diff --git a/.gitattributes b/.gitattributes
index 42bb790c..40f5442c 100644
--- a/.gitattributes
+++ b/.gitattributes
@@ -7,6 +7,7 @@
 
 *.sol text eol=lf
 *.md text eol=lf
+*.json text eol=lf
 *.toml text eol=lf
 *.txt text eol=lf
 *.yml text eol=lf
diff --git a/.gitignore b/.gitignore
index b108de07..819a3b01 100644
--- a/.gitignore
+++ b/.gitignore
@@ -12,6 +12,14 @@ out/
 cache/
 broadcast/
 
+# Static analysis reports
+slither-baseline.json
+slither-report.json
+slither-results.json
+slither.db.json
+export.sarif
+export.sarif.sarifexplorer
+
 # Local environments and secrets
 .env
 .env.*
diff --git a/Makefile b/Makefile
index 89ca6bbf..d23070bc 100644
--- a/Makefile
+++ b/Makefile
@@ -34,7 +34,7 @@ fmt-check:
 	forge fmt --check smart-contracts
 
 slither:
-	slither . --foundry-compile-all
+	slither . --config-file slither.config.json --foundry-compile-all
 
 clean:
 	$(RM_RF)
diff --git a/README.md b/README.md
index 8bc1f353..fe7a25a4 100644
--- a/README.md
+++ b/README.md
@@ -55,7 +55,8 @@ make check
 ## Tooling
 
 Tool versions and non-gating diagnostic commands are documented in
-[`docs/tooling.md`](docs/tooling.md).
+[`docs/tooling.md`](docs/tooling.md). The current Slither high/medium baseline
+is tracked in [`ops/SLITHER_BASELINE.md`](ops/SLITHER_BASELINE.md).
 
 Current pinned versions:
 
@@ -80,7 +81,9 @@ Current pinned versions:
 - [`CONTRIBUTING.md`](CONTRIBUTING.md)
 - [`SECURITY.md`](SECURITY.md)
 - [`ops/ROADMAP.md`](ops/ROADMAP.md)
+- [`ops/SLITHER_BASELINE.md`](ops/SLITHER_BASELINE.md)
 - [`ops/AUTONOMOUS_RUN.md`](ops/AUTONOMOUS_RUN.md)
 - [`docs/status.md`](docs/status.md)
 - [`docs/known-blockers.md`](docs/known-blockers.md)
 - [`docs/tooling.md`](docs/tooling.md)
+- [`docs/slither.md`](docs/slither.md)
diff --git a/docs/known-blockers.md b/docs/known-blockers.md
index 3c82505d..63c0b396 100644
--- a/docs/known-blockers.md
+++ b/docs/known-blockers.md
@@ -8,7 +8,8 @@ contributors who start from the README.
 - Auction custody and settlement need an accepted state-machine model.
 - Push payments must move to pull-payment accounting before production use.
 - Randomizer request and callback validation need production hardening.
-- Slither high/medium findings need triage before audit readiness.
+- Slither high/medium findings are captured in `ops/SLITHER_BASELINE.md` and
+  need triage before audit readiness.
 - Meaningful unit, integration, regression, and invariant tests are missing.
 - Deployment scripts, manifests, and rehearsal runbooks are missing.
 
diff --git a/docs/slither.md b/docs/slither.md
new file mode 100644
index 00000000..60d0c092
--- /dev/null
+++ b/docs/slither.md
@@ -0,0 +1,85 @@
+# Slither Baseline
+
+Slither is pinned through `requirements-tools.txt` and is currently a
+non-gating diagnostic. It is expected to report high and medium findings until
+the roadmap triage work fixes, accepts, or scopes each row.
+
+## Versions
+
+| Tool | Version |
+| --- | --- |
+| Slither | `0.11.5` |
+| solc-select | `1.2.0` |
+| Solidity compiler | `0.8.19` |
+
+## Local Run
+
+Bootstrap the tools first:
+
+```bash
+bash scripts/bootstrap-ec2.sh
+```
+
+or on Windows:
+
+```powershell
+powershell -ExecutionPolicy Bypass -File scripts\bootstrap-windows.ps1
+```
+
+Then run Slither:
+
+```bash
+solc-select use 0.8.19
+make slither
+```
+
+The target runs:
+
+```bash
+slither . --config-file slither.config.json --foundry-compile-all
+```
+
+On Windows without `make`, run the local virtual-environment binary directly:
+
+```powershell
+$env:Path = "$HOME\.foundry\bin;$PWD\.venv-tools\Scripts;$env:Path"
+.\.venv-tools\Scripts\solc-select.exe use 0.8.19
+.\.venv-tools\Scripts\slither.exe . --config-file slither.config.json --foundry-compile-all
+```
+
+Slither currently exits non-zero because findings exist. A non-zero exit from
+this command is expected until the baseline is accepted as a gate.
+
+The bootstrap scripts install and select Solidity `0.8.19`. Run the
+`solc-select use` command explicitly when refreshing the baseline from an
+existing shell or virtual environment.
