SecHive.ai Book a demo
Proof pack90 resultsHackerOne-shapedNo payout claim

Proof / Bug bounty proof pack

CS.05 — External proof

Bug bounty breadth.

Most public AI-security demos stop at one of three points: a benchmark scan, a chat transcript, or a source-only suspicion. This proof pack is different. Ninety results across six method families, shaped for a HackerOne triager.

90
Sanitized results
10
In HackerOne review
6
Method families
0
Payout claims
§ Method coverage

Six families, one proof shape.

Each family is documented with a top-find write-up that preserves vulnerability logic and review value while removing target identifiers.

  1. M.01Business logic / runtime validationReplay, duplicate execution, stale authorization, payment state mismatch.Featured →
  2. M.02Source-first policy reviewDenylist gaps, finality downgrade, controller revocation, unsafe validation boundary.Featured →
  3. M.03Cross-domain protocol reasoningAsset rebind, forwarding mismatch, bridge / cross-chain state inconsistency.Featured →
  4. M.04Auth and identityStep-up bypass, callback / token leakage, login-state confusion.in inventory
  5. M.05Mobile and exported interfacesBroadcast injection, exported providers, binder / interface exposure.in inventory
  6. M.06Cloud and configurationSecret exposure, public debug / RPC surfaces, static management dumps.in inventory

Public-safety boundary

The bug bounty pages present only public-safe mechanisms, proof standards and remediation patterns. They intentionally remove target names, domains, report IDs, package identifiers, secrets, hashes and reusable production exploit steps. No paid bounty outcome is claimed.

Sample of the redacted inventory

IDRedacted result
BB-001Exported account log bridge exposes sensitive operational data
BB-002Open account interface brokers token material across a trust boundary
BB-003Cross-origin login-state endpoint leaks authentication context
BB-004Public cloud business-secret and auth bootstrap material exposure
BB-005Authorisation replay across a privileged action boundary
BB-006Validation enforced on outbound, skipped on inbound recipient release
BB-007Forwarding calldata rebinds asset across cross-domain authorisation
BB-008Exported broadcast accepts privileged action without intent verification
BB-009Step-up boundary skipped for sensitive account mutation
(complete inventory available under engagement)