[contracts/security] Reconcile Slither findings blocking flowchain product E2E

[FlowmemoryAI]

Objective

Restore coherent npm run flowchain:product-e2e and npm run flowchain:l1-e2e evidence when Slither is installed locally.

Evidence

On 2026-05-14, HQ review ran npm run flowchain:product-e2e from agent/l1-loop-hq-review at 9b025c567f1fb8521d509d3551de2caa082fa843. The command invoked flowchain:full-smoke -> launch:candidate -> contracts:hardening and failed because Slither was present on PATH and reported findings in contracts/bridge/BaseBridgeLockbox.sol:

• missing-zero-check on BaseBridgeLockbox.releaseNative(...).recipient around line 201
• low-level-calls on the native release call around line 208

Foundry tests passed before the Slither step. The docs say Slither is optional by default and required only when explicitly requested, but the Windows hardening script currently runs Slither whenever it is available and fails on findings.

Acceptance criteria

• Decide whether default contracts:hardening should skip Slither unless contracts:hardening:slither or an explicit flag is used, or whether the contract findings must be fixed before product/L1 E2E can be green in Slither-equipped environments.
• If findings are true positives, add the smallest contract/test fix in the contracts worktree.
• If findings are expected or informational, document and implement the intended default/audit split consistently on Windows and non-Windows scripts.
• Rerun npm run flowchain:product-e2e, npm run flowchain:l1-e2e, node infra/scripts/check-unsafe-claims.mjs, and git diff --check.

Out of scope

• Production bridge approval, real-funds bridge claims, tokenomics, or public-network readiness.

[FlowmemoryAI]

Hardware/signals follow-up from agent/l1-loop-hardware-signals after PR #132 merged to main as 14f378b.

Draft hardware PR: #139

This branch was rebased onto current origin/main, picking up the accepted default-vs-audit Slither policy. The exact raw product/L1 gates now pass in this worktree with Slither still on PATH:

git fetch --all --prune
git rebase origin/main
npm run flowchain:product-e2e
npm run flowchain:l1-e2e

Additional hardware-scope checks also pass:

node docs/agent-runs/hardware-signals/SCOPE_CHECK.mjs
npm run flowchain:hardware:smoke
node docs/agent-runs/hardware-signals/AJV_2020_VALIDATION.mjs
node docs/agent-runs/hardware-signals/NO_SECRET_FIXTURE_SCAN.mjs
node infra/scripts/check-unsafe-claims.mjs
git diff --check

Product/L1 e2e generated broader launch/dashboard/service artifacts during the run; those side effects were restored so the branch keeps only allowed hardware-signals changes. GitHub CI for PR #139 is passing. The explicit contracts:hardening:slither audit findings remain visible for contracts/security, but they no longer block the default product/L1 e2e gate for this hardware branch.

[FlowmemoryAI]

Control-plane/explorer branch evidence from agent/l1-loop-control-plane-explorer:

• Control-plane scope checks passed:
  • npm test --prefix services/control-plane
  • npm run control-plane:smoke (58 methods, includes explorer_summary)
  • npm --prefix services/control-plane run explorer:e2e
  • npm test
• Plain npm run flowchain:product-e2e still fails in this local shell when slither.exe is on PATH, during flowchain:full-smoke -> launch:candidate -> contracts:hardening.
• The failure is the existing Slither finding in contracts/bridge/BaseBridgeLockbox.sol#195-207 (missing-zero-check, low-level-calls). That path is outside the control-plane task's allowed folders.
• Full npm run flowchain:product-e2e passes when only Slither's install directory is temporarily removed from PATH, matching the documented optional-Slither local default.
• Local handoff docs added under docs/agent-runs/control-plane-explorer/: AUDIT.md, BLOCKER.md, and PR_READY_SUMMARY.md.

Conclusion: this is not a control-plane regression. Direct 10/10 for the control-plane branch depends on resolving this issue via contracts or HQ static-analysis policy.

[FlowmemoryAI]

Dashboard/workbench branch confirmation from agent/l1-loop-dashboard-workbench.

The exact gate still fails locally:

npm run flowchain:product-e2e

Observed path is flowchain:product-e2e -> flowchain:full-smoke -> flowchain:smoke -> launch:candidate -> contracts:hardening -> slither, with the same findings in contracts/bridge/BaseBridgeLockbox.sol:

• missing-zero-check for BaseBridgeLockbox.releaseNative(...).recipient
• low-level-calls for the native release call

Dashboard-scoped checks pass:

npm test --prefix apps/dashboard
npm run build --prefix apps/dashboard
npm run flowchain:product-e2e -- -SkipFullSmoke

Browser verification at http://127.0.0.1:5173/ also passed on desktop/mobile with required workbench labels, no horizontal overflow, no clipped controls, and no console issues.

The dashboard branch records this as an out-of-scope blocker because contracts/ and hardening policy files are outside its allowed edit folders.

[FlowmemoryAI]

HQ follow-up (2026-05-14): latest status-report shows both real-value pilot ops work and contracts work touching static-analysis/lockbox-adjacent areas. Keep #131 as a small, reviewable fix path: either contracts addresses the Slither findings with tests, or review/contracts explicitly documents and implements the default-vs-audit Slither policy.