+
+## JSON Output
+
+Raw JSON output is useful for refreshing the baseline, but it is not committed
+because it is large and noisy.
+
+```bash
+slither . --config-file slither.config.json --foundry-compile-all --json slither-baseline.json
+```
+
+`slither-baseline.json`, `slither-report.json`, `slither-results.json`, and the
+default Slither triage database are ignored by Git.
+
+## Baseline Process
+
+The tracked high/medium baseline lives in
+[`ops/SLITHER_BASELINE.md`](../ops/SLITHER_BASELINE.md).
+
+When refreshing it:
+
+1. Run Slither with the pinned toolchain and config.
+2. Record the total count, impact counts, and high/medium detector rows.
+3. Keep production findings `Open` until a PR fixes them or a maintainer
+   accepts them with rationale.
+4. Keep test-only findings separate from production findings.
+5. Add or update the required regression test for every fixed production
+   finding.
+
+Slither should become a CI gate only after the high/medium baseline is fixed,
+accepted, or explicitly documented as false positive.
diff --git a/docs/tooling.md b/docs/tooling.md
index 4f8fb802..af7b688c 100644
--- a/docs/tooling.md
+++ b/docs/tooling.md
@@ -62,5 +62,17 @@ make fmt-check
 make slither
 ```
 
+`make slither` runs:
+
+```bash
+slither . --config-file slither.config.json --foundry-compile-all
+```
+
+The current Slither high/medium baseline is tracked in
+[`ops/SLITHER_BASELINE.md`](../ops/SLITHER_BASELINE.md). Slither exits non-zero
+while findings exist; that is expected until the baseline is accepted as a CI
+gate.
+
 Formatting and Slither have known baselines and should become gates only after
 the roadmap items for formatting triage and Slither baseline acceptance land.
+See [`docs/slither.md`](slither.md) for the full Slither workflow.
diff --git a/ops/AUTONOMOUS_RUN.md b/ops/AUTONOMOUS_RUN.md
index 2aebce4e..9398b739 100644
--- a/ops/AUTONOMOUS_RUN.md
+++ b/ops/AUTONOMOUS_RUN.md
@@ -29,11 +29,11 @@ tests, security hardening, deployment discipline, and release/audit readiness.
 | Field | Value |
 | --- | --- |
 | Remote | `https://github.com/6529-Collections/6529Stream.git` |
-| Active PR branch | `codex/characterization-test-skeleton` |
-| Last merged PR | `https://github.com/6529-Collections/6529Stream/pull/5` |
+| Active PR branch | `codex/slither-baseline` |
+| Last merged PR | `https://github.com/6529-Collections/6529Stream/pull/6` |
 | Roadmap file | `ops/ROADMAP.md` |
 | State file | `ops/AUTONOMOUS_RUN.md` |
-| Last updated | `2026-06-10 01:04 UTC` |
+| Last updated | `2026-06-10 01:38 UTC` |
 
 ## Packaging Notes
 
@@ -54,8 +54,8 @@ The queue will evolve as PRs merge and bot feedback arrives.
 | 1 | Roadmap and autonomous run control plane | Gate A / planning | `ops/ROADMAP.md`, `ops/AUTONOMOUS_RUN.md` only unless PR packaging requires small docs metadata | Merged in PR #3 |
 | 2 | Reproducible baseline tooling | Gate A | Foundry config, make/check command, bootstrap scripts, CI smoke workflow | Merged in PR #4 |
 | 3 | Repo maturity and contributor docs | Gate A / Gate G foundation | README status, SECURITY, CONTRIBUTING, issue/PR templates, CODEOWNERS | Merged in PR #5 |
-| 4 | Characterization test skeleton | Gate A | Test helpers, fixtures, mocks, and executable characterization coverage | In progress on branch `codex/characterization-test-skeleton` |
-| 5 | Slither baseline appendix/config | Gate A / Gate C foundation | Static analysis command/config and tracked baseline issue rows | Planned |
+| 4 | Characterization test skeleton | Gate A | Test helpers, fixtures, mocks, and executable characterization coverage | Merged in PR #6 |
+| 5 | Slither baseline appendix/config | Gate A / Gate C foundation | Static analysis command/config and tracked baseline issue rows | In progress on branch `codex/slither-baseline` |
 
 ## Current PR Worklog
 
@@ -173,7 +173,7 @@ Outcome:
 
 ### PR #6: Characterization test skeleton (Queue Item 4)
 
-Status: PR open; latest CodeRabbit token-hash authorization comment fixed locally.
+Status: Merged.
 Branch: `codex/characterization-test-skeleton`.
 Pull request: `https://github.com/6529-Collections/6529Stream/pull/6`.
 
@@ -219,12 +219,74 @@ Validation:
 - Direct `forge` is still not available on the raw PowerShell `PATH`; the
   documented `make` and PowerShell wrapper paths resolve the installed Foundry
   binary.
+- GitHub CI run `27246119762` passed on final head
+  `0e037b3b33d144cce9d381a57a5a423fc1f3d8c0`.
+- CodeRabbit completed successfully after the token-hash authorization fix.
