A
ARGUS
12-EYE recon + correlation engine
LIVE - Updated 2026-05-16T11:00:01Z
auto-refresh every 10 min
DAY 34 / 90 of 90-day challenge

Snapshot

Methodology Rules
46
cumulative since Day 1
Disclosures Sent
1
awaiting reply
Walks Averted
29
submission slots saved (30d)
Active Findings
1
pending submission/payout

Detail (click to expand)

🎯Active Findings 1
FindingTargetSeverityEst. PayoutStatus
Luno test_bridge.html bridge-enumeration / P3 info-disclosure floorLuno (Bugcrowd)P3 (P2 ceiling pending Cycle 21 runtime retry)P3 floor ~$250-$1,500 (Bugcrowd Luno range); P2 ceiling ~$1-5K if Cycle 21 confirms LimitlessAuthoriseBid silent executionBANKED 2026-05-12 via Cycle 20 static-deep-trace. P1 fund-withdrawal ceiling COLLAPSED (dispatcher allowlist rejects InitiateInstantBuy + InitiateWithdrawal). P3 floor CONFIRMED (test_bridge.html shipped to prod + dispatcher enumeration discloses production endpoint paths + gRPC service paths + payload structures). Kingsley deciding: ship-P3-now OR Cycle 21 runtime retry on BlueStacks/rooted Android for P2 upgrade.
Recent Walks (Methodology Defense) 29
DateTargetReasonSaved
2026-05-12Day 27 actuator corpus (Allstate qa-roadside + IDnow video.test pair)Cycle 18: 3 Tier-1 candidates only serve banner-grabbing endpoints (health/info/prometheus/metrics). High-value endpoints (env/heapdump/loggers/shutdown) all return 404. Rule 33 = unsubmittable. Day 27 249-host corpus retrospectively pre-classified.~30 min Buddy time + decisive Rule 33 calibration; don't re-audit Day 27 corpus
2026-05-12Polymarket multi-audit Sub-rule 38.4 sweep (Cantina BB $5M pool)Cycle 19: 1 DRIFT found = M-01 DELAY_PERIOD=0 (audit recommended INCREASING, team removed via PR #33), but that's the closed-Duplicate #570 finding per brief constraint. ALL other audit-asserted invariants HOLD in current HEAD across ChainSecurity Exchange + UMA + Multi-Outcome.~50 min Buddy time + Polymarket Sub-rule 38.4 surface confirmed saturated
2026-05-12Luno test_bridge.html runtime PoC (Bugcrowd)Cycle 20: P1 fund-withdrawal ceiling COLLAPSED via static-deep-trace. Dispatcher allowlist rejects InitiateInstantBuy + InitiateWithdrawal. Day 25 P1 hypothesis bust. P3 floor confirmed instead.~30 min + saved from false-P1-submission deposit burn
2026-05-11Veda + Lombard + Aera + Renzo NatSpec Sub-rule 38.5 (Cycle 17)4/4 walk-clean on 38.5 retroactive sweep. ~697 NatSpec entries examined. Yield zone refined to un-audited-rich-NatSpec only.~60 min Buddy time + Sub-rule 38.5 yield zone decisively calibrated
2026-05-11Hyperlane CCTP downstream deployers (Cycle 16, Sub-rule 38.3)Hyperlane registry only contains Hyperlane-owned routes. 3rd-party CCTP warp-routes require chain-explorer bytecode-signature scanning (ARGUS-class multi-cycle). Banked for ARGUS EYE 13.~30 min + EYE 13 spec confirmed needed
2026-05-11Hyperlane core Sub-rule 38.4 (Cycle 15-B)Audit-asserted invariants HOLD on Hyperlane canonical deployments. Bug visible in source-only deployments (PR #8519 TokenBridgeCctp) walks Hyperlane's own scope.~45 min + Hyperlane 38.4 surface clean
2026-05-11Aera v3 Sub-rule 38.4 (Cycle 14)All audit-asserted invariants HOLD on current HEAD. Multi-firm audit discipline confirmed.~50 min