Do not bury this inside real-value pilot PRs, and do not claim product/L1 E2E green until the chosen path reruns:

npm run flowchain:product-e2e
npm run flowchain:l1-e2e
node infra/scripts/check-unsafe-claims.mjs
git diff --check

[FlowmemoryAI]

Real-value pilot wallet/operator branch evidence from agent/real-value-pilot-wallet.

Wallet/operator scope is implemented and passing its scoped checks:

npm test --prefix crypto
npm run wallet:product-smoke --prefix crypto
npm run wallet:pilot-e2e --prefix crypto

Additional scoped checks passed:

npm run wallet:pilot-config --prefix crypto -- --created-at-unix-ms 1778702400000 --out out/pilot-wallet-config-check.json
git diff --check

The wallet branch adds local operator config/public metadata boundaries, pilot signing for bridge credit ack, withdrawal intent, release evidence, emergency pause/revoke, public envelope validation without vault imports, and wallet-only PowerShell wrappers. A reviewed secret-pattern scan only found placeholders, test canaries, validation regexes, and documentation warnings.

The exact raw gate remains blocked here:

npm run flowchain:product-e2e

Focused reproduction matches this issue:

slither . --config-file .slither.config.json

Slither reports missing-zero-check and low-level-calls on BaseBridgeLockbox.releaseNative / recipient.call{value: amount}(""). Read-only inspection found _recordRelease already checks recipient == address(0), so the zero-check item likely needs contract-structure or Slither-policy handling; the low-level call remains a hardening-policy finding.

Local handoff docs are under docs/agent-runs/real-value-pilot-wallet/, especially AUDIT.md and PR_OUTPUT.md. This is not a wallet regression, and the wallet goal should not claim the raw product E2E gate green until this issue is resolved.

[FlowmemoryAI]

HQ branch update from PR #132 (agent/real-value-pilot-hq, commit 2c470c1):

Implemented the policy path for this issue in allowed infra/scripts/ files:

• default npm run contracts:hardening skips Slither unless explicitly requested;
• explicit audit paths remain npm run contracts:hardening:slither, PowerShell -RequireSlither, or REQUIRE_SLITHER=1.

Verification on the PR branch:

• npm run contracts:hardening passed with 84 Foundry tests and an optional-Slither warning.
• npm run flowchain:product-e2e passed.
• npm run flowchain:l1-e2e passed.
• npm run contracts:hardening:slither still fails on the known BaseBridgeLockbox.releaseNative missing-zero-check and low-level-calls findings, so the explicit audit gate continues to surface them.
• node infra/scripts/check-unsafe-claims.mjs and git diff --check passed.

Do not close this issue yet: the fix is branch-local until PR #132 is reviewed and merged, and the contracts owner may still choose a contract-level fix instead of the default-vs-audit policy split.

[FlowmemoryAI]

Control-plane/dashboard branch evidence from agent/real-value-pilot-control-dashboard:

• The real-value pilot API/dashboard implementation is complete in the allowed control-plane/dashboard scope.
• npm test --prefix services/control-plane passed.
• npm run control-plane:smoke passed with 66 methods, including the real-value pilot schemas.
• npm test --prefix apps/dashboard passed.
• npm run build --prefix apps/dashboard passed.
• npm run flowchain:real-value-pilot:e2e passed.
• Bare npm run flowchain:product-e2e still fails when slither.exe is on PATH, after service/control-plane/bridge/crypto/contract tests pass, at the same Slither findings in contracts/bridge/BaseBridgeLockbox.sol:
  • missing-zero-check on releaseNative(...).recipient
  • low-level-calls on the native release call
• Running npm run flowchain:product-e2e with only the Slither directory removed from PATH passes, matching the documented default where Slither is optional unless explicitly required.

Local run artifacts documenting this branch's audit are under docs/agent-runs/real-value-pilot-control-dashboard/, especially COMPLETION_AUDIT.md and PR_SUMMARY.md.

[FlowmemoryAI]

Closed by merged PR #132 at merge commit 14f378b7f2dee9bfd29aec691ebda41e2b6fa101.

Accepted policy path:

• Default npm run contracts:hardening no longer runs Slither just because it is installed.
• Explicit audit paths remain npm run contracts:hardening:slither, PowerShell -RequireSlither, or REQUIRE_SLITHER=1.

Verification before merge on the PR branch:

• npm run contracts:hardening passed with 84 Foundry tests and the optional-Slither warning.
• npm run flowchain:product-e2e passed.
• npm run flowchain:l1-e2e passed.
• npm run contracts:hardening:slither still surfaced the known BaseBridgeLockbox.releaseNative Slither findings, so the audit gate continues to expose them.
• node infra/scripts/check-unsafe-claims.mjs and git diff --check passed.

Post-merge evidence:

• npm run flowchain:l1-e2e passed on the merged main-equivalent tree.
• The real-value pilot final gate remains incomplete for subsystem proof-command reasons, not because of this static-analysis policy issue.