Name: blockchain-black-team
Author: kjaylee

Blockchain Black Team — Real-World Attack Simulation

When to Use This vs Others

Use this (Black Team) when you want historically proven attack vectors mapped to real incidents and immediate exploitability checks.
Use blockchain-red-team for novel/zero-day style techniques and bypass research beyond known patterns.
Use blockchain-purple-team for meta-level coverage gaps, audit failure causes, and architecture/ops blind spots.

Execute battle-tested attack vectors from 90+ historical blockchain incidents ($10B+ total losses) against target protocol code. (Matrix: 139+ named vectors + META-01~71 + B73~B82 = 210+ total entries | last updated 2026-06-13 | note: A52 = Drift Protocol fake token + admin key $285M [CONFIRMED 2026-04-09 full postmortem]; D45 = Resolv Labs supply chain → signing authority $25M; A90 = A78 duplicate; A85/A86 reserved; A91 = BCE burn/fee-on-transfer AMM reserve manipulation; A92 = low-cost rapid-quorum governance attack; A93 = Loopscale RateX pricing manipulation $5.8M; A94 = Drift Protocol durable-nonce admin takeover [=A105/A106]; A95 = Anchor reload owner-drift bypass; A107 = AMM reserve desync via dead-address burn (TMM/BSC $1.665M); A131 = forgeable liquidity-addition intent detection / pair-balance heuristic spoofing; A132 = Anchor custom discriminator nullification / empty-prefix type boundary collapse; B73 = LiteLLM PyPI supply chain; B74 = GlassWorm Wave 5 Solana C2 + developer supply chain; B75 = RUSTSEC-2026-0078 intaglio; B76 = Token-2022 delegate check gap; B77 = durable nonce approval laundering; B78 = wide cross-slot sandwich Firedancer era; B79 = x402 grant-before-settlement / payment-service correspondence collapse; B80 = deniable covert asset transfer / MEV-indistinguishable loss staging; B81 = sealed MEV auction builder defection / ex-post bundle replication; B82 = out-of-order control-plane ACK identity rebinding / trusted-peer rewrite; A105 = persistent nonce durable pre-signed bypass; A106 = stablecoin issuer CCTP exfil via inaction; A113 = Token-2022 Extension Authority-Meta Elision / Control-Plane Freeze; A114 = Signed-Amount Donation Polarity Inversion / Insurance-Fund Drain; A119 = Immutable Legacy Package / Shared-State Version-Gate Bypass; A120 = Multi-Hop Route Minimum Aggregation / Terminal-Settlement Mismatch; A121 = Fixed-Polynomial Evaluation Opening Omission / Same-VK Proof Forgery; A125 = Cross-Chain Export Semantic Completeness / Economically-Unbacked Validated Release; A127 = External Authorization Root Injection / Attacker-Chosen Signature Oracle; A129 = Null-Authority Sentinel / Zero-Address Signature Truthiness Collapse; A130 = Anchor CPI Return-Data Invoke-Time Snapshot Gap / Same-Program Late-Overwrite; D51 = Anchor JS Lockfile Drift / Semver-Satisfying Supply-Chain Smuggle; D53 = Recursive DNS Sibling-Zone NS Cache Poisoning / Parent-Pool Zone-Context Elevation; D54 = Multi-Round Transaction Simulation Dependency-Bomb / Bundle-Service Asymmetric DoS; D55 = DNSSEC Closest-Encloser Root-Stall Loop / Cross-Zone Validation OOM; A118 = zkVM guest unchecked deserialization / enum jump-table proof forgery; META-46 = AI Agent Self-Learned MEV Pattern + Certora FV democratization; META-47 = quantum ECC break timeline shrinking (Google Research 2026-04); META-48 = OCHTG; META-49 = Executable Configuration Trust Drift; META-50 = Admissibility Security Gap; META-51 = Provenance-Carried Authority Gap; META-52 = Metric-Optimized Security Mirage; META-53 = Runbook-to-Actuator Binding Gap; META-54 = Declared-Role / Effective-Authority Gap; META-55 = Declared-Constraint / Resolver-Enforcement Gap; META-56 = Collateral Listing Trust Import Gap; META-57 = Counted-Redundancy / Correlated-Failover Gap; META-58 = Default-Path / Scope-Carveout Responsibility Gap; META-59 = Nominal-Path / Exception-Path Assurance Asymmetry; META-60 = Recoverability-Collateralized Security Gap; META-61 = Assurance-Halo Transitivity Gap; META-62 = Certainty-Seeking Containment Gap; META-63 = Invariant-to-Operations Promotion Gap; META-64 = Revocation-Surface Completeness Gap; META-65 = Assurance-Commoditization / Response-Scarcity Gap; META-66 = Assurance-Plane Failure Semantics Gap; META-67 = Validation Cost-Ceiling Gap; META-68 = Decommission-Semantics / Legacy-Liveness Gap; META-69 = Provisional-State / Irreversible-Entitlement Gap; META-70 = Node-Audit / Edge-Semantics Gap; META-71 = Terminal-State / Sentinel Admissibility Gap)

When to Use

Security audit of smart contracts (Solana Anchor, Solidity, CosmWasm)
Attack simulation / penetration testing of DeFi protocols
Pre-mainnet security hardening
Hackathon security review
Post-incident analysis using real-world patterns

Quick Start

Read the target codebase (on-chain + off-chain)
Load references/attack-matrix.md for the 44+ vector framework
For each vector: map historical pattern → target code → attack scenario → severity
Output structured report with PoC sketches for CRITICAL/HIGH findings

Attack Matrix (90 Vectors, continuously extended)

The full matrix with historical references, code-level mechanisms, and defense patterns is in references/attack-matrix.md. Summary:

A. Smart Contract (core 13 + extended A32/A33/A34/A35/A36/A38)

| # | Vector | Historical Example | Typical Severity | |---|---|---|---| | 1 | Reentrancy | The DAO ($60M), Curve/Vyper ($70M) | HIGH-CRITICAL | | 2 | Flash Loan | Mango ($114M), Euler ($197M) | CRITICAL | | 3 | Oracle Manipulation | Mango, BonqDAO ($120M) | CRITICAL | | 4 | Access Control | Ronin ($624M), Wormhole ($320M) | CRITICAL | | 5 | Integer Overflow/Underflow | Compound ($147M) | HIGH | | 6 | Account Substitution (Solana) | Cashio ($52M) | HIGH | | 7 | Signature Replay | Wintermute ($160M) | HIGH | | 8 | Front-running/Sandwich | MEV ecosystem | MEDIUM | | 9 | Proxy Upgrade Attack | Nomad ($190M) | HIGH | | 10 | Logic Bug | Compound ($147M), Cream ($130M) | HIGH | | 11 | Rent/Lamport Drain (Solana) | Multiple | LOW-MEDIUM | | 12 | CPI Confusion (Solana) | Crema ($8.8M) | HIGH | | 13 | PDA Seed Collision (Solana) | Multiple | MEDIUM |

B. Off-chain/Keeper (core 7 + extended B29/B35/B36/B37/B38)

| # | Vector | Historical Example | Typical Severity | |---|---|---|---| | 14 | RPC Manipulation | Multiple | HIGH | | 15 | Key Compromise | Ronin ($624M), Harmony ($100M), IoTeX ioTube ($4.4M) | CRITICAL | | 16 | Race Condition | Multiple keeper exploits | MEDIUM | | 17 | Checkpoint Poisoning | Novel | HIGH | | 18 | Config Injection | Multiple | HIGH | | 19 | Memory/Log Leak | Slope wallet drain | MEDIUM | | 20 | Denial of Service | Solana network halts | MEDIUM | | 29 | AI Agent Prompt-Injection Confused-Deputy | Trail of Bits Comet audit (2026) | HIGH | | 37 | AI Agent Steganographic Oversight Evasion | arXiv 2602.23163 (2026-02-26) | HIGH | | 38 | Multi-turn Tool-Return Boundary Takeover (IPI) | arXiv 2602.22724 + 2602.22302 (2026-02-25/26) | HIGH |

C. Economic (6 vectors)

| # | Vector | Historical Example | Typical Severity | |---|---|---|---| | 21 | Bank Run / Depeg | UST/LUNA ($40B), USDC SVB | CRITICAL | | 22 | Collateral Manipulation | stETH depeg, Tether FUD | CRITICAL | | 23 | Governance Attack | Beanstalk ($182M) | HIGH | | 24 | Sybil Attack | Multiple | MEDIUM | | 25 | MEV Extraction | MEV ecosystem | MEDIUM | | 30 | Liquidity-Exhaustion Griefing | Intent bridge study (2026) | MEDIUM |

C. Economic (6 vectors + A59)

| # | Vector | Historical Example | Typical Severity | |---|---|---|---| | 59 | DEX Aggregator Solver Race-to-Minimum / Thin-Pool Routing | Aave/CoWSwap ($50M loss, 2026-03-12) | HIGH (if DEX integration) |

D. Infrastructure (core 4 + extended D32/D33/D34)

| # | Vector | Historical Example | Typical Severity | |---|---|---|---| | 26 | Frontend XSS/Injection | BadgerDAO ($120M) | HIGH | | 27 | RPC Endpoint Takeover | Multiple | HIGH | | 28 | Supply Chain | event-stream, ua-parser-js | HIGH | | 31 | Protocol-Metadata Confusion (IDL/Schema Trust) | Anchor IDL external-account patch (2026) | HIGH | | 43 | Security-Tooling Inversion — Force-Push Tag Hijack | Trivy v0.69.4 / TeamPCP (2026-03-19, CVE-2026-28353) | HIGH |

Daily Evolution Log (Recent)

