Disagreement · cf4e74ac-anthropic-0

cmd_bet accepts unknown direction strings as DOWN, silently misrouting bets

solo Opus

repo a16d2030·PR #1·reviewed 1 week ago

Opus finding

cmd_bet accepts unknown direction strings as DOWN, silently misrouting bets

highapi-contracthigh

agenticbets/scripts/agenticbets.py:196-199

The direction argument is validated only against {'up','bull'}. Any other value — including a typo like 'don', 'd', 'downn', or even 'up ' with whitespace — is silently treated as DOWN (position=1). For a financial action that costs USDC + gas, this is a serious contract gap: the user gets the opposite of what they typed without any error. The CLI usage string says '<up|down>' but only 'up'/'bull' is whitelisted and 'down'/'bear' is implicit fallthrough.

Recommendation

Explicitly validate direction against the set {up, bull, down, bear} (case-insensitive) and sys.exit with an error message otherwise. Strip whitespace before comparing.

Other reviewer

The other reviewer flagged nothing in this file/line range.

Why this didn't post

This finding didn't meet AntFleet's unanimous agreement threshold. Both frontier models review every PR independently; only findings they both flag with the same severity and category are posted to the PR. This one fell through.

read the methodology →

From the same review

These findings passed the unanimous gate on the same PR review. The disagreement above was filtered out; the findings below were posted.

← back to all disagreements view public receipts see unanimous findings + anatomies →

Tweet ↗