2026-05-11Lombard Finance Sub-rule 38.4 (Cycle 13)All audit-asserted invariants HOLD on current HEAD.~45 min
📚Rules Banked 46
#RuleDateSummary
RULE 43Rule 38 yield-targeting filter2026-05-11Pre-cycle audit-discipline scoring filters target list. Veda-class (multi-firm + recent cadence + clean prior outcomes) = HIGH-discipline LOW-yield = skip Rule 38 cycle entirely. Calibrated against 9 walks across Tier-1 Solidity perimeter.
RULE 42Walk-clean is a VALID verdict2026-05-11Walks compound methodology + indirect revenue (Securva positioning, Cantina rep, banked rules) even at $0 direct payout. Dual-revenue compound model.
RULE 41BB-velocity-favorable for Rule 382026-05-11Continuous BB programs (Immunefi/H1/BC/Cantina BB) > private contests (Cantina/C4/Sherlock) for Rule 38. Per-tier fixed rewards vs pool-split contest economics. dYdX (continuous BB, $1M Critical) > Polymarket (contest, $5M pool but cluster-split).
RULE 40Private-contest dup-blindness structural Gate 4 cap2026-05-11Cantina/C4/Sherlock SEAL submissions during contest window. Gate 4 cannot fire reliably. Polymarket #570 founder case (8-finder cluster). Dup-economics flatten upside even for 1st-finder.
RULE 38.5NatSpec / inline-doc implementation drift (Sub-rule)2026-05-12 (yield-zone-calibrated)Code-only sister of 38.4. NatSpec/godoc/JSDoc/docstring claims vs implementation. Yield zone = un-audited-rich-NatSpec ONLY (skip already-audited per Cycle 17 4/4 walk). Skill v0.2 shipped.
RULE 38.4Audit-documented safety-net break (Sub-rule)2026-05-11Audit prose asserts invariant as established fact -> post-audit PR silently breaks it. HIGH-Critical regression class. dYdX V4 founder case (PR #2099 inverted DecommissionNonPositiveEquityVaults, broke line-980 invariant). Skill v0.1 shipped.
📊Programs & Scope 897 programs
Programs
897
892 active / 5 suspended
In-Scope Assets
45,529
across all programs
Vendor Clusters
9
52 members
Total Signals
4,147
cumulative all EYEs
🚨Signal Tiers 17 T1 / 1174 T2 / 2,795 T3
Tier-1 Alerts
17
submission-worthy
Tier-2 Signals
1174
deferred / follow-up
Tier-3 Signals
2,795
tracking / informational
Unprocessed 24h
2
awaiting Brain
👁️EYE Breakdown 4,091 signals across 9 EYEs
EYE_0: 149EYE_1: 1268EYE_2: 0EYE_3: 24EYE_4: 755EYE_5: 1491EYE_10: 403EYE_11: 0EYE_12: 1
📡Recent Tier-1 + Tier-2 Signals 30
TierEYETypeTargetDetected
Tier-2EYE 4github-commit-newhttps://github.com/anza-xyz/agave2h ago
Tier-2EYE 10all-a-records-migratedwww.microsoft.com4h ago
Tier-2EYE 10all-a-records-migrateditunes.apple.com4h ago
Tier-2EYE 10all-a-records-migrateddocs.immutable.com4h ago
Tier-2EYE 10cname-migration-detectedapi.pinterest.com4h ago
Tier-2EYE 10all-a-records-migratedapi.pinterest.com4h ago
Tier-2EYE 10all-a-records-migratedwiki.atom-lens.com4h ago
Tier-2EYE 10all-a-records-migratedwww.sophos.com4h ago
Tier-2EYE 10all-a-records-migrateddocs.sophos.com4h ago
Tier-2EYE 10all-a-records-migratedwww.assurancewireless.com4h ago
Tier-2EYE 10all-a-records-migrateddocsite.vistarmedia.com4h ago
Tier-2EYE 10all-a-records-migrateddigits.t-mobile.com4h ago
Tier-2EYE 10all-a-records-migratedsprint.com4h ago
Tier-2EYE 10all-a-records-migratedapi.t-mobile.com4h ago