| Date (KST) | Incident | Vector Mapping | Delta Applied | |---|---|---|---| | 2026-06-13 | Purple meta sweep (최근 7일 web_fetch + local matrix / red / blue / live-path cross-read): SlowMist의 Raydium / Haedal Vault / NovaBox / Syscoin Bridge / Humanity Protocol / OpenMonero P2P, Anchor #4645, 그리고 기존 docs/microstable-blue-v14-report.md / docs/microstable-blue-v15-report.md / docs/red-team-techniques.md / docs/microstable-purple-team-daily-findings.md 를 current Microstable artifact와 함께 대조했다. Admission result: 오늘은 새 named vector도 새 META admission도 없고 reinforcement-only 판정이다. strongest purple signal은 legacy-live authority, edge-semantics binding, validated != economically backed, operator compromise + delayed containment 네 축이었다. 따라서 오늘 창은 기존 META-68, META-70, A125, META-53/META-66, 그리고 recent A132 review checkpoint를 더 날카롭게 만든 날로 기록한다. Microstable architecture check: reviewed live paths 기준 신규 architecture finding은 없고, PT-ARCH-2026-0515-01, PT-ARCH-2026-0526-01, PT-ARCH-2026-0606-01 carry-forward만 유지한다. | META-68 + META-70 + A125 + META-53/66 reinforcement | 0 NEW vectors, purple reinforcement-only. Matrix count unchanged at 139+ named vectors + META-01~71 + B73~B82 = 210+ total entries. No new active CRITICAL/HIGH; today strengthens decommission manifest, edge manifest, type-boundary negative tests, and ops containment SLA checkpoints. | | 2026-06-13 | Source sweep (최근 7일 web_fetch + local cross-read + live-code re-read): Anchor master commit feed의 fix account zeroed discriminator detection (#4645), SlowMist/rekt/Trail of Bits/OtterSec/RustSec/arXiv 최근 창, 그리고 attack-matrix.md / solana-specific.md / docs/red-team-techniques.md / current Microstable live path를 함께 대조했다. Admission result: 오늘은 새 named vector 1건 을 반영했다. strongest signal은 Anchor custom discriminator patch였다. 핵심은 단순히 0 literal을 금지하느냐가 아니라, empty/all-zero-equivalent discriminator가 typed account identity prefix를 사실상 지워 same-owner typed admission을 body decode 수준으로 약화시킬 수 있다 는 점이다. 이를 A132 Anchor Custom Discriminator Nullification / Empty-Prefix Type Boundary Collapse 로 분리했다. Syscoin/Raydium/NovaBox/최근 RustSec는 오늘 창에서는 강화 신호로 충분했고 별도 신규 번호까지는 올리지 않았다. Microstable architecture check: programs/microstable/src/lib.rs / keeper/src/ 재검토 결과 #[account(discriminator = ...)] override usage는 없고, read_pyth_price_update() 와 wire::decode_account() 둘 다 explicit non-empty discriminator check를 강제해 A132는 NOT ACTIVE today 다. | A132 NEW | +1 NEW vector. Matrix state now 139+ named vectors + META-01~71 + B73~B82 = 210+ total entries. No new active CRITICAL/HIGH beyond carry-forward set. | | 2026-06-13 | Source sweep (최근 7일 web_fetch + direct HTML parse artifact + live-code re-read): SlowMist / rekt / GitHub Advisory solana query / Solana ecosystem security / Trail of Bits / OtterSec / Neodyme / Immunefi 인덱스를 다시 교차 검토했다. Admission result: 오늘은 새 named vector도 새 meta pattern도 없고, 기존 매트릭스에 이미 흡수된 신호만 재확인 했다. 다만 오늘 창에서 아직 attack-matrix 본문에 명시적으로 박아두지 않았던 strongest reinforcement는 Syscoin Bridge 였다. malformed SPV proof를 relay parser가 의미론적으로 잘못 받아들이며 truthful-looking validation 결과가 곧 economically-backed release 권한은 아니라는 점 을 다시 보여줘 A125 Cross-Chain Export Semantic Completeness / Economically-Unbacked Validated Release 를 강화했다. Microstable architecture check: programs/microstable/src/lib.rs / keeper/src/ / docs/index.html 재검토 결과 live bridge / export / wrapped-collateral release path는 보이지 않았다. 따라서 A125 Syscoin variant는 NOT ACTIVE today 다. Raydium / Haedal / NovaBox는 전일 admission 범위에 그대로 유지했다. | A125 reinforcement | 0 NEW vectors, +1 reinforcement. Matrix count unchanged at 138+ named vectors + META-01~71 + B73~B82 = 209+ total entries. No new active CRITICAL/HIGH beyond B45 HIGH carry-forward. | | 2026-06-12 | Source sweep (최근 7일 web_fetch + local matrix/live-code re-read): SlowMist front page의 Raydium / NovaBox / Humanity Protocol / Haedal Vault / Syscoin Bridge, rekt의 Syscoin / Gravity Bridge / TESSERA current post list, GitHub Advisory solana query, Trail of Bits / OtterSec / Neodyme / Immunefi 인덱스를 current Microstable live path와 함께 대조했다. Admission result: 오늘은 새 named vector나 새 meta pattern admission은 없고, 2건의 reinforcement만 반영 했다. strongest signal은 Raydium + NovaBox 였다. Raydium 은 deprecated Solana AMM V3에서 pool-specific LP mint identity 미검증 → fake LP mint → proportion-check bypass 를 보여줘 A6 Account Substitution (Solana) 를 강화했고, NovaBox 는 dividend distribution이 deposit/withdraw balance update보다 먼저 실행되면 old-share snapshot과 new-balance state가 어긋나 phantom payout이 생긴다 는 점에서 A10 Logic Bug 를 강화했다. Microstable architecture check: reviewed programs/microstable/src/lib.rs / keeper/src/ / docs/app.js 에서 raydium·lp mint·amm pool·reward dividend·share-distribution path를 확인하지 못했다. 따라서 A6 Raydium variant 와 A10 NovaBox variant 모두 NOT ACTIVE today 다. | A6 + A10 reinforcement | 0 NEW vectors, +2 reinforcements. Matrix count unchanged at 138+ named vectors + META-01~71 + B73~B82 = 209+ total entries. No new active CRITICAL/HIGH beyond B45 HIGH carry-forward. | | 2026-06-11 | Purple meta sweep (최근 7일 web_fetch + local matrix / blue-red-blue-report cross-read): SlowMist front page의 DTXT/USDT / Haedal Vault, Trail of Bits의 The sorry state of skill distribution 재확인, GitHub foundry-rs/foundry#14437, 그리고 docs/microstable-blue-v14-report.md / docs/microstable-blue-v15-report.md 를 current Microstable artifact와 함께 대조했다. Admission result: 오늘은 새 named vector나 새 meta pattern admission은 없고, 2건의 reinforcement만 반영 했다. strongest signal은 Haedal Vault + DTXT/USDT 조합이었다. Haedal Vault 는 deprecated deposit path와 new redeem path가 공존할 때 upgraded path exists 와 old authority is dead 가 다르다는 점을 다시 보여줘 META-68 Decommission-Semantics / Legacy-Liveness Gap 강화 근거가 됐다. DTXT/USDT 는 reserve 파괴 없이도 pair balance heuristic이 addLiquidity intent proof처럼 오용될 수 있음을 보여줘, 퍼플 관점에서는 META-70 Node-Audit / Edge-Semantics Gap 강화 신호였다. Microstable architecture check: blue v15는 legacy unsigned checkpoint load, default HMAC key, filename-based unsigned config 예외를 제거해 META-68 계열 일부를 선제 완화했고, reviewed on-chain/keeper path에는 amm·pair·lp·liquidity-intent classifier가 없어 A131/META-70 AMM variant는 NOT ACTIVE today 다. | META-68 + META-70 reinforcement | 0 NEW vectors, +2 reinforcements. Matrix count unchanged at 138+ named vectors + META-01~71 + B73~B82 = 209+ total entries. No new active CRITICAL/HIGH beyond B45 HIGH carry-forward. | | 2026-06-11 | Source sweep (최근 7일 web_fetch + local matrix/live-code re-read): SlowMist front page의 DTXT/USDT / Haedal Vault / Syscoin Bridge / Ambient Finance, Trail of Bits의 The sorry state of skill distribution 재확인, Anchor/SPL public commit feed, RustSec advisories index, 그리고 current Microstable live path를 함께 대조했다. Admission result: 오늘은 새 named vector 1건 을 반영했다. strongest signal은 DTXT/USDT 였다. 핵심은 reserve 자체를 깨는 것이 아니라, pair에 paired asset dust를 먼저 넣어 addLiquidity 판정을 위조하고 sell-side fee/guard branch를 우회 할 수 있다는 점이다. 이를 A131 Forgeable Liquidity-Addition Intent Detection / Pair-Balance Heuristic Spoofing 으로 분리했다. Haedal Vault 는 cross-version share inflation으로 A10, Syscoin Bridge 는 validation/export semantics로 A125 강화 신호였지만 오늘 별도 신규 번호까지는 올리지 않았다. Microstable architecture check: 요청 경로 /microstable/solana/programs/microstable_core/src/lib.rs 는 absent 였고, 대체 검토한 programs/microstable/src/lib.rs / keeper/src/ 에서 raydium·orca·jupiter·amm·swap·pair·lp·sell/liquidity-intent classifier path는 확인되지 않았다. 따라서 A131은 NOT ACTIVE today 다. | A131 NEW | +1 NEW vector. Matrix state now 138+ named vectors + META-01~71 + B73~B82 = 209+ total entries. No new active CRITICAL/HIGH beyond B45 HIGH carry-forward. | | 2026-06-09 | Purple meta sweep (최근 7일 web_fetch + local matrix / blue-red document cross-read): Morgan Lewis의 Keys to Success in Cyber Incident Response in 2026 (2026-06-04), SlowMist front page의 Syscoin Bridge / Ambient Finance / Gnosis Pay (2026-06-01~08), Trail of Bits의 The sorry state of skill distribution (2026-06-03), GitHub foundry-rs/foundry#14437 (current re-check), 그리고 Certora / Runtime Verification public blog listing fetch를 current Microstable / local docs와 함께 대조했다. Admission result: 오늘은 새 named vector나 새 meta pattern admission은 없고, 2건의 reinforcement만 반영 했다. strongest signal은 Morgan Lewis + SlowMist였다. 공통 교훈은 runbook, scanner verdict, invariant tooling, monitored status의 존재가 곧 containment capability나 trustworthy assurance semantics가 아니라는 점 이다. 실제 실패는 누가, 어떤 예외 경로로, 어떤 off-band 채널과 command artifact로 freeze / revoke / manual mode를 발사하는지, 그리고 assurance plane이 흔들릴 때 시스템이 어떤 의미론으로 전환되는지에서 갈린다. 오늘 창의 purple strongest signal은 새 구조라기보다 기존 META-53 Runbook-to-Actuator Binding Gap 과 META-66 Assurance-Plane Failure Semantics Gap 강화다. Microstable architecture check: current public artifact에는 live bridge release path가 없어 bridge-validation lane은 NOT ACTIVE today 다. 다만 manual oracle mode / emergency shutdown / RPC degraded path 는 이미 존재하므로, containment semantics는 LOW current / MEDIUM-if-operator-UI expansion carry-forward로 유지한다. | META-53 + META-66 reinforcement | 0 NEW vectors, +2 reinforcements. Matrix count unchanged at 137+ named vectors + META-01~71 + B73~B82 = 208+ total entries. No new active CRITICAL/HIGH beyond B45 HIGH carry-forward. | | 2026-06-08 | Purple meta sweep (최근 7일 web_fetch + local matrix / blue-red document cross-read): CoinDesk의 Aave rsETH 포스트모템 기사, Trail of Bits의 The sorry state of skill distribution 재확인, GitHub foundry-rs/foundry#14437, Certora의 Proving P-Token, Immunefi metrics page (last updated 2026-06-07 16:00 UTC)를 current Microstable / local docs와 함께 대조했다. Admission result: 오늘은 새 named vector도 새 meta pattern도 없고, 1건의 reinforcement만 반영 했다. strongest signal은 Aave였다. 핵심은 Aave code가 아니라 LayerZero bridge verification failure로 발행된 unbacked rsETH가 downstream lending collateral로 받아들여졌다는 점 이고, 그래서 Aave가 listing standard를 bridge / oracle dependency / custodian / operational security 까지 넓히겠다고 밝힌 것이다. 이는 새 구조라기보다 기존 META-56 Collateral Listing Trust Import Gap 과 A125 Cross-Chain Export Semantic Completeness 의 실전 후속 증거다. Microstable architecture check: current public artifact에는 live bridge collateral listing / wrapped-asset admission surface가 보이지 않아 A125/META-56 강화 신호는 NOT ACTIVE today 다. | A125 + META-56 reinforcement | 0 NEW vectors, +1 reinforcement. Matrix count unchanged at 137+ named vectors + META-01~71 + B73~B82 = 208+ total entries. No new active CRITICAL/HIGH beyond B45 HIGH carry-forward. | | 2026-06-08 | Source sweep (최근 24h~7d web_fetch + live code re-read + local matrix cross-read): hacked.slowmist.io/en/ 의 ATM / BYToken / ApeBond / Gnosis Pay, rekt.news front page, https://github.com/advisories?query=solana, https://solana.com/news/solana-ecosystem-security, https://blog.trailofbits.com/2026/, https://osec.io/blog/, https://neodyme.io/en/blog/, 그리고 current Microstable code paths를 교차 검토했다. Admission result: 오늘은 새 named vector는 없고 3건의 reinforcement만 반영 했다. ATM 은 custom transferFrom() 이 transferred amount의 약 20% 를 BSC-USD 로 자동 스왑하는 구조여서 A91 transfer-hook reserve manipulation family 강화 근거가 됐다. BYToken 은 public triggerAutoBurn() 이 LP pair에서 직접 BY를 태우고 pair.sync() 로 왜곡된 reserve를 정본화한 사례라 A107 out-of-band LP balance mutation + reserve acceptance 강화 근거가 됐다. ApeBond 는 migrateToVotingEscrow 가 duplicate pool IDs를 받아 같은 경제적 source를 여러 번 집계한 사례라 A10 duplicate-identifier batch inflation 강화 근거가 됐다. GitHub / Solana / Trail of Bits / OtterSec / Neodyme / Immunefi 재점검에서는 새 Solana / Anchor / SPL 코드-메커니즘 advisory 는 확인되지 않았다. Microstable Part B sweep 결과 programs/microstable/src/lib.rs, keeper/src/, docs/index.html, docs/app.js, solana/Cargo.lock 재확인 기준으로 오늘도 B45 ❌ HIGH unchanged, A75 ⚠️ MEDIUM carry-forward, A43 ⚠️ MEDIUM carry-forward, D27 ⚠️ MEDIUM partial, B15/META-70 ⚠️ MEDIUM partial, A115 ⚠️ MEDIUM active-latent, D26 ⚠️ LOW carry-forward 를 유지했다. lib.rs:2360-2364 owner binding도 그대로라 META-71 active lane은 재확인되지 않았다. | A10 + A91 + A107 reinforcement | 0 NEW vectors, +3 reinforcements. Matrix count unchanged at 137+ named vectors + META-01~71 + B73~B82 = 208+ total entries. No new CRITICAL/HIGH beyond B45 HIGH carry-forward. | | 2026-06-06 | Purple meta sweep (최근 7일 web_fetch + local matrix / blue-red document cross-read): Trail of Bits의 The sorry state of skill distribution, SlowMist front page의 ATM / Phala Cloud / Fluid / Gnosis Pay / Gravity Bridge / Alephium Bridge, Immunefi metrics page (last updated 2026-06-05 16:00 UTC), GitHub foundry-rs/foundry#14437, SecurityWeek의 Google bug bounty payouts 기사를 current Microstable / local docs와 함께 대조했다. Admission result: 오늘은 새 named vector나 새 meta pattern admission은 없고, 1건의 reinforcement만 반영 했다. strongest signal은 Trail of Bits 기사였다. 핵심은 악성 skill 존재 자체보다, scan passed 배지가 실제 설치·실행 표면과 다를 수 있다는 점 이다. ClawHub, Cisco skill-scanner, skills.sh 통합 스캐너가 100,000 newlines truncation, .docx/ZIP indirection, poisoned .pyc, hidden/opaque file에 우회된 것은 D32 AI Agent Skill/Identity Poisoning 의 실전 우회 증거다. 동시에 이 신호는 새 META라기보다 META-61 Assurance-Halo 배경 강화다. Microstable architecture check: current public artifact에는 marketplace-loaded privileged skill / hosted agent policy import surface가 보이지 않아 D32는 NOT ACTIVE today 다. | D32 reinforcement (scanner-scope trust boundary) | 0 NEW vectors, +1 reinforcement. Matrix count unchanged at 137+ named vectors + META-01~71 + B73~B82 = 208+ total entries. No new active CRITICAL/HIGH beyond B45 HIGH carry-forward. | | 2026-06-05 | Purple meta sweep (최근 7일 web_fetch + local matrix / blue-red document cross-read): SlowMist front page의 ATM / Phala Cloud / Fluid / Gnosis Pay / Gravity Bridge / Alephium Bridge, Immunefi metrics page (last updated 2026-06-04 16:00 UTC), SecurityWeek의 Google bug bounty payouts 기사, GitHub foundry-rs/foundry#14437, 그리고 current Microstable / local docs를 함께 대조했다. Admission result: 오늘은 새 named vector나 새 meta pattern admission은 없고, 1건의 reinforcement만 반영 했다. strongest signal은 Phala Cloud 였다. 이 사건은 API endpoint → pre-launch script rewrite → decrypted env access after boot 로 이어지며, config integrity가 단순 파일 무결성이 아니라 bootstrap control-plane authority 라는 점을 드러냈다. 그래서 신규 번호 대신 B18 Config Injection 의 범위를 static file 에서 pre-start hook / launch template / secret-release bootstrap 까지 넓히는 강화로 편입했다. 동시에 Fluid / Gnosis Pay / Gravity / Alephium 은 여전히 approver key / delay module / signing authority / backend message 같은 edge authority object가 사고 중심이었고, Google VRP 는 cloud/AI bug bounty가 실제 architectural changes를 유도했음을 보여줘 오늘 창의 purple strongest signal이 여전히 META-70 / META-65 / META-66 축임을 재확인했다. Microstable architecture check: current public artifact에는 remote bootstrap script / CVM control-plane / pre-secret-release API surface가 보이지 않아 B18 bootstrap variant는 NOT ACTIVE today 다. | B18 reinforcement (bootstrap control-plane provenance) | 0 NEW vectors, +1 reinforcement. Matrix count unchanged at 137+ named vectors + META-01~71 + B73~B82 = 208+ total entries. No new active CRITICAL/HIGH beyond B45 HIGH carry-forward. | | 2026-06-05 | Source sweep (최근 7일 web_fetch + Anchor public PR/commit cross-read + local matrix/live-code re-read): Anchor public PR #4624 / commit e5a4715 와 PR #4632 / commit 94df365, 그리고 current Microstable live path를 함께 대조했다. Admission result: 오늘은 새 named vector 1건 + reinforcement 1건 을 반영했다. #4624 는 Return<T>::get() 가 program_id 를 검증해도 invoke-time snapshot이 없으면 같은 program id를 가진 later CPI overwrite 를 막지 못한다는 점을 보여줘 A130 Anchor CPI Return-Data Invoke-Time Snapshot Gap / Same-Program Late-Overwrite 로 분리했다. 반면 #4632 는 Token-2022 extensions::* constraint가 init_if_needed 경로에서 checked라고 가정하면 안 된다는 문서화로, 신규 번호보다는 A113 + META-58 reinforcement 로 편입했다. Microstable architecture check: 요청 경로 /microstable/solana/programs/microstable_core/src/lib.rs 는 여전히 absent 였고, 대체 검토한 programs/microstable/src/lib.rs / keeper/src/ 에서 Return::<T>·get_return_data·set_return_data·Token-2022 extension path는 확인되지 않았다. 따라서 A130 / Token-2022 carveout 모두 NOT ACTIVE today 다. | A130 NEW + A113/META-58 reinforcement | +1 NEW vector, +1 reinforcement. Matrix state now 137+ named vectors + META-01~71 + B73~B82 = 208+ total entries. No new active CRITICAL/HIGH beyond B45 HIGH carry-forward. | | 2026-06-03 | Purple meta sweep (최근 7일 web_fetch + GitHub public PR cross-read + local matrix cross-read): SlowMist front page의 Fluid / Gravity Bridge / Alephium Bridge / Gnosis Pay, Immunefi metrics page (updated 2026-06-01 16:00 UTC), 그리고 Anchor public PR #4603 / #4617 / #4560 를 current matrix와 함께 대조했다. Admission result: 오늘은 새 named vector도 새 meta pattern도 추가하지 않았다. strongest signal은 두 가지 강화다. 첫째, Anchor #4617 은 optional None 가 program-id sentinel meta로 표현될 수 있음을 보여줘 META-71 Terminal-State / Sentinel Admissibility Gap 을 framework layer까지 sharpen 했다. 둘째, Anchor #4603 은 shorter writeback 뒤 tail scrub이 없으면 “삭제된 상태” 가 raw bytes로 남는다는 점을 공개적으로 인정해 A128 과 terminal state is not dead unless representation also dies 축을 강화했다. incident 쪽에서는 Fluid / Gravity / Alephium / Gnosis Pay 가 계속 approver key / trusted peer / backend / delay module 같은 edge authority object 가 사고 중심임을 보여줘 META-70 Node-Audit / Edge-Semantics Gap 강화 근거가 됐다. Microstable architecture check: current public artifact에는 active optional-sentinel auth lane이 보이지 않아 신규 active CRITICAL/HIGH는 없지만, future signed-claim / peer-manifest / optional evidence object에서는 presence bit ↔ identity value 분리가 필수라는 LOW current / MEDIUM-if-expansion watch 1건을 추가했다. | META-71 + A128 + META-70 reinforcement | 0 NEW vectors, +3 reinforcements. Matrix count unchanged at 136+ named vectors + META-01~71 + B73~B82 = 207+ total entries. No new active CRITICAL/HIGH beyond B45 HIGH carry-forward. | | 2026-06-01 | Purple meta sweep (최근 7일 web_fetch + live incident cross-read + local matrix cross-read): SlowMist front page의 MoneyMon / ONTR / Gravity Bridge / Stake DAO / WUSD.fi-GLOVE / SquidRouterModule, GitHub foundry issue #14437, Immunefi metrics page (updated 2026-05-31 16:00 UTC), 그리고 current Microstable authority edges를 함께 대조했다. New structural gap identified: 팀은 address(0), Pubkey::default(), None, empty root, renounced owner 같은 sentinel/terminal state 를 무해한 빈값으로 느끼지만, 실제 auth path는 그 값을 종종 비교 가능한 정상값 으로 남겨 둔다. 그래서 invalid recovery나 framework special-case가 같은 sentinel로 붕괴하면, 실패해야 할 검증이 성공처럼 보인다. MoneyMon 과 ONTR 는 이 구조를 실사고로 보여줬고, 누적 매트릭스의 A123 은 같은 패턴이 framework sentinel collision으로도 재현됨을 보여준다. 이를 META-71 Terminal-State / Sentinel Admissibility Gap (TSSAG) 으로 추가했다. Microstable architecture check: 현재 공개 artifact에는 active zero-address/default-pubkey auth lane이 보이지 않는다. 다만 future signed claim, admin recovery, bridge/export peer manifest, optional evidence source에는 같은 구조가 쉽게 들어올 수 있어 LOW current / MEDIUM-if-expansion watch 1건을 추가했다. | META-71 NEW | 0 new named vectors, +1 new meta pattern. Matrix state now 136+ named vectors + META-01~71 + B73~B82 = 207+ total entries. No new active CRITICAL/HIGH beyond B45 HIGH carry-forward. | | 2026-06-01 | Source sweep (최근 24h~7d web_fetch + SlowMist live incident HTML parse + prior source cross-read): hacked.slowmist.io/en/ 를 재파싱해 MoneyMon (2026-05-29), ONTR / Joe Agent (2026-05-28), WUSD.fi / GLOVE / SquidRouterModule (2026-05-25) 를 다시 대조하고, 기존 rekt.news, GitHub Advisory solana query, Solana security page, Trail of Bits / OtterSec / Neodyme 인덱스와 누적 매트릭스를 재검증했다. Admission result: 오늘은 새 named vector 1건 + reinforcement 1건 을 반영했다. MoneyMon 과 ONTR 는 공통으로 null / zero-address authority sentinel이 인증 성공값처럼 재사용되는 구조 를 보여줘 A129 Null-Authority Sentinel / Zero-Address Signature Truthiness Collapse 로 분리했다. WUSD.fi / GLOVE 는 per-address incentive assumption + EIP-7702 helper rotation 이라는 점에서 C24 Sybil Attack 강화 근거로 편입했다. GitHub / Solana / Trail of Bits / OtterSec / Neodyme 재점검에서는 새 Solana / Anchor / SPL 코드-메커니즘 advisory 는 확인되지 않았다. Microstable Part B sweep 결과 오늘도 새 active CRITICAL은 없고, active HIGH는 B45 Audit Attestation Gap 1건 이 유지됐다. | A129 NEW + C24 reinforcement | +1 NEW vector, +1 reinforcement. Matrix state now 136+ named vectors + META-01~70 + B73~B82 = 206+ total entries. No new active CRITICAL/HIGH beyond B45 HIGH carry-forward. | | 2026-05-31 | Source sweep (최근 24h~7d web_fetch + SlowMist live incident HTML parse + prior source cross-read): hacked.slowmist.io/en/ 를 재파싱해 Gravity Bridge (2026-05-30), MoneyMon (2026-05-29), Joe Agent / DxSale / ONTR (2026-05-28), Stake DAO / Superfortune (2026-05-27) 를 확인하고, 기존 rekt.news, GitHub Advisory solana query, Solana security page, Trail of Bits / OtterSec / Neodyme 인덱스와 누적 매트릭스를 다시 대조했다. Admission result: 오늘은 새 named vector 추가는 없고, 1건의 reinforcement/timeline delta 만 반영했다. Gravity Bridge 는 compromised contract key or signing authorization → bridge-recognized withdrawal authority inherited 로 설명되는 B15 Key Compromise 강화 사례다. 반면 MoneyMon 은 zero-address / invalid-signature 조합이 흥미롭지만 오늘 창에서는 A4/A7 기존군을 넘어서는 새 메커니즘 formalization 까지는 보류했고, Superfortune 도 recipient-address alteration의 정확한 메커니즘이 아직 address poisoning / tampering / signer UX compromise 중 무엇인지 분리되지 않아 admission을 보류했다. GitHub / Solana / Trail of Bits / OtterSec / Neodyme 재점검에서도 새 Solana / Anchor / SPL 코드-메커니즘 advisory 는 확인되지 않았다. | B15 reinforcement | 0 NEW vectors, +1 reinforcement. Matrix count unchanged at 135+ named vectors + META-01~70 + B73~B82 = 205+ total entries. No new active Microstable CRITICAL/HIGH from this cycle. | | 2026-05-29 | Source sweep (최근 24h~7d web_fetch + SlowMist live incident HTML parse + prior source cross-read): hacked.slowmist.io front page를 재파싱해 Joe Agent (2026-05-28), Stake DAO (2026-05-27), Superfortune (2026-05-27), StablR (2026-05-24) 를 확인하고, 기존 rekt.news, GitHub Advisory solana query, Solana security page, Trail of Bits / OtterSec / Neodyme 인덱스와 누적 매트릭스를 다시 대조했다. Admission result: 오늘은 새 named vector 추가는 없지만 2건의 reinforcement/timeline delta 를 반영했다. Joe Agent 는 _removeLiquidityViaContract 의 external call before lpInfo[user].lpAmount update 로 설명되는 전형적 A1 Reentrancy 강화 사례이고, Stake DAO 는 compromised deployer key → LayerZero v2 setPeer() trusted-peer rewrite → forged cross-chain mint 로 설명되는 B15 Key Compromise 강화 사례다. 반면 Superfortune 은 recipient-address alteration의 정확한 메커니즘이 아직 address poisoning / tampering / signer UX compromise 중 무엇인지 분리되지 않아 admission을 보류했고, StablR 도 현재 공개 근거가 Private Key Leakage + CCTP/Noble fund flow 수준에 머물러 있어 독립 메커니즘 formalization을 보류했다. GitHub / Solana / Trail of Bits / OtterSec / Neodyme 재점검에서도 새 Solana / Anchor / SPL 코드-메커니즘 advisory 는 확인되지 않았다. | A1 reinforcement + B15 reinforcement | 0 NEW vectors, +2 reinforcements. Matrix count unchanged at 135+ named vectors + META-01~70 + B73~B82 = 205+ total entries. No new active Microstable CRITICAL/HIGH from this cycle. | | 2026-05-28 | Source sweep (최근 24h~7d web_fetch + live code re-read + local matrix cross-read): hacked.slowmist.io front page, rekt.news front page, https://github.com/advisories?query=solana, https://solana.com/news/solana-ecosystem-security, https://blog.trailofbits.com/2026/, https://osec.io/blog/, https://neodyme.io/en/blog/, Immunefi metrics page, 그리고 current Microstable code paths를 교차 검토했다. Admission result: 오늘은 새 named vector도, 새 matrix reinforcement도 추가하지 않았다. 이유는 in-window 실사고들이 모두 기존 축으로 이미 흡수되기 때문이다: SKP 는 token-side LP balance mutation + sync() 형태의 A91/A107 AMM reserve desync family, SquidRouterModule 는 trusted module 위의 A4 access-control / arbitrary-calldata 붕괴, Mure 는 A127 external authorization root injection, Fractal Protocol 은 callback-driven recursive vault accounting / share-rounding 계열로 설명 가능했다. GitHub / Solana / Trail of Bits / OtterSec / Neodyme spot check에서도 새 Solana / Anchor / SPL 코드-메커니즘 advisory 는 확인되지 않았다. Microstable Part B sweep 결과 programs/microstable/src/lib.rs, keeper/src/, docs/index.html, docs/app.js, solana/Cargo.lock 재확인 기준으로 오늘도 B45 ❌ HIGH unchanged, A115 ⚠️ MEDIUM active-latent, D27 ⚠️ MEDIUM partial, A75 ⚠️ MEDIUM carry-forward, A43 ⚠️ MEDIUM carry-forward, D26 ⚠️ LOW carry-forward 를 유지했다. | No new matrix delta | 0 NEW vectors, 0 matrix edits. Timeline/finding artifacts only. No new CRITICAL/HIGH beyond B45 HIGH carry-forward. | | 2026-05-27 | Source sweep (최근 7일 web_fetch + live code re-read + local matrix cross-read): hacked.slowmist.io front page, RustSec RUSTSEC-2026-0144 / 0146 / 0149 / 0150, arXiv smart-contract recent search, Anchor/SPL recent commit feeds, 그리고 current Microstable code paths를 교차 검토했다. Admission result: 오늘 새 named vector는 B82 Out-of-Order Control-Plane ACK Identity Rebinding / Trusted-Peer Rewrite 1건이다. 핵심은 verifier 위조나 static config 주입이 아니라, out-of-order ACK가 trusted arbitrator / node address 자체를 공격자 endpoint로 재바인딩 하여 이후 deposit/multisig/session bootstrap을 가짜 peer 위에서 진행시킨다는 점이다. 이는 기존 B16 generic race, B18 config injection, A127 authorization-root injection 과 다른 control-plane phase-ordering authority failure 다. Microstable Part B sweep 결과 요청 경로 /microstable/solana/programs/microstable_core/src/lib.rs 는 여전히 absent 였고, 대체 검토한 programs/microstable/src/lib.rs 와 keeper/src/ 에서 ACK/handshake/arbitrator peer-rebinding state machine은 확인되지 않았다. reviewed keeper path는 KeeperConfig 의 rpc_url / secondary_rpc_url / hermes_url 로만 endpoint를 고정하므로 B82는 NOT ACTIVE today 다. Carry-forward는 유지된다: B45 ❌ HIGH unchanged, D27 ⚠️ MEDIUM partial, A75 ⚠️ MEDIUM carry-forward, A43 ⚠️ MEDIUM carry-forward, A115 ⚠️ MEDIUM active-latent, D26 ⚠️ LOW carry-forward. | B82 NEW | +1 NEW vector. Matrix state now 135+ named vectors + META-01~70 + B73~B82 = 205+ total entries. No new CRITICAL/HIGH active finding for current Microstable. | | 2026-05-26 | Purple meta sweep (최근 7일 web_fetch + live code re-read + local matrix cross-read): Cloudflare Project Glasswing (2026-05-18), GitHub foundry issue #14437 recent phased plan, SlowMist front-page incidents Bankr / Butter Bridge / RetoSwap / Mure / WUSD.fi-GLOVE, Immunefi metrics page (updated 2026-05-25 16:00 UTC), 그리고 current Microstable edge paths를 교차 검토했다. New structural gap identified: 팀은 contract, keeper, verifier, dashboard, wallet, AI agent 같은 노드(node) 를 각각 감사하지만, 실제 공격은 점점 edge semantics — signer source provenance, retry/ACK ordering meaning, fallback evidence → privileged mutation 승격, assistant output → wallet authority — 에 붙는다. Cloudflare는 tooling만으로는 부족하고 architecture/process가 함께 바뀌어야 한다고 적었고, Foundry #14437은 invariant engine의 multi-step completeness gap을 공개적으로 인정했다. 이를 META-70 Node-Audit / Edge-Semantics Gap (NAESG) 으로 추가했다. Microstable architecture check: programs/microstable/src/lib.rs, keeper/src/oracle.rs, keeper/src/utils.rs, microstable/docs/app.js 재확인 결과 active exploit은 아니지만 external validated prices → manual oracle mode → update_oracle, secondary RPC degraded state → mutation policy, dashboard bootstrap → runtime endpoint trust 같은 edge semantics manifest가 분산돼 있다. 특히 dashboard runtime cross-check는 사실상 getGenesisHash 에만 엄격하다. 