AntFleet

Disagreement · 1e8fb4a1-anthropic-1

Airlock._handleFees can underflow when balance < fees

solo Opus
repo a7cc2ed7·PR #1·reviewed 1 week ago

Opus finding

Airlock._handleFees can underflow when balance < fees

mediumbugmedium
  • src/Airlock.sol:222-236
`_handleFees` computes `(balance - fees) / 1000` without checking that `balance >= fees`. The doc above the function says 'Balance of the token including fees' but if a poolInitializer returns balance < fees (e.g. fees previously claimed but balance partially withdrawn elsewhere), this will revert via underflow in Solidity 0.8 and block the migration permanently. There is no validation of the relationship between balance and fees.

Recommendation

Add `require(balance >= fees, ...)` or compute proceeds as `balance > fees ? balance - fees : 0` to avoid migration deadlock and to communicate the invariant.

Other reviewer

The other reviewer flagged nothing in this file/line range.

Why this didn't post

This finding didn't meet AntFleet's unanimous agreement threshold. Both frontier models review every PR independently; only findings they both flag with the same severity and category are posted to the PR. This one fell through.

read the methodology →
← back to all disagreementsview public receiptssee unanimous findings + anatomies →
Tweet ↗