Disagreement · b6cf244f-anthropic-3

auto-copy.sh: COPY_PCT chosen as min(provider_pct, my_max) but daily_loss_limit is never enforced

mismatch

repo a16d2030·PR #5·reviewed 1 week ago

Primary finding

auto-copy.sh: COPY_PCT chosen as min(provider_pct, my_max) but daily_loss_limit is never enforced

highbughigh

bankr-signals/scripts/auto-copy.sh:88-102
bankr-signals/SKILL.md:130-145

The script prints 'Daily spend so far: $X / $LIMIT' but never compares DAILY_SPENT against CONFIGURED_LOSS, and never aborts. Documentation and the SKILL.md security claim ('Auto-copy has mandatory risk limits') explicitly promise the limit stops further copying. Additionally DAILY_SPENT is computed from a `.usd_amount` field that nothing ever writes (the log entry only has `amount_pct`, not `usd_amount`), so it is always 0. The risk control is entirely vestigial. This is a data-/funds-loss risk in the headline feature.

Recommendation

(1) Record realized USD spend/loss into copy-log.jsonl on each execution; (2) before executing, abort with non-zero exit if DAILY_SPENT >= CONFIGURED_LOSS; (3) clarify whether the field tracks spend or realized loss (the docs say 'loss', the code computes 'spent') and make naming/behavior consistent.

Counterpart finding

Auto-copy risk limits are not enforced; daily loss calculation uses a non-existent field and no cutoff check

highapi-contracthigh

bankr-signals/scripts/auto-copy.sh:99-107
bankr-signals/scripts/auto-copy.sh:125-136
bankr-signals/SKILL.md:182-187

The script prints daily spend vs. limit but never blocks execution if the limit is exceeded. Moreover, it sums a field usd_amount which is never written to the log, causing DAILY_SPENT to always be 0. This violates the advertised “mandatory risk limits” and can allow unbounded copying beyond configured caps.

Recommendation

- Compute the USD amount for each copy (e.g., fetch price via a reliable source or read it from the Bankr result) and write it to the log as usd_amount. - Before executing, compute prospective total (DAILY_SPENT + new_usd_amount) and abort if it exceeds daily_loss_limit. - If USD cannot be derived, enforce a hard stop on number of copy trades or on amount_pct sum as a fallback. - Add explicit guard: if DAILY_SPENT >= CONFIGURED_LOSS then exit with an error.

Why this didn't post

This finding didn't meet AntFleet's unanimous agreement threshold. Both frontier models review every PR independently; only findings they both flag with the same severity and category are posted to the PR. This one fell through.

read the methodology →

From the same review

These findings passed the unanimous gate on the same PR review. The disagreement above was filtered out; the findings below were posted.

mediumdocs-gap
verify-trade.sh prints “verified” without checking provider/sender match — README claim is misleading
view anatomy →

← back to all disagreements view public receipts see unanimous findings + anatomies →

Tweet ↗