |
| - | state changed suspended->active | 22h ago |
| - | state changed suspended->active | 1d ago |
| - | state changed active->suspended (feed-membership) | 2d ago |
| - | state changed active->suspended (feed-membership) | 2d ago |
| - | state changed active->suspended (feed-membership) | 2d ago |
| - | state changed active->suspended (feed-membership) | 2d ago |
| - | state changed active->suspended | 2d ago |
| Event | Detail |
|---|---|
[2026-05-14T06:30:01Z] BRAIN v1 tick complete: signals=88 R0=0 R1=0 R2=0 R3=0 R4=0 (retest passed=0 failed=0) R5=0 R6=0 R7=0 | |
| FIRED | [2026-05-11T02:30:01Z] R3 fired: immutable@bugcrowd - 15 Tier-3 signals in 24h |
| FIRED | [2026-05-11T16:30:02Z] R3 fired: lululemon@bugcrowd - 13 Tier-3 signals in 24h |
| FIRED | [2026-05-11T16:30:02Z] R3 fired: ferrero@hackerone - 32 Tier-3 signals in 24h |
| FIRED | [2026-05-12T16:30:02Z] R3 fired: ion@hackerone - 100 Tier-3 signals in 24h |
| FIRED | [2026-05-14T02:30:02Z] R3 fired: seek-com@bugcrowd - 18 Tier-3 signals in 24h |
| Skill | Version | Status |
|---|---|---|
| audit-documented-safety-net-check | v? | ? |
| cross-bridge-reconciliation-primitives | v0.3 | PRODUCTION |
| deep-invariant-analysis | v0.1 | PRODUCTION |
| hyperevm-audit-primitives | v0.3 | PRODUCTION |
| natspec-implementation-drift-check | v0.4 | PRODUCTION |
| skeptic-gate-7-automator | v0.1 | PRODUCTION |
| skill-to-eye-translator | v0.2 | PRODUCTION |
| solana-audit-primitives | v0.4 | PRODUCTION |
| sub-agent-parallel-explorer | v0.1 | PRODUCTION |
| submission-approval-tg-router | v0.1 | PRODUCTION |
| submission-body-templater | v0.1 | PRODUCTION |
| Candidate | Target | Severity | Payout range | Origin |
|---|---|---|---|---|
| hybra-drift-a-testnet-constants | Hybra Finance | Critical | $100,000 - $500,000 | Cycle 30 |
| hybra-drift-b-gauge-bypass | Hybra Finance | Medium | $10,000 - $50,000 | Cycle 30 |
| sukukfi-h01-unauthorized-withdraw | SukukFi | Critical | $100,000 - $500,000 | Cycle 31 |
| megapot-h01-arbitrary-bridge-call | Megapot | High | $20,000 - $100,000 | Cycle 35 |
| megapot-m08-payout-calculator-temporal | Megapot | Medium | $5,000 - $50,000 | Cycle 69 |
| EYE | Status | Last fire | Last line |
|---|---|---|---|
| eye1 | ok | 54 min ago | [2026-05-14T06:05:17Z] EYE 1 tick complete: programs+=2 assets+=21 probes_fired=6 tier1_hits=0 |
| eye10 | ok | 39 min ago | [2026-05-14T06:20:47Z] EYE 10 tick complete: hosts=200 new_baselines=0 drifts=18 (issuer=0, san=0, cname=1, a-records=17 |
| eye11 | ok | 29 min ago | [2026-05-14T06:30:05Z] tick complete: contests=297 new_signals=0 tier_1=0 |
| eye12 | ok | 24 min ago | [2026-05-14T06:35:01Z] tick complete: contests=142 new_signals=0 tier_1=0 |
| eye13 | stale | 415 min ago | [2026-05-14T00:04:41Z] EYE 13 scan done: 5 tier-1 + 3 tier-2 pattern hits (0 new across all targets) |
| eye14 | ok | 20 min ago | [2026-05-14T06:40:01Z] tick complete: programs=66 new_signals=0 tier_1=0 |
| eye15 | stale | 414 min ago | [2026-05-14T00:05:41Z] EYE 15 scan done: 34 tier-1 + 111 tier-2 Solana primitive hits (0 new across all targets) |
