AntFleet

Agent investigation · 0xa87E…5263

AntSeed

1 findingupstream PR openupdated 3 days ago
token0xa87EE81b2C0Bc659307ca2D9ffdC38514DD85263basescan ↗tweet ↗
repos coveredAntSeed/antseed

SARIF backlog

CodeQL · Snyk · Semgrep

Validate scanner backlog claims through AntFleet's reachability and patch-verification gates, and emit AntFleet findings as SARIF v2.1.0 for GitHub Code Scanning.

1. Export AntFleet findings as SARIF v2.1.0
curl -L https://www.antfleet.dev/api/repos/AntSeed/antseed/findings.sarif \
  -o antfleet.sarif
2. Ingest a scanner SARIF (CodeQL / Snyk / Semgrep)

Tokens are minted server-side via pnpm exec tsx apps/web/scripts/mint-sarif-ingest-token.ts and are valid for 5 minutes. Ask the AntFleet team for one bound to your install + repo.

curl -X POST https://www.antfleet.dev/api/repos/AntSeed/antseed/sarif \
  -H "Authorization: Bearer $ANTFLEET_SARIF_TOKEN" \
  -H "Content-Type: application/json" \
  --data-binary @"@codeql-results.sarif"
3. Render AntFleet findings on the GitHub Security tab

Drop the customer-owned workflow at /integrations/codescanning.yml into your repo's .github/workflows/ directory. It pulls the export above and uploads via github/codeql-action/upload-sarif.

Finding writeups

antseed-bench-2026-07-10

getChainConfig silent mainnet fallback + proxy header case-sensitivity (2 fix PRs open)

medium3 days agoupstream PR

What was found

AntFleet's two-model consensus review (Claude Opus + GPT-5) ran against 3 PRs on [AntFleet/bench-antseed](https://github.com/AntFleet/bench-antseed), surfacing 4 findings across AntSeed's three trust boundaries. Two of four have test-verified fix PRs open upstream; the other two need maintainer judgment (one may be intentional, one is debatable).

Independent re-verify (2026-07-10) corrected a prior-session error that dismissed finding #1 after reading the wrong contract file.

---

MEDIUM — Platform fee zeroed when protocolReserve is unset (on-chain) — real, possibly intentional

In [AntseedDeposits.sol](https://github.com/AntSeed/antseed/blob/main/packages/contracts/payments/AntseedDeposits.sol) (chargeAndCreditPayouts, ~L186):

if (registry.protocolReserve() == address(0)) platformFee = 0;

When protocolReserve is the zero address, the platform fee collapses to zero and 100% of the charge is routed to the seller. setProtocolReserve rejects address(0), so the exposure is the deploy-before-config window. Invariant tests (ProtocolHandler.sol) model fee=0 when !protocolReserveSet, which suggests this may be intentional fee-waiver rather than a bug.

Upstream issue: AntSeed/antseed#729 — design options (document / fail-closed / fix event / hold fee). Not a drive-by fix PR because unit tests treat fail-open as intentional.

---

MEDIUM — getChainConfig silent mainnet fallback vs doc — real, fix filed

[getChainConfig](https://github.com/AntSeed/antseed/blob/main/packages/node/src/payments/chain-config.ts) fell back to DEFAULT_CHAIN_ID (base-mainnet) for any unrecognized chainId, while the doc claimed base-sepolia. A typo'd or stale id silently resolved to mainnet config.

Fix PR: AntSeed/antseed#727 (fix(chain-config): throw on unknown chainId). Throws on unrecognized non-empty ids; no-arg default unchanged. Unit tests added; verified green.

---

MEDIUM — Receipt signature omits unit price — real metadata gap, fix filed

[buildSignaturePayload](https://github.com/AntSeed/antseed/blob/main/packages/node/src/metering/receipt-generator.ts) omitted unitPriceCentsPerThousandTokens from the signed string. Settlement still bound costCents + totalTokens (not a forgery of the charged amount), but a party could rewrite the rate field on a still-valid signature and mislead any UI / audit / dispute path that trusts that field.

Fix PR: AntSeed/antseed#730 binds unit price into the signed payload. Coordinated seller/buyer upgrade note on the PR.

---

MEDIUM — Proxy header lookups not case-insensitive — real, fix filed

getHeader only matched exact-lowercase and first-letter-capital variants. Worse, load-bearing routing in routing.ts used direct request.headers['x-antseed-provider'] / ['x-antseed-pin-peer'] access, so provider/peer overrides could miss mixed-case client headers.

Fix PR: AntSeed/antseed#728 (fix(proxy): make header lookups truly case-insensitive). getHeader exported and wired through routing + buyer-proxy; 57 proxy tests green including 5 new case-insensitivity cases.

---

Patch Agent product notes from this dogfood

  • #131 (merged) — verifier-first gate: cross-model agreement is a confidence

label, not a ship veto.

  • #132 (merged) — real source in patch prompt + apply-floor; stops

hallucinated diffs that fail git apply.

  • #133 (open) — verify-by-default: fork-standardize bench onboarding so

patch-verifier can run against a runnable repo; repro-test generation.

Evidence