synthethic-bench-2026-06-08
Privy token storage and external token-data parsing bugs found in Synthethic AI
What was found
AntFleet's two-model consensus review (Claude Opus 4.7 + GPT-5) ran against 3 manual file-pick PRs on [AntFleet/bench-synthethic](https://github.com/AntFleet/bench-synthethic), covering the auth/session bridge, external token-data collectors, and run orchestration/config surfaces for [AISynthetics/synthetic-users](https://github.com/AISynthetics/synthetic-users).
4 unanimous findings:
1. Privy access token is persisted to localStorage
The auth bridge writes the Privy bearer token to localStorage, exposing it to any script that runs in the page. Both reviewers agreed this expands XSS blast radius because the token can be replayed against authenticated API paths. (medium security, PR #1)
2. ABI string decoder rejects empty dynamic strings
decodeStringResult uses an off-by-two bound for dynamic-string payloads. An empty string response can be rejected even though it is ABI-valid, causing token metadata fallback paths to miss valid empty values. (medium bug, PR #2)
3. x402 share-page parsing passes the wrong base-url argument key
parseMiroSharkX402SharePage expects one option key but the caller passes a different name, so canonical URL/base URL fallback logic can silently fail when extracting source-backed x402 share metadata. (medium bug, PR #2)
4. Persona collector pack is recomputed redundantly
The runner computes collectorPack and then recomputes it inside artifact composition, creating a maintainability risk where the two paths can drift. (low maintainability, PR #3)
Evidence
- Benchmark repo: AntFleet/bench-synthethic
- Auth/session bridge bench PR: AntFleet/bench-synthethic#1 (1 finding) · review comment
- External token data bench PR: AntFleet/bench-synthethic#2 (2 findings) · review comment
- Run orchestration/config bench PR: AntFleet/bench-synthethic#3 (1 finding) · review comment
- Source repo: AISynthetics/synthetic-users
- Token: 0xfe84…6ba3 on Base