따라서 오늘 MEDIUM latent architecture finding 1건 을 추가했다. | META-70 NEW | 0 new named vectors, +1 new meta pattern. Matrix state now 134+ named vectors + META-01~70 + B73~B81 = 204+ total entries. No new CRITICAL/HIGH active finding for current Microstable. | | 2026-05-26 | Source sweep (최근 7일 web_fetch + live code re-read + local matrix cross-read): hacked.slowmist.io front page, rekt.news front page, RustSec RUSTSEC-2026-0144 / 0146 recheck, 그리고 current Microstable code paths를 교차 검토했다. Admission result: 오늘 새 named vector는 A127 External Authorization Root Injection / Attacker-Chosen Signature Oracle 1건이다. 핵심은 bad signature 자체보다도, 공격자가 signer source / verifier module / authority oracle 자체를 고를 수 있으면 표준 서명 검증이 attacker-owned truth source를 통과하는 모양으로 붕괴한다 는 점이다. 이는 기존 A4 generic access control, A7 partial signature binding, A123 typed-program identity collapse 와 다른 authorization-root provenance failure 다. Microstable Part B sweep 결과 요청 경로 /microstable/solana/programs/microstable_core/src/lib.rs 는 여전히 absent 였고, 대체 검토한 programs/microstable/src/lib.rs 와 keeper/src/ 에서 user-supplied verifier, signer registry injection, plugin auth module surface는 확인되지 않았다. 따라서 A127은 NOT ACTIVE today 다. Carry-forward는 유지된다: B45 ❌ HIGH unchanged, D27 ⚠️ MEDIUM partial, A75 ⚠️ MEDIUM carry-forward, A43 ⚠️ MEDIUM carry-forward, A115 ⚠️ MEDIUM active-latent, D26 ⚠️ LOW carry-forward. | A127 NEW | +1 NEW vector. Matrix state now 134+ named vectors + META-01~69 + B73~B81 = 203+ total entries. No new CRITICAL/HIGH active finding for current Microstable. | | 2026-05-24 | Source sweep (최근 7일 web_fetch + live code re-read + local matrix cross-read): arXiv 2605.22667 (Imperfect Commitment in Maximal Extractable Value Auctions), RustSec advisory index recheck, Anchor/SPL recent commit feeds, 그리고 current Microstable code paths를 교차 검토했다. Admission result: 오늘 새 named vector는 B81 Imperfect Commitment in Sealed MEV Auctions / Builder Ex-Post Bundle Replication 1건이다. 핵심은 private/sealed MEV auction이 public mempool leak를 막더라도, builder 자신이 winning bundle과 bid를 본 뒤 그 경매 결과를 지킬 강제력이 없으면 payload를 복제·치환·지연해 surplus를 흡수할 수 있다 는 점이다. 이는 기존 C25 generic MEV, B67 solver/privacy failure, D54 bundle-simulator DoS, B80 covert transfer 와 다른 operator commitment failure 다. Microstable Part B sweep 결과 요청 경로 /microstable/solana/programs/microstable_core/src/lib.rs 는 여전히 absent 였고, 대체 검토한 programs/microstable/src/lib.rs 와 keeper/src/ 에서 Jito, bundle, sendBundle, block engine, private relay 흔적은 확인되지 않았다. 따라서 B81은 NOT ACTIVE today 다. Carry-forward는 유지된다: B45 ❌ HIGH unchanged, D27 ⚠️ MEDIUM partial, A75 ⚠️ MEDIUM carry-forward, A43 ⚠️ MEDIUM carry-forward, A115 ⚠️ MEDIUM active-latent, D26 ⚠️ LOW carry-forward. | B81 NEW | +1 NEW vector. Matrix state now 133+ named vectors + META-01~69 + B73~B81 = 202+ total entries. No new CRITICAL/HIGH active finding for current Microstable. | | 2026-05-22 | Source sweep (최근 24h~7d web_fetch + direct source pages + local code re-read): hacked.slowmist.io front page, rekt.news front page, https://github.com/advisories?query=solana, https://solana.com/news/solana-ecosystem-security, https://blog.trailofbits.com/2026/, and current Microstable code paths를 다시 교차 검토했다. Admission result: 오늘 named-vector 추가는 없지만, Butter Bridge V3.1 / MAP Protocol 사건을 A32 Cross-Chain Bridge Message Forgery 의 새 강화 근거로 편입했다. 핵심은 forged proof 그 자체보다도, retry-message verification digest가 ambiguous packed serialization 위에 서 있으면 legitimate bridge message authority를 hash collision으로 탈취할 수 있다 는 점이다. 같은 창의 Bankr 는 기존 B29/B38/META AI-agent prompt-injection 축으로 흡수되고, RetoSwap / HermesVault 는 현재 공개 설명만으로는 재사용 가능한 코드 메커니즘 분리가 부족해 신규 delta로 승격하지 않았다. Microstable Part B sweep 결과 현재 repo에는 bridge mint/unlock or cross-chain admin mutation path가 없어 A32는 NOT ACTIVE today 였다. Carry-forward는 유지된다: B45 ❌ HIGH unchanged, B15 ⚠️ MEDIUM partial, D27 ⚠️ MEDIUM partial, A75 ⚠️ MEDIUM carry-forward, D26 ⚠️ LOW carry-forward. | A32 reinforcement (Butter Bridge) | 0 NEW vectors, +1 reinforcement. Matrix state remains 132+ named vectors + META-01~69 + B73~B80 = 201+ total entries. No new CRITICAL finding; B45 HIGH remains the only active HIGH from direct code/path evidence. | | 2026-05-20 | Source sweep (최근 7일 web_fetch + 로컬 cross-read): Verus bridge public incident coverage(2026-05-18), THORChain exploit public incident coverage(2026-05-17), AI agent prompt-injection static-analysis write-up, 그리고 로컬 레퍼런스(references/attack-matrix.md, /Users/kjaylee/.openclaw/workspace/docs/red-team-techniques.md, /Users/kjaylee/.openclaw/workspace/docs/microstable-blue-v14-report.md, /Users/kjaylee/.openclaw/workspace/docs/microstable-blue-v15-report.md)를 대조했다. Admission result: 오늘은 신규 META까지는 아니지만, A125 Cross-Chain Export Semantic Completeness / Economically-Unbacked Validated Release 를 새 named vector로 승인했다. 핵심은 forged message가 없어도, truthful/finalized export가 source-side reserve·burn·lock delta와 결박되지 않으면 destination release가 무담보가 될 수 있다 는 점이다. THORChain 신호는 signer churn / quorum independence 계열 기존 갭 강화로 남겼고, AI agent 신호는 기존 META-38 / META-54 강화로 충분하다고 판정했다. Microstable Part B sweep 결과 오늘 class는 현재 repo에서 NOT ACTIVE 였고, blue v14/v15의 flow cap·manual oracle gating·quorum·upgrade pinning은 유지되지만 미래 bridge / wrapped collateral / reserve attestation 확장 시 A125를 release gate로 승격해야 한다. | A125 new admission | +1 NEW vector. Matrix state is now 132+ named vectors + META-01~69 + B73~B80 = 201+ total entries. No new CRITICAL finding; current Microstable result is future-facing / NOT ACTIVE today. | | 2026-05-19 | Source sweep (7d, web_fetch + fallback-search evidence + local code cross-read): arXiv 2605.13132 (Extending Blockchain Untraceability with Plausible Deniability), RustSec RUSTSEC-2026-0141/0142/0143, Neodyme/Flashbots/arXiv/SPL recent surfaces, 그리고 로컬 레퍼런스(attack-matrix.md, solana-specific.md, docs/red-team-techniques.md, docs/microstable-red-team-daily-findings.md)를 교차 검토했다. Admission result: 오늘 새 named vector는 B80 Deniable Covert Asset Transfer / MEV-Indistinguishable Loss Staging 1건이다. 핵심은 sandwich/arbitrage/large-slippage 같은 ordinary loss-looking event 가 사실은 sender→receiver의 공모된 가치이전일 수 있다는 점이다. 기존 C25 가 제3자 MEV 추출이라면, B80 은 explicit transfer edge 없이도 손실 이벤트 안에 지급을 숨기는 covert transfer primitive다. RUSTSEC-2026-0141/0142/0143 와 기타 최근 surface는 중요하지만 blockchain-black-team의 독립 신규 vector보다는 기존 축 강화에 머물렀다. Microstable Part B sweep: programs/microstable/src/lib.rs 와 keeper/src/ 재확인 결과 DEX/aggregator/solver/Jito 기반 실제 시장 체결 경로는 없고, 현재 rebalance 는 route settlement보다 weight/commit coordination 의미가 강하다. 따라서 B80은 NOT ACTIVE today 다. Carry-forward는 유지된다: B45 ❌ HIGH unchanged, A75 ⚠️ MEDIUM carry-forward, D27 ⚠️ MEDIUM partial, D26 ⚠️ LOW carry-forward. | B80 NEW | +1 NEW vector. Matrix state now 131+ named vectors + META-01~69 + B73~B80 = 200+ total entries. No new CRITICAL/HIGH active finding for current Microstable. | | 2026-05-17 | Purple meta sweep (7d, web_fetch 중심 + local cross-read): arXiv 2605.11781 (Five Attacks on x402 Agentic Payment Protocol), 같은 창의 SlowMist Hacked front-page 재확인, 그리고 로컬 레퍼런스(attack-matrix.md, docs/red-team-techniques.md, misskim-skills/docs/purple-team-meta-analysis.md)를 함께 대조했다. New structural gap identified: 팀은 tx seen, confirmed, facilitator ack, local verify-pass 같은 중간 상태 를 사용자 경험상 충분한 신호로 받아들이고, 그 위에서 API 응답·유료 데이터·도구 실행 같은 되돌릴 수 없는 entitlement 를 먼저 연다. x402 논문은 이 구조가 grant-before-finality, settlement preemption, replay/idempotency collapse, header/proxy confusion, discovery manipulation으로 이어질 수 있음을 보여줬다. 핵심은 단순 x402 bug가 아니라, provisional state를 settlement-grade authority로 오인하는 조직적 설계 오류 다. 이를 META-69 Provisional-State / Irreversible-Entitlement Gap (PSIEG) 으로 추가했다. Microstable architecture check: 현재 repo에는 paid API / x402 / facilitator settlement path가 없고 keeper의 confirmed() / processed() 사용은 외부 entitlement grant와 무관하다. 따라서 오늘 active Microstable finding은 추가되지 않았다. 다만 향후 premium off-chain data, execution credit, agent-to-agent paid tooling을 붙이면 confirmed() 나 local verify를 곧바로 irreversible grant threshold로 쓰지 않는 규칙이 선행돼야 한다. | META-69 NEW | 0 new named vectors, +1 new meta pattern. Matrix state now 130+ named vectors + META-01~69 + B73~B79 = 199+ total entries. No new CRITICAL/HIGH active finding for current Microstable. | | 2026-05-17 | Source sweep (7d, web_fetch + fallback search evidence + subagent note merge + local code cross-read): Anchor #4162 / 9d452e3, RustSec RUSTSEC-2026-0140/0141/0143, arXiv 2605.11781 x402 논문, 그리고 로컬 레퍼런스(attack-matrix.md, solana-specific.md, docs/red-team-techniques.md, docs/microstable-red-team-daily-findings.md)를 교차 검토했다. Admission result: 오늘 새 named vector는 B79 x402 Grant-Before-Settlement / Payment-Service Correspondence Collapse 1건이다. 핵심은 HTTP/API service grant와 asynchronous blockchain settlement를 분리한 구조에서 grant-before-finality, facilitator/resource binding 약화, replay/idempotency 붕괴, cache/header confusion이 한 묶음으로 터지며 payment-service correspondence 자체가 무너진다 는 점이다. A122 는 이미 로컬 레퍼런스 전반에 반영된 중복이었고, RUSTSEC-2026-0140 은 기존 B48 localhost trust-boundary / B60 MCP runtime 축 강화로 충분했다. RUSTSEC-2026-0141/0143 는 중요하지만 blockchain-black-team용 독립 primitive로는 보류했다. Microstable Part B sweep: programs/microstable/src/lib.rs, keeper/src/main.rs, keeper/src/rebalance.rs, keeper/src/utils.rs 재확인 결과 x402/HTTP 402/Permit2/facilitator settlement/paid API path는 없고, keeper의 confirmed() / processed() 사용은 외부 유료 서비스 grant가 아니라 on-chain tx confirmation / agent readiness 판단에 한정된다. 따라서 B79는 NOT ACTIVE today 다. Carry-forward는 유지된다: B45 ❌ HIGH unchanged, A75 ⚠️ MEDIUM carry-forward, D27 ⚠️ MEDIUM partial, D26 ⚠️ LOW carry-forward. | B79 NEW | +1 NEW vector. Matrix state now 130+ named vectors + META-01~68 + B73~B79 = 198+ total entries. No new CRITICAL/HIGH active finding for current Microstable. | | 2026-05-15 | Purple meta sweep (7d, web_fetch + local document cross-read): SlowMist Hacked front page의 Renegade V1 (2026-05-10), Huma Finance V1 (2026-05-11), Aurellion Labs (2026-05-12), Transit Finance legacy TRON (2026-05-13), 그리고 Runtime Verification의 KelpDAO Audit Passed. $292M Left Anyway. (2026-05-15 KST fetched) 를 함께 대조했다. New structural gap identified: 팀은 V2 launch, deprecated label, SDK routing 제거, sunset announcement로 어떤 path가 은퇴했다고 느끼지만, 실제 보안은 old path가 live authority, standing approval, residual fee balance, reinitializer, version counter를 계속 쥐고 있는지 로 결정된다. Renegade/Huma/Transit/Aurellion은 모두 current path is safe 와 old surface is dead 가 다른 문제임을 보여줬다. 이를 META-68 Decommission-Semantics / Legacy-Liveness Gap (DSLLG) 으로 추가했다. 동시에 A119 는 최근 7일 사례들로 강화했다: immutable/legacy path의 핵심은 단순 stale code가 아니라 residual authority persistence 다. Microstable architecture check: Blue v15는 legacy unsigned checkpoint load, 기본 HMAC key, filename-based unsigned config 예외를 제거해 좋은 선행 조치를 이미 했다. 다만 공개 artifact 기준으로는 retired checkpoint/config/binary/RPC/manual-override surface가 모두 hard-fail 하는지 보여주는 decommission manifest가 아직 약하다. 따라서 B45 / D27 / A115 / A75 는 legacy trust surface may still be live 관점의 MEDIUM latent watch로 유지된다. | META-68 NEW + A119 reinforcement | 0 new named vectors, +1 new meta pattern, +1 reinforcement. Matrix state now 129+ named vectors + META-01~68 + B73~B78 = 197+ total entries. No new CRITICAL/HIGH code finding; one MEDIUM latent architecture watch added. | | 2026-05-12 | Source sweep (24h~7d, web_fetch + local code cross-read): hacked.slowmist.io front page, rekt.news, Immunefi blog surfaces, direct incident articles를 다시 교차 검토했다. Admission result: 오늘 새 named vector나 새 meta pattern은 없다. 다만 기존 A4 Access Control 을 강화하는 두 실사고를 누적 문서에 formalize 했다. TrustedVolumes RFQ proxy 는 _allowedOrderSigner[maker][signer] 검증 뒤 transferFrom 으로 다른 주소(resolver)의 승인 잔고를 차감 한 사례이고, Ink Finance Workspace Treasury Proxy 는 whitelisted claimer 통과를 treasury entitlement 검증으로 오인해 flash loan으로 증폭된 drain으로 이어진 사례다. 둘 다 공통적으로 함수 진입 권한과 실제 자금 원천/수령 권한이 같은 주체에 묶이지 않은 A4 principal-binding failure 다. Microstable Part B sweep: programs/microstable/src/lib.rs privileged writes는 계속 require_keeper_quorum() 으로 묶여 있고, user 자산 이동은 authority: ctx.accounts.user.to_account_info() 로 직접 서명 기반이다. keeper/src/config.rs 는 primary/secondary RPC distinct-host만 강제하고, keeper/src/oracle.rs 는 manual oracle fallback write path를 유지하며, docs/app.js 는 cross-RPC quorum을 getGenesisHash bootstrap에만 적용한다. 따라서 A4는 DEFENDED / NOT ACTIVE today 이고, carry-forward는 유지된다: B45 ❌ HIGH unchanged, D27 ⚠️ MEDIUM partial, A115 ⚠️ MEDIUM active-latent, A75 ⚠️ MEDIUM carry-forward, A43 ⚠️ MEDIUM carry-forward, D26 ⚠️ LOW carry-forward. | A4 reinforcement (TrustedVolumes + Ink formalized) | 0 NEW vectors, +1 reinforcement. Matrix state remains 129+ named vectors + META-01~67 + B73~B78 = 196+ total entries. No new CRITICAL/HIGH beyond B45 HIGH carry-forward. | | 2026-05-11 | Source sweep (24h~7d, web_fetch + fallback search evidence + local code cross-read): hacked.slowmist.io front page, Immunefi blog / bug bounty surfaces, GitHub Advisory DB solana query page, Trail of Bits / OtterSec / Neodyme indexes를 다시 교차 검토했다. Admission result: 오늘 새 named vector나 새 meta pattern은 없다. 다만 기존 A4 Access Control 에 이미 흡수된 두 실사고 강화 근거를 오늘자 창으로 재확정했다. ZetaChain GatewayZEVM / GatewayEVM 은 GatewayZEVM.call() 의 무권한 source-side message emission이 downstream GatewayEVM.execute() arbitrary external call과 기존 unlimited approval을 합쳐 gateway 자체를 transferFrom 집행자로 바꾼 사례이고, Ekubo Protocol extension callback 은 IPayer.pay 경로가 attacker-controlled lock payload의 payer/token/amount 를 그대로 token.transferFrom(payer, recipient, amount) 로 흘려 제3자 payer binding 없이 standing approval을 arbitrary drain primitive로 바꾼 사례다. Microstable Part B sweep: programs/microstable/src/lib.rs 의 privileged writes는 계속 require_keeper_quorum() 으로 묶여 있고, mint() / user token authority 경로는 직접 서명 기반이며, keeper/dashboard 재스캔에서도 user-controlled arbitrary external-call dispatcher는 확인되지 않았다. 따라서 A4는 계속 DEFENDED / NOT ACTIVE today 다. Carry-forward는 유지된다: B45 ❌ HIGH unchanged, D27 ⚠️ MEDIUM partial, A115 ⚠️ MEDIUM active-latent, A75 ⚠️ MEDIUM carry-forward, A43 ⚠️ MEDIUM carry-forward, D26 ⚠️ LOW carry-forward. | A4 reinforcement (formalized) | 0 NEW vectors, +1 reinforcement. Matrix state remains 129+ named vectors + META-01~67 + B73~B78 = 196+ total entries. No new CRITICAL/HIGH beyond B45 HIGH carry-forward. | | 2026-05-08 | Purple meta sweep (7d, RustSec + threat-model + bounty-pressure cross-read): RustSec RUSTSEC-2026-0118 / 0119 / 0120 (issued 2026-05-01), Certora Mastering Threat Modeling (2026-05-05), Immunefi bug bounty page (last updated 2026-05-06 16:00 UTC)를 교차 검토했다. New structural gap identified: 팀은 validator, encoder, parser, attestation check, dependency verifier 같은 assurance layer에 대해 정답을 맞게 판별하는가 와 실패하면 어떻게 전환되는가 는 묻지만, 입력 하나가 CPU·메모리·시간 비용을 얼마나 비정상적으로 키울 수 있는가(cost ceiling) 는 별도 보안 경계로 잘 다루지 않는다. RustSec 0118/0120 은 validation path가 root-stall/OOM kill-switch가 될 수 있음을, 0119 는 name-compression encoder가 O(n²) CPU sink가 될 수 있음을 보여준다. Certora는 living threat model의 필요성을, Immunefi는 이런 cheap-to-trigger / expensive-to-process 틈을 계속 탐색하는 경제적 압박을 보여준다. 즉 2026년의 빈틈은 검증이 맞는가 를 넘어, 그 검증면이 감당 가능한 비용 상한 안에서 동작하도록 설계됐는가 다. 이를 META-67 Validation Cost-Ceiling Gap (VCCG) 으로 추가했다. Microstable architecture check: degraded mode와 attestation continuity check는 일부 존재하지만, RPC divergence cross-check / attestation verifier / future validator/prover sidecar에 대해 input bound / allocation ceiling / timeout budget / graceful abort / post-abort evidence 를 한 묶음으로 고정한 증거는 약하다. 따라서 B45 / D27 / A115 / A75 는 여전히 validation cost ceiling 관점의 MEDIUM latent watch다. | META-67 NEW | 0 new named vectors, +1 new meta pattern. Matrix state now 129+ named vectors + META-01~67 + B73~B78 = 196+ total entries. No new CRITICAL/HIGH code finding; one MEDIUM latent architecture watch added. | | 2026-05-06 | Purple meta sweep (7d, RustSec + recent tooling/public-signal cross-read): RustSec RUSTSEC-2026-0118 / 0120 (issued 2026-05-01), GitHub foundry issue #14437 (4 days ago, SCFuzzBench gap note surfaced in search evidence), Immunefi bug bounty page (1 day ago), 그리고 current operational-guidance surfaces를 교차 검토했다. New structural gap identified: 팀은 validator, prover, invariant engine, attestation check, RPC cross-check 같은 assurance plane을 계속 붙이지만, 대개 무엇이 유효한가(pass semantics) 는 정교하게 정의하면서도 그 assurance plane이 hang / diverge / under-detect / timeout 할 때 무엇을 해야 하는가(failure semantics) 는 느슨하게 남긴다. RustSec D55는 검증 경로 자체가 원격 OOM kill-switch가 될 수 있음을 보여주고, Foundry #14437은 널리 쓰는 invariant engine도 여전히 실전 bug class를 놓칠 수 있음을 보여준다. 즉 2026년의 빈틈은 검증을 더 붙였는가 자체보다, 그 검증면이 실패할 때 fail-stop / fail-open / degrade-with-guard 중 어느 정책으로 넘어가며 누가 override 하는가 를 사전에 못 박았는가다. 이를 META-66 Assurance-Plane Failure Semantics Gap (APFSG) 으로 추가했다. Microstable architecture check: secondary RPC degraded mode, Cargo.lock / binary attestation, emergency-only degraded path는 이미 일부 존재한다. 그러나 공개 artifact 기준으로는 RPC divergence, attestation absence, manual oracle override, future validator/prover failure에 대해 동일한 failure-semantics manifest 로 묶은 증거가 약하다. 따라서 B45 / D27 / A115 / A75 는 여전히 assurance plane failure semantics 관점의 MEDIUM latent watch다. | META-66 NEW | 0 new named vectors, +1 new meta pattern. Matrix state now 129+ named vectors + META-01~66 + B73~B78 = 195+ total entries. No new CRITICAL/HIGH code finding; one MEDIUM latent architecture watch added. | | 2026-05-06 | Source sweep (24h~7d, web_fetch 중심 + local code/dependency cross-read): RustSec advisory index와 RUSTSEC-2026-0118 / 0119 / 0120, Anchor commit feed, SPL Token commit feed, Trail of Bits / OtterSec / Neodyme indexes, arXiv cs.CR recent, Flashbots page, CTF repo/spot sources를 다시 교차 검토했다. Admission result: 오늘 새 named vector는 D55 DNSSEC Closest-Encloser Root-Stall Loop / Cross-Zone Validation OOM 이다. 핵심은 Hickory DNSSEC validator의 closest-encloser proof path가 SOA owner ⊂ QNAME ancestor 가정을 깨는 cross-zone 응답을 만나면 root에서 멈춘 채 무한 candidate/hash allocation으로 debug panic 또는 release OOM 에 빠진다는 점이다. 이는 D53 resolver cache poisoning 과 달리 cache를 오염시키지 않고도 validation state machine 자체를 liveness kill-switch 로 바꾼다. RUSTSEC-2026-0119 의 O(n²) name-compression encoder DoS는 CVE-2024-8508 계열 재발현으로 보아 별도 번호는 부여하지 않았다. Microstable Part B sweep: microstable/solana/Cargo.lock, keeper/Cargo.toml, keeper/src/price_feed.rs, programs/microstable/src/lib.rs 재확인 결과 hickory* / trust-dns / custom DNSSEC validating resolver 경로는 없고, 현재 keeper는 reqwest + solana-client + 시스템 DNS 해석 경로를 쓴다. 따라서 D55는 NOT ACTIVE today 다. Carry-forward는 유지된다. | D55 NEW | +1 NEW vector. Matrix state now 129+ named vectors + META-01~65 + B73~B78 = 194+ total entries. No new CRITICAL/HIGH active finding for current Microstable. | | 2026-05-03 | Purple meta sweep (7d, web_fetch + local artifact cross-read): Chainalysis의 Resolv hack(2026-04-30 fetched), OWASP Incident Response Playbook(2026-04-28 fetched), Foundry v1.7.0 release, GitHub claude-bug-bounty repo(2 days ago), Stingrai Crypto Hacking Statistics 2026(3 days ago)를 교차 검토했다. New structural gap identified: invariant/fuzz/FV/AI bug hunting 쪽의 공격 탐색·검증 노동은 빠르게 대중화·병렬화 되는데, 실제 incident 대응에 필요한 authority inventory, actuator binding, freeze/rotate evidence는 여전히 소수 인간이 수동으로 유지하는 희소 자산 으로 남는다. 즉 2026년 격차는 취약점을 찾는 능력 자체보다, 누가 더 싸고 많이 탐색하느냐 와 누가 실제로 닫을 산출물을 항상 최신으로 유지하느냐 사이에서 벌어진다. 이를 META-65 Assurance-Commoditization / Response-Scarcity Gap (ACRSG) 으로 추가했다. Microstable architecture check: black/red/purple 누적 지식과 blue hardening은 충분히 쌓였지만, 공개 artifact 기준으로는 authority inventory, invariant manifest, freeze/rotate command artifact가 아직 문서 중심으로 분산돼 있어 공격 탐색 자동화 > 대응 산출물 최신성 비대칭이 남는다. 따라서 B45 / D27 / A115 / A75 는 여전히 response artifact scarcity 관점의 MEDIUM latent watch다. | META-65 NEW | 0 new named vectors, +1 new meta pattern. Matrix state now 128+ named vectors + META-01~65 + B73~B78 = 193+ total entries. No new CRITICAL/HIGH code finding; one MEDIUM latent architecture watch added. | | 2026-05-02 | Source sweep (24h~7d, web_fetch 중심 + local code cross-read): rekt.news frontpage, hacked.slowmist.io front page, Immunefi blog index, GitHub Advisory DB query page, Trail of Bits / OtterSec / Neodyme indexes를 다시 교차 검토했다. Admission result: 오늘 새 named vector와 새 meta pattern은 없다. In-window 신호는 이미 기존 매핑으로 흡수됐다. Volo Vaults 는 여전히 B15 Key Compromise 강화 사례, KelpDAO 는 D27 RPC failover poisoning 및 META-64 revocation-surface completeness 사례, Rhea 는 A120 사례, Hyperbridge 는 A32 사례, Dusk PLONK 는 A121 사례, Aftermath 는 A114 사례, YieldCore / ZetaChain 은 A4 강화 사례로 충분히 설명된다. GitHub / 공식 spot-check에서도 새 Solana / Anchor / SPL 코드-메커니즘 advisory 는 확인되지 않았다. Microstable Part B sweep: programs/microstable/src/lib.rs, keeper/src/config.rs, keeper/src/oracle.rs, keeper/src/price_feed.rs, docs/index.html, docs/app.js, solana/Cargo.lock 재확인 결과 신규 active exploit path는 없고 carry-forward만 유지된다. B45 ❌ HIGH unchanged, D27 ⚠️ MEDIUM partial, A115 ⚠️ MEDIUM active-latent, A75 ⚠️ MEDIUM carry-forward, A43 ⚠️ MEDIUM carry-forward, D26 ⚠️ LOW carry-forward, B15 ⚠️ MEDIUM partial. | 0 NEW, 0 matrix delta | Matrix unchanged at 128+ named vectors + META-01~64 + B73~B78 = 192+ total entries. No new CRITICAL/HIGH beyond B45 HIGH carry-forward. | | 2026-05-01 | Purple meta sweep (7d, direct web_fetch + local artifact cross-read): Chainalysis의 Resolv hack(2026-04-30 fetched), Chainalysis의 KelpDAO bridge exploit(2026-04-25 fetched), OWASP Incident Response Playbook(2026-04-28 fetched), Foundry v1.7.0 release를 교차 검토했다. New structural gap identified: 팀이 pause, rotate, revoke, freeze, blacklist 를 하기로 결정해도, 실제로 같은 권한을 운반하는 전체 revocation surface 를 다 세지 못하면 containment는 부분적으로만 끝난다. Resolv는 raw private key가 아니라 KMS-backed signing environment 가 문제였고, Kelp는 Ethereum/L2 pause + blacklist + downstream freeze처럼 여러 표면을 함께 끊어야 했다. OWASP playbook도 reset/cleanup/support coordination을 요구하지만, 그 전제는 이미 무엇이 같은 권한 그래프에 속하는지 알고 있다는 점이다. 즉 오늘 핵심은 언제 끊을 것인가 다음 단계, 곧 무엇을 전부 끊어야 실제로 닫히는가 다. 이를 META-64 Revocation-Surface Completeness Gap (RSCG) 으로 추가했다. Microstable architecture check: docs/ops-runbook.md 는 emergency shutdown과 key rotation을 갖고 있지만, 현재 공개 artifact 기준으로는 keeper current/next set, expected upgrade authority, RPC/provider ownership, attestation artifact, deploy freeze 대상을 하나의 authority inventory로 묶은 증거가 약하다. 따라서 B45 / D27 / A115 / A75 는 여전히 partial containment can leave equivalent authority alive 관점의 MEDIUM latent watch다. | META-64 NEW | 0 new named vectors, +1 new meta pattern. Matrix state now 128+ named vectors + META-01~64 + B73~B78 = 192+ total entries. No new CRITICAL/HIGH code finding; one MEDIUM latent architecture watch added. | | 2026-05-01 | Source sweep (24h~7d, web_fetch 중심 + local code cross-read): OtterSec의 Dusk PLONK disclosure(2026-04-30), RustSec advisory index, Anchor/SPL commit feeds, Trail of Bits / Neodyme indexes, CTF repo feeds를 다시 교차 검토했다. Admission result: 오늘 새 named vector는 A121 Fixed-Polynomial Evaluation Opening Omission / Same-VK Proof Forgery 다. 핵심은 prover가 proof 안에 실어 보낸 selector/fixed polynomial evaluation을 verifier가 final equation에 사용하면서도 verifier-key commitment에 대해 opening proof로 묶지 않은 채 신뢰 한 구조다. 이는 A49 setup failure, A50 transcript-binding failure, A118 guest-parser forgery 와 구분되는 verifier-side binding omission이다. Microstable Part B sweep: programs/microstable/src/lib.rs, keeper/src/hermes.rs, keeper/src/price_feed.rs, keeper/src/rebalance.rs 재확인 결과 현재 repo에는 zk verifier / proof-acceptance path가 없고, Proof::WormholeMerkle 는 accumulator-merkle trust boundary라 A121과 다르다. 따라서 A121은 NOT ACTIVE today 다. Carry-forward는 유지된다. | A121 NEW | +1 NEW vector. Matrix state now 128+ named vectors + META-01~63 + B73~B78 = 191+ total entries. No new CRITICAL/HIGH active finding for current Microstable. | | 2026-05-01 | Source sweep (24h~7d, search-fallback + web_fetch + local code cross-read): Aftermath Finance perpetuals exploit coverage, SWEAT exploit coverage, Syndicate bridge coverage, GitHub advisory spot checks, 그리고 Trail of Bits / OtterSec / Neodyme indexes를 다시 교차 검토했다. Admission result: 오늘 새 named vector는 없다. Aftermath Finance 는 공개 메커니즘이 충분해 A114 Signed-Amount Donation Polarity Inversion 의 negative-fee / synthetic-collateral 서브패턴 강화로 편입했다. 반면 SWEAT 와 Syndicate 는 아직 공개 root cause가 token contract vulnerability, bridge compromise 수준에 머물러 있어 코드-메커니즘 기준상 편입을 보류했다. Microstable Part B sweep: programs/microstable/src/lib.rs 의 public amount path는 계속 u64 기반이고, repo-wide scan에서도 builder/referral fee delta, signed settlement amount, negative-fee style accounting path는 보이지 않았다. 따라서 A114는 DEFENDED / NOT ACTIVE today 다. Carry-forward는 유지된다: B45 ❌ HIGH unchanged, D27 ⚠️ MEDIUM partial, A115 ⚠️ MEDIUM active-latent, A75 ⚠️ MEDIUM carry-forward, A43 ⚠️ MEDIUM carry-forward, D26 ⚠️ LOW carry-forward. | A114 reinforcement | 0 NEW vectors, +1 reinforcement. Matrix count unchanged at 127+ named vectors + META-01~63 + B73~B78 = 190+ total entries. No new CRITICAL/HIGH beyond B45 HIGH carry-forward. | | 2026-04-30 | Purple meta sweep (7d, direct web_fetch cross-check): Foundry v1.7.0 release(2026-04-28), Chainalysis의 KelpDAO bridge exploit(2026-04-25 fetched), OWASP Incident Response Playbook(2026-04-28 fetched), Immunefi의 Base audit competition announcement(2026-04-21), Nomos Labs testing guide, arXiv FAUDITOR(2604.18395)와 V2E(2604.13611)를 교차 검토했다. New structural gap identified: 업계는 invariant/fuzz/FV/PoC validation을 빠르게 고도화하고 있지만, 그 산출물이 그대로 런타임 monitor / disagreement alarm / auto-halt threshold 로 승격되는 경우는 드물다. Foundry와 연구계는 pre-deploy invariant discovery를 가속하고, audit competition은 pre-mainnet reviewer density를 높이지만, Kelp 사고는 정작 결정적이었던 통제가 live cross-chain conservation monitoring 이었음을 보여준다. 즉 오늘 핵심은 불변식을 더 잘 찾는가 가 아니라 찾은 불변식을 운영 경보와 차단 동작으로 승격했는가 다. 이를 META-63 Invariant-to-Operations Promotion Gap (IOPG) 으로 추가했다. Microstable architecture check: blue v14/v15가 mint/redeem/oracle/degraded-path hardening을 크게 올렸지만, 현재 공개 artifact 기준으로는 각 핵심 보안 불변식이 누가 모니터링하고 어떤 신호에서 halt/failover로 이어지는지 를 한 장에서 묶는 explicit invariant manifest가 약하다. 따라서 B45 / D27 / A115 / A75 는 여전히 assurance exists, runtime promotion unclear 관점의 MEDIUM latent watch다. | META-63 NEW | 0 new named vectors, +1 new meta pattern. Matrix state now 127+ named vectors + META-01~63 + B73~B78 = 190+ total entries. No new CRITICAL/HIGH code finding; one MEDIUM latent architecture watch added. | | 2026-04-30 | Source sweep (24h~7d, search-fallback + web_fetch + local code cross-read): SlowMist/PANews의 YieldCore-3rd-deal 사고(2026-04-29), CryptoTimes의 ZetaChain GatewayEVM postmortem coverage(2026-04-29, exploit window 2026-04-26), GitHub Advisory DB query page, 그리고 Trail of Bits / OtterSec / Neodyme blog indexes를 교차 검토했다. Admission result: 새 named vector는 없다. 