Disagreement · b6cf244f-anthropic-10

publish-signal.sh: TX verification only warns on failure, contradicting README guarantee

solo Opus

repo a16d2030·PR #5·reviewed 1 week ago

Opus finding

publish-signal.sh: TX verification only warns on failure, contradicting README guarantee

mediumdocs-gaphigh

bankr-signals/scripts/publish-signal.sh:80-88
bankr-signals/SKILL.md:88-95

SKILL.md asserts 'You cannot publish a signal for a trade that didn't happen.' and the FAQ doubles down on this guarantee. The implementation publishes anyway whenever the RPC is unreachable or returns null (which also happens whenever --chain != base because of the chain-mismatch bug above). Combined with the absence of provider/sender verification, the only invariant actually enforced is 'when the Base RPC happens to respond, the TX is non-failed'.

Recommendation

On verification failure, exit non-zero. If 'best-effort' is desired, document it clearly and gate via an explicit --skip-verify flag.

Other reviewer

The other reviewer flagged nothing in this file/line range.

Why this didn't post

This finding didn't meet AntFleet's unanimous agreement threshold. Both frontier models review every PR independently; only findings they both flag with the same severity and category are posted to the PR. This one fell through.

read the methodology →

From the same review

These findings passed the unanimous gate on the same PR review. The disagreement above was filtered out; the findings below were posted.

mediumdocs-gap
verify-trade.sh prints “verified” without checking provider/sender match — README claim is misleading
view anatomy →

← back to all disagreements view public receipts see unanimous findings + anatomies →

Tweet ↗