+- Claude was explicitly pinged on the final head; no new actionable Claude
+  response arrived before merge, and prior Claude review threads were resolved
+  or outdated.
+
+Outcome:
+
+- Merged as PR #6 on `2026-06-10 01:12 UTC`.
+- Squash merge commit: `a2f0de7f70f748b81b04d7b4e6a35b20b6c2b720`.
+- Latest head before merge: `0e037b3b33d144cce9d381a57a5a423fc1f3d8c0`.
+
+### PR #7: Slither baseline appendix/config (Queue Item 5)
+
+Status: PR open; addressing CodeRabbit review follow-up.
+Branch: `codex/slither-baseline`.
+Pull request: `https://github.com/6529-Collections/6529Stream/pull/7`.
+
+Goal:
+
+- Make Slither invocation reproducible through the pinned toolchain.
+- Track the current high/medium Slither baseline in reviewable Markdown.
+- Keep Slither non-gating until high/medium findings are fixed, accepted, or
+  documented as false positives.
+- Link the baseline from the roadmap, README, and tooling docs.
+
+Candidate files:
+
+- `slither.config.json`
+- `.gitattributes`
+- `.gitignore`
+- `Makefile`
+- `docs/slither.md`
+- `docs/tooling.md`
+- `docs/known-blockers.md`
+- `README.md`
+- `ops/SLITHER_BASELINE.md`
+- `ops/ROADMAP.md`
+- `ops/AUTONOMOUS_RUN.md`
 
-Next steps:
+Validation:
 
-1. Push the CodeRabbit token-hash authorization follow-up.
-2. Wait for refreshed CI, CodeRabbit, and Claude status.
-3. Resolve actionable review comments before merge.
+- Config-backed Slither run with pinned Slither `0.11.5` and Solidity `0.8.19`
+  produced 530 total findings: 13 High, 26 Medium, 51 Low, 434 Informational,
+  and 6 Optimization.
+- Slither returned detector JSON successfully with `success: true` and exited
+  `-1` because findings exist; this is expected before baseline acceptance.
+- `python -m json.tool slither.config.json` passed.
+- `make -n slither` prints
+  `slither . --config-file slither.config.json --foundry-compile-all`.
+- `git check-ignore` confirms Slither JSON/SARIF/triage report outputs are
+  ignored.
+- `.gitattributes` pins JSON files to LF line endings for the new Slither
+  config.
+- Markdown heading scan passed for `docs/slither.md`,
+  `ops/SLITHER_BASELINE.md`, and `ops/ROADMAP.md`.
+- `make check` passed with 17 tests and the known existing warnings.
+- `powershell -ExecutionPolicy Bypass -File scripts\check.ps1` passed with 17
+  tests and the known existing warnings.
+- `git diff --cached --check` passed.
+- CodeRabbit review follow-up added explicit `solc-select use 0.8.19`
+  instructions, marked vendored library rows as `Needs Issue` with
+  likely-false-positive/provenance wording, and assigned
+  `P0-META-001` to the dependency-script packed-encoding row.
+- Review follow-up validation passed: `python -m json.tool
+  slither.config.json`, targeted `rg` checks, Markdown heading scan,
+  `git diff --check`, and `make check`.
 
 ## Decision Log
 
@@ -257,6 +319,16 @@ Next steps:
 | 2026-06-10 00:45 | Address CodeRabbit PR #6 second-pass comment | Added the empty-batch guard before `MockStreamMinter` reads the first mint array elements |
 | 2026-06-10 00:55 | Address Claude PR #6 characterization-honesty comment | Renamed the poster rejection test and added explicit payout-address and curators-pool rejection characterization cases |
 | 2026-06-10 01:04 | Address CodeRabbit PR #6 token-hash authorization comment | Mint with a no-op randomizer before the non-randomizer `setTokenHash` assertion, then switch to the configured randomizer to prove first-set and no-overwrite behavior |
+| 2026-06-10 01:12 | Merge PR #6 | Final head was CI-clean, CodeRabbit-clean, and visible review threads were resolved or outdated |
+| 2026-06-10 01:14 | Start PR #7 | Queue Item 5 captures the Slither high/medium baseline before any detector suppressions or CI gating |
+| 2026-06-10 01:17 | Keep Slither non-gating | Slither currently exits non-zero because real findings exist; `make check` remains build/test only until baseline acceptance |
+| 2026-06-10 01:17 | Do not suppress Slither detectors yet | The config only filters generated artifact paths; findings stay visible until each high/medium row is fixed, accepted, or proved false positive |
+| 2026-06-10 01:24 | Validate config-backed Slither run | `slither . --config-file slither.config.json --foundry-compile-all --json <temp-file>` returned JSON success with 530 findings and expected exit `-1` |
+| 2026-06-10 01:27 | Finish local PR #7 smoke validation | Config JSON, Makefile dry-run, ignore rules, Markdown heading scan, `make check`, and Windows `scripts/check.ps1` pass |
+| 2026-06-10 01:29 | Finish staged PR #7 validation | `git diff --cached --check` passes after staging all PR #7 files |
+| 2026-06-10 01:31 | Open PR #7 | PR packages the Slither config, tracked high/medium baseline, docs links, and durable state updates |
+| 2026-06-10 01:37 | Address CodeRabbit PR #7 review | Add compiler activation instructions, mark vendored likely false positives as `Needs Issue`, and assign `P0-META-001` to dependency-script packed encoding |
+| 2026-06-10 01:38 | Validate CodeRabbit PR #7 follow-up | JSON parse, targeted text checks, heading scan, whitespace check, and `make check` pass after review edits |
 
 ## Resume Instructions
 
diff --git a/ops/ROADMAP.md b/ops/ROADMAP.md
index 9d7de0a5..59e737c8 100644
--- a/ops/ROADMAP.md
+++ b/ops/ROADMAP.md
@@ -30,9 +30,9 @@ order.