Tier-2EYE 10all-a-records-migratedtfb.t-mobile.com4h ago
Tier-2EYE 10all-a-records-migrateddevedge.t-mobile.com4h ago
Tier-2EYE 10all-a-records-migratedaccount.t-mobile.com4h ago
Tier-2EYE 3sourcemap-first-recoverywallet.opensea.io6h ago
Tier-2EYE 4github-commit-newhttps://github.com/anza-xyz/agave7h ago
Tier-2EYE 4github-commit-newhttps://github.com/anza-xyz/agave7h ago
Tier-2EYE 4github-commit-newhttps://github.com/anza-xyz/agave7h ago
Tier-2EYE 4github-commit-newhttps://github.com/anza-xyz/agave9h ago
Tier-2EYE 10all-a-records-migratedwww.shffls.com10h ago
Tier-2EYE 10all-a-records-migrateddocs.immutable.com10h ago
Tier-2EYE 10cname-migration-detectedapi.pinterest.com10h ago
📂Sourcemap Captures (EYE 3) 12
HostPathSizeFilesRecovered
wallet.opensea.io/assets/index-bdsuyUYg.js.map9197.9 KB12376h ago
marketplace.auth0.com/_next/static/chunks/pages/_app-dcb5e865...5708.1 KB12133d ago
wallet.opensea.io/assets/index-unKym5lB.js.map9197.9 KB12374d ago
wallet.opensea.io/assets/index-C_N1jGkP.js.map9197.9 KB12376d ago
marketplace.auth0.com/_next/static/chunks/pages/_app-5472c689...5696.1 KB12137d ago
marketplace.auth0.com/_next/static/chunks/pages/index-f374b1d...0.5 KB18d ago
marketplace.auth0.com/_next/static/chunks/framework-67c9938e3...183.8 KB98d ago
wallet.opensea.io/assets/index-DGk1JYWX.js.map9197.9 KB12378d ago
marketplace.auth0.com/_next/static/chunks/webpack-5aadf7b0e00...13.4 KB218d ago
marketplace.auth0.com/_next/static/chunks/main-7e69766e8eff35...656.8 KB1348d ago
clients.adstruc.com/static/js/main.45ab4b31.js.map15953.6 KB21418d ago
wallet.opensea.io/assets/index-BWT8Nbv7.js.map9197.9 KB12378d ago
🔧Recent High-Signal GitHub Commits (EYE 4) 13 of 23 watched repos
RepoLabelSHAMessageCommitted
anza-xyz/solana-sdksecuritycbc1ecfe4375[BLS] update screening doc; improve security boundary (#709)1d ago
coinbase/smart-walletsecuritye7fde11a50faAdd SECURITY.md (#167)17d ago
Uniswap/v4-peripherygeneric_bypass9dafaaecc1e2fix: pin npm to specific version in deploy workflow (#520)43d ago
babylonlabs-io/babylonsecurityd00e68415909chore(deps): bump google.golang.org/grpc from 1.77.0 to 1.79.3 in the go_modules group acr52d ago
babylonlabs-io/babylonsecurity65d793a0a8b8ci: enhance backport workflow security (#1977)60d ago
Uniswap/UniswapXsecurity9c8f9017a694fix: resolve zizmor GitHub Actions security findings (#362)66d ago
Uniswap/v4-peripherysecuritycfa74b47304dfix: resolve zizmor GitHub Actions security findings (#515)66d ago
babylonlabs-io/babylonsecurity0a2d17d8df02chore(deps): bump the go_modules group across 1 directory with 4 updates (#1974)74d ago
dydxprotocol/v4-chainsecurity07b2c964e689upgrade cometbft and cosmos-sdk for tachyon security fix (#3320)109d ago
Uniswap/UniswapXsecurity687d9e122082fix(DCA): dca allocation bug (#360)112d ago
Uniswap/UniswapXsecurity898d71736220ci: integrate Nethermind Audit Agent for automated security scanning (#357)114d ago
Truelayer/truelayer-signingsecurity868e7e7c04baBump Python library from 0.3.7 to 0.3.8 (#343)301d ago
Uniswap/v4-coresecurity5f00c8416c19Safer readme example (#961)408d ago
⚖️Sherlock Contest Watcher (EYE 11) 0 active / 297 tracked / $0 active pool

