AntFleet

Disagreement · c9663187-anthropic-16

`PolymarketAction.create_market` exposed as LLM tool despite docstring 'used internally for seeding'

solo Opus
repo 193af03f·PR #2·reviewed 1 week ago

Opus finding

`PolymarketAction.create_market` exposed as LLM tool despite docstring 'used internally for seeding'

mediumsecuritymedium
  • backend/wonderwall/simulations/polymarket/actions.py:91-108
  • backend/wonderwall/simulations/base.py:253-266
`create_market` is an async public method on PolymarketAction, so it’s auto-discovered as an LLM tool — directly contradicting the docstring. Worse, `PolymarketPlatform.resolve_market` checks creator-id-based authority, so an agent that creates a market can resolve it (in any direction) and pay itself the entire pool. There is no rate-limit or permission check on create_market or resolve_market.

Recommendation

Either add `create_market` (and `resolve_market`) to PolymarketAction._excluded_methods, or add platform-side authorization (e.g., only an admin agent can create/resolve, or markets resolve based on a verifiable external event).

Other reviewer

The other reviewer flagged nothing in this file/line range.

Why this didn't post

This finding didn't meet AntFleet's unanimous agreement threshold. Both frontier models review every PR independently; only findings they both flag with the same severity and category are posted to the PR. This one fell through.

read the methodology →
← back to all disagreementsview public receiptssee unanimous findings + anatomies →
Tweet ↗