 | OS tested | Windows / Linux |
 | Foundry version | `v1.7.1` |
 | Solidity compiler version | `0.8.19` |
-| Slither version | TBD |
+| Slither version | `0.11.5` |
 | CI run | TBD |
-| Command transcript location | TBD |
+| Command transcript location | `ops/SLITHER_BASELINE.md` for Slither baseline; other transcripts TBD |
 
 ### Machine-Verifiable Baseline
 
@@ -41,7 +41,7 @@ order.
 | Build | Passes with warnings when `forge` is invoked through the installed binary path | `forge build` | Build passes in CI and locally with warnings burned down or documented |
 | Unit/integration tests | Initial characterization tests cover admin guards, current drop behavior, fixed-price payout behavior, and randomness/pending metadata behavior; broader P0/P1 tests are missing | `forge test -vvv` | P0 regression and integration suite exists |
 | Formatting | Fails broadly | `forge fmt --check smart-contracts` | Passing, or vendored exclusions documented |
-| Static analysis | Runs with a large untriaged baseline | `slither . --foundry-compile-all` | High/medium findings fixed, accepted, or documented |
+| Static analysis | Runs with a tracked but unaccepted baseline: 530 total findings, including 13 High and 26 Medium | `slither . --config-file slither.config.json --foundry-compile-all` and `ops/SLITHER_BASELINE.md` | High/medium findings fixed, accepted, or documented |
 | Deployment | Missing | no meaningful `script/`/manifest process | Anvil deployment and fork rehearsal pass |
 | Docs | Partial README and roadmap only | manual inspection | Architecture, security, deployment, and protocol docs merged |
 | Release artifacts | Missing | no ABI/address/manifest release process | ABIs, manifests, checksums, and verified addresses published |
@@ -1020,14 +1020,16 @@ Required tests:
 
 Required docs:
 
-- Appendix A Slither baseline table.
-- Slither config after triage.
+- Appendix A Slither baseline summary.
+- Detailed high/medium baseline in `ops/SLITHER_BASELINE.md`.
+- Slither config after triage for any detector suppressions.
 
 Acceptance criteria:
 
 - Slither baseline table has detector, contract, function, source kind, source
   location, severity, confidence, status, resolution, required test, issue,
   gate, and owner.
+- Current high/medium Slither rows are captured in `ops/SLITHER_BASELINE.md`.
 - Every `Open` or `Needs Issue` finding has an issue link or `TBD` placeholder
   marked as blocking triage.
 - CI fails on new high/medium findings after baseline is accepted.
@@ -1315,7 +1317,7 @@ No P0 contract PR may merge without:
 - Add Markdown lint.
 - Add ShellCheck for shell scripts.
 - Add PowerShell Script Analyzer for PowerShell scripts.
-- Add `slither.config.json` after triage.
+- Keep `slither.config.json` free of detector suppressions until triage.
 - Fail CI on new high/medium findings after baseline acceptance.
 
 ### Dependency And Provenance Management
@@ -1592,19 +1594,45 @@ No P0 contract PR may merge without:
 
 ## Appendix A: Slither Baseline
 
+Source of truth: `ops/SLITHER_BASELINE.md`.
+
 Status values: `Open`, `Fixed`, `Accepted`, `False Positive`, `Needs Issue`.
-Every row must record source file and line range, identify whether the finding
-is first-party, vendored, generated, or test-only, and include an issue link for
-each `Open` or `Needs Issue` row before Gate F.
