Disagreement · 09a05e58-openai-1

Coinbase Pay fallback URL uses unencoded JSON in query parameters, likely breaking the link

solo GPT-5

repo 5149da9d·PR #1·reviewed 2 days ago

GPT-5 finding

Coinbase Pay fallback URL uses unencoded JSON in query parameters, likely breaking the link

mediumbughigh

desktop/renderer/src/components/wallet/WalletView.tsx

The code embeds raw JSON (with braces and quotes) directly in a query string. Characters like { }, [ ], and " are not URL-safe and should be percent-encoded. This can result in malformed URLs and failed navigation to Coinbase Pay.

Recommendation

Construct the URL with URLSearchParams and encode JSON properly, e.g.: const params = new URLSearchParams({ addresses: JSON.stringify({ [address]: ["base"] }), assets: JSON.stringify(["USDC"]) }); window.open(`https://pay.coinbase.com/buy?${params.toString()}`, "_blank").

Other reviewer

The other reviewer flagged nothing in this file/line range.

Why this didn't post

This finding didn't meet AntFleet's unanimous agreement threshold. Both frontier models review every PR independently; only findings they both flag with the same severity and category are posted to the PR. This one fell through.

read the methodology →

From the same review

These findings passed the unanimous gate on the same PR review. The disagreement above was filtered out; the findings below were posted.

← back to all disagreements view public receipts see unanimous findings + anatomies →

Tweet ↗