Intuition Contracts v1.0.2: Security Hardening Upgrade

--

Press enter or click to view image in full size

Intuition is shipping a v1.0.2 update, a security hardening release that bundles four remediation fixes from the CodeArena bug bounty and audit contest into new contract implementations. The fixes span TRUST emissions and bonding, AtomWallet smart accounts, and the MultiVault progressive bonding curves.

Each change is being deployed as a new implementation behind the existing TransparentUpgradeableProxy set on Intuition (chain ID 1155) and Base (chain ID 8453), and for AtomWallet, behind the existing beacon. No new proxies, no reinitializers, no role changes, no breaking changes for builders.

The upgrade process is timelock-governed with a 7-day delay on both networks.

What You Need to Know

Your funds, your positions, your bonding schedule, and your AtomWallets will be unaffected by this upgrade. No action is required from token holders, integrators, or builders.

• No breaking changes: function signatures and ABIs that integrators depend on are preserved.
• No new features: this is a defense-in-depth release, not a product update.
• No role changes: the admin, automation, and timelock role set is identical to v1.0.1.
• 65-byte ECDSA signatures on AtomWallets continue to work with no expiry.

Every upgrade is scheduled through the existing 7-day timelock, so the full calldata for each swap could be verified onchain before execution.

Why We’re Making These Changes

v1.0.2 closes findings from the CodeArena bug bounty and external audit contest on the v1.x contracts. Each fix is narrow and targeted:

• Exact accounting at epoch boundaries. Reward math now treats each epoch as a closed interval, eliminating off-by-one ambiguity at the edges.
• Hard caps on per-epoch emissions. Claims can never exceed the emissions budget for an epoch, even under adversarial sequencing.
• Cryptographically bound signature validity. AtomWallet time-bounded signatures now commit to their validity window, so the window cannot be swapped after signing.
• Rounding fix in the progressive curve. A rare underflow path in _convertToAssets is removed.

Fix-by-Fix Details

v1.0.2–001: Epoch Boundaries — TrustBonding + CoreEmissionsController

Contracts: TrustBonding, CoreEmissionsController Networks: Intuition (1155), Base (8453)

What changed: Epochs are now closed intervals [start, end], where end = start + (n+1) · length − 1. Reward accounting at epoch transitions is now exact, removing an off-by-one path that could surface at the block defining an epoch boundary. getUnclaimedRewardsForEpoch now measures against getEmissionsAtEpoch, so views match the enforced budget.

Timelock: Yes — 7-day delay Status: Complete

v1.0.2–002: Per-Epoch Emissions Cap — TrustBonding

Contract: TrustBonding Networks: Intuition (1155), Base (8453)

What changed: claimRewards is now hard-capped to the remaining per-epoch emissions budget. A claim that would exceed the budget for its epoch reverts with TrustBonding_EpochBudgetExhausted. This closes a rollover edge case where emissions math could drift past the intended epoch ceiling under certain sequences of claims.

Timelock: Yes — 7-day delay Status: Complete

v1.0.2–003: ERC-4337 Signature Binding — AtomWallet

Contract: AtomWallet (upgraded via the existing AtomWallet beacon) Networks: Intuition (1155), Base (8453)

What changed: AtomWallet signature validity metadata has moved from a 24-byte prefix on callData to a 12-byte suffix on the signature itself, and the metadata is now cryptographically bound.

• 77-byte signatures sign keccak256(userOpHash ‖ validUntil ‖ validAfter), so the validity window cannot be altered after signing.
• 65-byte ECDSA signatures continue to validate as before, with no expiry.
• Malformed signature lengths no longer revert. They surface through the standard ERC-4337 validationData return path, which bundlers already handle.
• Four AtomWallet_Invalid* error selectors were removed as a result.

Timelock: Yes — 7-day delay Status: Complete

v1.0.2–004: Progressive Curve Redeem — MultiVault

Contract: MultiVault (offset progressive / exponential bonding curves) Networks: Intuition (1155), Base (8453)

What changed: In _convertToAssets, the call to PCMath.squareUp(sNext) was replaced with PCMath.square(sNext), removing a rare underflow path in redemption math along the offset progressive bonding curve.

Timelock: Yes — 7-day delay Status: Complete

Deployment and Governance

• Upgrades are driven by network-specific, versioned deployment scripts that generate the exact calldata for scheduling and executing each implementation swap.
• Each upgrade is scheduled on the timelock, held for a 7-day delay, and then executed.
• Both Intuition mainnet and Base mainnet use the same 7-day delay.
• Admin Safes, automation operators, and timelock roles are unchanged from v1.0.1.

Status Tracker

• v1.0.2–001 — Epoch boundaries (TrustBonding + CoreEmissionsController) — Complete
• v1.0.2–002 — Per-epoch emissions cap (TrustBonding) — Complete
• v1.0.2–003 — ERC-4337 signature binding (AtomWallet) — Complete
• v1.0.2–004 — Progressive curve redeem (MultiVault) — Complete

Summary

v1.0.2 is a defense-in-depth release that closes CodeArena bug-bounty and audit-contest findings across TRUST emissions, bonding, the MultiVault, and AtomWallet smart accounts. The upgrade:

• Makes epoch reward accounting exact at boundaries.
• Enforces per-epoch emissions budgets at the claim site.
• Cryptographically binds AtomWallet signature validity windows.
• Removes a rounding underflow path in the offset progressive bonding curve.

No new features, no token or role changes, no action required for token holders. The upgrade was applied through the existing timelock-governed process with a 7-day delay on both Intuition and Base mainnet.

If you have questions, reach out in Discord or tag us on X.