다만 두 사고는 모두 A4 Access Control 을 더 날카롭게 강화한다. YieldCore는 vault/helper entrypoint에 caller allowlist가 없으면 "내부 orchestration 전용" 가정이 그대로 drain path가 된다 는 점을, ZetaChain은 cross-chain event emission 자체가 privileged action인데 source-side gateway call이 무방비이면 downstream arbitrary-call capability와 기존 ERC20 approvals까지 attacker-reachable 해진다는 점을 보여줬다. No fresh Solana / Anchor / SPL code-level advisory was confirmed from GitHub / official spot-check / research-index sources in-window. Microstable Part B sweep: programs/microstable/src/lib.rs 의 privileged writes는 계속 keeper 2-of-3 quorum 으로 묶여 있고, mint() collateral transfer는 authority: user 로 직접 서명되며, repo-wide scan에서 user-supplied arbitrary CPI / bridge receiver / external-call dispatcher는 확인되지 않았다. 따라서 A4는 DEFENDED / NOT ACTIVE today 다. Carry-forward는 유지된다: B45 ❌ HIGH unchanged, D27 ⚠️ MEDIUM partial, A115 ⚠️ MEDIUM active-latent, A75 ⚠️ MEDIUM carry-forward, A43 ⚠️ MEDIUM carry-forward, D26 ⚠️ LOW carry-forward. | A4 reinforcement | 0 NEW vectors, +1 reinforcement. Matrix count unchanged at 127+ named vectors + META-01~63 + B73~B78 = 190+ total entries. No new CRITICAL/HIGH beyond B45 HIGH carry-forward. | | 2026-04-29 | Purple meta sweep (7d, direct web_fetch + search-fallback cross-check): OWASP의 Incident Response Playbook (2026-04-28 fetched), OpenSourceMalware Vercel April 2026 incident-response playbook (v2, 2026-04-20 update), Chainalysis의 KelpDAO bridge exploit (2026-04-25 fetched), Google Cloud의 M-Trends hand-off 22초 signal (2026-04-22 blog), Nomos Labs testing guide, arXiv FAUDITOR(2604.18395)와 V2E(2604.13611)를 교차 검토했다. New structural gap identified: 실제 사고에서는 pause, rotate, revoke, disable integration, freeze deploy 가 완전한 root cause·scope 확정 전에 발사되어야 하지만, 많은 팀은 forensic certainty를 기다리다가 대응을 늦춘다. Vercel playbook은 Rotate first, then investigate 를, Kelp는 첫 anomaly 후 pause가 추가 ~$95M 손실을 막았음을, Google Cloud는 attacker hand-off가 8시간→22초로 줄었음을 보여준다. 즉 오늘 핵심은 "더 잘 증명한 뒤 움직이자" 가 아니라 확증 전 containment threshold를 미리 고정했는가 다. 이를 META-62 Certainty-Seeking Containment Gap (CSCG) 으로 추가했다. Microstable architecture check: 신규 코드 exploit은 없지만, D27 / A115 / A75 / B45 는 모두 root cause 확정 전에 조치해야 할 수 있는 클래스다. 현재 공개 artifact 기준으로는 dashboard / RPC / build / deploy plane에 대한 uncertainty-triggered action threshold 가 하나의 explicit rubric으로 보이지 않는다. | META-62 NEW | 0 new named vectors, +1 new meta pattern. Matrix state now 127+ named vectors + META-01~62 + B73~B78 = 189+ total entries. No new CRITICAL/HIGH code finding; one MEDIUM latent architecture watch added. | | 2026-04-29 | Source sweep (24h~7d, direct web_fetch + local code cross-read): rekt.news frontpage와 Rhea Finance full write-up, Immunefi blog index, Trail of Bits / OtterSec / Neodyme indexes, GitHub advisory spot-check, 그리고 Burrowland source links를 교차 검토했다. Admission result: 오늘 새로 matrix에 편입한 것은 Rhea / Burrowland route-parser exploit class 다. 핵심은 단순 fake token listing이 아니라, multi-hop route parser가 repeated intermediate hop의 min_amount_out 를 terminal guarantee처럼 합산하고, swap 후 callback이 actual terminal output이 validated minimum을 만족했는지 재검증하지 않은 채 성공 처리한 구조였다. 이를 A120 Multi-Hop Route Minimum Aggregation / Terminal-Settlement Mismatch 로 추가했다. Microstable Part B sweep: programs/microstable/src/lib.rs, keeper/src/rebalance.rs, keeper/src/wire.rs 를 재확인한 결과, 현재 rebalance() 는 route parse나 settlement callback 없이 weight update only 를 처리하고 keeper도 route/min-out calldata를 전송하지 않아 A120은 NOT ACTIVE today 다. 기존 핵심 리스크는 유지된다: B45 ❌ HIGH unchanged, D27 ⚠️ MEDIUM partial, A115 ⚠️ MEDIUM active-latent, A75 ⚠️ MEDIUM carry-forward, A43 ⚠️ MEDIUM carry-forward, D26 ⚠️ LOW carry-forward. | A120 NEW | +1 NEW vector. Matrix state now 127+ named vectors + META-01~61 + B73~B78 = 188+ total entries. No new CRITICAL/HIGH code finding beyond B45 HIGH carry-forward. | | 2026-04-28 | Source sweep (24h~7d, mostly direct web_fetch because web_search was rate-limited): RustSec advisories index, Anchor commit feed, solana-program/token commit feed, Trail of Bits / OtterSec / Neodyme indexes, arXiv smart-contract security search, arXiv 2604.21169, 2604.18395, 2604.13611 를 교차 검토했다. Admission result: 새로 matrix에 편입한 것은 arXiv 2604.21169 한 건이다. 핵심은 bundle service가 단순 private mempool이 아니라 상태를 이어받아 여러 tx를 순차 시뮬레이션하는 multi-round execution engine 이라는 점, 그리고 공격자가 state-dependent bundle 로 그 simulator의 비용곡선을 비대칭적으로 키울 수 있다는 점이다. 이를 D54 Multi-Round Transaction Simulation Dependency-Bomb / Bundle-Service Asymmetric DoS 로 추가했다. 같은 창의 FAUDITOR(2604.18395)와 V2E(2604.13611)는 유의미한 연구지만 새 공격 primitive 자체보다 탐지/검증 방법론 이라 새 번호는 부여하지 않았다. Microstable Part B sweep: programs/microstable/src/lib.rs, keeper/src/, Anchor.toml 에서 Jito, bundle, private relay, local bundle simulator 흔적은 확인되지 않아 D54는 NOT ACTIVE today 다. 기존 핵심 리스크는 유지된다: B45 ❌ HIGH unchanged, D51 ⚠️ MEDIUM active-latent, D27 ⚠️ MEDIUM partial, A115 ⚠️ MEDIUM active-latent, A75 ⚠️ MEDIUM carry-forward, A43 ⚠️ MEDIUM carry-forward, D26 ⚠️ LOW carry-forward. | D54 NEW | +1 NEW vector. Matrix state now 126+ named vectors + META-01~61 + B73~B78 = 187+ total entries. No new CRITICAL/HIGH code finding beyond B45 HIGH carry-forward. | | 2026-04-28 | Source sweep (24h~7d, web_fetch + search-fallback cross-check): rekt.news frontpage, hacked.slowmist.io front page, Immunefi blog index, GitHub Advisory fallback query results, Solana official security/media pages, Trail of Bits / OtterSec / Neodyme indexes, plus fallback community search를 다시 확인했다. Admission result: Scallop / sSUI rewards 는 이제 새 named vector로 편입 가능하다. 공개 메커니즘은 단순 auxiliary contract vulnerability 가 아니라, deprecated V2 rewards package가 immutable하게 남아 있는 상태에서 shared spool / rewards state에 계속 접근 가능했고, 새 spool account의 last_index 미초기화 버그를 직접 호출해 historical rewards를 현재 자산으로 바꾼 구조 였다. 이를 A119 Immutable Legacy Package / Shared-State Version-Gate Bypass 로 추가했다. 동시에 Microstable Part B sweep 에서는 현재 단일 Solana program 업그레이드 경로만 확인되어 A119 자체는 NOT ACTIVE today 였다. 다만 기존 연속성 리스크는 유지된다: B45 ❌ HIGH unchanged (microstable/security/audit-attestation.json absent), D51 ⚠️ MEDIUM active-latent (solana/Anchor.toml + caret ranges + no immutable-install proof), D27 ⚠️ MEDIUM partial, A115 ⚠️ MEDIUM active-latent, A75 ⚠️ MEDIUM carry-forward, A43 ⚠️ MEDIUM carry-forward, D26 ⚠️ LOW carry-forward. | A119 NEW | +1 NEW vector. Matrix state now 125+ named vectors + META-01~61 + B73~B78 = 186+ total entries. No new CRITICAL/HIGH code finding beyond B45 HIGH carry-forward. | | 2026-04-28 | Purple meta sweep (7d, direct web_fetch + search-fallback cross-check): QuillAudits의 KelpDAO rsETH exploit explainer (2026-04-28 fetched), OWASP Agentic Skills Incident Response Playbook (2026-04-28 fetched), Nomos Labs의 Smart Contract Testing Guide 2026, 그리고 OpenSourceMalware Vercel April 2026 incident-response playbook 를 교차 검토했다. Admission result: 오늘은 새 META를 늘리지 않았다. 대신 두 기존 구조를 강화했다. 첫째, OWASP playbook처럼 severity별 SLA와 구체 containment verb가 박힌 runbook는 계획 보유 와 실제 발사 가능한 actuator artifact 보유 가 다르다는 점을 더 선명하게 보여줘 META-53 Runbook-to-Actuator Binding Gap 을 강화한다. 둘째, Nomos/Foundry 계열 공개 guidance가 nominal-path correctness를 계속 밀어 올리는 동안, Quill Kelp와 Vercel 대응 가이드는 실제 실패·대응이 verifier/RPC/env/OAuth/support plane으로 이동했음을 보여줘 META-61 Assurance-Halo Transitivity Gap 을 강화한다. Microstable architecture check: 신규 active exploit은 없지만, B45 audit-attestation continuity gap과 PT-ARCH-2026-0427-01 assurance-halo watch가 그대로 핵심이다. runbook는 emergency signer/command artifact까지 결박돼야 하고, blue hardening success를 dashboard/build/deploy/RPC plane safety의 proxy로 쓰면 안 된다. | META-53 / META-61 reinforcement | 0 NEW vectors, 0 NEW meta, +2 reinforcements. Matrix count unchanged at 126+ named vectors + META-01~61 + B73~B78 = 187+ total entries. No new CRITICAL/HIGH beyond B45 HIGH carry-forward. | | 2026-04-27 | Purple meta sweep (7d, web_fetch + search-fallback cross-check): Chainalysis의 KelpDAO bridge exploit (2026-04-25 fetched, incident 2026-04-18), CoinDesk의 Vercel / Context.ai breach 기사(2026-04-20), RustSec RUSTSEC-2026-0107 / RUSTSEC-2026-0108 (issued 2026-04-24), CoinDesk의 Anthropic Mythos / infrastructure-layer risk 기사(2026-04-25), Nomos Labs의 2026 fuzz / invariant testing guide, Foundry recent releases page를 교차 검토했다. New structural gap identified: 업계는 audit/FV/invariant/fuzz가 강화될수록 그 assurance가 코어 코드에서 인접 control plane으로 자동 전이된다 고 느끼기 쉽다. 그러나 Kelp는 온체인 calldata가 모두 정상이어도 off-chain verifier/RPC plane에서 무너졌고, Vercel은 frontend/deploy credential plane이 third-party AI SaaS를 통해 흔들렸으며, RustSec 악성 crate 둘은 build machine에서 바로 exfiltration을 시도했다. Mythos 기사도 전통 감사가 닿지 않는 infrastructure-layer exploit chain을 강조했다. 즉 검증된 코어의 신뢰 후광이 검증되지 않은 build / deploy / RPC / support / AI-tooling plane까지 번지는 구조 가 존재한다. 이를 META-61 Assurance-Halo Transitivity Gap (AHTG) 로 분리 정의. Microstable architecture check: on-chain/keeper hardening은 좋아졌지만, 바로 그 성공이 dashboard / build / deploy / RPC / attestation plane까지 이미 충분히 커버됐다는 오판으로 이어질 수 있다. 특히 B45 HIGH carry-forward (microstable/security/audit-attestation.json absent) 는 이 메타 패턴과 직접 맞닿아 있다. 따라서 assurance artifact마다 무엇을 커버하고 무엇을 커버하지 않는지 를 분리 기록해야 한다. 오늘 active exploit은 아니지만 MEDIUM latent architecture watch다. | META-61 NEW | 0 new named vectors, +1 new meta pattern. Matrix state: 124+ named vectors + META-01~61 + B73~B78 = 185+ total entries. No new CRITICAL/HIGH code finding; one MEDIUM latent architecture watch added. | | 2026-04-27 | Source sweep (24h~7d, web_fetch only): rekt.news frontpage, hacked.slowmist.io front page, Immunefi blog index, GitHub Advisory query page, RustSec advisory feed/pages, Anchor commit feed, solana-program/token commit feed, Trail of Bits / OtterSec / Neodyme indexes를 재확인했다. Admission result: 오늘 public code-level delta로 편입한 것은 새 named vector가 아니라 D28 reinforcement 1건 이다. RUSTSEC-2026-0107 (mysten-metrics)와 RUSTSEC-2026-0108 (sui-execution-cut)은 둘 다 build script가 build machine data exfiltration을 시도한 악성 crate 로 확인됐다. 핵심은 단순 typosquat이 아니라, ecosystem-native / infra-native 이름만으로도 개발자 신뢰 경계에 침투할 수 있다 는 점이다. Scallop 은 아직 공개 메커니즘이 auxiliary contract vulnerability 수준에 머물러 있어 새 matrix 편입을 보류했다. Anchor / SPL 쪽은 cpi_guard deprecation, package-manager fallback, rustls-webpki bump 신호를 재검토했지만 오늘 새 독립 exploit primitive는 아니었다. Microstable Part B sweep: solana/Cargo.lock, keeper/Cargo.toml, keeper/docs 스캔에서 mysten-metrics / sui-execution-cut 는 ZERO match 였으므로 D28은 NOT ACTIVE today 다. Carry-forward는 유지된다: D27 ⚠️ MEDIUM partial, A115 ⚠️ MEDIUM active-latent, A75 ⚠️ MEDIUM carry-forward, A43 ⚠️ MEDIUM carry-forward, D26 ⚠️ LOW carry-forward, B45 ❌ HIGH unchanged (microstable/security/audit-attestation.json absent — DAY 58). | D28 reinforcement | 0 NEW vectors, +1 reinforcement. Matrix count unchanged at 124+ named vectors + META-01~60 + B73~B78 = 184+ total entries. No new CRITICAL/HIGH beyond B45 HIGH carry-forward. | | 2026-04-26 | Purple meta sweep (7d, web_fetch + search-fallback cross-check): Immunefi/Base audit competition scope (2026-04-21), CoinDesk의 Kelp vs LayerZero default-settings dispute 기사(2026-04-20), CoinDesk의 Vercel / Context.ai credential exposure 기사(2026-04-20), CoinDesk의 Arbitrum $71M freeze 기사(2026-04-21)와 follow-up decentralization debate(2026-04-23), Chainalysis의 KelpDAO bridge exploit post-mortem (2026-04-25 fetched, incident 2026-04-18), Foundry recent releases page(2026-04-18~23)를 교차 검토했다. New structural gap identified: 업계는 freeze, blacklist, manual restart, credential rotation, loss socialization, recovery fund 같은 회수 가능성 을 사후 containment가 아니라 사전 severity discount처럼 사용한다. Base scope는 manual restart/dispute/blacklist 가능성을 valid report downgrade 근거로 적고, Arbitrum freeze는 실제 자금 회수 능력을 보여주며, Vercel 사고는 credential rotation이 곧 핵심 대응이 되는 support-surface privilege 문제를 드러냈다. 이 조합은 팀이 privilege/control-plane compromise를 "어차피 나중에 막거나 되돌릴 수 있다" 는 이유로 과소평가하게 만드는 구조다. 이를 META-60 Recoverability-Collateralized Security Gap (RCSG) 로 분리 정의. Microstable architecture check: Blue v14/v15가 degraded write 차단과 auto emergency shutdown을 강화했지만, 바로 그 backstop 존재가 dashboard / keeper key path / RPC trust / manual oracle path의 raw blast radius를 낮게 보는 유인을 만들 수 있다. 따라서 severity는 backstop 없는 상태의 raw blast radius로 먼저 계산하고, recoverability는 별도 항목으로만 적어야 한다. 오늘 active exploit은 아니지만 MEDIUM latent architecture watch다. | META-60 NEW | 0 new named vectors, +1 new meta pattern. Matrix state: 123+ named vectors + META-01~60 + B73~B78 = 184+ total entries. No new CRITICAL/HIGH code finding; one MEDIUM latent architecture watch added. | | 2026-04-26 | Source sweep (24h~7d, web_fetch + search-fallback cross-check): RustSec advisory feed/page, Anchor commit feed, solana-program/token commit feed, Trail of Bits / OtterSec indexes, arXiv spot checks를 다시 확인했다. Admission result: 오늘 공개 신호 중 새로 matrix에 편입한 것은 RUSTSEC-2026-0106 hickory-recursor 한 건이다. 핵심은 DNS/BGP 탈취가 아니라, recursive resolver가 sibling zone의 AUTHORITY NS record를 parent-pool zone context로 허용해 다른 zone의 authoritative delegation cache를 오염 시킬 수 있다는 점이다. 이를 D53 Recursive DNS Sibling-Zone NS Cache Poisoning / Parent-Pool Zone-Context Elevation 으로 추가했다. 같은 창의 Anchor cpi_guard deprecation, package-manager fallback, seed phrase validation skip, pausable support, SPL rustls-webpki bump는 검토했지만 새 독립 exploit primitive로는 승격하지 않았다. Microstable Part B sweep: solana/Cargo.lock / keeper 의존성에서 hickory, hickory-recursor, trust-dns 는 보이지 않았고, custom recursive resolver / DNS sidecar 흔적도 없었다. 따라서 D53은 NOT ACTIVE today 다. 기존 carry-forward인 B45 HIGH 는 계속 열린 상태다. | D53 NEW | +1 NEW vector. Matrix state now 124+ named vectors + META-01~59 + B73~B78 = 184+ total entries. No new CRITICAL/HIGH active finding for current Microstable; D53은 future resolver-layer expansion 시 재평가 대상이다. | | 2026-04-25 | Purple meta sweep (7d, web_fetch + search-fallback cross-check): Chainalysis의 KelpDAO bridge exploit post-mortem (2026-04-24 fetched, incident 2026-04-18), Immunefi/Base audit competition scope (2026-04-21), CoinDesk의 Arbitrum $71M freeze 기사(2026-04-21), CoinDesk의 AI agent hidden flaw / LLM router 기사(2026-04-13, still in 7d window), CoinDesk의 Vercel / Context.ai breach 기사(2026-04-20), Foundry recent releases page(2026-04-18~23), invariant/FV 채널 재검색을 교차 검토했다. New structural gap identified: 업계는 정상 경로의 code correctness에는 audit/FV/invariant/competition을 집중하지만, 실제 사고 시 decisive control plane은 dispute, blacklist, manual restart, security-council freeze, manual oracle mode, redeem-only 같은 예외 경로 로 이동한다. 그런데 이 예외 경로는 대개 downgrade assumption, governance emergency power, 혹은 IR runbook의 부록처럼 다뤄져 정상 경로만큼의 명세·불변식·사용자 잔고/공정성 보장 을 받지 못한다. Base scope가 invalid proof/dispute/manual restart를 downgrade 근거로 두고, Arbitrum은 실제로 emergency authority로 자금을 이동시켰으며, Kelp는 pause/freeze가 손실 상한과 회수 구조를 실질적으로 바꿨다. 즉 위기 순간 시스템은 다른 프로토콜로 전환되는데, 팀은 그 프로토콜을 1급 assurance 대상으로 다루지 않는다. 이를 META-59 Nominal-Path / Exception-Path Assurance Asymmetry (NPEAA) 로 분리 정의. Microstable architecture check: Blue v14/v15가 degraded safe mode와 auto emergency shutdown 경로를 강화했지만, 현재 문서에는 manual oracle mode, emergency_shutdown, recovery exit 조건이 하나의 exception-lane invariant set 으로 묶여 있지 않다. 따라서 오늘 active exploit은 아니지만, 예외 경로 semantic safety는 MEDIUM latent watch다. | META-59 NEW | 0 new named vectors, +1 new meta pattern. Matrix state: 123+ named vectors + META-01~59 + B73~B78 = 183+ total entries. No new CRITICAL/HIGH code finding; one MEDIUM latent architecture watch added. | | 2026-04-25 | Source sweep (24h~7d, web_fetch only): rekt.news, hacked.slowmist.io, Immunefi blog, GitHub Advisory DB query page, Solana official pages, Trail of Bits / OtterSec / Neodyme indexes를 재확인했다. Admission result: 오늘 public code-level delta로 채택한 것은 2건이다. giddydefi / GiddyVaultV3 는 단순 replay가 아니라, EIP-712로 서명은 검증했지만 execution-critical fields (aggregator, fromToken, toToken, amount)를 서명 범위에 넣지 않은 partial-coverage bug 였다. 따라서 새 named vector로 분리하지 않고 A7 Signature Replay 를 incomplete signature coverage / unsigned-field substitution 서브패턴으로 강화했다. 둘째로 RUSTSEC-2026-0104 / GHSA-82j2-j2ch-gfr8 는 rustls-webpki의 CRL parsing lane에서 empty BIT STRING panic 이 CRL signature verification 전에 도달 가능함을 보여줘 A77 을 availability sub-pattern으로 강화했다. Microstable Part B sweep: 현재 on-chain / keeper / dashboard에서 EIP-712, Permit2, typed-data order, off-chain signed swap-intent path는 확인되지 않아 A7은 NOT ACTIVE 였다. Keeper 쪽은 reqwest + rustls-tls 의존성과 취약 rustls-webpki 버전이 남아 있어 A115는 active-latent, A77은 dependency-latent 이다. 또한 D27은 여전히 ⚠️ MEDIUM partial 이지만, keeper degraded mode는 routine mutation tx를 막고 emergency shutdown만 유지한다. 기존 핵심 리스크는 유지된다: A75 ⚠️ MEDIUM carry-forward, A43 ⚠️ MEDIUM carry-forward, D26 ⚠️ LOW carry-forward, B45 ❌ HIGH unchanged (security/audit-attestation.json absent — DAY 56). | A7 + A77 reinforcement | 0 NEW vectors, +2 reinforcements. Matrix count unchanged at 123+ named vectors + META-01~58 + B73~B78 = 182+ total entries. No new CRITICAL/HIGH beyond B45 HIGH carry-forward. | | 2026-04-24 | Purple meta sweep (7d, web_search/web_fetch + search-fallback cross-check): LayerZero KelpDAO Incident Statement (2026-04-18), CoinDesk의 Kelp DAO hits back 기사(2026-04-20), Immunefi/Base audit competition 공지와 scope 문서(2026-04-21), CoinDesk의 Arbitrum $71M freeze 기사(2026-04-23), 그리고 formal verification / invariant testing / IR 채널 재검색을 함께 교차 검토했다. New structural gap identified: 팀은 vendor quickstart, protocol default config, provider-managed verifier/RPC, emergency council 같은 요소를 "기본 제공 경로" 로 받아들이지만, 감사/바운티 scope는 corporate infra, KMS, deployment pipeline, prover/TEE, manual dispute/restart/freeze 가정을 자주 바깥으로 민다. 그 결과 사고가 나면 provider는 integrator misconfiguration을 지적하고, integrator는 official default를 근거로 든다. 즉 실제 control plane은 모두가 쓰지만 아무도 끝까지 소유하지 않는 orphan boundary가 된다. 이를 META-58 Default-Path / Scope-Carveout Responsibility Gap (DSCRG) 로 분리 정의. Microstable architecture check: 현재 repo에는 bridge/DVN/security-council path가 없지만, keeper/dashboard는 이미 off-chain RPC/provider defaults에 의존하고 있으며 향후 hosted dashboard, bridge collateral, L2, AI ops를 붙일 때 default ownership manifest 가 없으면 동일 메타 리스크를 수입할 수 있다. | META-58 NEW | 0 new named vectors, +1 new meta pattern. Matrix state: 123+ named vectors + META-01~58 + B73~B78 = 182+ total entries. No new CRITICAL/HIGH code finding; one LOW current / HIGH-if-expansion architecture watch added. | | 2026-04-24 | Source sweep (7d, web_fetch + web_search): Trail of Bits We beat Google’s zero-knowledge proof of quantum cryptanalysis (2026-04-17), Anchor / SPL recent commits, RustSec, Flashbots discussions, arXiv papers를 교차 검토했다. Admission result: 최근 7일 창에서 genuinely new로 분리할 만한 것은 same verification key 아래서도 forged proof가 성립하는 zkVM guest/prover implementation pattern 뿐이었다. 핵심은 verifier key drift나 transcript-binding 실패가 아니라, unchecked deserialization + out-of-range enum jump-table confusion 으로 proving guest의 accounting / semantic checks가 비틀어질 수 있다는 점이다. 이를 A118 zkVM Guest Unchecked Deserialization / Enum Jump-Table Proof Forgery 로 추가했다. Microstable Part B sweep: keeper/src/hermes.rs 의 Proof::WormholeMerkle 는 accumulator/merkle proof 경로로 A118과는 다른 class이며, 현재 repo에는 SP1/RISC0/Groth16 guest proving path가 없다. 따라서 NOT ACTIVE today 로 판정한다. | A118 NEW | +1 NEW vector. Matrix state now 123+ named vectors + META-01~57 + B73~B78 = 181+ total entries. No new CRITICAL/HIGH active finding for current Microstable. | | 2026-04-24 | Source sweep (24h~7d, web_fetch + web_search): rekt.news, hacked.slowmist.io, Immunefi blog, Trail of Bits / OtterSec / Neodyme blog indexes, GitHub Advisory search, Solana security/status signals를 재확인했다. Admission result: 오늘 새 Solana / Anchor / SPL 코드-메커니즘 증거는 없었고, 공식 Solana 쪽도 신규 advisory delta는 없었다. 다만 Volo Vaults (2026-04-22, Sui)는 SlowMist가 공개 메커니즘을 Private Key Leakage 로 분류해 B15 Key Compromise 의 최신 reinforcement 로는 admissible 하다. 이는 새 named vector는 아니지만, “단일 privileged vault signer가 남아 있으면 체인 불문하고 vault loss는 contract bug 없이도 성립한다”는 교훈을 다시 확인한다. Microstable Part B sweep: B15 ⚠️ PARTIAL DEFENSE (keeper/src/config.rs:432-437,814-845 는 정확히 3개 keeper keypair, 서로 다른 parent dir, ephemeral path 금지를 강제하고, keeper/src/utils.rs:355-401 는 secure open + group/world-readable keyfile 거부를 수행한다. 그러나 HSM/MPC attestable signer, 메모리 zeroization, host compromise 분리까지는 코드에서 보장되지 않는다); D27 ⚠️ MEDIUM partial defense (docs/app.js runtime read path quorum 약함); A75 ⚠️ MEDIUM carry-forward; A43 ⚠️ MEDIUM carry-forward; B45 HIGH unchanged (microstable/security/audit-attestation.json absent — DAY 55). | B15 reinforcement | 0 NEW vectors, +1 reinforcement. Matrix count unchanged at 122+ named vectors + META-01~57 + B73~B78 = 180+ total entries. No new CRITICAL/HIGH beyond B45 HIGH carry-forward. | | 2026-04-23 | Purple meta sweep (7d, web_fetch + search-fallback cross-check): CoinDesk의 LLM router hidden flaw 기사(2026-04-13), CoinDesk의 Vercel / Context.ai breach 기사(2026-04-20), LayerZero / BlockSec의 KelpDAO downstream RPC poisoning 문서를 함께 다시 읽었다. 판정: 오늘 신호는 새 META 추가보다 기존 패턴 강화 가 더 정확하다. 공통 구조는 frontend host, AI router, employee support SaaS 처럼 보조 surface로 보이는 구성요소가 실제로는 env/OAuth/API-key plane을 통해 production credential pivot 이 될 수 있다는 점이다. 이는 새 독립 메타로 분리하기보다 META-54 (declared role ≠ effective authority), B29 (AI agent confused deputy), D26 (frontend trust-anchor compromise), B73/D28 계열 공급망 credential theft 를 묶는 reinforcement로 처리했다. Microstable architecture watch: 현재 keeper/dashboard가 Vercel이나 LLM router를 직접 쓰는 증거는 없지만, docs/app.js 의 client-side devnet faucet signer는 support/UI plane에도 secret가 실릴 수 있음을 이미 보여준다. | 0 NEW meta, reinforcement only | Matrix count unchanged. attack-matrix.md 에서 B29 / D26의 why-audits-miss 를 오늘 신호 기준으로 보강하고, 퍼플 누적 문서와 Microstable 아키텍처 watch를 2026-04-23 기준으로 갱신. | | 2026-04-23 | Source sweep (24h~7d, web_fetch + search-fallback cross-check): rekt.news frontpage, hacked.slowmist.io Solana feed, Immunefi blog index, Trail of Bits / Neodyme blog indexes, GitHub Advisory API (ecosystem=rust, query=solana) and fallback Solana/community queries를 재검토. Admission result: 최근 24h 공개된 GitHub advisories 중 actix-http CL.TE request smuggling, Noir/Brillig foreign-call heap corruption, Inspektor Gadget build-option injection은 모두 실제 취약점이지만 Microstable의 현재 on-chain / keeper / dashboard 스택과 직접 맞닿지 않아 새 블록체인 블랙팀 벡터로 승격하지 않았다. rekt / SlowMist / Immunefi / research index 쪽도 이미 매핑된 Rhea / Hyperbridge / Drift / Kelp / CoW Swap 외에 새로운 Solana / Anchor / SPL 코드-메커니즘 을 추가로 노출하지 않았다. Microstable Part B sweep: D27 ⚠️ MEDIUM partial defense (keeper/src/config.rs:407-424 는 rpc_url + secondary_rpc_url의 distinct-host만 강제하고 provider-independence / runtime quorum은 없다, docs/app.js:212-334 도 bootstrap 이후 런타임 read path에서 사실상 단일 RPC 응답을 신뢰함); A115 ⚠️ MEDIUM active-latent (solana/Cargo.lock still resolves rustls-webpki 0.101.7 and 0.103.9 below the patched floor); A75 ⚠️ MEDIUM carry-forward (keeper/src/oracle.rs:744-851 manual fallback still submits ix_update_oracle writes without an explicit keeper-side drift-vs-last-trusted-Pyth/TWAP gate); A43 ⚠️ MEDIUM carry-forward (lib.rs:1571-1605 still gates commit/reveal on per-call turnover only); D26 ⚠️ LOW carry-forward (docs/index.html:6 meta-only CSP + docs/app.js:46-49 client-side devnet faucet signer); B45 HIGH unchanged (microstable/security/audit-attestation.json absent — DAY 54). | 0 NEW, 0 matrix delta | Matrix unchanged at 122+ named vectors + META-01~57 + B73~B78 = 180+ total entries. No new CRITICAL/HIGH beyond B45 HIGH carry-forward. | | 2026-04-22 | Purple meta sweep (7d, web_fetch + search-fallback cross-check): LayerZero KelpDAO Incident Statement (2026-04-18), CoinDesk follow-up (2026-04-20), recent AI-agent trust-boundary research 재검토, 그리고 bug bounty / formal verification / invariant testing / incident-response 채널을 다시 훑어 신규 admissible 7일 시그널 없음 을 확인했다. New structural gap identified: 팀은 primary+secondary, multi-DVN, backup agent, fallback endpoint 처럼 redundancy를 개수로 세면 독립성도 확보됐다고 느낀다. 하지만 실제 실패는 공격자가 일부 path만 오염시키고 나머지 path를 DDoS·timeout·session steering으로 밀어내어 시스템이 스스로 poisoned subset을 고르게 만들 때 난다. 즉 redundancy는 있었지만, selector와 observer가 같은 truth plane에 묶여 위기 시 monoculture로 붕괴한다. 이를 META-57 Counted-Redundancy / Correlated-Failover Gap (CRCFG) 로 분리 정의. Microstable architecture check: keeper는 distinct host 수준이지 provider-independence/N-of-M runtime consensus가 아직 약하고, dashboard는 bootstrap 이후 런타임 read path에서 단일 RPC 응답 의존이 남아 있어 동일 메타 패턴의 MEDIUM active-latent watch가 생긴다. | META-57 NEW | 0 new named vectors, +1 new meta pattern. Matrix state: 122+ named vectors + META-01~57 + B73~B78 = 180+ total entries. D27 reinforcement를 퍼플 관점에서 상위 구조화. | | 2026-04-22 | Source sweep (24h~7d, web_fetch + search-fallback cross-check): rekt.news frontpage, LayerZero KelpDAO Incident Statement, hacked.slowmist.io, Immunefi blog index, Trail of Bits / OtterSec / Neodyme blog indexes, GitHub Advisory / Solana spot checks, fallback community queries를 재검토. Admission result: KelpDAO rsETH bridge is now ADMISSIBLE because LayerZero published a code-mechanism-backed root cause: attacker compromised a subset of downstream RPC nodes, replaced op-geth binaries, served DVN-targeted forged chain state, then used DDoS-induced failover to force the verifier onto poisoned RPCs. This does not create a new named vector; it materially strengthens D27 RPC Endpoint Takeover beyond simple DNS/BGP substitution into poisoned-failover / verifier-specific spoofing. Reviewed but no further matrix delta: eth.limo DNS hijack is another D26 reinforcement only, and no fresh Solana / Anchor / SPL GHSA requiring expansion surfaced in-window. Microstable Part B sweep: D27 ⚠️ MEDIUM partial defense (keeper/config.devnet.json still uses only primary+secondary RPC, keeper/src/config.rs:402-429 enforces distinct hosts but not provider-independence or N-of-M observation quorum, and docs/app.js:204-334 only cross-checks getGenesisHash at bootstrap while runtime methods mostly trust a single endpoint result); A115 ⚠️ MEDIUM active-latent (solana/Cargo.lock still resolves rustls-webpki 0.103.9 and 0.101.7 below the patched floor); A75 ⚠️ MEDIUM carry-forward (keeper/src/oracle.rs:735-851 still enables manual oracle mode and writes externally validated prices without an explicit keeper-side drift gate versus last trusted Pyth/TWAP anchor); A43 ⚠️ MEDIUM carry-forward (lib.rs:1571-1605 still gates commit/reveal on single-call turnover only, with no cumulative drift accumulator in state); D26 ⚠️ LOW carry-forward (docs/index.html:6 still relies on meta-only CSP and docs/app.js:43-49 still embeds a devnet faucet signer); B45 HIGH unchanged (microstable/security/audit-attestation.json absent — DAY 53). | D27 reinforcement | 0 NEW vectors, +1 reinforcement. Matrix state unchanged at 122+ named vectors + META-01~56 + B73~B78 = 179+ total entries. No new CRITICAL/HIGH beyond B45 HIGH carry-forward. | | 2026-04-20 | Purple meta sweep (7d, web_fetch + search-fallback cross-check): KelpDAO rsETH bridge exploit coverage (DefiPrime/CryptoBriefing/Bankless, 2026-04-18~19), Sygnia IR readiness survey coverage (2026-04-13), Ethereum Security Subsidy launch coverage (2026-04-14), Foundry releases (2026-04-15~19), Anchor lockfile-enforcement issue/PR (#4216 / #4228, merged 2026-04-16)를 교차 검토. New structural gap identified: 프로토콜은 외부 자산을 담보로 상장할 때 price feed·LTV·liquidity haircut만 점검하지만, 실제로는 그 자산의 bridge·mint·pause·verifier quorum·issuer governance·incident latency 전체를 자기 solvency 경계로 수입 한다. KelpDAO core restaking contracts는 멀쩡했지만 one-of-one DVN bridge 실패가 Aave/Compound/Euler bad debt로 전이된 것이 대표 사례다. 