agentfloat-bench-2026-05-31
Mainnet watcher and vault withdrawal bugs plus 3 additional AgentFloat findings
What was found
AntFleet's two-model consensus review (Claude Opus 4.7 + GPT-5) ran against 3 replay PRs on [AntFleet/bench-agentfloat](https://github.com/AntFleet/bench-agentfloat), covering mainnet agent guardrails, the X Layer deployment path, and strategy/vault hardening.
PR #1 and PR #2 produced 0 unanimous findings. PR #3 produced 5 unanimous findings:
---
**1. [HIGH] Watcher always uses testnet chain config regardless of CONFIG.chainId**
startWatcher detects mainnet mode, but constructs its viem client with the testnet chain config and default transport. On mainnet this can make the agent poll testnet state while logs and docs indicate mainnet operation.
Fix: choose chain and transport from CONFIG.chainId / CONFIG.rpcUrl, and add a regression test proving the watcher uses the configured RPC.
---
**2. [HIGH] FloatVault.withdraw ignores strategy actualOut**
FloatVault.withdraw calls the active strategy and ignores the amount the strategy actually returned, then attempts to transfer the requested amount to the caller. Under rounding, stress, or partial strategy liquidity, this can revert or mis-account vault funds.
Fix: transfer/account using the strategy return value, or explicitly revert when the vault cannot satisfy the requested amount.
---
**3. [MEDIUM] AgentFloatHook._beforeSwap uses regular approve on USDT-style tokens**
The mainnet underlying is USDT-style, and the fallback path already uses forceApprove. The transient-storage branch still uses plain approve(poolManager, recallAmount), which can revert on a second non-zero allowance update.
Fix: use forceApprove in both _beforeSwap branches.
---
**4. [MEDIUM] CORS defaults to * while credentials are enabled**
When DASHBOARD_ORIGIN is unset, the API emits Access-Control-Allow-Origin: * together with Access-Control-Allow-Credentials: true. That combination is invalid in browsers and expands the risk envelope for admin endpoints if credentialed access is later introduced or proxied differently.
Fix: allow credentials only for a validated allowlist origin, or do not emit credentialed CORS headers for wildcard origin.
---
5. [LOW] API state reports stale Forge test counts
The README/pitch materials claim 13/13 Forge tests passing, but /api/state hardcodes testsPassed=8 and testsTotal=8, so the dashboard can contradict the public verification narrative.
Fix: remove the hardcoded fields or source them from a generated test artifact.
Evidence
- Benchmark repo: AntFleet/bench-agentfloat
- Mainnet guardrails bench PR: AntFleet/bench-agentfloat#1 (0 unanimous findings)
- Mainnet deploy path bench PR: AntFleet/bench-agentfloat#2 (0 unanimous findings)
- Strategy/vault hardening bench PR: AntFleet/bench-agentfloat#3 (5 findings) - review comment
- Source repo: ronkenx9/agentfloat-hook
- Token: 0xa612...5ba3 on Base