-
-| Detector | Contract | Function | Source kind | Source location | Severity | Confidence | Status | Resolution | Required test | Issue | Gate | Owner |
-| --- | --- | --- | --- | --- | --- | --- | --- | --- | --- | --- | --- | --- |
-| `arbitrary-send-eth` | TBD | emergency withdrawals / payouts | first-party | TBD | High | TBD | Open | Replace or bound with owed/surplus accounting | payment invariant + emergency withdrawal tests | TBD | Gate C | TBD |
-| `reentrancy-eth` | `AuctionContract.sol` | `participateToAuction` | first-party | TBD | High | TBD | Open | Pull credits and state-before-call | malicious bidder regression | TBD | Gate C | TBD |
-| `weak-prng` | `XRandoms.sol` / `RandomizerNXT.sol` | randomness helpers | first-party | TBD | High | TBD | Open | Demo-only or replace with production randomizer | randomness provider tests | TBD | Gate C | TBD |
-| `encode-packed-collision` | `StreamDrops.sol` and script/dependency hashing paths | drop ID / concatenation | first-party | TBD | Medium/High | TBD | Open | Use typed `abi.encode` / EIP-712 | replay/collision tests | TBD | Gate C | TBD |
-| `uninitialized-state` | TBD | mint-accounting mappings | first-party | TBD | Medium | TBD | Open | Remove, initialize, or complete design | harness regression | TBD | Gate C | TBD |
-| vendored library warnings | `Math.sol`, `SignedMath.sol`, retained libraries | library functions | vendored | TBD | TBD | TBD | Open | Replace with pinned upstream or suppress with rationale | build/lint baseline | TBD | Gate F | TBD |
+Every detailed row must record source file and line range, identify whether the
+finding is first-party, vendored, generated, or test-only, and include an issue
+link for each `Open` or `Needs Issue` row before Gate F.
+
+Current capture:
+
+- Tool: Slither `0.11.5`.
+- Compiler: Solidity `0.8.19`.
+- Command: `slither . --config-file slither.config.json --foundry-compile-all --json <temp-file>`.
+- Status: baseline captured, not accepted as a CI gate.
+- Result: 530 findings, including 13 High and 26 Medium.
+
+Impact summary:
+
+| Impact | Count |
+| --- | ---: |
+| High | 13 |
+| Medium | 26 |
+| Low | 51 |
+| Informational | 434 |
+| Optimization | 6 |
+
+High/medium detector summary:
+
+| Detector | Impact | Count | Primary scope | Status | Required action |
+| --- | --- | ---: | --- | --- | --- |
+| `arbitrary-send-eth` | High | 4 | first-party emergency withdrawals | Open | Replace or bound with owed/surplus accounting |
+| `encode-packed-collision` | High | 3 | drop authorization and dependency/script hashing | Open | Replace ad hoc packed hashes with typed/domain-separated encoding; track dependency-script row as `P0-META-001` |
+| `incorrect-exp` | High | 1 | vendored `Math.mulDiv` | Needs Issue | Confirm likely false positive against pinned upstream or replace vendored library |
+| `reentrancy-eth` | High | 1 | auction bidding | Open | Move to pull credits and state-before-external-call flow |
+| `uninitialized-state` | High | 2 | mint-accounting mappings | Open | Initialize, remove, or complete design |
+| `weak-prng` | High | 2 | word pool randomness helpers | Open | Replace or explicitly scope through randomness ADR |
+| `divide-before-multiply` | Medium | 9 | vendored math/base64 helpers | Needs Issue | Confirm likely false positive against pinned upstream or replace vendored library |
+| `locked-ether` | Medium | 1 | test-only rejection mock | Accepted | Keep scoped to test-only baseline |
+| `uninitialized-local` | Medium | 12 | first-party and test helper locals | Open for production rows | Initialize or prove Solidity zero-value intent |
+| `unused-return` | Medium | 4 | characterization tests | Accepted | Keep scoped to test-only baseline |
 
 ## Appendix B: Test Matrix
 
@@ -1622,6 +1650,7 @@ Status values: `Missing`, `Planned`, `In Progress`, `Passing`, `Blocked`.
 | Admin selector mismatch | Wrong function selector cannot authorize mutation | `test/StreamAdminSelectors.t.sol` | Initial characterization exists in `test/StreamCoreAdminCharacterization.t.sol`; P0 fix tests missing | `P0-ADMIN-001` | Gate C | TBD |
 | Randomizer stale callback | Replaced randomizer fulfillment rejected | `test/StreamRandomizer.t.sol` | Missing | `P0-RAND-001` | Gate C | TBD |
 | Pending randomness metadata | `tokenURI` pending/final behavior is deterministic | `test/StreamMetadata.t.sol` | Initial characterization exists in `test/StreamDropsIntegrationCharacterization.t.sol`; golden-file tests missing | `P1-META-*` | Gate D | TBD |
+| Dependency script packed encoding | Dependency script retrieval uses safe typed concatenation/hash encoding and cannot collide across script segments | `test/StreamMetadataEncoding.t.sol` | Missing | `P0-META-001` | Gate C | TBD |
 | Curator double claim | Valid claim succeeds once and second claim fails | `test/StreamCuratorsPool.t.sol` | Missing | `P1-CURATOR-*` | Gate D | TBD |
 | Merkle leaf ambiguity | Duplicate or ambiguous leaves cannot double claim | `test/StreamCuratorsMerkle.t.sol` | Missing | `P1-CURATOR-*` | Gate D | TBD |
 | Burn accounting | Burned-token supply and metadata follow ADR | `test/StreamCoreBurn.t.sol` | Missing | `P1-META-*` | Gate D | TBD |
diff --git a/ops/SLITHER_BASELINE.md b/ops/SLITHER_BASELINE.md
new file mode 100644
index 00000000..c8a535f5
--- /dev/null
+++ b/ops/SLITHER_BASELINE.md
@@ -0,0 +1,112 @@
+# Slither Baseline
+
+This is the tracked high/medium Slither baseline for 6529Stream. It is a triage
+input, not an accepted security baseline.
