Intuition Mitigation Review
The decentralized language protocol, knowledge network, & native blockchain for InfoFi - unlocking the next generation of the internet. Powered by $TRUST.
- Start date2 Apr 2026
- End date6 Apr 2026
- Total awards$4,000 in USDC
- Duration4 days
- Details
Intuition Mitigation Review
- Total Prize Pool: $4,000 in USDC
- Warden awards: $3,000 in USDC
- Judge awards: $1,000 in USDC
- Warden guidelines for C4 mitigation reviews
- Starts April 2nd, 2026 20:00 UTC
- Ends April 6th, 2026 20:00 UTC
Important note
Each warden must submit a mitigation review for every individual item listed in the Scope section below. Incomplete or insufficient mitigation reviews will not be eligible for awards.
Overview of changes
These mitigation PRs are intentionally narrow and should be reviewed only against the findings listed in Scope.
Key context by PR:
-
PR 143 (
S-149,S-145)- Scope is limited to
AtomWalletsignature-validation hardening. S-149: 77-byte signatures now bind(userOpHash, validUntil, validAfter)into the signed digest so validity-window metadata cannot be tampered with by relayers/bundlers.S-145: malformed / invalid signature paths now fail validation without reverting, aligning with intended ERC-4337 validation-failure semantics.- 65-byte signatures intentionally preserve existing “unbounded validity window” behavior.
- Legacy 77-byte signatures that did not sign over timing metadata are intentionally no longer valid.
- Scope is limited to
-
PR 144 (
S-112,S-595)- This PR is one combined mitigation set for the same reward-accounting family.
S-112is the primary root-cause fix: boundary-exclusive epoch accounting removes closed-epoch mutability at the boundary.S-595is addressed both by that root-cause fix and by an explicit per-epoch claim-budget guardrail.- Review should focus on whether prior-epoch reward eligibility can still be changed at the epoch boundary and whether total claimed rewards can exceed epoch emissions.
-
PR 10 (
S-324)- Scope is limited to downstream ETH refund handling in
TrustSwapAndBridgeRouter. - The change is intentionally minimal: the router can now accept ETH dust refunded by the downstream SwapRouter refund path.
- Review should focus on whether swaps can still be made to revert through that refund path.
- Broader integration/composability questions outside the listed finding are out of scope for this mitigation review.
- Scope is limited to downstream ETH refund handling in
General note:
- Parent-contest invalid / intended-behavior findings are not reopened here unless the mitigation itself introduces a new issue in scope.
- Please evaluate each PR against the listed finding(s) only, plus any directly introduced mitigation regressions.
Scope
Mitigation of Medium Severity Issues
Mitigations of all Medium issues listed here will be considered in-scope:
| Fix | Mitigation of | Notes |
|---|---|---|
| PR 143 | S-149: Unsigned validity window metadata | same PR as S-145 |
| PR 144 | S-112 | |
| PR 144 | S-595 | same PR as S-112 |
Additional scope to be reviewed
These are additional changes that will be in scope.
Out of Scope
All other issues arising from the Intuition audit are out of scope.
Submissions
These submissions were unredacted at the time of report publish on April 28th, 2026.
| Submission ID | Submission Title | Notes |
|---|---|---|
| S-112 | Epoch Boundary Inclusion Allows Reward Dilution (Inclusive Epoch-End Snapshot Allows Retroactive Eligibility + Emissions Dilution) | |
| S-595 | Boundary claim ordering allows rewards overclaim beyond epoch budget in TrustBonding | |
| S-239 | Epoch-boundary checkpoints retroactively qualify for the previous epoch's rewards | Primary submission of group including S-112 and S-595 |