AntFleet

Disagreement · 7cad6f1a-anthropic-10

DopplerERC20V1._setOwner does not re-exclude `owner_` if owner is rotated after balanceLimitEnd

solo Opus
repo a7cc2ed7·PR #3·reviewed 1 week ago

Opus finding

DopplerERC20V1._setOwner does not re-exclude `owner_` if owner is rotated after balanceLimitEnd

lowbugmedium
  • src/tokens/DopplerERC20V1.sol:472-478
The comment says 'to prevent inflation mints from reverting', but DopplerERC20V1 has no inflation minting (that's CloneERC20). The comment appears to be misleading copy-paste. Also, the guard `balanceLimitEnd > block.timestamp` is checked, but `isBalanceLimitActive` may have been disabled by the controller; in that case the exclusion is harmless but unnecessary. More importantly, if `balanceLimitEnd > block.timestamp` is false at the time of owner transfer but later (impossible since time only moves forward) — fine. The misleading comment is the main concern.

Recommendation

Correct the comment to reflect actual purpose (e.g., to ensure the new owner can receive minted/transferred tokens during the balance-limit window). Consider also gating on `isBalanceLimitActive`.

Other reviewer

The other reviewer flagged nothing in this file/line range.

Why this didn't post

This finding didn't meet AntFleet's unanimous agreement threshold. Both frontier models review every PR independently; only findings they both flag with the same severity and category are posted to the PR. This one fell through.

read the methodology →
← back to all disagreementsview public receiptssee unanimous findings + anatomies →
Tweet ↗