+
+## Capture Metadata
+
+| Field | Value |
+| --- | --- |
+| Status | Open baseline; not accepted as a CI gate |
+| Last generated | `2026-06-10 01:24 UTC` |
+| Slither | `0.11.5` |
+| Solidity compiler | `0.8.19` |
+| solc-select | `1.2.0` |
+| Command | `slither . --config-file slither.config.json --foundry-compile-all --json <temp-file>` |
+| Raw JSON | Not committed; regenerate locally when needed |
+
+Slither returned detector results successfully, but the process exited non-zero
+because findings exist. That is expected until the roadmap accepts a gated
+baseline.
+
+## Impact Counts
+
+| Impact | Count |
+| --- | ---: |
+| High | 13 |
+| Medium | 26 |
+| Low | 51 |
+| Informational | 434 |
+| Optimization | 6 |
+| Total | 530 |
+
+## Detector Counts
+
+| Detector | Impact | Count |
+| --- | --- | ---: |
+| `arbitrary-send-eth` | High | 4 |
+| `encode-packed-collision` | High | 3 |
+| `incorrect-exp` | High | 1 |
+| `reentrancy-eth` | High | 1 |
+| `uninitialized-state` | High | 2 |
+| `weak-prng` | High | 2 |
+| `divide-before-multiply` | Medium | 9 |
+| `locked-ether` | Medium | 1 |
+| `uninitialized-local` | Medium | 12 |
+| `unused-return` | Medium | 4 |
+| Low-impact findings | Low | 51 |
+| Informational findings | Informational | 434 |
+| Optimization findings | Optimization | 6 |
+
+## Status Semantics
+
+| Status | Meaning |
+| --- | --- |
+| `Open` | Production-impacting finding that still needs a fix, accepted-risk rationale, or false-positive proof |
+| `Accepted` | Non-production or explicitly accepted finding with documented rationale |
+| `False Positive` | Tool finding proven not to apply |
+| `Fixed` | Finding removed by code change and covered by regression test |
+| `Needs Issue` | Finding needs a dedicated issue before Gate F |
+
+## High And Medium Findings
+
+Every `Open` row is blocking triage until it has a GitHub issue link or a
+concrete fix PR. `TBD` issue cells are intentional placeholders.
+
+| Detector | Occurrences | Contract | Function | Source kind | Source location | Severity | Confidence | Status | Resolution | Required test | Issue | Gate | Owner |
+| --- | ---: | --- | --- | --- | --- | --- | --- | --- | --- | --- | --- | --- | --- |
+| `arbitrary-send-eth` | 1 | `StreamAuctions` | `emergencyWithdraw()` | first-party | `smart-contracts/AuctionContract.sol#L147-L153` | High | Medium | Open | Replace emergency payout push with bounded owed/surplus accounting | Payment invariant and emergency withdrawal tests | `P0-PAY-008` / TBD | Gate C | TBD |
+| `arbitrary-send-eth` | 1 | `NextGenRandomizerRNG` | `emergencyWithdraw()` | first-party | `smart-contracts/RandomizerRNG.sol#L78-L84` | High | Medium | Open | Replace emergency payout push with bounded owed/surplus accounting | Payment invariant and emergency withdrawal tests | `P0-PAY-008` / TBD | Gate C | TBD |
+| `arbitrary-send-eth` | 1 | `StreamCuratorsPool` | `emergencyWithdraw()` | first-party | `smart-contracts/StreamCuratorsPool.sol#L84-L90` | High | Medium | Open | Replace emergency payout push with bounded owed/surplus accounting | Payment invariant and emergency withdrawal tests | `P0-PAY-008` / TBD | Gate C | TBD |
+| `arbitrary-send-eth` | 1 | `StreamMinter` | `emergencyWithdraw()` | first-party | `smart-contracts/StreamMinter.sol#L124-L130` | High | Medium | Open | Replace emergency payout push with bounded owed/surplus accounting | Payment invariant and emergency withdrawal tests | `P0-PAY-008` / TBD | Gate C | TBD |
+| `encode-packed-collision` | 1 | `StreamCore` | `retrieveDependencyScript(uint256)` | first-party | `smart-contracts/StreamCore.sol#L402-L408` | High | High | Open | Use typed encoding or domain-separated metadata/dependency-script hashing | Encoding collision regression | `P0-META-001` / TBD | Gate C | TBD |
+| `encode-packed-collision` | 1 | `StreamDrops` | `retrieveMessageAndDropID(address,string,uint256,uint256,uint256,uint256)` | first-party | `smart-contracts/StreamDrops.sol#L175-L179` | High | High | Open | Replace ad hoc packed hashing with typed EIP-712 authorization | Replay, wrong-domain, and collision tests | `P0-AUTH-002` / TBD | Gate C | TBD |
+| `encode-packed-collision` | 1 | `StreamDrops` | `mintDrop(address,string,uint256,uint256,uint256,uint256)` | first-party | `smart-contracts/StreamDrops.sol#L72-L110` | High | High | Open | Replace ad hoc packed hashing with typed EIP-712 authorization | Replay, wrong-domain, and collision tests | `P0-AUTH-002` / TBD | Gate C | TBD |