이를 META-56 Collateral Listing Trust Import Gap (CLTIG) 로 분리 정의. Microstable architecture check: 현재 native stablecoin collateral만 다루므로 직접 HIGH는 아니다. 그러나 향후 bridged LST/LRT·wrapped collateral을 받거나 MSTB를 외부 lending collateral로 노출할 경우, local oracle/LTV 검증만으로는 불충분하며 upstream asset control-plane manifest와 invalidation runbook이 선행돼야 한다. | META-56 NEW | 0 new named vectors, +1 new meta pattern. Matrix state: 122+ named vectors + META-01~56 + B73~B78 = 179+ total entries. No new CRITICAL/HIGH code finding for current Microstable; LOW current / HIGH-if-expansion architecture watch added. | | 2026-04-20 | Source sweep (24h~7d, web_fetch + search-fallback cross-check): rekt.news frontpage, hacked.slowmist.io, GitHub Advisory / Anchor security spot checks, Trail of Bits / OtterSec / Neodyme blog indexes, fallback community/X queries를 재검토. Admission result: Kelp DAO rsETH bridge remained NOT ADMISSIBLE YET because public reporting still stops at “LayerZero-related contract calls” without a code-level root cause; no fresh Solana / Anchor / SPL GHSA or official Solana advisory requiring matrix expansion surfaced in-window. Confirmed reinforcement: CoW Swap (2026-04-14) exposed a clean D26 DNS/front-end hijack sub-pattern — swap.cow.fi was redirected through registrar/DNS control, protocol backends were paused as a precaution, and users were told to revoke approvals granted after the hijack window. Microstable Part B sweep: D26 ⚠️ LOW carry-forward (docs/index.html still relies on meta-only CSP and docs/app.js still embeds a devnet faucet signer client-side); A115 ⚠️ MEDIUM active-latent (solana/Cargo.lock still resolves rustls-webpki 0.103.9 and 0.101.7 below the patched floor); A75 ⚠️ MEDIUM carry-forward (keeper/src/oracle.rs:735-851 still enables manual oracle mode and writes externally validated prices without an explicit keeper-side drift gate versus last trusted Pyth/TWAP anchor); A43 ⚠️ MEDIUM carry-forward (lib.rs:1571-1605 still gates commit/reveal on single-call turnover only, with no cumulative drift accumulator in state); B45 HIGH unchanged (microstable/security/audit-attestation.json absent — DAY 51). | D26 reinforcement | 0 NEW vectors, +1 reinforcement. Matrix state unchanged at 122+ named vectors + META-01~55 + B73~B78 = 178+ total entries. No new CRITICAL/HIGH beyond B45 HIGH carry-forward. | | 2026-04-19 | Purple meta sweep (7d, web_fetch + search-fallback cross-check): Sygnia 2026 CISO Survey / IR readiness release (2026-04-13), Unit42 Double Agents: Exposing Security Blind Spots in GCP Vertex AI (2026-04-14 coverage), Hyperbridge exploit coverage (2026-04-13), Anchor issue #4216 Ensure JS lockfiles are respected + PR #4228 enforce --frozen-lockfile for yarn install calls (merged 2026-04-16)를 교차 검토. New structural gap identified: 팀은 lockfile·proof·service-account scope·IR plan처럼 보안 의도가 선언된 artifact가 있으면 제약이 이미 강제됐다고 느끼지만, 실제 실패는 build resolver, verification pipeline, cloud default IAM, incident-time decision chain이 그 선언을 hard constraint로 집행하지 못할 때 난다. 즉 선언은 남아 있어도 마지막 마일에서 hint로 강등 될 수 있다. 이를 META-55 Declared-Constraint / Resolver-Enforcement Gap (DCREG) 로 분리 정의. Microstable architecture check: solana/Anchor.toml 은 package_manager = "yarn", solana/package.json 은 caret range를 유지하고, yarn.lock 이 있어도 immutable install이 end-to-end로 강제되지 않으면 builder path는 여전히 drift 가능하다. Blue v14/v15가 dashboard runtime 안전성은 보강했지만, build determinism / artifact continuity 경계는 아직 별도 관리가 필요하다. | META-55 NEW | 0 new named vectors, +1 new meta pattern. Matrix state: 122+ named vectors + META-01~55 + B73~B78 = 178+ total entries. Black D51 MEDIUM finding을 퍼플 관점에서 constraint-as-hint drift 로 상위 구조화. | | 2026-04-18 | Purple meta sweep (7d, web_fetch + fallback cross-check): CybersecurityDive/Sygnia IR readiness survey (2026-04-13), Immunefi Balancer meta article, Foundry releases (2026-04-15/16), Hyperbridge exploit coverage (2026-04-13), Unit42/Vertex AI Double Agent coverage (2026-04-14)를 다시 교차 검토. New structural gap identified: 팀은 component를 label로 감사한다 — dashboard=view, agent=assistant, proof=data, runbook=document. 하지만 최근 실제 실패는 component의 declared role 이 아니라 effective authority 에서 났다. Hyperbridge proof path는 admin verb를 운반했고, Vertex AI agent는 assistant처럼 보이지만 project-wide data plane에 닿았고, Microstable dashboard도 docs/index.html 에서 browser-only read surface로 소개되지만 docs/app.js:43-49 에는 faucet signer가 직접 들어 있다. 이를 META-54 Declared-Role / Effective-Authority Gap (DREAG) 로 분리 정의. Microstable architecture check: Dashboard ↔ RPC ↔ On-chain 경계가 read-only observability plane이 아니라, devnet이긴 해도 write-capable surface로 붕괴돼 있다. | META-54 NEW | 0 new named vectors, +1 new meta pattern. Matrix state: 121+ named vectors + META-01~54 + B73~B78 = 176+ total entries. Black D26 HIGH code finding을 퍼플 관점에서 read-only boundary collapse 로 상위 구조화. | | 2026-04-18 | Source sweep (24h~7d, web_fetch + GitHub Advisory API + search-fallback cross-check): rekt.news frontpage still surfaces already-mapped Hyperbridge / Drift / Resolv coverage; hacked.slowmist.io front page shows Rhea Finance plus non-Solana items (Grinex, CowSwap) but no fresh publicly documented Solana-native mechanism beyond the already-recorded A98 reinforcement; Immunefi blog + Trail of Bits / OtterSec / Neodyme blog indexes produced no new Solana-specific exploit-research delta; GitHub Advisory API spot checks for solana / anchor / spl-token queries returned only low webpki name-constraints advisories plus unrelated ecosystem hits, not a fresh Solana/Anchor/SPL vector; fallback X/community query returned no additional Solana exploit signal. Microstable Part B sweep: A115 ⚠️ MEDIUM active-latent (solana/Cargo.lock still contains rustls-webpki 0.103.9 and 0.101.7 through reqwest/hyper-rustls stack); D26 ❌ HIGH NEW (microstable/docs/app.js:43-49 embeds a full 64-byte devnet faucet signer secret client-side while docs/index.html:6 still relies on meta-only CSP); A75 ⚠️ MEDIUM carry-forward (keeper/src/oracle.rs:743-851 fetches externally validated prices and sends ix_update_oracle without an explicit keeper-side TWAP/max-drift assertion before write); A43 ⚠️ MEDIUM carry-forward (lib.rs:1571-1605 still enforces commit/reveal only on single-call turnover, with no cumulative drift accumulator in state); B45 HIGH unchanged (microstable/security/audit-attestation.json absent — DAY 49). | 0 NEW vectors, 0 matrix delta | Matrix unchanged at 121+ named vectors + META-01~53 + B73~B78 = 175+ total entries. New HIGH code finding: public frontend signer exposure under D26. | | 2026-04-17 | Purple meta sweep (7d, web_search/web_fetch + fallback cross-check): CybersecurityDive/Sygnia IR readiness survey (2026-04-13), Immunefi Balancer post-mortem/meta article, Foundry releases (2026-04-15/16), Hyperbridge exploit coverage (2026-04-13), Unit42/Vertex AI Double Agent coverage (2026-04-14)를 교차 검토. New structural gap identified: 업계는 monitoring, audits, invariant/FV coverage, IR plans를 빠르게 늘렸지만 실제 emergency action(pause, mint_limit=0, redeem-only, manual_oracle_mode)이 누가 어떤 키로 몇 분 안에 어떤 명령을 실행하는가 에 결박되지 않으면 방어는 종이 위에만 남는다. 즉 계획과 탐지는 늘었지만 containment actuator 는 아직 약하게 연결돼 있다. 이를 META-53 Runbook-to-Actuator Binding Gap (RABG) 로 분리 정의. Microstable architecture check: on-chain emergency_shutdown path는 존재하지만, docs/ops-runbook.md 는 여전히 playbook 레벨에서 mint_limit=0 를 지시하고, solana/keeper/config.devnet.json 은 auto_emergency_shutdown=false 로 두고 있어 실제 containment는 manual 2-of-3 keeper coordination에 의존한다. | META-53 NEW | 0 new named vectors, +1 new meta pattern. Matrix state: 121+ named vectors + META-01~53 + B73~B78 = 175+ total entries. No new CRITICAL/HIGH code finding; one MEDIUM latent containment-path finding documented. | | 2026-04-17 | Source sweep (24h~7d, web_fetch + Brave/web fallback cross-check): rekt.news frontpage (Who Vets the Vetters?, 2026-04-14), hacked.slowmist.io, Immunefi blog index, Solana security/media page, Trail of Bits / OtterSec / Neodyme blog indexes, GitHub Advisory API spot checks (ecosystem=rust, Solana/Anchor/SPL queries), and fallback search for X/community chatter. New confirmed incident in-window: Rhea Finance (2026-04-16, NEAR) — attacker allegedly created multiple fake token contracts and newly created pools, misleading the protocol’s oracle and validation layers and extracting ~$7.6M. This does not create a new named vector; it materially strengthens A98 by proving that fake-asset collateral attacks can survive an extra “validation layer” when pool provenance / asset-admission checks still trust attacker-created markets. No fresh Solana/Anchor/SPL-specific GHSA hit requiring matrix expansion surfaced in the 7-day window beyond already-tracked A115 dependency drift. Microstable Part B sweep: A98 ✅ DEFENDED (lib.rs hardcodes only four stablecoin Pyth accounts/feed IDs and rejects other collateral_index values); A115 ⚠️ MEDIUM active-latent (keeper/Cargo.toml still uses reqwest with rustls-tls; solana/Cargo.lock still carries rustls-webpki 0.103.9 and 0.101.7); A75 ⚠️ MEDIUM carry-forward (keeper/src/oracle.rs manual fallback still fetches external prices and sends ix_update_oracle without an explicit keeper-side TWAP/max-drift assertion before write); A43 ⚠️ MEDIUM carry-forward (rebalance() still gates commit/reveal on per-call turnover >= LARGE_REBALANCE_THRESHOLD, with no cumulative drift accumulator in state); D26 ⚠️ LOW carry-forward (docs/index.html CSP remains meta-only and docs/app.js still embeds a devnet faucet signer); B45 HIGH unchanged (security/audit-attestation.json absent — DAY 48). | A98 reinforcement | 0 NEW vectors, +1 reinforcement. Matrix count unchanged at 174+ total entries. No new CRITICAL/HIGH beyond B45 HIGH carry-forward. | | 2026-04-16 | Source sweep (24h~7d, web_fetch + search-fallback cross-check — Brave quota exhausted): rekt.news frontpage/newsletter (WHO VETS THE VETTERS?, 2026-04-14; April 13 brief), hacked.slowmist.io, Solana ecosystem security launch page (STRIDE/SIRN), Trail of Bits/OtterSec/Neodyme blog indexes, Immunefi blog, GitHub Advisory DB query page, fallback checks for X/Immunefi/GHSA. No NEW confirmed vector in-window requiring matrix expansion. In-window items were either already mapped (Dango → A114, Hyperbridge → A32 reinforcement, Trust Wallet / HypurrFi-style entrypoint hijacks → D26) or did not expose a fresh Solana/Anchor/SPL code-level mechanism. The Solana Foundation STRIDE/SIRN launch is a defensive ecosystem response, not a new exploit primitive. Microstable Part B sweep: A114 ✅ DEFENDED / NOT ACTIVE TODAY (lib.rs public amount paths remain u64; no public signed reserve-delta / insurance-fund donation path found); A94/B77 ✅ DEFENDED (keeper/src/utils.rs still uses fresh get_latest_blockhash() + Transaction::new_signed_with_payer, no durable nonce workflow); A109/META-49 ✅ SAFE TODAY (solana/Anchor.toml still has no [hooks] section); A75 ⚠️ MEDIUM carry-forward (keeper/src/oracle.rs manual fallback still fetches externally validated prices and sends ix_update_oracle without an explicit keeper-side max-drift assertion versus TWAP before write); A43 ⚠️ MEDIUM carry-forward (rebalance() still gates commit/reveal on per-call turnover >= LARGE_REBALANCE_THRESHOLD, with no cumulative drift accumulator in state); D26 ⚠️ LOW carry-forward (docs/index.html CSP remains meta-only, vendored solana-web3 bundle has no SRI, docs/app.js still embeds a devnet faucet keypair); B45 HIGH unchanged (microstable/security/audit-attestation.json absent — DAY 47). | 0 NEW, 0 matrix delta | Matrix unchanged at 121+ named vectors + META-01~52 + B73~B78 = 174+ total entries. No new CRITICAL/HIGH beyond B45 HIGH carry-forward. | | 2026-04-15 | Purple meta sweep (7d, web_search/web_fetch + search-fallback cross-check): Immunefi March 2026 ecosystem update, Mitchell Amador The Real Cost of an Onchain Hack: 2024-2025 Update, Hyperbridge exploit coverage, Nomos Labs fuzz-testing guide, SwarmSignal AI agent security synthesis를 교차 검토. New structural gap identified: 업계는 payout, live threats prevented, audit count, verified properties, fuzz coverage처럼 잘 보이는 security metrics 를 빠르게 개선하지만, 실제 손실은 여전히 proof/admin/key/artifact/control-plane 같은 저빈도·고파괴 tail risk 가 좌우한다. 즉 팀은 측정 가능한 안전성을 최적화하고, 공격자는 측정되지 않는 blast-radius 경계를 노린다. 이를 META-52 Metric-Optimized Security Mirage (MOSM) 로 분리 정의. Microstable architecture check: active exploit path는 오늘 기준 미확인 ✅. 다만 B45 artifact attestation gap, A43 admission carry-forward, future provenance schema risk는 모두 headline security metrics에서 과소표시될 수 있는 tail-risk 성격이다. | META-52 NEW | 0 new named vectors, +1 new meta pattern. Matrix state: 121+ named vectors + META-01~52 + B73~B78 = 174+ total entries. No new CRITICAL/HIGH code finding; one latent architecture-level measurement/blast-radius finding documented. | | 2026-04-15 | Source sweep (24h~7d, web_fetch + search-fallback cross-check — Brave quota exhausted): rekt.news frontpage/newsletter, hacked.slowmist.io, Solana ecosystem/security pages, Trail of Bits/OtterSec/Neodyme indexes, fallback query checks for Immunefi/X, plus Dango exploit cross-read. Confirmed new real-world vector: Dango insurance fund sign error — public donation path failed to enforce positive amount semantics, so a negative donation inverted flow and drained ~$1.9M USDC from perp collateral before bridge rate limits capped realized outflow. This is a new named vector, not just generic A10, because the code smell is specific: direction and magnitude were fused into one externally reachable signed amount. Microstable Part B sweep: A114 ✅ DEFENDED / NOT ACTIVE TODAY (lib.rs public amount paths remain u64; no public insurance-fund donation / signed reserve-delta path found); A75 ⚠️ MEDIUM carry-forward (keeper/src/oracle.rs manual fallback still enables manual mode then writes externally validated prices via ix_update_oracle without an explicit fallback-path max-drift assertion vs TWAP before write); A43 ⚠️ MEDIUM carry-forward (rebalance() still gates commit/reveal on per-call turnover >= LARGE_REBALANCE_THRESHOLD, with no cumulative drift accumulator in state); D26 ⚠️ LOW carry-forward (docs/index.html CSP remains meta-only, vendored solana-web3 bundle lacks SRI; docs/app.js still stores devnet-only client state in browser); B45 HIGH unchanged (microstable/security/audit-attestation.json absent — DAY 46). | A114 NEW | 1 NEW vector. Matrix state: 121+ named vectors + META-01~51 + B73~B78 = 173+ total entries. No new CRITICAL/HIGH code finding beyond B45 HIGH carry-forward. | | 2026-04-14 | Purple meta sweep (7d, web_search/web_fetch + SearXNG fallback): Hyperbridge ISMP exploit write-up (2026-04-13), AI agent memory-governance analysis (Atlan, 2026-04-02), AI agent security synthesis updated 2026-04-11, Immunefi playbook/homepage signals. New structural gap identified: 업계가 bridge proof, agent memory, vector-store context, artifact manifest를 여전히 “데이터”로 취급하지만 실제로는 권한을 운반하는 증거(authority-bearing evidence) 로 사용한다. 감사/FV/퍼징은 대개 이 증거가 받아들여진 뒤의 실행 정확성만 검증하고, source provenance / freshness / ownership / policy scope 가 권한 경계라는 사실은 별도 체크하지 않는다. Hyperbridge는 proof가 admin 권한까지 운반할 수 있음을, AI memory governance는 memory가 장기 정책/승인 판단을 운반할 수 있음을 보여줬다. 이를 META-51 Provenance-Carried Authority Gap (PCAG) 로 분리 정의. Microstable architecture check: 현재 hardcoded Pyth feed + on-chain validation으로 active exploit path는 미확인, bridge/AI governance memory layer도 없음 ✅. 다만 future manual oracle fallback, bridge messaging, AI-assisted governance 도입 시 provenance schema 부재가 즉시 구조적 리스크가 됨. | META-51 NEW | 0 new named vectors, +1 new meta pattern. Matrix state: 120+ named vectors + META-01~51 + B73~B78. No new CRITICAL/HIGH code finding; one latent architecture trust-boundary finding documented. | | 2026-04-14 | Source sweep (24h~7d, web_fetch + SearXNG fallback + GitHub Advisory API cross-check — Brave quota exhausted): rekt.news frontpage/newsletter, hacked.slowmist.io, Solana ecosystem security page, Trail of Bits/OtterSec/Neodyme indexes, SearXNG fallback for Immunefi/X/Twitter queries, GitHub Advisory API spot checks, plus Hyperbridge exploit write-up/doc cross-read. Confirmed new real-world reinforcement: Hyperbridge / Polytope Labs token gateway (2026-04-13) let forged ISMP state proofs reach HandlerV1 → malicious ChangeAssetAdmin through TokenGateway.onAccept() → admin/minter seizure of bridged DOT on Ethereum → ~1B forged DOT minted and dumped. This is not a new named vector; it materially strengthens A32 Cross-Chain Bridge Message Forgery by showing that proof-validation failure can authorize admin/governance verbs, not only mint/unlock flows. No new Solana/Anchor/SPL GHSA hit surfaced, and monitored audit blogs produced no fresh Solana-specific exploit-research delta in-window. Microstable Part B sweep: A32 ✅ NOT APPLICABLE TODAY (no bridge / Wormhole / IBC path in lib.rs or keeper); D48 ✅ SAFE TODAY (solana/Cargo.lock only shows tracing / tracing-subscriber, no logprinter / logtrace); A109/META-49 ✅ SAFE TODAY (solana/Anchor.toml still has no [hooks]); A94/B77 ✅ DEFENDED (keeper/src/utils.rs still uses fresh get_latest_blockhash() + Transaction::new_signed_with_payer, no durable nonce workflow); A75 ⚠️ MEDIUM carry-forward (keeper/src/oracle.rs manual fallback still enables manual mode then submits external prices via ix_update_oracle without an explicit keeper-side max-drift gate versus TWAP before write); A43 ⚠️ MEDIUM carry-forward (rebalance() still enforces commit/reveal only when single-call turnover >= LARGE_REBALANCE_THRESHOLD, with no cumulative drift accumulator); D26 ⚠️ LOW carry-forward (docs/index.html CSP remains meta-only, vendored solana-web3 has no SRI, docs/app.js still embeds a devnet faucet keypair); B45 HIGH unchanged (microstable/security/audit-attestation.json absent — DAY 45). | A32 reinforcement | 0 NEW vectors, +1 reinforcement. Matrix count unchanged at 170+ total entries. No new CRITICAL/HIGH code finding beyond B45 HIGH carry-forward. | | 2026-04-13 | Purple meta sweep (7d, web_search/web_fetch + SearXNG fallback): arXiv MEV-ACE (2026-04-08), arXiv Economic Security of VDF-Based Randomness Beacons (2026-04-06), Foundry invariant testing guide, Echidna docs, Immunefi bug-fix review index, RustSec logprinter cross-read. New structural gap identified: 업계의 assurance가 ordering/correctness/invariant를 mostly admissible set 이후 에서 검증하는 동안, 실제 공격은 receipt threshold, queue capacity, commit slot, validator attention, expiry window 같은 admission layer 를 장악하는 쪽으로 이동. 오늘은 이를 META-50 Admissibility Security Gap (ASG) 로 분리 정의. Microstable Part B sweep: protocol.pending_rebalance_commit / pending_rebalance_expiry가 single global large-rebalance lane 으로 동작하고, explicit cancel/replace path 없이 최대 COMMIT_REVEAL_MAX_VALIDITY = 1000 slots까지 serialization 가능. 자금 탈취가 아니라 방어 행동 admission choke 관점의 MEDIUM architecture finding으로 문서화. | META-50 NEW | 0 new named vectors, +1 new meta pattern. Matrix state: 120+ named vectors + META-01~50 + B73~B78. No new CRITICAL/HIGH code finding; one Microstable architecture-level admission choke documented. | | 2026-04-13 | Source sweep (24h~7d, web_fetch + GitHub Advisory API + SearXNG fallback — Brave quota exhausted): rekt.news frontpage, hacked.slowmist.io, GitHub Advisory API queries (ecosystem=rust, query=solana/anchor/spl-token), Trail of Bits/OtterSec/Neodyme blog indexes, Immunefi bug-fix review index, SearXNG fallback for X/Immunefi/Solana checks. No NEW confirmed vector in-window requiring matrix expansion. SlowMist items in-window remained already mapped or still lacked a public code-level mechanism: TMM/USDT already covered as A107, HypurrFi/Trust Wallet reinforce D26 only, Denaria still lacks exploit mechanics, and Drift/Resolv remain already captured. GitHub Advisory API returned no Solana/Anchor/SPL-specific advisory hit affecting current matrix coverage, and monitored audit blogs produced no new Solana-specific research post in-window requiring a delta. Microstable Part B sweep: A94/B77 ✅ DEFENDED (keeper/src/utils.rs still signs with fresh get_latest_blockhash() and Transaction::new_signed_with_payer, no durable nonce workflow); A75 ⚠️ MEDIUM carry-forward (keeper/src/oracle.rs manual fallback still enables manual oracle mode then writes externally validated prices through ix_update_oracle without an explicit fallback-path max-drift assertion versus TWAP before write); A43 ⚠️ MEDIUM carry-forward (rebalance() still gates commit/reveal on per-call turnover >= LARGE_REBALANCE_THRESHOLD only, with no cumulative drift accumulator in state); D26 ⚠️ LOW carry-forward (docs/index.html CSP is meta-only, vendored solana-web3 script still has no SRI, docs/app.js still embeds a devnet faucet keypair); B45 HIGH unchanged (microstable/security/audit-attestation.json absent — DAY 44). | 0 NEW, 0 matrix delta | Matrix unchanged at 170+ total entries. No new CRITICAL/HIGH beyond B45 HIGH carry-forward. | | 2026-04-12 | Source sweep (24h~7d, web_fetch + SearXNG fallback — Brave quota exhausted): rekt.news frontpage, hacked.slowmist.io, GitHub advisories query/fallback, Trail of Bits/OtterSec/Neodyme blog indexes, SearXNG fallback for Immunefi/X queries. No NEW confirmed vector in-window requiring matrix expansion. Drift/Resolv remained already captured; no fresh Solana/Anchor/SPL GHSA hit surfaced in fallback checks; no new Solana-specific research post from the monitored audit blogs required a matrix delta. Microstable Part B sweep: A109/META-49 ✅ SAFE TODAY (microstable/solana/Anchor.toml has no [hooks] section); A94/B77 ✅ DEFENDED (keeper/src/utils.rs signs with fresh get_latest_blockhash(), no durable nonce workflow); A75 ⚠️ MEDIUM carry-forward (manual oracle fallback still writes externally validated prices without an explicit fallback-path max-drift assertion versus TWAP before write); D26 ⚠️ LOW carry-forward (docs/index.html CSP is meta-only, no SRI on vendored JS, docs/app.js still embeds a devnet faucet keypair); B45 HIGH unchanged (microstable/security/audit-attestation.json absent — DAY 43). | 0 NEW, 0 matrix delta | Matrix unchanged at 170+ total entries. No new CRITICAL/HIGH beyond B45 HIGH carry-forward. | | 2026-04-11 | Purple meta sweep (7d, web_fetch + SearXNG fallback): Anchor 1.0 stable release notes/changelog (2026-04-02), CertiK AI Auditor launch coverage (2026-04-08), Immunefi March 2026 ecosystem update, Q1 2026 exploit autopsy, Drift/Resolv post-mortems cross-read. New structural gap identified: 업계의 AI 감사·버그바운티·형식 검증은 코드 레이어 탐지를 강화하지만, Anchor.toml [hooks]처럼 설정 파일이 실행 가능한 제어면으로 변하는 흐름은 감사·바운티·FV 범위 밖에 남아 있다. 기존 D28/A109은 구체 벡터를 다루고, 오늘은 그 메타 원인을 분리해 정의. Microstable Part B sweep: microstable/solana/Anchor.toml currently has no [hooks] section ✅; immediate exploit path not present. However, Anchor 1.0 migration would instantly widen the build/deploy trust boundary. B45 HIGH (artifact attestation absence) becomes more important under this model. | META-49 NEW | 0 new named vectors, +1 new meta pattern. Matrix state: 120+ named vectors + META-01~49 + B73~B78. No new CRITICAL/HIGH code finding; one latent architecture/control-plane risk documented. | | 2026-04-11 | Source sweep (24h~7d, web_fetch + GitHub Advisory API + SearXNG fallback): rekt.news frontpage, hacked.slowmist.io, Solana ecosystem security page, GitHub Advisory API, Trail of Bits/OtterSec/Neodyme blog indexes, SearXNG fallback for Immunefi/X queries. No NEW confirmed vector in-window requiring matrix expansion. SlowMist in-window items were already mapped or lacked public mechanism: TMM/USDT (2026-04-05) already covered as A107; HypurrFi (2026-04-04) reinforces D26 only; Denaria (2026-04-05) still lacks code-level public mechanism; Trust Wallet and Drift remain already-covered cases. GitHub advisories published 2026-04-09/10 included Wasmtime issues, but no Solana/Anchor/SPL-specific GHSA affecting Microstable’s current stack. Microstable Part B sweep: A107 ✅ NOT APPLICABLE / DEFENDED (no AMM-pair accounting or burnable protocol token path); A94/B77 ✅ DEFENDED (keeper uses fresh get_latest_blockhash(), no durable nonce workflow); D26 ⚠️ LOW carry-forward (docs/index.html CSP is meta-only, vendor/solana-web3-1.95.3.iife.min.js has no SRI, docs/app.js still embeds a devnet faucet keypair); A75 ⚠️ MEDIUM carry-forward (keeper manual oracle fallback still sources externally validated prices via oracle.rs and writes them on-chain through update_oracle without an explicit manual-price-vs-TWAP max-drift assertion in that fallback path); B45 HIGH unchanged (microstable/security/audit-attestation.json absent — DAY 42). | 0 NEW, 0 matrix delta | Matrix unchanged at 170+ total entries. No new CRITICAL/HIGH beyond B45 HIGH carry-forward. | | 2026-04-10 | Source sweep (24h~7d, web_fetch + SearXNG fallback — Brave quota exhausted): rekt.news newsletter (2026-04-06), TRM Labs, quillaudits.com, stratiumsol.com, nomoslabs.io, web_fetch (Fortune, CoinDesk, smartcontractshacking.com, cybersecurityfox). Confirmed Drift Protocol full postmortem (2026-04-01, $285M): 4-phase attack — durable nonce pre-signed multisig (B77/A105/A106), fake CVT token oracle collateral (A52), social engineering of Security Council members, zero-timelock vault architecture. All patterns already covered in matrix (A52/A105/A106/B77 added 2026-04-08/09). No new Solana/Anchor/SPL CVE or exploit pattern requiring new vector. New addition: META-47 — quantum computing ECC break timeline shrinking (Google Research 2026-04) as long-horizon Solana systemic risk. Microstable Part B sweep: ✅ DEFENDED — (1) No durable nonce usage in on-chain program or keeper (keeper uses fresh get_latest_blockhash() per send; ChaCha20-Poly1305 nonce in keyfile is encryption nonce, not Solana nonce); (2) PDA validation confirmed — MigrateLegacyState re-derives all PDAs via require_keys_eq!(account.key, expected_pda) before use; migrate_vault_account() validates key+owner for all vault accounts; (3) hardcoded Pyth feed IDs (USDC, USDT, DAI, USDS) prevent fake token oracle manipulation; (4) no pooled vault under admin control (user funds in protocol-owned ATAs); (5) no multisig governance (single TRUSTED_INITIALIZER). Carry-forwards: B45 HIGH unchanged (keeper audit-attestation.json absent — DAY 41). | META-47 NEW (quantum ECC threat) | 1 NEW META, 0 new named vectors. Matrix at 120+ named vectors + META-01~47 + B73~B78 = 170+ total entries. No new CRITICAL/HIGH for Microstable. |

