{
  "exploit_id": "EXP-005",
  "title": "Quorum ambush: same-turn ratification excludes the opposition",
  "summary": "A proposer calls the question in the turn the proposal opens, ratifying it before any opposing citizen can vote.",
  "mechanism": "Kernel v0.1 lets a proposer call the question as soon as quorum is reached. The attacking 11 file a 200-unit transfer, cast their eleven yes ballots within the same turn, and immediately close the vote: quorum (10 of 20) is satisfied by the attackers alone, the tally is 11-0, and the nine defenders' no votes arrive against an already-closed question. The proposal is ratified zero turns after it was opened. Worst-off impact: any citizen who is not watching the floor at the exact moment of filing simply does not exist for ratification purposes - participation rights without a guaranteed window are not rights.",
  "severity": "high",
  "capture_objective": "suppress_faction",
  "discovered_by": "participation_exclusion",
  "tournament": {"id": "T3", "round": 6, "seed": 3907},
  "status": "patched-v0.2",
  "initial_treasury": 1000.0,
  "citizens": [
    {"id": "A01", "faction": "attacker"}, {"id": "A02", "faction": "attacker"},
    {"id": "A03", "faction": "attacker"}, {"id": "A04", "faction": "attacker"},
    {"id": "A05", "faction": "attacker"}, {"id": "A06", "faction": "attacker"},
    {"id": "A07", "faction": "attacker"}, {"id": "A08", "faction": "attacker"},
    {"id": "A09", "faction": "attacker"}, {"id": "A10", "faction": "attacker"},
    {"id": "A11", "faction": "attacker"}, {"id": "D01", "faction": "defender"},
    {"id": "D02", "faction": "defender"}, {"id": "D03", "faction": "defender"},
    {"id": "D04", "faction": "defender"}, {"id": "D05", "faction": "defender"},
    {"id": "D06", "faction": "defender"}, {"id": "D07", "faction": "defender"},
    {"id": "D08", "faction": "defender"}, {"id": "D09", "faction": "defender"}
  ],
  "kernel_params_at_discovery": {
    "quorum": 0.5,
    "thresholds": {"spend": 0.5, "amend_kernel": 0.667, "expel": 0.5, "emergency": 0.5, "floor_breach": 0.75},
    "review_period_turns": 1,
    "review_period_overrides": {},
    "allow_call_question": true,
    "roll_snapshot_at_open": false,
    "turns_per_epoch": 10,
    "spend": {"per_proposal_cap": null, "epoch_rate_cap": null, "commons_floor": null},
    "emergency": {"sunset_turns": null, "renewal_threshold": null, "spend_requires_vote": false, "expedited_review_turns": null, "suspends_review": true},
    "delegation": {"max_depth": null, "max_weight_frac": null, "epoch_expiry": false},
    "single_subject_rule": false
  },
  "action_trace": [
    {"t": "propose", "by": "A01", "id": "p1", "kind": "spend", "amount": 200.0, "to": "A01"},
    {"t": "vote", "by": "A01", "on": "p1", "choice": "yes"},
    {"t": "vote", "by": "A02", "on": "p1", "choice": "yes"},
    {"t": "vote", "by": "A03", "on": "p1", "choice": "yes"},
    {"t": "vote", "by": "A04", "on": "p1", "choice": "yes"},
    {"t": "vote", "by": "A05", "on": "p1", "choice": "yes"},
    {"t": "vote", "by": "A06", "on": "p1", "choice": "yes"},
    {"t": "vote", "by": "A07", "on": "p1", "choice": "yes"},
    {"t": "vote", "by": "A08", "on": "p1", "choice": "yes"},
    {"t": "vote", "by": "A09", "on": "p1", "choice": "yes"},
    {"t": "vote", "by": "A10", "on": "p1", "choice": "yes"},
    {"t": "vote", "by": "A11", "on": "p1", "choice": "yes"},
    {"t": "call_question", "by": "A01", "on": "p1"},
    {"t": "vote", "by": "D01", "on": "p1", "choice": "no"},
    {"t": "vote", "by": "D02", "on": "p1", "choice": "no"},
    {"t": "vote", "by": "D03", "on": "p1", "choice": "no"},
    {"t": "vote", "by": "D04", "on": "p1", "choice": "no"},
    {"t": "vote", "by": "D05", "on": "p1", "choice": "no"},
    {"t": "vote", "by": "D06", "on": "p1", "choice": "no"},
    {"t": "vote", "by": "D07", "on": "p1", "choice": "no"},
    {"t": "vote", "by": "D08", "on": "p1", "choice": "no"},
    {"t": "vote", "by": "D09", "on": "p1", "choice": "no"},
    {"t": "advance"},
    {"t": "advance"},
    {"t": "advance"}
  ],
  "success_predicate": {"type": "ratified_same_turn"},
  "patched_assertions": [
    {"type": "blocked_actions_at_least", "n": 1}
  ],
  "proposed_patch": {
    "params": {
      "allow_call_question": false,
      "review_period_turns": 3
    },
    "rationale": "Calling the question is removed from the kernel entirely; no procedural device may close a vote before its review period elapses. With a guaranteed three-turn window, the recorded trace still ratifies the spend - 11 yes to 9 no is a legitimate majority - but it ratifies it with every citizen heard, which is the point. The exploit was the exclusion, not the outcome."
  }
}