audit-pipeline sign verify <file> <file>.sig --pubkey jelleo.ed25519.pub
20260428-225814 ·
started 2026-04-28T22:58:14+00:00 ·
engine a946e5508f ·
wrapper d163960700
| Severity | Hypothesis | Title | Verdict | Status | PoC |
|---|---|---|---|---|---|
| Critical | CI1-deposit-then-withdraw-zero |
Deposit X immediately followed by withdraw X (with no intervening activity) leaves vault + account-state byte-identical | UNKNOWN / UNKNOWN | rejected | — |
| Critical | V1-vault-residual-conservation |
The post-haircut residual cash (vault - cash_locked_in_orderbook - claimable_pnl - insurance_counter) is conserved acros | UNKNOWN / HIGH | rejected | — |
| High | IX1-ix-data-validation |
Every instruction validates the length and shape of `instruction_data` before reading typed fields. No out-of-bounds rea | UNKNOWN / HIGH | rejected | — |
| High | L1-liquidation-discount-bounded |
Liquidation bonus paid to a liquidator cannot exceed the configured LIQUIDATION_INCENTIVE_PCT of seized collateral, even | UNKNOWN / MED | rejected | — |
| High | L5-liquidation-no-fee-enrichment |
Liquidation does not transfer collateral to the liquidator beyond the configured incentive percentage + protocol-defined | FALSE / MED | rejected | — |
| High | O3-position-authority-binding |
An account's `position_q` and `claimable_pnl` can only be mutated when the account's bound authority signs (or via permi | UNKNOWN / UNKNOWN | rejected | — |
| High | O4-im-respect-on-open |
Every instruction that opens or grows a position enforces initial-margin (IM) requirements: equity ≥ |position_q| × mark | FALSE / MED | rejected | — |
| High | P4-funding-rate-mark-bias |
The funding rate captured by every instruction is computed BEFORE any mark_ewma_e6 / last_effective_price_e6 mutation in | UNKNOWN / MED | rejected | — |
| High | P9-pnl-arithmetic-bounds |
The lazy mark-to-market computation pnl_delta = abs_basis * (K_now - K_snap) / (a_basis * POS_SCALE) cannot overflow i12 | UNKNOWN / UNKNOWN | rejected | — |
| High | V4-vault-cap-respect |
Vault balance is provably bounded by MAX_VAULT_TVL across every reachable state. No accounting helper can push vault pas | FALSE / HIGH | rejected | — |
| Medium | AC8-account-zeroing-on-close |
When an account is closed (via reclaim or full settlement), all its persistent fields are zeroed before the slot is mark | UNKNOWN / UNKNOWN | rejected | — |
| Medium | AR6-square-root-bounds |
Any sqrt-based computation (e.g., for vega-style adjustments) is bounded and never produces NaN-equivalents on integer a | FALSE / HIGH | rejected | — |
| Medium | AR7-saturating-arithmetic-correctness |
Where the codebase uses saturating arithmetic, the saturation point is the documented protocol cap, not a primitive type | UNKNOWN / HIGH | rejected | — |
| Medium | O10-orderbook-side-balance |
Total bid-side cash locked equals sum of (size × price) for all open bids; analogous for asks. Cannot be drained by help | UNKNOWN / UNKNOWN | rejected | — |
| Medium | O9-position-bedge-correct |
The "bedge" (basis-edge) accounting on partial closes correctly apportions realized PnL between the closed and remaining | FALSE / HIGH | rejected | — |
| Tier | Definition |
|---|---|
| Critical | Direct loss of user funds or full protocol takeover with no meaningful preconditions. Reachable from a permissionless instruction by any signer. Must be patched immediately. |
| High | Significant loss of user funds or protocol invariant violation under realistic preconditions (specific market state, signer with limited but obtainable role). Patch should ship in next release. |
| Medium | Hardening issue, partial loss possible, or invariant violation requiring privileged signer or improbable state. Worth fixing in normal cadence. |
| Low | Minor issue with no plausible path to fund loss. Code-quality or defense-in-depth concern. |
| Info | Informational. No security impact. Documentation or style suggestion. |
This cycle was produced by Jelleo's continuous, hypothesis-driven Solana audit loop.
Every finding originates as a falsifiable invariant claim from a per-protocol
hypothesis library, dispatched to multi-agent recon (Layer 1), promoted on
contested verdicts via adversarial debate (Layer 1.5), and confirmed empirically
via a cargo test proof-of-concept (Layer 2) before transitioning to
confirmed. Confirmed findings auto-fire structural sibling derivation
and cross-protocol propagation hooks, then move through a restricted lifecycle
(new → triaged → confirmed → disclosed → fixed → verified).
Every cycle is signed Ed25519 against the platform key — see the cover-page receipt.
Full spec: docs/methodology/ (eleven sections, §01–§10) · Live reference: jelleo.com/methodology.html · Inaugural disclosure: aeyakovenko/percolator-prog#39 (F7, 2026-04)