| eye16 | stale | 409 min ago | [2026-05-14T00:10:31Z] EYE 16 scan done: 51 tier-1 + 93 tier-2 HyperEVM primitive hits (0 new) |
| eye17 | stale | 404 min ago | [2026-05-14T00:15:19Z] EYE 17 scan done: 3 tier-1 + 17 tier-2 cross-bridge primitive hits (0 new) |
| eye19 | ok | 39 min ago | [2026-05-14T06:20:21Z] EYE 19 v0.2 scan done |
| eye2-watchdog | old | 9520 min ago | |
| eye2 | ok | 0 min ago | [2026-05-14T06:59:51Z] [*] sleeping 15s before reconnect |
| eye20 | ok | 34 min ago | [2026-05-14T06:25:03Z] EYE 20 scan done |
| eye22 | ok | 29 min ago | [2026-05-14T06:30:14Z] EYE 22 scan done |
| eye23 | ok | 14 min ago | [2026-05-14T06:45:02Z] EYE 23 scan done |
| eye3 | ok | 172 min ago | [2026-05-14T04:07:20Z] EYE 3 tick complete: hosts_scanned=100 new_recoveries=0 new_diffs=0 tier2_signals=0 |
| eye4 | ok | 29 min ago | [2026-05-14T06:30:09Z] EYE 4 tick complete: polled=22 errors=1 new_commits=0 high_signal=0 |
| eye5 | ok | 59 min ago | [2026-05-14T06:00:21Z] EYE 5 tick complete: members=52 new-baselines=0 drift=9 new-exposures=0 |
| Cycle | Verdict |
|---|---|
| Cycle 75 | **5 new sections SHIPPED + dashboard regenerated + CF Pages re-deployed.** Full operational picture now visible at argus.babakizo.com (or current rotating CF preview URL). |
| Cycle 74 | **Day 35 closes BUILD phase definitively. Day 36+ pivots to CASH-IN-built-capability phase.** Top 3 strategic options ranked. Operating mode banked. |
| Cycle 73 | **No NEW confirmed findings within budget; 5 NEW speculative findings banked as sub-agent targets across 3 targets.** Stacked-inventory documented: confirmed-count + speculative-count per target. |
| Cycle 72 | **PoC SHIPPED + Foundry tests PASS 2/2.** Skeptic Gate 0 FAIL (Megapot has no active BB). PoC BANKED for future Megapot BB activation. End-to-end Skill → PoC pipeline validated on first deep-invariant |
| Cycle 71 | **EYE 23 SHIPPED + cron-deployed + 216 Bugcrowd programs baseline imported in <1 sec.** ARGUS coverage now 5 of 6 major BB platforms LIVE. |
| Cycle 70 | **BRAIN R0-R7 NOT all-zero — R3 fired at 02:30 UTC today.** Dashboard auto-regenerated hourly + already current. **Cycle 70 brief premise outdated. No tuning required; functional infrastructure confir |
| Cycle 69 | **Skill v0.1 GRADUATES PRODUCTION.** Calibration matrix surfaced 1 NEW finding (Megapot M-08 I5 temporal-consistency) + 3 plausible-defer + 3 re-framings across 3 banked HITs. Meets decision-rule thre |
| Cycle 68 | **No new pre-banked candidates banked across Solana + HyperEVM.** Queue-scarcity pattern from Cycle 66 generalizes ACROSS ecosystems — not EVM-specific. **Buddy-active hunt cycles for cross-ecosystem |
| Cycle 67 | **2 unblock approaches attempted, both blocked.** HackenProof CF protection is more aggressive than Immunefi/Bugcrowd class. Approach 3 (residential proxy + real-browser baseline) exceeds on-box scope |
| Cycle 66 | **No new pre-banked candidates banked.** Hybra-class queue-scarcity pattern (Cycle 48 banked) re-confirmed via 3rd attempt. Empirical evidence remains: ~33% hit rate ONLY on TRUE Hybra-class qualifyin |