一键导入
peer-scoring-correctness
L1 trigger - audits peer reputation and scoring logic for symmetry, farming resistance, and penalty coverage.
用 Codex 或 Claude 帮你安装 复制这段 Prompt,粘贴到 Codex、Claude 或其他助手里,让它检查 Skill 页面并帮你完成安装。
菜单
L1 trigger - audits peer reputation and scoring logic for symmetry, farming resistance, and penalty coverage.
用 Codex 或 Claude 帮你安装 复制这段 Prompt,粘贴到 Codex、Claude 或其他助手里,让它检查 Skill 页面并帮你完成安装。
基于 SOC 职业分类
Protocol Type Trigger NAMED_EXTERNAL_PROTOCOL (detected when recon finds import/interface for an identifiable external protocol — not standard libraries). Researches known integration hazards of the target protocol.
Trigger Pattern Always required for DAML audits - Inject Into Breadth agents, depth-state-trace, depth-external
Trigger Pattern Always required for DAML audits - Inject Into Breadth agents, depth-state-trace, depth-edge-case
Trigger Pattern Always required for DAML audits - Inject Into Breadth agents, depth-external, depth-edge-case
Trigger Pattern Always required for DAML audits (self-skips if no template defines a key) - Inject Into Breadth agents, depth-state-trace
Trigger Pattern MONETARY_PARAMETER flag (fee, rate, emission, cap, bps as template fields) - Inject Into Breadth agents (merged via M4 hierarchy)
| name | peer-scoring-correctness |
| description | L1 trigger - audits peer reputation and scoring logic for symmetry, farming resistance, and penalty coverage. |
L1 trigger:
P2Pflag AND (score_peer,peer_score,reputation,misbehavior,ban_peer,peer_scoringdetected) Inject Into:depth-network-surfaceLanguage: Go and Rust Finding prefix:[PSC-N]
Enumerate all score increments and all score decrements. For every reward path, identify the matching penalty path and ask whether a malicious peer can gain trust faster than it can lose it.
Tag: [PEER-SCORE:SYMMETRY]
Required full-leg matrix: Do not stop after the first scoring bug. Build a complete table of every score mutation and every peer-performance observation:
| Leg | Event / endpoint | Reward? | Penalty? | Error classes penalized | Can attacker farm? |
|---|---|---|---|---|---|
| block validation | valid / invalid block | ||||
| block pool / orphan handling | unknown parent, invalid data, timeout | ||||
| health check | HTTP 200, non-200, timeout, parse error | ||||
| data/chunk request | delivery success, delivery fail, no response | ||||
| gossip | valid message, invalid message, duplicate, re-gossip | ||||
| bootstrap / peer list | useful peer, bogus peer, stale address |
Every blank Penalty? for a harmful event is a candidate finding. Every blank
Can attacker farm? for a reward event is incomplete analysis.
Build a failure-mode table and verify every harmful action has a score impact:
| Failure mode | Penalized? | Immediate? | Resettable? |
|---|---|---|---|
| Invalid block / tx | |||
| Timeout / stall | |||
| Malformed gossip | |||
| Health-check failure | |||
| Excessive requests | |||
| Non-response / timeout | |||
| Non-200 HTTP response | |||
| Delivery failure after accepted request | |||
| Invalid block held in cache / orphan pool | |||
| Stale peer address update |
Tag: [PEER-SCORE:COVERAGE]
Check whether peers can cheaply farm score via ping loops, get_data style
requests, acknowledgements without contribution, or reconnect-based resets.
Quantify attacker cost versus defender work.
For each positive score path, identify the cost the peer actually pays. A peer must not gain score for:
Tag: [PEER-SCORE:FARMING]
For every increase_score, decrease_score, reward, penalize, or raw
score +=/-= site, verify the sign matches the semantic event. Common miss:
error branches log failure but do not call the penalty path, or non-200
responses are treated as success because transport completed.
Tag: [PEER-SCORE:DIRECTION:{file}:{line}]
Tag: [PEER-SCORE:RESET]
Trace where score affects sync-source selection, top-peer preference, or bandwidth allocation. A manipulable score that changes any of those choices is an enabler finding even if the scoring bug alone is not terminal.
Tag: [PEER-SCORE:SELECTION]
Always include the full-leg matrix in the output, even when every row is SAFE.
If a row is not applicable, write N/A and cite the file/line proving the
protocol does not implement that leg. Missing rows are treated as incomplete
peer-scoring coverage.