AntFleet

Disagreement · c9663187-anthropic-4

`quote_sell` may produce negative reserves or NaN when shares > complete-set capacity

mismatch
repo 193af03f·PR #2·reviewed 1 week ago

Primary finding

`quote_sell` may produce negative reserves or NaN when shares > complete-set capacity

highbughigh
  • backend/wonderwall/simulations/polymarket/amm.py:111-146
There’s no bound check that `x <= S` or that `usd_out >= 0`. For sells where shares S are very large relative to reserves, x may exceed S (since the quadratic root maximizes complete-set burn) — `usd_out` becomes negative, which gets written to portfolio.balance as `balance + usd_received` (decreasing the agent’s cash). Additionally, `new_reserve_b = k / new_reserve_a` can underflow but cannot go negative; still, an effective_price > 1 violates the AMM invariant comment ("each share can pay out at most $1"). The 2% cap exists only for buys, not sells.

Recommendation

Clamp x to [0, S]; if usd_out < 0 or > S, return an error from sell_shares ("trade size too large"). Also enforce a max-trade cap on sells, symmetric to buys.

Counterpart finding

Missing input validation for non-positive trade sizes in buy_shares/sell_shares can raise unhandled ValueError and crash the loop

highapi-contracthigh
  • backend/wonderwall/simulations/polymarket/amm.py:71-73
  • backend/wonderwall/simulations/polymarket/platform.py:162-165
  • backend/wonderwall/simulations/polymarket/amm.py:126-128
  • backend/wonderwall/simulations/polymarket/platform.py:244-246
quote_buy and quote_sell explicitly raise on non-positive inputs. Platform buy_shares/sell_shares neither validate inputs nor catch these exceptions, and BasePlatform.running does not guard action handlers with try/except. A bad input (0 or negative) can propagate a ValueError and terminate the platform loop.

Recommendation

Add explicit validation in PolymarketPlatform.buy_shares and sell_shares: - If amount_usd <= 0 or num_shares <= 0, return {"success": False, "error": "amount_usd must be positive"} (or similar) without calling the AMM. - Alternatively, wrap the quote_* calls in try/except ValueError and convert to structured error responses.

Why this didn't post

This finding didn't meet AntFleet's unanimous agreement threshold. Both frontier models review every PR independently; only findings they both flag with the same severity and category are posted to the PR. This one fell through.

read the methodology →
← back to all disagreementsview public receiptssee unanimous findings + anatomies →
Tweet ↗