+| `incorrect-exp` | 1 | `Math` | `mulDiv(uint256,uint256,uint256)` | vendored | `smart-contracts/Math.sol#L55-L134` | High | Medium | Needs Issue | Likely false positive; confirm against pinned upstream OpenZeppelin or replace retained library with package-managed upstream before acceptance | Library provenance or math regression | `P0-LIB-001` / TBD | Gate F | TBD |
+| `reentrancy-eth` | 1 | `StreamAuctions` | `participateToAuction(uint256)` | first-party | `smart-contracts/AuctionContract.sol#L64-L88` | High | Medium | Open | Move bidding to pull credits and state-before-external-call flow | Malicious bidder regression | `P0-AUCT-002` / TBD | Gate C | TBD |
+| `uninitialized-state` | 1 | `StreamCore` | `state variable tokensMintedPerAddress` | first-party | `smart-contracts/StreamCore.sol#L74` | High | High | Open | Initialize, remove, or complete mint-accounting design | Mint-accounting regression | TBD | Gate C | TBD |
+| `uninitialized-state` | 1 | `StreamCore` | `state variable tokensMintedAllowlistAddress` | first-party | `smart-contracts/StreamCore.sol#L77` | High | High | Open | Initialize, remove, or complete mint-accounting design | Mint-accounting regression | TBD | Gate C | TBD |
+| `weak-prng` | 1 | `randomPool` | `randomNumber()` | first-party | `smart-contracts/XRandoms.sol#L32-L35` | High | Medium | Open | Replace or explicitly scope weak randomness through the randomness ADR | Randomness provider regression | `P0-RAND-ADR` / TBD | Gate C | TBD |
+| `weak-prng` | 1 | `randomPool` | `randomWord()` | first-party | `smart-contracts/XRandoms.sol#L37-L40` | High | Medium | Open | Replace or explicitly scope weak randomness through the randomness ADR | Randomness provider regression | `P0-RAND-ADR` / TBD | Gate C | TBD |
+| `divide-before-multiply` | 1 | `Base64` | `encode(bytes)` | vendored | `smart-contracts/Base64.sol#L20-L91` | Medium | Medium | Needs Issue | Likely false positive; confirm against pinned upstream OpenZeppelin or replace retained library with package-managed upstream before acceptance | Library provenance or precision regression | `P0-LIB-001` / TBD | Gate F | TBD |
+| `divide-before-multiply` | 8 | `Math` | `mulDiv(uint256,uint256,uint256)` | vendored | `smart-contracts/Math.sol#L55-L134` | Medium | Medium | Needs Issue | Likely false positive; confirm against pinned upstream OpenZeppelin or replace retained library with package-managed upstream before acceptance | Library provenance or precision regression | `P0-LIB-001` / TBD | Gate F | TBD |
+| `locked-ether` | 1 | `RejectETH` | `receive()` | test-only | `test/mocks/MockRandomizer.sol#L34-L38` | Medium | High | Accepted | Accepted as a test-only receiver used to characterize failing ETH transfers | None; test-only baseline row | Accepted test-only | Gate A | TBD |
+| `uninitialized-local` | 1 | `Bytes32Strings` | `containsExactCharacterQty(...)._occurrences` | first-party | `smart-contracts/Bytes32Strings.sol#L46` | Medium | Medium | Open | Initialize local before use or prove Solidity zero-value intent with tests/docs | Targeted regression for affected function | TBD | Gate C | TBD |
+| `uninitialized-local` | 1 | `Bytes32Strings` | `containsExactCharacterQty(...).i` | first-party | `smart-contracts/Bytes32Strings.sol#L47` | Medium | Medium | Open | Initialize local before use or prove Solidity zero-value intent with tests/docs | Targeted regression for affected function | TBD | Gate C | TBD |
+| `uninitialized-local` | 1 | `DelegationManagementContract` | `registerDelegationAddressUsingSubDelegation(...).subdelegationRightsCol` | first-party | `smart-contracts/NFTdelegation.sol#L118` | Medium | Medium | Open | Initialize local before use or prove Solidity zero-value intent with tests/docs | Targeted regression for affected function | TBD | Gate C | TBD |
+| `uninitialized-local` | 1 | `DelegationManagementContract` | `revokeDelegationAddressUsingSubdelegation(...).subdelegationRightsCol` | first-party | `smart-contracts/NFTdelegation.sol#L288` | Medium | Medium | Open | Initialize local before use or prove Solidity zero-value intent with tests/docs | Targeted regression for affected function | TBD | Gate C | TBD |
+| `uninitialized-local` | 1 | `DelegationManagementContract` | `retrieveTokenStatus(...).status` | first-party | `smart-contracts/NFTdelegation.sol#L617` | Medium | Medium | Open | Initialize local before use or prove Solidity zero-value intent with tests/docs | Targeted regression for affected function | TBD | Gate C | TBD |