| 2026-04-05 | Source sweep (24h~7d, web_fetch + SearXNG fallback — Brave quota exhausted): rekt.news, SlowMist hacked.slowmist.io, CoinDesk, TRM Labs, Elliptic. No NEW VECTORS — all in-window incidents already tracked. (1) Adobe breach (2026-04-03, 13M users) — non-blockchain, supply chain, skipped; (2) Trust Wallet Discord vanity URL hijack (2026-04-02) — D26 reinforcement already logged 2026-04-03; (3) Drift Protocol $270-285M — A94 + B77 full mechanism already documented 2026-04-04; (4) LML/USDT staking $950K (2026-04-01, BSC) — A3 reinforcement: TWAP/snapshot reward calculation + zero-address recipient path price manipulation + claim function exploitation. Pattern matches 2026-03-27 BSC Stake Contract ($133K) — staking reward oracle manipulation class; (5) [email protected] supply chain (2026-03-31) — D28 reinforcement. Matrix update: A3 reinforced with LML/USDT zero-address path sub-pattern. Microstable Part B sweep: A3 LML/USDT ✅ DEFENDED — Microstable has no staking reward calculation logic; collateral allowlist (USDC/USDT/DAI/USDS) excludes manipulable tokens; Pyth oracle with staleness/confidence guards. D28 axios ✅ N/A — keeper is pure Rust (no axios), dashboard is static HTML, on-chain is Anchor. Carry-forwards: B45 HIGH unchanged (keeper audit-attestation.json absent — DAY 36). | A3 reinforcement (LML/USDT) + D28 reinforcement (axios) | 0 NEW VECTORS, 2 REINFORCEMENTS. Matrix at 106 named vectors + META-01~37 + B73~B77 = 143 total entries. No new CRITICAL/HIGH for Microstable. | | 2026-04-04 | Source sweep (24h, web_fetch + SearXNG fallback — Brave quota exhausted): rekt.news, SlowMist hacked.slowmist.io, CoinDesk post-mortem. MAJOR UPDATE: Drift Protocol A94 full mechanism disclosed via CoinDesk deep-dive (April 2, 2026). Attack was durable-nonce pre-signed multisig admin takeover, not a code bug. Timeline: March 23 durable nonce accounts created → March 27 Council migration adapted → March 30 new nonce for new member → April 1 two transactions, four slots, full admin control. $270-285M drained across 20+ tokens. Attack vector: social engineering + time-gap exploitation + indefinitely-valid durable nonce transactions. Matrix update: A94 fully documented with complete attack timeline, fund flow, and defense analysis. B77 already logged as generalized pattern. Microstable Part B sweep: A94 ✅ DEFENDED — keeper uses get_latest_blockhash() per send, no durable nonce workflow, automated daemon (no human signers), 2-of-3 keeper_set operates within keeper execution context (not separate Security Council). Attack surface does not exist. No new in-window Solana/Anchor/SPL GH advisories. Carry-forwards: B45 HIGH unchanged (keeper audit-attestation.json absent — DAY 35). | A94 full mechanism documented | 0 NEW VECTORS, 1 MAJOR REINFORCEMENT. Matrix at 106 named vectors + META-01~37 + B73~B77 = 143 total entries. No new CRITICAL/HIGH for Microstable. | | 2026-04-03 | Source sweep (24h~7d, SearXNG fallback + web_fetch — Brave quota exhausted): rekt.news, SlowMist hacked.slowmist.io, Solana news, GitHub advisories, RustSec, Trail of Bits/OtterSec/Neodyme research checks. One new confirmed incident in-window: Trust Wallet Discord vanity URL hijack (2026-04-02) — official discord[.]gg/trustwallet redirected to a phishing server; official website/Telegram/blog links became attacker-controlled onboarding paths. No new in-window Solana/Anchor/SPL GH advisories or official Solana security advisories with confirmed code-level exploit mechanism beyond already-tracked items. Matrix update: D26 reinforced with Discord invite-link hijack mechanics (invite expiry / vanity-link reassignment / lowercased-code reuse) using SlowMist + PANews incident confirmation and Check Point mechanism research. Microstable Part B sweep: D26 ⚠️ PARTIAL/LOW — docs/index.html has CSP meta script-src 'self', but protection is meta-tag only; vendor/solana-web3-1.95.3.iife.min.js lacks SRI; docs/app.js embeds a devnet faucet mint-authority keypair client-side. A93 ✅ DEFENDED unchanged; A94 ✅ N/A unchanged pending mechanism disclosure. Carry-forwards: B45 HIGH unchanged (keeper audit-attestation.json absent — DAY 34). | D26 reinforcement | 0 NEW VECTORS, 1 REINFORCEMENT. Matrix holds at 105 named vectors + META-01~35 + B73~B76 = 140 total entries. No new CRITICAL/HIGH for Microstable; B45 HIGH carry-forward persists. | | 2026-04-02 | Source sweep (24h, SearXNG fallback — Brave quota exhausted): rekt.news, SlowMist hacked.slowmist.io, Futuresearch.ai, RustSec, GitHub advisories, web_fetch. Two new confirmed incidents: (1) Drift Protocol $200-270M suspected exploit (April 1, 2026, Solana) — Solana developer Mert Mumtaz reported strong indications of a hack; wallet HkGz4K... received suspicious transfers; mechanism not publicly confirmed as of this cycle. Watch vector pending full disclosure. (2) Loopscale (Bridgesplit) $5.8M exploit (April 2026, Solana) — RateX-based order-book lending collateral pricing manipulation; protocol launched April 10; $4.25M VC-backed (Solana Labs + Coinbase Ventures); pricing engine diverged from market without Pyth sanity gates → undercollateralized loans drained $5.8M from USDC/SOL vaults. Microstable Part B sweep: A93 (RateX pricing) ✅ DEFENDED — Microstable uses Pyth with validate_spot_vs_twap + staleness/confidence guards (ORACLE_STALENESS_MAX=120, CONFIDENCE_MAX=5%, progressive haircut); stablecoin-only collateral (USDC/USDT/DAI/USDS); no order-book pricing engine. A94 (Drift Protocol) ✅ N/A — Microstable stablecoin-only, no perp/derivatives. Carry-forwards review: B76 (delegate check gap) re-evaluated — transfer_checked at lib.rs:1104+ requires authority: user.to_account_info() (direct user signature); delegate cannot forge user signature → B76 DOWNGRADED to INFO (theoretical only, not exploitable in mint flow). A75 (MANUAL_ORACLE_MODE TWAP drift) — confirmed no write_oracle_price instruction exists on-chain; keeper reads Pyth feeds directly → A75 CLOSED as N/A (no manual price write path exists). B45 HIGH unchanged (audit-attestation.json absent — DAY 33). | A93 NEW + A94 NEW | 2 NEW VECTORS (A93 RateX/Lending-Protocol Collateral Pricing Oracle Manipulation, A94 Drift Protocol ~$200-270M [mechanism TBD]). Matrix at 105 named vectors (A1–A92 + A85/A86 reserved + A93~A94) + META-01~33 + B73~B76 = 138 total. No new CRITICAL/HIGH for Microstable. | | 2026-04-01 | Source sweep (24h, Brave quota exhausted → SearXNG fallback): rekt.news, SlowMist hacked.slowmist.io, Futuresearch.ai, RustSec, GitHub advisories. Three new confirmed incidents: (1) LiteLLM PyPI Supply Chain (2026-03-24, 47,000+ affected) — malicious litellm 1.82.7/1.82.8 on PyPI with litellm_init.pth backdoor; steals SSH keys, cloud credentials, K8s configs, crypto wallets; maintainer GitHub fully compromised; fork bomb bug accidentally exposed attack. (2) GlassWorm Wave 5 (March 2026, 433 packages) — Solana blockchain as C2 dead drop, queries every 5s; 200 Python repos + 151 JS/TS repos + 72 VSCode extensions + 10 npm packages compromised via GitHub account takeover + force-push. (3) RUSTSEC-2026-0078 (2026-03-30) — intaglio symbol confusion after hasher panic; not in Microstable Cargo.lock. Microstable sweep (lib.rs full read): B76 (Token-2022 delegate check gap) ⚠️ MEDIUM-OPEN — mint instruction accepts user_collateral_ata without checking delegate.is_none(). While the transfer uses user signing authority, a delegate set on the ATA creates a user-side security gap that could facilitate collateral theft via bystander delegation. transfer_checked confirmed at line ~1104 with authority: user.to_account_info(). Keeper Cargo.toml: pure Rust (anchor-client, solana-client, reqwest); no Python, no litellm dependency ✅. Keeper immune to B73/B74. Dashboard: pure static HTML, no Python ✅. On-chain: pure Rust/Anchor ✅. Carry-forwards: B45 HIGH (audit-attestation.json absent — DAY 32), A43 MEDIUM (no cumulative drift accumulator in rebalance()), B44 elevated to MEDIUM-OPEN (B76 refactored as Token-2022 delegate check gap — delegate.is_none() check absent in mint instruction; requires on-chain fix), A75 MEDIUM (MANUAL_ORACLE_MODE TWAP drift guard absent). | B73 NEW + B74 NEW + B75 NEW + B76 NEW | 4 NEW VECTORS (B73 LiteLLM PyPI supply chain, B74 GlassWorm Wave 5 Solana C2 + developer tool supply chain, B75 RUSTSEC-2026-0078 intaglio [NOT APPLICABLE to Microstable], B76 Token-2022 delegate check gap in mint). Matrix at 103 named vectors (A1–A92 + A85/A86 reserved) + META-01~31 + B73~B76 = 134 total. Full Microstable sweep: B73 ✅ N/A (Rust on-chain + keeper); B74 ✅ N/A (Rust on-chain, developer tool hygiene advisory); B75 ✅ N/A (intaglio not in Cargo.lock); B76 ⚠️ MEDIUM-OPEN — delegate.is_none() check absent in mint instruction; requires on-chain fix. No new CRITICAL/HIGH. | | 2026-03-31 | Source sweep (24h): rekt.news, SlowMist hacked.slowmist.io, web_fetch/SEARXNG. Two new confirmed incidents: (1) PancakeSwap BCE-USDT $679K (2026-03-23, BlockSec Phalcon) — BCE token _transfer() triggered automatic burns on pool interactions, desyncing AMM cached reserves without sync() call; attacker deployed two malicious contracts to bypass per-tx limits and accumulate reserve desync across fragmented transfers. Root cause: token supply modification outside AMM awareness. (2) Moonwell Moonriver Governance Attack (2026-03-26, $1.08M at risk, $0 lost) — attacker spent ~$1,808 to buy 40M MFAM on SolarBeam, passed initial quorum in 11 min; proposed transferring admin control of 7 lending markets + comptroller + oracle to malicious contract; community counter-mobilized and proposal failed. Microstable sweep: A91 (BCE burn mechanism) ✅ DEFENDED — Microstable collateral allowlist (USDC/USDT/DAI/USDS) is standard SPL Token with no burn-on-transfer; token::transfer_checked CPI path confirmed; no AMM pool integration; A92 (governance attack) ✅ N/A — Microstable has no governance token. | A91 NEW + A92 NEW | 2 NEW VECTORS (A91 BCE burn/fee-on-transfer AMM reserve manipulation, A92 low-cost rapid-quorum governance attack). Matrix at 99 named vectors (A1–A92; A90=A78 duplicate; A85/A86 reserved) + META-01~28 = 127 total entries. Full Microstable sweep: 0 new CRITICAL/HIGH. Carry-forwards unchanged: B45 HIGH (DAY 31), A43 MEDIUM, B44 MEDIUM, A75 MEDIUM. | | 2026-03-30 | Source sweep (24h, SearXNG fallback — Brave quota exhausted): rekt.news, hacked.slowmist.io, rustsec.org, dailycve.com. NEW CONFIRMED INCIDENT: 2026-03-27 BSC Stake Contract ($133K, BlockSec Phalcon) — spot-price oracle in staking reward calculation + referral amplification; flash-loan-compressed single-TX attack. All March 24 libcrux/hpke-rs advisories (RUSTSEC-2026-0071~0077) confirmed already covered (A76–A84, A90/A78 duplicate). x402 SDK payment proof bypass (GHSA-qr2g-p6q7-w82m, 2026-03-07): Solana payment facilitator missing signature validation; no confirmed exploitation; NOT applicable to Microstable. Housekeeping: A90 (added 2026-03-29 daily cycle) is a duplicate of A78 — both cover RUSTSEC-2026-0075 libcrux-ed25519 all-zero key gen. A85/A86 remain unassigned (reserved). SKILL.md header corrected: 93 → 97 named vectors, META-01~24 → META-01~25 (META-25 was added in 2026-03-29 attack-matrix.md but not reflected in SKILL.md header). | A3 reinforcement (BSC Stake 2026-03-27 spot-oracle staking sub-pattern) | 0 NEW VECTORS, 1 REINFORCEMENT, 1 INCIDENT LOG ADDITION — Matrix at 97 named vectors (96 unique; A90 = A78 duplicate) + META-01~25. Full Microstable sweep: A3 BSC staking sub-pattern ✅ DEFENDED (Pyth, no referral/staking reward calc); A87 ZK ✅ N/A; A88 ERC-3525 ✅ N/A (Solana); A89 supply cap ✅ CONFIRMED SAFE (v.total_deposits tracker, confirmed 2026-03-29). Carry-forwards: B45 HIGH (DAY 25), A43/B44/A75 MEDIUM unchanged, A81 LOW-MEDIUM (RPC endpoint count). No new CRITICAL/HIGH. | | 2026-03-29 | Source sweep (24h–7d): rekt.news, SlowMist, hacked.slowmist.io, coinpaprika (Brave quota exhausted → SearXNG fallback). No new incidents from March 22–28 window beyond already-tracked entries. Q1 2026 stats (CoinPaprika 2026-03-27): 15 protocols, $137.7M total, 6.5% recovery rate, OWASP #1 = access control. Incidents log backfill: AM/USDT pool BSC (2026-03-12, ~$131K) and Aave/CoWSwap $50M price impact (2026-03-12) were in attack matrix but missing from docs/blockchain-security-incidents-comprehensive.md. Both added. META-24 stats addendum appended to attack-matrix.md with Q1 2026 quantified ground truth + keeper 2-of-3 risk framing. Note: attack-matrix.md also received A87~A90 + META-25 in this cycle (not reflected in original log entry — corrected in 2026-03-30 sweep). | A41 + A59 (incidents log backfill) + META-24 addendum + A87/A88/A89/A90 + META-25 (late-cycle addition) | 4 NEW VECTORS (A87 ZK trusted setup skip, A88 ERC-3525 SFT callback reentrancy, A89 9-month accumulation + supply cap donation bypass, A90 libcrux-ed25519 all-zero key gen [=A78 duplicate]), 1 NEW META (META-25 formal verification spec gap). Matrix at 97 named vectors + META-01~25. Full Microstable sweep: today's new/reinforced vectors (A41 burn-reserve, A59 thin-pool) ✅ NOT APPLICABLE. A87 ZK ✅ N/A; A88 ERC-3525 ✅ N/A; A89 supply cap ✅ CONFIRMED SAFE. Carry-forwards: B45 HIGH (DAY 24), A43/B44/A75 MEDIUM unchanged. No new CRITICAL/HIGH. | | 2026-03-28 | Source sweep (7d): rekt.news, SlowMist, rustsec.org (advisory batch), SearXNG fallback (Brave quota exhausted). New D28 reinforcement: March 26, 2026 — 15+ malicious Rust crates removed from crates.io (RUSTSEC-2023-0104~0124): Windows service wrappers, Monero tooling, Tauri UI, OpenVPN Rust binding. RUSTSEC-2026-0049 (rustls-webpki CRL, limited impact) — no keeper dep. dTRINITY (A68) already in matrix. | D28 (reinforced, Rust crate batch) | 0 NEW VECTORS, 1 REINFORCEMENT — Matrix holds at 90 named vectors (unchanged). Keeper Cargo.lock verified: 0 matches for all malicious crates ✅. No new CRITICAL/HIGH. Carry-forwards: B45 HIGH (DAY 23), A43/B44/A75 MEDIUM unchanged. | | 2026-03-27 | Source sweep (24h~7d): rekt.news, SlowMist, GitHub Advisory checks (web_search/fallback), and web_fetch. New confirmed item: GHSA-8f57-hh49-gmqf (@solana-ipfs/sdk, 2026-03-26); no additional on-chain Solana incidents with public exploit mechanism in the window; hacked.slowmist.io and newsletter.rekt.news items already in matrix. | D28 (reinforced, malware supply-chain case) + D26 reinforcement unchanged | 0 NEW VECTORS, 1 REINFORCEMENT — Matrix holds at 90 named vectors (unchanged). Daily microstable verdict: all vectors from previous carry-forward unchanged, 0 new CRITICAL/HIGH; no reclassified findings against Microstable from this sweep. | | 2026-03-25 | Source sweep — no new 24h incidents (rekt.news + Brave confirmed: Resolv USR $25M = most recent, published 2026-03-23, already captured as A72+META-19). Full 90-vector Microstable sweep vs. all A71–A75+META-19 additions from yesterday's run: A71 Cross-Protocol Flash-Loan MEV Sandwich ✅ NOT APPLICABLE (no user-DEX swap interface); A72 Privileged Minter EOA + Absent Cap ✅ DEFENDED (mint() is USER-SIGNED, no SERVICE_ROLE mint path, slot flow caps enforced on-chain); A73 Long-Horizon Dominance ✅ DEFENDED (Pyth not DEX TWAP, stablecoin-only collateral); A74 Rust tar-rs Symlink ✅ N/A (keeper builds local, no CI tarball unpack); A75 Audit-Evading Economic Design ⚠️ MEDIUM-OPEN (MANUAL_ORACLE_MODE + key compromise → 120-slot window, TWAP drift guard absent for manual price writes — confirmed on-chain, no assert(|manual_price - twap| <= MAX_DRIFT_BPS)); META-19 OPCA ✅ MOSTLY DEFENDED (mint/redeem user-signed, no privileged mint SERVICE_ROLE) + ⚠️ MEDIUM gap (keeper MANUAL_ORACLE_MODE price commits lack independent TWAP-drift on-chain validation). | 0 NEW | Matrix holds at 90 named vectors. No new CRITICAL/HIGH for Microstable. Carry-forwards: B45 HIGH (audit-attestation.json absent — DAY 20), A43 MEDIUM (no cumulative drift accumulator in rebalance()), B44 MEDIUM (no delegate.is_none() check in mint()), A75 MEDIUM (MANUAL_ORACLE_MODE TWAP drift guard absent). | | 2026-03-24 | Resolv Labs USR $25M (2026-03-22, Ethereum): Compromised SERVICE_ROLE private key (single EOA) + absent on-chain mint cap. 100K USDC deposit → 50M USR (500× ratio). USR crashed 74%. Underlying collateral intact; allowlisted redemptions announced. Rust tar-rs RUSTSEC-2026-0067/0068: tar::unpack_in symlink traversal + PAX header size bypass — supply chain risk for keeper build pipeline. Cross-Protocol MEV Sandwich (Kyberswap/Camelot, 2026-03-18): multi-venue flash loan split across 3 DEXes to bypass single-pool sandwich defenses. Meta-synthesis: A72+A35+B49+B35 = $58.27M losses from single structural pattern (OPCA). | A71 NEW + A72 NEW + A73 NEW + A74 NEW + A75 NEW + META-19 NEW | 5 NEW VECTORS + 1 META pattern. Matrix 88→90 named vectors + META-19. A72 Microstable: ✅ DEFENDED (no SERVICE_ROLE mint path). A74 Microstable: ✅ N/A (local keeper builds). META-19 gap documented (MANUAL_ORACLE_MODE). Carry-forwards: B45 HIGH (audit-attestation.json absent — DAY 19), A43 MEDIUM, B44 MEDIUM. No new CRITICAL/HIGH. | | 2026-03-23 | Aave/CoWSwap $50M Thin-Pool Routing Loss (2026-03-12): User rotated $50M aEthUSDT→aEthAAVE via Aave interface → CoW solver routed final WETH leg through SushiSwap pool with $73K liquidity (1,017× pool reserve) → user received 327 AAVE (~$36K). No attacker; loss from AMM price impact + solver race-to-minimum objective. "Aave Shield" announced (>25% price impact block). Movie Token Burn-to-LP double-count (2026-03-10, $242K BSC): flash loan + burn function writes directly to LP reserve, double-counting in swap+burn tracker → inflated AMM price → sold for profit. | A59 NEW + A2/A10 reinforcement | 1 NEW VECTOR (A59: DEX Aggregator Solver Race-to-Minimum / Interface-Mediated Thin-Pool Routing Loss). A2+A10 reinforced with "Deflationary-Token Burn-to-LP Direct Write" sub-pattern. Matrix now 88 named vectors (A56+A57+A58 from 3/22 run + A59 today). Microstable A59 verdict: ✅ NOT APPLICABLE (no DEX aggregator, keeper-direct rebalance, no user collateral swap interface). A2/A10 Movie Token verdict: ✅ NOT APPLICABLE (no deflationary burn function, Pyth oracle not AMM). Carry-forwards: B45 HIGH (audit-attestation.json absent — DAY 17), A43 MEDIUM, B44 MEDIUM. No new CRITICAL/HIGH for Microstable. | | 2026-03-22 | Neodyme Token-2022 research (dev.to 2026-03-15) + Anchor v1.0.0-rc.5 release (2026-03-20) + Windsurf IDE extension malware targeting Solana developers (Bitdefender 2026-03-20, D45 reinforcement) | A56 NEW + A57 NEW + A58 NEW | 3 NEW VECTORS (A56: Token-2022 ExtraAccountMeta Injection; A57: Anchor Shadow IDL Migration Discriminator Gap; A58: Token-2022 Transfer Fee Invisible Tax Accounting Bypass). Matrix: 84→87 vectors (pre-3/23 count). | | 2026-03-21 | Trivy supply chain attack by TeamPCP (2026-03-19, CVE-2026-28353): Retained credentials from incomplete Feb 28 containment → force-pushed 75/76 trivy-action tags → backdoored v0.69.4 steals SSH keys + crypto wallet files from CI/CD runners. Security-tooling inversion pattern: legit scan results presented alongside credential theft. | D43 NEW | 1 NEW VECTOR (D43: Security-Tooling Inversion — Trusted CI/CD Scanner Compromised via Force-Push Tag Hijack). Matrix now 84 named vectors. Microstable CI/CD audit: pages.yml uses actions/checkout@v4 (tag-pinned, no SHA) ⚠️ LOW risk (GitHub-maintained action; no trivy-action in pipeline; keeper builds done locally). D43 verdict: ⚠️ LOW — no Trivy in pipeline, but tag-pinning without SHA is structural risk if any third-party actions are added. Carry-forwards unchanged: B45 HIGH (audit-attestation.json absent — DAY 16), A43 MEDIUM, B44 MEDIUM. No new CRITICAL/HIGH findings today. | | 2026-03-20 | Neutrl DNS hijack (2026-03-19, loss TBD): DNS provider social-engineered → domain redirected; users urged to revoke Permit2 approvals immediately via Revoke.cash. AM/USDT pool burn reserve manipulation (2026-03-12, $131K): toBurnAmount manipulated to artificially lower reserves → sold at inflated price. Injective $500M access control bypass (2026-03-16, disclosed; $0 lost, $500M at risk): any user could drain any account; patched via upgrade vote; bounty dispute ($50K offered vs. $500K cap). | D26 + Permit2 note, A41 reinforcement, A4 reinforcement | 0 NEW VECTORS (all reinforce existing). D26 updated: Neutrl case + Permit2 persistence as DNS-hijack force-multiplier documented. A41 updated: AM/USDT burn-reserve case added. A4 updated: Injective chain-level auth bypass case added. Matrix holds at 83 named vectors. Full Microstable sweep: D26 Neutrl ✅ N/A (Solana, no Permit2); A41 ✅ DEFENDED; A4 ✅ DEFENDED. Carry-forwards unchanged: B45 HIGH (audit-attestation.json absent — DAY 15), A43 MEDIUM, B44 MEDIUM. No new CRITICAL/HIGH findings. | | 2026-03-17 | Venus Protocol supply cap bypass + slow-accumulation TWAP manipulation (2026-03-15, $2.15M / $3.7M exposure): Attacker accumulated 84% of supply cap over 9 months, bypassed cap via direct token transfer to protocol contract (not through deposit function), then pushed TWAP 96% on thin-liquidity THE collateral. Drained $2.15M in CAKE/BNB/USDC/BTCB. | A67 NEW | 1 NEW VECTOR (A67). Total matrix: 81 named vectors. Microstable: A67 ✅ DEFENDED (total_deposits tracked field + Pyth oracle not DEX TWAP + stablecoin collateral only). Full 81-vector sweep — 0 new CRITICAL/HIGH. Carry-forwards unchanged: B45 HIGH (audit-attestation.json still absent — DAY 12), A43 MEDIUM (no cumulative drift tracking), B44 MEDIUM (no delegate.is_none() check in mint()), B63 MEDIUM (MediaTek TEE, operator devices). | | 2026-03-15 | Aave wstETH CAPO oracle misconfiguration (2026-03-10, $27.78M): Chaos Labs Edge Risk engine computed snapshotRatio 2.85% below market → AgentHub auto-executed 1 block later with no human gate → 34 healthy E-Mode positions liquidated. No attacker. First confirmed large-scale loss from fully automated risk parameter pipeline. | A62 NEW | 1 NEW VECTOR (A62). Total matrix: 62 named vectors. Microstable: A62 ✅ DEFENDED (2-of-3 keeper quorum + manual oracle mode time-box; no automated rate-cap executor exists). Full sweep below — 0 new CRITICAL/HIGH. Carry-forwards: B45 HIGH (audit-attestation.json unattested delta persists), A43 MEDIUM, B44 MEDIUM. | | 2026-03-13 | DBXen ERC-2771 sender mismatch exploit (2026-03-12, $150K): burnBatch() used _msgSender() but onTokenBurned() callback used msg.sender → forwarder addr credited; permissionless forwarder + fresh-address fee backdating bug amplified. bonk.fun domain hijack (2026-03-12): team account compromised → DNS takeover → wallet-drainer JS injected on canonical domain. D26 escalation note: server-level CSP header required (meta-tag alone cannot block server-injected scripts). | A61 NEW + D26 reinforced | 1 NEW VECTOR (A61). Total matrix: 61 named vectors. Microstable: A61 NOT APPLICABLE (Solana, no ERC-2771). D26: Microstable dashboard has CSP meta tag ✅ — but no server-level HTTP CSP header (static file serving). LOW carry-forward. Full sweep: no new CRITICAL/HIGH findings today. Carry-forwards: B45 HIGH (audit-attestation.json unattested 3,281-line delta persists), A43 MEDIUM, B44 MEDIUM. | | 2026-03-12 | Source sweep: no new incidents in 24h window (last: Gondi NFT $230K 2026-03-10, A4 reinforcement); SlowMist/rekt.news/Halborn/Brave confirmed — 0 new DeFi exploits March 11-12. Full 79-vector Microstable sweep: B45 HIGH still open (audit-attestation.json absent; 3,281-line unattested delta persists), A43 MEDIUM open (no cumulative drift accumulator in rebalance()), B44 MEDIUM open (no delegate.is_none() check in mint()). D26 LOW-NEW: vendor/solana-web3-1.95.3.iife.min.js loaded without SRI integrity attribute — self-hosted so low severity, but should be hash-verified for tamper detection parity. | 0 NEW | Matrix holds at 79 vectors. No new pattern from March 11–12 sweep. Open carry-forwards: B45 HIGH (priority), A43 MEDIUM, B44 MEDIUM, D26/D33 LOW. Gondi (2026-03-10) confirmed A4 dual-authorization pattern: function-level auth ≠ asset-level ownership — bundler-pattern applies equally to any batch/multicall abstraction over user-owned assets. | | 2026-03-09 | OtterSec "Unfaithful Claims: Breaking 6 zkVMs" (2026-03-03) — Jolt/Nexus/Cairo-M/Ceno/Expander/Binius64 all vulnerable to Fiat-Shamir public-claim unbound variable bypass | A50 (NEW) | Added zkVM Fiat-Shamir Public-Claim Unbound Variable Bypass; distinct from A49 (gamma=delta setup constants) — A50 correct constants but wrong transcript binding order pre-challenge squeeze; proof forgery enables arbitrary false statement claiming; Microstable ✅ not applicable (no zkVM); future integration gate: transcript binding-order audit + forged-claim CI test required | | 2026-03-08 | CrossCurve bridge ReceiverAxelar.expressExecute() missing gateway validation (2026-02-02, $3M multi-chain) | A48 (NEW) | Added Unguarded Cross-Chain Receiver Function vector; distinct from A32 (IBC content forgery) — attacker bypasses relay entirely by directly calling receiver; Microstable ✅ not applicable (no bridge receiver); onlyGateway modifier pattern documented | | 2026-03-07 | Solv Protocol BRO vault ERC721 callback double-mint exploit (2026-03-06, $2.7M / 38 SolvBTC drained via 22-iteration dual-execution) | A46 (NEW) | Added ERC721 Callback Reentrancy / Dual-Execution Mint vector; distinct from A1 (not loop re-entry); reinforced NFT-callback CEI discipline; Microstable ✅ not applicable (SPL Token classic, no callbacks) | | 2026-03-05 | Localhost WebSocket takeover hardening signal (OpenClaw v2026.2.25 + Oasis disclosure) | B48 | Added localhost trust-boundary collapse vector for agent-controlled keeper ops; reinforced browser-origin gateway threat modeling, no-loopback-exception controls, and pairing/origin hardening requirements | | 2026-03-02 | Holdstation DeFAI Smart Wallet (2026-02-25, $462K) | B15 (tentative) | Added to incidents timeline; mechanism pending (MFA bypass / session theft in AI-integrated wallet). DeFAI surface note added: AI intent layer + signing authority co-location amplifies B15/B29 exposure | | 2026-03-02 | February 2026 monthly loss total (~$37.7M, lowest since Mar 2025) | Meta | Contextual stat: phishing = $8.5M of total (22%). Key-compromise-class still dominant vector | | 2026-03-01 | AgentSentry + Agent Behavioral Contracts (arXiv 2602.22724 / 2602.22302) | B38 | Added multi-turn tool-return boundary takeover vector and runtime contract-based mitigation notes | | 2026-03-01 | Immunefi bug-bounty telemetry lag signal (2-week disclosure delay) | A34, B15 | Added signal-latency-blindness note: public bounty metrics lag should not drive real-time incident prioritization | | 2026-03-01 | FOOMCASH zkSNARK verifier drift exploit (~$2.26M) | A38 | Added new ZK verifier-key misbinding vector with code-level key-hash/circuit-version defenses | | 2026-03-01 | Trail of Bits Comet prompt-injection audit techniques | B29 | Reinforced confused-deputy vector with fake system/user delimiters + fake validator/CAPTCHA multi-step exfil patterns | | 2026-02-28 | YieldBlox Blend V2 collateral chain exploit ($10.97M) | A3, A36 | Elevated "thin-liquidity collateral + raw-latest oracle adapter + lending health-factor" as a compositional failure chain (not single oracle bug) | | 2026-02-28 | AI oversight-evasion research signal (arXiv 2602.23163) | B37 | Added covert-channel/steganographic agent bypass pattern (post-prompt-injection hardening bypass class) | | 2026-02-28 | Stake Nova redeem-path exploit ($2.39M) | A2, A10 | Reinforced flash-loan-amplified redeem validation failures (RedeemNovaSol) and added Solana-specific redeem-path hardening pattern | | 2026-02-26 | IoTeX ioTube validator key compromise ($4.4M) | B15 | Added new key-compromise case + keeper key hygiene emphasis | | 2026-02-25 | Moonwell oracle incident ($1.78M bad debt) | A3, A10, B18 | Added oracle unit-normalization misuse pattern, governance timelock recovery-gap note, and feed-composition sanity defenses |

