Disagreement · 7284403c-anthropic-2

auth --force bypasses cached-token wallet-mismatch protection but still keys on cfg.network — could overwrite a session for a different wallet without warning

solo Opus

repo 799b2361·PR #2·reviewed 5 days ago

Opus finding

auth --force bypasses cached-token wallet-mismatch protection but still keys on cfg.network — could overwrite a session for a different wallet without warning

lowsecuritymedium

src/commands/auth.ts:58-75
src/state/db.ts:177-182

saveSession overwrites any prior session at the (network:name) key. If a user runs `reppo auth --force` with a different REPPO_PRIVATE_KEY than the previously cached one, the prior wallet's session is silently replaced. Not a vulnerability per se, but the docs imply per-wallet caching; nothing emits a warning that another wallet's token was overwritten.

Recommendation

Either key sessions by (network:wallet) or emit a notice when --force replaces a session belonging to a different walletAddress.

Other reviewer

The other reviewer flagged nothing in this file/line range.

Why this didn't post

This finding didn't meet AntFleet's unanimous agreement threshold. Both frontier models review every PR independently; only findings they both flag with the same severity and category are posted to the PR. This one fell through.

read the methodology →

From the same review

These findings passed the unanimous gate on the same PR review. The disagreement above was filtered out; the findings below were posted.

lowdocs-gap
Comment in db.ts claims session schema has agentId, but persisted sessions for reppo-platform never carry one
view anatomy →

← back to all disagreements view public receipts see unanimous findings + anatomies →

Tweet ↗