Top active contests

TitlePoolStatusEnds
No active Sherlock contests right now.

Recent state transitions

TitleTransitionPoolDetected
No Sherlock transitions yet.
🏆Cantina Contest Watcher (EYE 12) 0 active / 142 tracked / $0 active pool

Top active contests

TitlePoolStatusEnds
No active Cantina contests right now.

Recent state transitions

TitleTransitionPoolDetected
Royco Dawnjudging -> complete$50,0004d ago
🏢Vendor Clusters 9
ClusterMembers
FDJ-Kindred16
ByteDance-TLB8
Atlassian-Edge7
Salesforce-Experience-Cloud6
Apple-Geneva-Staging5
Intergamma4
IDnow2
Mozilla-allizom-Staging2
AutoDiscovered-GitRepo-intergamma/shopfront2
🔄Recent State Transitions 10
HostNoteDetected
-state changed suspended->active23h ago
-state changed suspended->active2d ago
-state changed suspended->active3d ago
-state changed suspended->active3d ago
-state changed active->suspended (feed-membership)4d ago
-state changed active->suspended (feed-membership)4d ago
-state changed active->suspended (feed-membership)4d ago
-state changed active->suspended (feed-membership)4d ago
🧠BRAIN State (Cycle 75) 4
EventDetail
[2026-05-16T10:30:02Z] BRAIN v1 tick complete: signals=4 R0=0 R1=0 R2=0 R3=0 R4=0 (retest passed=0 failed=0) R5=0 R6=0 R7=0
FIRED[2026-05-12T16:30:02Z] R3 fired: ion@hackerone - 100 Tier-3 signals in 24h
FIRED[2026-05-14T02:30:02Z] R3 fired: seek-com@bugcrowd - 18 Tier-3 signals in 24h
FIRED[2026-05-15T10:30:02Z] R3 fired: soundtrackyourbrand@intigriti - 12 Tier-3 signals in 24h
FIRED[2026-05-15T22:30:02Z] R3 fired: sendbird-mbb@bugcrowd - 10 Tier-3 signals in 24h
🎯Skill Ecosystem 13
SkillVersionStatus
audit-documented-safety-net-checkv??
cross-bridge-reconciliation-primitivesv0.3PRODUCTION
deep-invariant-analysisv??
hyperevm-audit-primitivesv0.3PRODUCTION
natspec-implementation-drift-checkv0.4PRODUCTION
securva-operational-securityv??
skeptic-gate-7-automatorv0.1PRODUCTION
skill-to-eye-translatorv0.2PRODUCTION
solana-audit-primitivesv0.4PRODUCTION
sub-agent-parallel-explorerv0.1PRODUCTION
submission-approval-tg-routerv0.1PRODUCTION
submission-body-templaterv0.1PRODUCTION
web2-differential-testingv??
💰Pre-Banked Inventory 6
CandidateTargetSeverityPayout rangeOrigin
hybra-drift-a-testnet-constantsHybra FinanceCritical$100,000 - $500,000Cycle 30
hybra-drift-b-gauge-bypassHybra FinanceMedium$10,000 - $50,000Cycle 30
sukukfi-h01-unauthorized-withdrawSukukFiCritical$100,000 - $500,000Cycle 31
megapot-h01-arbitrary-bridge-callMegapotHigh$20,000 - $100,000Cycle 35
megapot-m08-payout-calculator-temporalMegapotMedium$5,000 - $50,000Cycle 69
fresh-launch-immunefi-ssvnetworkSSV NetworkHIGH$10,000 - $100,000Cycle 0
👁EYE Ticker 20
EYEStatusLast fireLast line