Defense Failure Patterns (Meta, Purple-Team Informed)

Black Team 점검 시, "취약점 존재"만 보지 말고 방어가 왜 실패하는지를 같이 기록한다.

Control Fragmentation: 감사/바운티/모니터링/IR가 분리돼 신호가 연결되지 않음.
Rollback Latency: 문제 인지 후 안전한 롤백까지의 의사결정·권한 체인 지연.
Assumption Drift: 배포 당시 안전하던 임계치/가정이 시장·인프라 변화로 무효화.
Confused-Deputy Ops: AI/자동화 도구가 비신뢰 입력을 권한 있는 행동으로 변환.
Capacity Griefing: 단일 대형 공격보다 지속 저강도 압박으로 운영 여유를 소진.
Market-Quality Blindness: 가격 정확성만 보고 시장 깊이/분산도/거래활동 품질을 신뢰 경계에 포함하지 않음.
Telemetry-Truth Drift: 대응 단계에서 공지 지표(순손실/동결액)와 온체인 사실이 분리되어 의사결정·포렌식이 오염됨.
Signal-Latency Blindness: 공개 바운티/리포트 통계의 지연(예: 2주 지연 반영)을 실시간 위협 지표로 오용해, 이미 진행 중인 변형 공격 대응 우선순위를 놓침.
Localhost-Trust Mirage: 운영 환경에서 localhost를 무조건 신뢰해 rate-limit/origin/pairing 예외를 두면, 브라우저-origin 로컬 WebSocket 경로로 인증 경계가 붕괴될 수 있음. 온체인 감사만으로는 탐지되지 않는 운영 계층 실패.
Approval-Execution Intent Drift: 서명 시점과 실행 시점이 분리된 승인 흐름에서, 정족수와 서명 진위만 확인하고 실제 의도 보존 여부를 검증하지 않으면 정상 서명이 곧 악성 실행으로 전환될 수 있음. durable nonce, 오프밴드 부분 서명, 사전 승인 배치가 대표 사례.
Framework-Default Drift: 프레임워크 릴리스에서 보안 기본값이 강화됐다는 사실 자체가 기존 코드의 잠재 취약 노출 신호인데, 감사가 업스트림 변경 로그를 위협 정보로 다루지 않아 오래된 기본값 의존이 장기간 방치됨.
Executable-Config Drift: Anchor.toml, CI YAML, deploy script처럼 원래 선언형으로 여겨진 파일이 점점 실행 가능한 제어면이 되는데, 감사·FV·바운티가 이를 여전히 "설정"으로 분류해 우선순위를 낮게 두면 검증된 소스와 배포 산출물의 연속성이 끊긴다.
Admissibility Blindness: 감사·형식 검증·불변식 테스트가 대부분 "이미 시스템에 들어온 요청이 올바르게 실행되는가"를 검증하는 동안, 실제 공격은 receipt threshold, queue capacity, pending slot, expiry window를 장악해 정상 방어 요청의 admission 자체를 막는 방향 으로 이동한다. 이때 liveness/fairness 파라미터는 성능 설정이 아니라 보안 경계다.
Evidence-as-Authority Confusion: bridge proof, AI memory, vector-store context, artifact manifest처럼 겉으로는 "데이터"인 입력이 실제로는 권한을 운반하는데도, 감사가 provenance/freshness/owner/policy scope를 강제하지 않으면 syntactic validity만으로 privileged action이 열릴 수 있다.
Metric-Optimized Security Mirage: payout, live threats prevented, fuzz runs, audit count, verified properties처럼 잘 보이는 지표가 좋아져도, authority concentration, artifact attestation, signer ceremony integrity, rollback latency, evidence provenance coverage 같은 tail-risk control plane은 그대로일 수 있다. 팀이 측정 가능한 안전성만 최적화하면 catastrophic control-plane failure를 놓친다.
Runbook-to-Actuator Binding: pause, redeem-only, mint freeze, manual oracle mode 같은 emergency control이 코드와 문서에 있어도, 정확한 signer set·명령 경로·자동화 토글·latency budget·훈련된 호출 절차에 결박되지 않으면 방어는 문서상으로만 존재한다.
Constraint-as-Hint / Resolver Drift: lockfile, proof, service-account scope, runbook처럼 보안 의도가 선언된 artifact가 있어도, build resolver·verification pipeline·default IAM·incident-time decision chain이 그것을 hard constraint로 집행하지 않으면 제약은 곧 hint로 강등된다. 리뷰가 선언 존재만 확인하고 enforcement semantics를 끝까지 따라가지 않으면, syntactically correct artifact 아래에서 실제 보안 경계가 조용히 재해석될 수 있다.
Imported-Collateral Control-Plane Drift: 외부 자산을 담보/상장 자산으로 수용할 때 가격·유동성·LTV만 검토하고, 그 자산의 bridge·mint·pause·verifier quorum·issuer governance·incident latency 전체가 우리 solvency 경계로 들어온다는 사실을 놓치면, 로컬 코드가 멀쩡해도 upstream invalidation이 downstream bad debt로 전이된다.
Counted Redundancy / Correlated Failover: primary+secondary, backup RPC, multi-DVN, secondary agent 처럼 개수로 표시된 redundancy가 있어도, failover selector와 observability path가 같은 truth plane을 공유하면 공격자는 일부 경로만 오염시키고 나머지를 degrade시켜 시스템을 poisoned subset으로 몰아넣을 수 있다. 보안 점검은 endpoint 수보다 fault-domain independence, disagreement alarm, degraded-mode deny 기본값을 먼저 본다.
Default-Path / Scope-Carveout Responsibility Gap: vendor quickstart, official sample config, provider-managed verifier/RPC, emergency council 같은 요소를 팀이 기본 경로로 채택해도, 감사와 바운티 scope가 corporate infra, deployment pipeline, KMS, prover/TEE, manual dispute/restart/freeze 가정을 바깥으로 밀면 실제 control plane은 orphan boundary가 된다. 사고 후 blame은 provider와 integrator 사이를 오가지만, 사전에 누가 그 기본 경로를 소유하고 compensating control을 붙였는지는 문서화돼 있지 않은 경우가 많다.
Nominal-Path / Exception-Path Assurance Asymmetry: audit, FV, invariant testing, competition은 정상 경로의 correctness를 빠르게 강화하지만, 실제 위기 순간 시스템은 blacklist, dispute, manual restart, security-council freeze, manual oracle mode, redeem-only 같은 예외 경로로 전환된다. 많은 팀이 이 경로를 단지 emergency power나 downgrade assumption으로만 다뤄, 정상 경로만큼의 명세·불변식·잔고 보전·공정성 검증을 붙이지 않는다. 점검 시에는 "발사할 수 있는가"(META-53)뿐 아니라, 발사된 뒤 그 예외 프로토콜이 무엇을 보장하는가 를 별도 검증한다.
Recoverability-Collateralized Security Gap: freeze, blacklist, manual restart, credential rotation, recovery fund, loss socialization 같은 회수 수단이 존재하면 팀은 그 경계의 raw blast radius를 과소평가하기 쉽다. 회수 가능성은 사후 완화 수단이지 사전 예방 통제의 대체재가 아닌데도, 바운티 severity, competition scope, 내부 triage가 이를 direct downgrade 근거로 쓰면 privileged control-plane risk가 구조적으로 저평가된다. 점검 시에는 "얼마나 되찾을 수 있는가" 가 아니라 backstop이 전혀 없다고 가정했을 때 무엇이 털리는가 를 먼저 본다.
Assurance-Halo Transitivity Gap: audit/FV/invariant/fuzz가 코어 코드에 대해 강해질수록, 팀은 그 신뢰 신호를 build/deploy/RPC/support/AI-tooling 같은 인접 plane에도 무의식적으로 전이시킨다. 그러나 최신 사고는 바로 그 out-of-scope plane에서 터진다. 점검 시에는 각 assurance artifact마다 정확히 어디서 coverage가 끝나는지 를 명시하고, residual risk가 바깥 경계로 밀려났는지 확인한다.
Invariant-to-Operations Promotion Gap: 테스트, 형식 검증, 감사 보고서, 바운티 리포트에서 이미 정의한 핵심 불변식이 런타임 monitor, disagreement alarm, auto-halt threshold로 승격되지 않으면, 팀은 우리가 무엇을 지켜야 하는지 는 알고도 운영에서 언제 깨졌는지 는 못 본다. 점검 시에는 각 HIGH/CRITICAL 자산 경계마다 불변식 정의 → 측정 지표 → 경보 채널 → 차단 actuator 가 한 줄로 연결되는지 확인한다.
Assurance-Commoditization / Response-Scarcity Gap: Foundry/FV/AI bug bounty tooling이 exploit search, 시퀀스 생성, 검증 보고서 작성을 점점 더 싸고 병렬적인 자동화로 바꾸는 동안, authority inventory, actuator binding, freeze/rotate evidence, owner escalation map은 여전히 사람 손으로 유지되는 희소 산출물로 남는다. 이때 조직은 위협을 이해하고도 execution throughput에서 진다. 점검 시에는 누가 알고 있는가 보다 무엇이 기계적으로 최신 상태를 유지하며 즉시 실행 가능한가 를 먼저 본다.
Assurance-Plane Failure Semantics Gap: validator, prover, invariant engine, attestation check, RPC cross-check 같은 assurance plane은 무엇이 유효한가 는 잘 정의해도, 그 plane이 hang / diverge / under-detect / timeout 할 때 시스템이 fail-stop 해야 하는지, 제한적으로 fail-open 해야 하는지, 어떤 override와 사후 검증이 필요한지 를 끝까지 못 박지 않는 경우가 많다. 점검 시에는 각 assurance layer마다 success semantics / failure semantics / override owner / max validation cost / degraded-mode guardrail 이 한 표에 묶여 있는지 확인한다.
Validation Cost-Ceiling Gap: validator, encoder, parser, attestation check, dependency verifier 같은 assurance layer는 맞게 판별하는가 만 검증하면 충분해 보이지만, 공격자가 입력 형태 하나로 CPU·메모리·시간 비용을 비정상적으로 키워 방어 로직 자체를 resource-exhaustion actuator로 바꾸는지 는 별도 보안 경계다. 점검 시에는 각 assurance step마다 input bound / allocation ceiling / timeout budget / abort evidence / integrity-preserving fallback 이 고정돼 있는지 확인한다.

