AntFleet

Disagreement · 1e8fb4a1-anthropic-7

TopUpDistributor.pullUp does not validate canonical token ordering, allowing migrators to call with swapped args and miss top-ups

solo Opus
repo a7cc2ed7·PR #1·reviewed 1 week ago

Opus finding

TopUpDistributor.pullUp does not validate canonical token ordering, allowing migrators to call with swapped args and miss top-ups

mediumapi-contractmedium
  • src/TopUpDistributor.sol:110-130
`topUp` stores data under canonical (token0 < token1) keys, but `pullUp` does NOT enforce this. If a migrator calls `pullUp(token1, token0, recipient)` (swapped) it silently returns (amount==0) without warning and without pulling up the top-ups. Top-ups remain stuck. There is no `require(token0 < token1)` validation. This silent no-op is a footgun.

Recommendation

Add `require(token0 < token1, InconsistentOrientation())` in pullUp, or canonicalize the order before lookup.

Other reviewer

The other reviewer flagged nothing in this file/line range.

Why this didn't post

This finding didn't meet AntFleet's unanimous agreement threshold. Both frontier models review every PR independently; only findings they both flag with the same severity and category are posted to the PR. This one fell through.

read the methodology →
← back to all disagreementsview public receiptssee unanimous findings + anatomies →
Tweet ↗