AntFleet

Disagreement · b6cf244f-anthropic-4

auto-copy.sh logs copy as 'amount_pct' but DAILY_SPENT sums 'usd_amount' — risk accounting is silently broken

mismatch
repo a16d2030·PR #5·reviewed 1 week ago

Primary finding

auto-copy.sh logs copy as 'amount_pct' but DAILY_SPENT sums 'usd_amount' — risk accounting is silently broken

highbughigh
  • bankr-signals/scripts/auto-copy.sh:95-100
  • bankr-signals/scripts/auto-copy.sh:125-140
Even if the daily-loss check were wired up (see prior finding), the keys don't match: the writer emits `amount_pct`, the reader sums `usd_amount`. DAILY_SPENT will therefore be permanently 0 across all runs.

Recommendation

Decide on a single source of truth (parse $RESULT from Bankr for USD notional, or pre-compute notional before execution) and write it as `usd_amount` so the existing grep matches.

Counterpart finding

Auto-copy risk limits are not enforced; daily loss calculation uses a non-existent field and no cutoff check

highapi-contracthigh
  • bankr-signals/scripts/auto-copy.sh:99-107
  • bankr-signals/scripts/auto-copy.sh:125-136
  • bankr-signals/SKILL.md:182-187
The script prints daily spend vs. limit but never blocks execution if the limit is exceeded. Moreover, it sums a field usd_amount which is never written to the log, causing DAILY_SPENT to always be 0. This violates the advertised “mandatory risk limits” and can allow unbounded copying beyond configured caps.

Recommendation

- Compute the USD amount for each copy (e.g., fetch price via a reliable source or read it from the Bankr result) and write it to the log as usd_amount. - Before executing, compute prospective total (DAILY_SPENT + new_usd_amount) and abort if it exceeds daily_loss_limit. - If USD cannot be derived, enforce a hard stop on number of copy trades or on amount_pct sum as a fallback. - Add explicit guard: if DAILY_SPENT >= CONFIGURED_LOSS then exit with an error.

Why this didn't post

This finding didn't meet AntFleet's unanimous agreement threshold. Both frontier models review every PR independently; only findings they both flag with the same severity and category are posted to the PR. This one fell through.

read the methodology →

From the same review

These findings passed the unanimous gate on the same PR review. The disagreement above was filtered out; the findings below were posted.

← back to all disagreementsview public receiptssee unanimous findings + anatomies →
Tweet ↗