eye1ok54 min ago[2026-05-16T10:05:03Z] EYE 1 tick complete: programs+=0 assets+=0 probes_fired=0 tier1_hits=0
eye10ok279 min ago[2026-05-16T06:20:48Z] EYE 10 tick complete: hosts=200 new_baselines=0 drifts=16 (issuer=0, san=0, cname=1, a-records=15
eye11ok29 min ago[2026-05-16T10:30:05Z] tick complete: contests=297 new_signals=0 tier_1=0
eye12ok24 min ago[2026-05-16T10:35:01Z] tick complete: contests=142 new_signals=0 tier_1=0
eye13stale654 min ago[2026-05-16T00:05:02Z] EYE 13 scan done: 3 tier-1 + 0 tier-2 pattern hits (0 new across all targets)
eye14ok19 min ago[2026-05-16T10:40:01Z] tick complete: programs=66 new_signals=0 tier_1=0
eye15stale654 min ago[2026-05-16T00:05:41Z] EYE 15 scan done: 34 tier-1 + 111 tier-2 Solana primitive hits (0 new across all targets)
eye16stale649 min ago[2026-05-16T00:10:29Z] EYE 16 scan done: 51 tier-1 + 93 tier-2 HyperEVM primitive hits (0 new)
eye17stale644 min ago[2026-05-16T00:15:18Z] EYE 17 scan done: 3 tier-1 + 17 tier-2 cross-bridge primitive hits (0 new)
eye19ok279 min ago[2026-05-16T06:20:23Z] EYE 19 v0.2 scan done
eye2-watchdogold12640 min ago
eye2ok0 min ago[2026-05-16T10:59:07Z] [*] certstream connected
eye20ok274 min ago[2026-05-16T06:25:02Z] EYE 20 scan done
eye22ok269 min ago[2026-05-16T06:30:34Z] EYE 22 scan done
eye23ok254 min ago[2026-05-16T06:45:02Z] EYE 23 scan done
eye26ok297 min ago[2026-05-16T06:02:04Z] eye26: DONE total_new=4 total_tier1=4
eye27-scope-db-staleness-detectorstale417 min ago[2026-05-16T04:02:15Z] eye27: DONE processed=67 programs_with_diffs=0
eye3stale412 min ago[2026-05-16T04:07:31Z] EYE 3 tick complete: hosts_scanned=100 new_recoveries=1 new_diffs=0 tier2_signals=1
eye4ok29 min ago[2026-05-16T10:30:09Z] EYE 4 tick complete: polled=22 errors=1 new_commits=0 high_signal=0
eye5ok299 min ago[2026-05-16T06:00:20Z] EYE 5 tick complete: members=52 new-baselines=0 drift=11 new-exposures=0
🏆Recent Cycle Wins 8
CycleVerdict
Cycle 119unknown
Cycle 118unknown
Cycle 117unknown
Cycle 115unknown
Cycle 114unknown
Cycle 113unknown
Cycle 113unknown
Cycle 112unknown
Cycle 111unknown
Cycle 110unknown
🤖Idan Investigations (Tier 3 v0.1) 5
When (UTC)NoveltyTaxonomyConfidenceBrief
2026-05-16 02:23:59NEAR-NOVELUNKNOWNLOW[MOCK] GHSA: @utcp/http: SSRF via attacker-controlled OpenAPI serve
2026-05-16 02:11:30KNOWN-IN-TAXONOMYI1,I10HIGHSuper Sushi Samurai infinite-mint via self-transfer doubling balance in custom ERC-20 transfer logic.
2026-05-15 20:44:53KNOWN-IN-TAXONOMYI1,I10HIGHSuper Sushi Samurai lost $4.8M via self-transfer ERC20 double-credit infinite mint bug.
2026-05-15 20:44:42ERROR-ERROR[ERROR] DeFiLlama hack: Super Sushi Samurai
2026-05-15 20:44:41KNOWN-IN-TAXONOMYI1LOW[MOCK] DeFiLlama hack: Super Sushi Samurai