리포트의 각 HIGH/CRITICAL 항목에 아래를 추가:

Why defense failed (설계/운영/조직 중 어디가 끊겼는지)
Recovery path (탐지→차단→복구까지 실제 실행 경로)

Execution Methodology

For each of the 44+ vectors:

Historical Reference — Which real incident used this vector, what was the mechanism
Code Mapping — Identify exact file:line in target code where vector applies
Attack Scenario — Step-by-step attack procedure (numbered steps)
Current Defense — Evaluate: Defended / Partially Defended / Undefended
Severity — CRITICAL / HIGH / MEDIUM / LOW / INFO
PoC Sketch — For CRITICAL/HIGH: pseudocode or concrete attack commands
Remediation — Code-level fix recommendation

Chain-Specific Considerations

Solana (Anchor)

Account model: owner checks, PDA derivation, account data validation
CPI: cross-program invocation target verification, signer propagation
Rent: minimum balance, account close lamport drain
Discriminator: Anchor 8-byte discriminator collision risk
Clock/Slot: slot-based timing vs real-time assumptions

Read references/solana-specific.md for Solana-specific attack patterns.

Ethereum (Solidity)

Storage layout: delegatecall + storage collision
Reentrancy: external calls before state updates
ERC-20 approval: infinite approval + permit signatures
Proxy patterns: UUPS/Transparent upgrade risks
ERC-2771 meta-transaction: mixed msg.sender/_msgSender() + permissionless forwarder (A61)

Read references/ethereum-specific.md for EVM-specific attack patterns.

Report Format

Output as structured markdown:

# Black Team Report — {Protocol Name}

## 0) Summary Dashboard
- Total vectors evaluated: 44
- CRITICAL: X | HIGH: X | MEDIUM: X | LOW: X
- Undefended (immediately exploitable): X

## Top 5 Most Dangerous Scenarios
1. ...

## {N}) {Vector Name}
- **Historical Reference**: {incident, amount, mechanism}
- **Code Mapping**: {file:line}
- **Attack Scenario**: {numbered steps}
- **Current Defense**: {Defended/Partial/Undefended}
- **Severity**: {level}
- **PoC**: {code/commands for CRITICAL/HIGH}
- **Remediation**: {specific code fix}

Cycling Protocol

Black Team is designed to run in loops with Blue Team:

Black R1 → Blue fix → Black R2 → Blue fix → ... → ZERO CRITICAL/HIGH

On repeat runs (R2+):

Re-evaluate ALL 44 vectors against updated code
Verify previous fixes actually work (bypass attempts)
Check for regression (new vulnerabilities from fixes)
Only report NEW or UNFIXED findings
Target: ZERO CRITICAL + ZERO HIGH to exit loop

Blockchain Black Team — Real-World Attack Simulation

When to Use This vs Others

Use this (Black Team) when you want historically proven attack vectors mapped to real incidents and immediate exploitability checks.
Use blockchain-red-team for novel/zero-day style techniques and bypass research beyond known patterns.
Use blockchain-purple-team for meta-level coverage gaps, audit failure causes, and architecture/ops blind spots.

When to Use

Security audit of smart contracts (Solana Anchor, Solidity, CosmWasm)
Attack simulation / penetration testing of DeFi protocols
Pre-mainnet security hardening
Hackathon security review
Post-incident analysis using real-world patterns

Quick Start

Read the target codebase (on-chain + off-chain)
Load references/attack-matrix.md for the 44+ vector framework
For each vector: map historical pattern → target code → attack scenario → severity
Output structured report with PoC sketches for CRITICAL/HIGH findings

Attack Matrix (90 Vectors, continuously extended)

The full matrix with historical references, code-level mechanisms, and defense patterns is in references/attack-matrix.md. Summary:

A. Smart Contract (core 13 + extended A32/A33/A34/A35/A36/A38)

B. Off-chain/Keeper (core 7 + extended B29/B35/B36/B37/B38)

C. Economic (6 vectors)

C. Economic (6 vectors + A59)

D. Infrastructure (core 4 + extended D32/D33/D34)

Daily Evolution Log (Recent)

Defense Failure Patterns (Meta, Purple-Team Informed)

Black Team 점검 시, "취약점 존재"만 보지 말고 방어가 왜 실패하는지를 같이 기록한다.

Control Fragmentation: 감사/바운티/모니터링/IR가 분리돼 신호가 연결되지 않음.
Rollback Latency: 문제 인지 후 안전한 롤백까지의 의사결정·권한 체인 지연.
Assumption Drift: 배포 당시 안전하던 임계치/가정이 시장·인프라 변화로 무효화.
Confused-Deputy Ops: AI/자동화 도구가 비신뢰 입력을 권한 있는 행동으로 변환.
Capacity Griefing: 단일 대형 공격보다 지속 저강도 압박으로 운영 여유를 소진.
Market-Quality Blindness: 가격 정확성만 보고 시장 깊이/분산도/거래활동 품질을 신뢰 경계에 포함하지 않음.
Telemetry-Truth Drift: 대응 단계에서 공지 지표(순손실/동결액)와 온체인 사실이 분리되어 의사결정·포렌식이 오염됨.
Signal-Latency Blindness: 공개 바운티/리포트 통계의 지연(예: 2주 지연 반영)을 실시간 위협 지표로 오용해, 이미 진행 중인 변형 공격 대응 우선순위를 놓침.
Localhost-Trust Mirage: 운영 환경에서 localhost를 무조건 신뢰해 rate-limit/origin/pairing 예외를 두면, 브라우저-origin 로컬 WebSocket 경로로 인증 경계가 붕괴될 수 있음. 온체인 감사만으로는 탐지되지 않는 운영 계층 실패.
Approval-Execution Intent Drift: 서명 시점과 실행 시점이 분리된 승인 흐름에서, 정족수와 서명 진위만 확인하고 실제 의도 보존 여부를 검증하지 않으면 정상 서명이 곧 악성 실행으로 전환될 수 있음. durable nonce, 오프밴드 부분 서명, 사전 승인 배치가 대표 사례.
Framework-Default Drift: 프레임워크 릴리스에서 보안 기본값이 강화됐다는 사실 자체가 기존 코드의 잠재 취약 노출 신호인데, 감사가 업스트림 변경 로그를 위협 정보로 다루지 않아 오래된 기본값 의존이 장기간 방치됨.
Executable-Config Drift: Anchor.toml, CI YAML, deploy script처럼 원래 선언형으로 여겨진 파일이 점점 실행 가능한 제어면이 되는데, 감사·FV·바운티가 이를 여전히 "설정"으로 분류해 우선순위를 낮게 두면 검증된 소스와 배포 산출물의 연속성이 끊긴다.
Admissibility Blindness: 감사·형식 검증·불변식 테스트가 대부분 "이미 시스템에 들어온 요청이 올바르게 실행되는가"를 검증하는 동안, 실제 공격은 receipt threshold, queue capacity, pending slot, expiry window를 장악해 정상 방어 요청의 admission 자체를 막는 방향 으로 이동한다. 이때 liveness/fairness 파라미터는 성능 설정이 아니라 보안 경계다.
Evidence-as-Authority Confusion: bridge proof, AI memory, vector-store context, artifact manifest처럼 겉으로는 "데이터"인 입력이 실제로는 권한을 운반하는데도, 감사가 provenance/freshness/owner/policy scope를 강제하지 않으면 syntactic validity만으로 privileged action이 열릴 수 있다.
Metric-Optimized Security Mirage: payout, live threats prevented, fuzz runs, audit count, verified properties처럼 잘 보이는 지표가 좋아져도, authority concentration, artifact attestation, signer ceremony integrity, rollback latency, evidence provenance coverage 같은 tail-risk control plane은 그대로일 수 있다. 팀이 측정 가능한 안전성만 최적화하면 catastrophic control-plane failure를 놓친다.
Runbook-to-Actuator Binding: pause, redeem-only, mint freeze, manual oracle mode 같은 emergency control이 코드와 문서에 있어도, 정확한 signer set·명령 경로·자동화 토글·latency budget·훈련된 호출 절차에 결박되지 않으면 방어는 문서상으로만 존재한다.
Constraint-as-Hint / Resolver Drift: lockfile, proof, service-account scope, runbook처럼 보안 의도가 선언된 artifact가 있어도, build resolver·verification pipeline·default IAM·incident-time decision chain이 그것을 hard constraint로 집행하지 않으면 제약은 곧 hint로 강등된다. 리뷰가 선언 존재만 확인하고 enforcement semantics를 끝까지 따라가지 않으면, syntactically correct artifact 아래에서 실제 보안 경계가 조용히 재해석될 수 있다.
Imported-Collateral Control-Plane Drift: 외부 자산을 담보/상장 자산으로 수용할 때 가격·유동성·LTV만 검토하고, 그 자산의 bridge·mint·pause·verifier quorum·issuer governance·incident latency 전체가 우리 solvency 경계로 들어온다는 사실을 놓치면, 로컬 코드가 멀쩡해도 upstream invalidation이 downstream bad debt로 전이된다.
Counted Redundancy / Correlated Failover: primary+secondary, backup RPC, multi-DVN, secondary agent 처럼 개수로 표시된 redundancy가 있어도, failover selector와 observability path가 같은 truth plane을 공유하면 공격자는 일부 경로만 오염시키고 나머지를 degrade시켜 시스템을 poisoned subset으로 몰아넣을 수 있다. 보안 점검은 endpoint 수보다 fault-domain independence, disagreement alarm, degraded-mode deny 기본값을 먼저 본다.
Default-Path / Scope-Carveout Responsibility Gap: vendor quickstart, official sample config, provider-managed verifier/RPC, emergency council 같은 요소를 팀이 기본 경로로 채택해도, 감사와 바운티 scope가 corporate infra, deployment pipeline, KMS, prover/TEE, manual dispute/restart/freeze 가정을 바깥으로 밀면 실제 control plane은 orphan boundary가 된다. 사고 후 blame은 provider와 integrator 사이를 오가지만, 사전에 누가 그 기본 경로를 소유하고 compensating control을 붙였는지는 문서화돼 있지 않은 경우가 많다.
Nominal-Path / Exception-Path Assurance Asymmetry: audit, FV, invariant testing, competition은 정상 경로의 correctness를 빠르게 강화하지만, 실제 위기 순간 시스템은 blacklist, dispute, manual restart, security-council freeze, manual oracle mode, redeem-only 같은 예외 경로로 전환된다. 많은 팀이 이 경로를 단지 emergency power나 downgrade assumption으로만 다뤄, 정상 경로만큼의 명세·불변식·잔고 보전·공정성 검증을 붙이지 않는다. 점검 시에는 "발사할 수 있는가"(META-53)뿐 아니라, 발사된 뒤 그 예외 프로토콜이 무엇을 보장하는가 를 별도 검증한다.
Recoverability-Collateralized Security Gap: freeze, blacklist, manual restart, credential rotation, recovery fund, loss socialization 같은 회수 수단이 존재하면 팀은 그 경계의 raw blast radius를 과소평가하기 쉽다. 회수 가능성은 사후 완화 수단이지 사전 예방 통제의 대체재가 아닌데도, 바운티 severity, competition scope, 내부 triage가 이를 direct downgrade 근거로 쓰면 privileged control-plane risk가 구조적으로 저평가된다. 점검 시에는 "얼마나 되찾을 수 있는가" 가 아니라 backstop이 전혀 없다고 가정했을 때 무엇이 털리는가 를 먼저 본다.
Assurance-Halo Transitivity Gap: audit/FV/invariant/fuzz가 코어 코드에 대해 강해질수록, 팀은 그 신뢰 신호를 build/deploy/RPC/support/AI-tooling 같은 인접 plane에도 무의식적으로 전이시킨다. 그러나 최신 사고는 바로 그 out-of-scope plane에서 터진다. 점검 시에는 각 assurance artifact마다 정확히 어디서 coverage가 끝나는지 를 명시하고, residual risk가 바깥 경계로 밀려났는지 확인한다.
Invariant-to-Operations Promotion Gap: 테스트, 형식 검증, 감사 보고서, 바운티 리포트에서 이미 정의한 핵심 불변식이 런타임 monitor, disagreement alarm, auto-halt threshold로 승격되지 않으면, 팀은 우리가 무엇을 지켜야 하는지 는 알고도 운영에서 언제 깨졌는지 는 못 본다. 점검 시에는 각 HIGH/CRITICAL 자산 경계마다 불변식 정의 → 측정 지표 → 경보 채널 → 차단 actuator 가 한 줄로 연결되는지 확인한다.
Assurance-Commoditization / Response-Scarcity Gap: Foundry/FV/AI bug bounty tooling이 exploit search, 시퀀스 생성, 검증 보고서 작성을 점점 더 싸고 병렬적인 자동화로 바꾸는 동안, authority inventory, actuator binding, freeze/rotate evidence, owner escalation map은 여전히 사람 손으로 유지되는 희소 산출물로 남는다. 이때 조직은 위협을 이해하고도 execution throughput에서 진다. 점검 시에는 누가 알고 있는가 보다 무엇이 기계적으로 최신 상태를 유지하며 즉시 실행 가능한가 를 먼저 본다.
Assurance-Plane Failure Semantics Gap: validator, prover, invariant engine, attestation check, RPC cross-check 같은 assurance plane은 무엇이 유효한가 는 잘 정의해도, 그 plane이 hang / diverge / under-detect / timeout 할 때 시스템이 fail-stop 해야 하는지, 제한적으로 fail-open 해야 하는지, 어떤 override와 사후 검증이 필요한지 를 끝까지 못 박지 않는 경우가 많다. 점검 시에는 각 assurance layer마다 success semantics / failure semantics / override owner / max validation cost / degraded-mode guardrail 이 한 표에 묶여 있는지 확인한다.
Validation Cost-Ceiling Gap: validator, encoder, parser, attestation check, dependency verifier 같은 assurance layer는 맞게 판별하는가 만 검증하면 충분해 보이지만, 공격자가 입력 형태 하나로 CPU·메모리·시간 비용을 비정상적으로 키워 방어 로직 자체를 resource-exhaustion actuator로 바꾸는지 는 별도 보안 경계다. 점검 시에는 각 assurance step마다 input bound / allocation ceiling / timeout budget / abort evidence / integrity-preserving fallback 이 고정돼 있는지 확인한다.

리포트의 각 HIGH/CRITICAL 항목에 아래를 추가:

Why defense failed (설계/운영/조직 중 어디가 끊겼는지)
Recovery path (탐지→차단→복구까지 실제 실행 경로)

Execution Methodology

For each of the 44+ vectors:

Historical Reference — Which real incident used this vector, what was the mechanism
Code Mapping — Identify exact file:line in target code where vector applies
Attack Scenario — Step-by-step attack procedure (numbered steps)
Current Defense — Evaluate: Defended / Partially Defended / Undefended
Severity — CRITICAL / HIGH / MEDIUM / LOW / INFO
PoC Sketch — For CRITICAL/HIGH: pseudocode or concrete attack commands
Remediation — Code-level fix recommendation

Chain-Specific Considerations

Solana (Anchor)

Account model: owner checks, PDA derivation, account data validation
CPI: cross-program invocation target verification, signer propagation
Rent: minimum balance, account close lamport drain
Discriminator: Anchor 8-byte discriminator collision risk
Clock/Slot: slot-based timing vs real-time assumptions

Read references/solana-specific.md for Solana-specific attack patterns.

Ethereum (Solidity)

Storage layout: delegatecall + storage collision
Reentrancy: external calls before state updates
ERC-20 approval: infinite approval + permit signatures
Proxy patterns: UUPS/Transparent upgrade risks
ERC-2771 meta-transaction: mixed msg.sender/_msgSender() + permissionless forwarder (A61)

Read references/ethereum-specific.md for EVM-specific attack patterns.

Report Format

Output as structured markdown:

# Black Team Report — {Protocol Name}

## 0) Summary Dashboard
- Total vectors evaluated: 44
- CRITICAL: X | HIGH: X | MEDIUM: X | LOW: X
- Undefended (immediately exploitable): X

## Top 5 Most Dangerous Scenarios
1. ...

## {N}) {Vector Name}
- **Historical Reference**: {incident, amount, mechanism}
- **Code Mapping**: {file:line}
- **Attack Scenario**: {numbered steps}
- **Current Defense**: {Defended/Partial/Undefended}
- **Severity**: {level}
- **PoC**: {code/commands for CRITICAL/HIGH}
- **Remediation**: {specific code fix}

Cycling Protocol

Black Team is designed to run in loops with Blue Team:

Black R1 → Blue fix → Black R2 → Blue fix → ... → ZERO CRITICAL/HIGH

On repeat runs (R2+):

Re-evaluate ALL 44 vectors against updated code
Verify previous fixes actually work (bypass attempts)
Check for regression (new vulnerabilities from fixes)
Only report NEW or UNFIXED findings
Target: ZERO CRITICAL + ZERO HIGH to exit loop

Adoption

kjaylee/blockchain-black-team

$ install --global

Security Scan Results

SKILL.md

Blockchain Black Team — Real-World Attack Simulation

When to Use This vs Others

When to Use

Quick Start

Attack Matrix (90 Vectors, continuously extended)

A. Smart Contract (core 13 + extended A32/A33/A34/A35/A36/A38)

B. Off-chain/Keeper (core 7 + extended B29/B35/B36/B37/B38)

C. Economic (6 vectors)

C. Economic (6 vectors + A59)

D. Infrastructure (core 4 + extended D32/D33/D34)

Daily Evolution Log (Recent)

Defense Failure Patterns (Meta, Purple-Team Informed)

Execution Methodology

Chain-Specific Considerations

Solana (Anchor)

Ethereum (Solidity)

Report Format

Cycling Protocol

Related Skills

kjaylee/game-wow-launch-circle

kjaylee/youtube-pro

kjaylee/web-design-pro

kjaylee/web-design-guidelines

kjaylee/blockchain-black-team

$ install --global

Security Scan Results

SKILL.md

Blockchain Black Team — Real-World Attack Simulation

When to Use This vs Others

When to Use

Quick Start

Attack Matrix (90 Vectors, continuously extended)

A. Smart Contract (core 13 + extended A32/A33/A34/A35/A36/A38)

B. Off-chain/Keeper (core 7 + extended B29/B35/B36/B37/B38)

C. Economic (6 vectors)

C. Economic (6 vectors + A59)

D. Infrastructure (core 4 + extended D32/D33/D34)

Daily Evolution Log (Recent)

Defense Failure Patterns (Meta, Purple-Team Informed)

Execution Methodology

Chain-Specific Considerations

Solana (Anchor)

Ethereum (Solidity)

Report Format

Cycling Protocol

Related Skills

kjaylee/game-wow-launch-circle

kjaylee/youtube-pro

kjaylee/web-design-pro

kjaylee/web-design-guidelines