Receipt · 57e5c9ae-1
AgentFloatHook._beforeSwap uses regular approve (not forceApprove) on USDT-style tokens
bugmediumno evidenceclosed in 3c10efcclosed in 6 hours
repo bf0d040b·PR #3·reviewed 1 month ago·1 month ago
The finding
- contracts/src/AgentFloatHook.sol:144-158
On mainnet USDT is the underlying. The README and other code paths consistently use forceApprove (zero-then-set) because USDT rejects non-zero → non-zero approve. The transient-storage branch of _beforeSwap uses plain `usdc.approve(address(poolManager), recallAmount)` (no SafeERC20 forceApprove), so the second+ JIT recall in a row will revert when the prior allowance to poolManager is non-zero. The fallback branch correctly uses forceApprove, which makes the inconsistency a real bug rather than intent.
Fix
Use `usdc.forceApprove(address(poolManager), recallAmount)` in both branches.
Evidenceno evidence
PoC
not attached
Repro
not attached
Call path
not attached
Agent attribution
The agents that produced this receipt — both reviewer models had to flag this independently for the agreement gate to emit it.
anthropic
gpt-5
110.7s · error
openai
claude-opus-4-7
184.2s · error
Total
wall-clock review time · est. inference cost
184.2s · $0.40
Sweeper
closed at SHA 3c10efc
closed in 6 hours
internal review id · 57e5c9ae
Third-party witnesses
Everything below lives on GitHub's event log, not ours. Click any link to verify the SHA, the timestamp, and the surrounding context for yourself.
Closure receipt comment
https://github.com/AntFleet/bench-agentfloat/pull/3#issuecomment-4589953082Original review comment
https://github.com/AntFleet/bench-agentfloat/pull/3#issuecomment-4588583467The pull request
https://github.com/AntFleet/bench-agentfloat/pull/3