AntFleet

Disagreement · 2ee1c98c-openai-0

Slippage protection computed with unsafe Number conversions can underflow to near-zero minimums

solo GPT-5
repo 53606958·PR #5·reviewed 1 week ago

GPT-5 finding

Slippage protection computed with unsafe Number conversions can underflow to near-zero minimums

highbughigh
  • scripts/reposition.ts:271
  • scripts/reposition.ts:359
  • scripts/reposition.ts:366
  • scripts/reposition.ts:370
Token amounts are 256-bit integers. Converting BigInt amounts to Number loses precision beyond 2^53-1 and can overflow to Infinity for very large values, causing BigInt() casting to throw or, more subtly, causing approxOut to be drastically misestimated. A too-small amountOutMinimum weakens slippage protection and exposes swaps to poor execution or sandwich attacks. This also applies to the price computation using Number which propagates rounding into minOut.

Recommendation

Avoid Number in on-chain amount math. Options: (a) compute amountOutMinimum using all-BigInt fixed-point math from sqrtPriceX96: approxOut = amountIn * (sqrtPriceX96**2) / 2**192 adjusted for token decimals, then apply slippage in BigInt; (b) use a Quoter (Uniswap V3 QuoterV2) or a trusted price/quote endpoint to get a quote in BigInt and then set amountOutMinimum = quote * (100n - SLIPPAGE)/100n. Keep all arithmetic in BigInt.

Other reviewer

The other reviewer flagged nothing in this file/line range.

Why this didn't post

This finding didn't meet AntFleet's unanimous agreement threshold. Both frontier models review every PR independently; only findings they both flag with the same severity and category are posted to the PR. This one fell through.

read the methodology →
← back to all disagreementsview public receiptssee unanimous findings + anatomies →
Tweet ↗