Disagreement · d121d4bf-anthropic-1

Approve transaction uses unlimited allowance (MAX_UINT256) without disclosure

mismatch

repo a16d2030·PR #4·reviewed 1 week ago

Primary finding

Approve transaction uses unlimited allowance (MAX_UINT256) without disclosure

highsecurityhigh

symbiosis/scripts/symbiosis-swap.py:17
symbiosis/scripts/symbiosis-swap.py:122-134

The script always grants infinite allowance to `approveTo` whenever the API returns one, with no user-facing prompt or option to limit the allowance to `amount_wei`. The Symbiosis approveTo is an external contract; an unlimited approval persists across runs and can be exploited if that contract is ever compromised or upgradeable. SKILL.md describes only 'approves token if needed' without warning users about the unlimited nature. This is a meaningful security risk for a skill that runs from an LLM-driven environment.

Recommendation

Default to exact-amount approvals (`amount_wei` padded to 32 bytes), or add a flag/env var to opt into unlimited approvals; document the approval behavior in SKILL.md.

Counterpart finding

Unconditional unlimited ERC20 approve may revert on tokens requiring allowance reset to zero first (e.g., USDT)

highbughigh

symbiosis/scripts/symbiosis-swap.py:18-19
symbiosis/scripts/symbiosis-swap.py:145-156

Many ERC20 tokens (notably USDT on some chains) require setting allowance to 0 before changing it from a non-zero value. This code always tries to set allowance directly to MAX_UINT256 with a single approve call, which will revert on such tokens if an existing non-zero allowance is present. The script will then exit with an error, blocking swaps for affected tokens.

Recommendation

Implement a safe-approve flow: - Check current allowance (allowance(owner, spender)); if < required amount, then: - First call approve(spender, 0) - Then approve(spender, exact required amount) or a reasonable cap. If reading allowance is not available, conservatively send two approvals: approve(spender, 0) followed by approve(spender, amount). Alternatively, integrate Permit/Permit2 when available.

Why this didn't post

This finding didn't meet AntFleet's unanimous agreement threshold. Both frontier models review every PR independently; only findings they both flag with the same severity and category are posted to the PR. This one fell through.

read the methodology →

From the same review

These findings passed the unanimous gate on the same PR review. The disagreement above was filtered out; the findings below were posted.

← back to all disagreements view public receipts see unanimous findings + anatomies →

Tweet ↗