audit-pipeline sign verify <file> <file>.sig --pubkey jelleo.ed25519.pub| Tier | Definition |
|---|---|
| Critical | Direct loss of user funds or full protocol takeover with no meaningful preconditions. Reachable from a permissionless instruction by any signer. Must be patched immediately. |
| High | Significant loss of user funds or protocol invariant violation under realistic preconditions (specific market state, signer with limited but obtainable role). Patch should ship in next release. |
| Medium | Hardening issue, partial loss possible, or invariant violation requiring privileged signer or improbable state. Worth fixing in normal cadence. |
| Low | Minor issue with no plausible path to fund loss. Code-quality or defense-in-depth concern. |
| Info | Informational. No security impact. Documentation or style suggestion. |
This cycle was produced by Jelleo's continuous, hypothesis-driven Solana audit loop.
Every finding originates as a falsifiable invariant claim from a per-protocol
hypothesis library, dispatched to multi-agent recon (Layer 1), promoted on
contested verdicts via adversarial debate (Layer 1.5), and confirmed empirically
via a cargo test proof-of-concept (Layer 2) before transitioning to
confirmed. Confirmed findings auto-fire structural sibling derivation
and cross-protocol propagation hooks, then move through a restricted lifecycle
(new → triaged → confirmed → disclosed → fixed → verified).
Every cycle is signed Ed25519 against the platform key — see the cover-page receipt.
Full spec: docs/methodology/ (eleven sections, §01–§10) · Live reference: jelleo.com/methodology.html · Inaugural disclosure: aeyakovenko/percolator-prog#39 (F7, 2026-04)