Today `FundFlowMonitor::report_drain_event` is admin-only and takes the drained amount as a trusted parameter — the "automatic, trustless detection" in the pitch is not real yet. Make the monitor read a covered protocol's balance/TVL directly on-chain and compute the drain itself, so anyone can permissionlessly call it.
Acceptance criteria
- Monitor reads the protocol's current balance on-chain rather than trusting a caller-supplied number.
- A baseline TVL is recorded (at policy registration or via a snapshot fn) to compute the drain delta.
- `report_drain_event` no longer requires `reporter == admin`.
- Tests cover: genuine drain triggers payout; non-drain (or whitelisted withdrawal) does not.
Today `FundFlowMonitor::report_drain_event` is admin-only and takes the drained amount as a trusted parameter — the "automatic, trustless detection" in the pitch is not real yet. Make the monitor read a covered protocol's balance/TVL directly on-chain and compute the drain itself, so anyone can permissionlessly call it.
Acceptance criteria