+| `uninitialized-local` | 1 | `DelegationManagementContract` | `retrieveSubDelegationStatus(...).subdelegationRights` | first-party | `smart-contracts/NFTdelegation.sol#L650` | Medium | Medium | Open | Initialize local before use or prove Solidity zero-value intent with tests/docs | Targeted regression for affected function | TBD | Gate C | TBD |
+| `uninitialized-local` | 1 | `DelegationManagementContract` | `retrieveStatusOfActiveDelegator(...).status` | first-party | `smart-contracts/NFTdelegation.sol#L677` | Medium | Medium | Open | Initialize local before use or prove Solidity zero-value intent with tests/docs | Targeted regression for affected function | TBD | Gate C | TBD |
+| `uninitialized-local` | 1 | `StreamCore` | `retrieveGenerativeScript(...).scripttext` | first-party | `smart-contracts/StreamCore.sol#L394` | Medium | Medium | Open | Initialize local before use or prove Solidity zero-value intent with tests/docs | Targeted regression for affected function | TBD | Gate C | TBD |
+| `uninitialized-local` | 1 | `StreamCore` | `retrieveDependencyScript(...).scripttext` | first-party | `smart-contracts/StreamCore.sol#L403` | Medium | Medium | Open | Initialize local before use or prove Solidity zero-value intent with tests/docs | Targeted regression for affected function | TBD | Gate C | TBD |
+| `uninitialized-local` | 1 | `StreamDrops` | `mintDrop(...).tokenid` | first-party | `smart-contracts/StreamDrops.sol#L76` | Medium | Medium | Open | Initialize local before use or prove Solidity zero-value intent with tests/docs | Targeted regression for affected function | TBD | Gate C | TBD |
+| `uninitialized-local` | 1 | `StreamMinter` | `mint(...).mintIndex` | first-party | `smart-contracts/StreamMinter.sol#L76` | Medium | Medium | Open | Initialize local before use or prove Solidity zero-value intent with tests/docs | Targeted regression for affected function | TBD | Gate C | TBD |
+| `uninitialized-local` | 1 | `MockStreamMinter` | `mint(...).mintedCount` | test-only | `test/mocks/MockStreamMinter.sol#L71` | Medium | Medium | Accepted | Accepted as a test-only helper baseline | None; test-only baseline row | Accepted test-only | Gate A | TBD |
+| `unused-return` | 1 | `StreamDropsCharacterizationTest` | `testAuctionDropMintsCurrentCustodyToPayoutAndStoresPosterPrice()` | test-only | `test/StreamDropsCharacterization.t.sol#L107-L126` | Medium | Medium | Accepted | Accepted as a test-only characterization call where return value is intentionally ignored | None; test-only baseline row | Accepted test-only | Gate A | TBD |
+| `unused-return` | 1 | `StreamDropsCharacterizationTest` | `testFixedPriceDropRecordsCurrentExecutionAndMintsToTxOrigin()` | test-only | `test/StreamDropsCharacterization.t.sol#L55-L82` | Medium | Medium | Accepted | Accepted as a test-only characterization call where return value is intentionally ignored | None; test-only baseline row | Accepted test-only | Gate A | TBD |
+| `unused-return` | 1 | `StreamDropsIntegrationCharacterizationTest` | `testAuctionDropCurrentlyMintsCustodyToPayoutAndRecordsAuctionState()` | test-only | `test/StreamDropsIntegrationCharacterization.t.sol#L104-L124` | Medium | Medium | Accepted | Accepted as a test-only characterization call where return value is intentionally ignored | None; test-only baseline row | Accepted test-only | Gate A | TBD |
+| `unused-return` | 1 | `StreamDropsIntegrationCharacterizationTest` | `testFixedPriceDropCurrentlyPaysSynchronouslyAndMintsToTxOrigin()` | test-only | `test/StreamDropsIntegrationCharacterization.t.sol#L21-L39` | Medium | Medium | Accepted | Accepted as a test-only characterization call where return value is intentionally ignored | None; test-only baseline row | Accepted test-only | Gate A | TBD |
+
+## Triage Rules
+
+- Fix first-party high findings before any public beta claim.
+- Convert each fixed finding into a regression test in the test matrix.
+- Replace retained upstream libraries with pinned upstream packages or document
+  provenance before accepting vendored library rows.
+- Convert every `Needs Issue` row into a GitHub issue before accepting or
+  suppressing it.
+- Do not suppress a detector until a row is `Fixed`, `Accepted`, or
+  `False Positive`.
+- Do not convert Slither into a CI gate until high and medium findings have a
+  stable accepted baseline.
diff --git a/slither.config.json b/slither.config.json
new file mode 100644
index 00000000..6a519b57
--- /dev/null
+++ b/slither.config.json
@@ -0,0 +1,3 @@
+{
+  "filter_paths": "(^|/)(out|cache|broadcast)(/|$)"
+}