Hey I ran this request through my AI harness (beigeboxoss.com), first with a smaller local model and then validated with Trinity Large via OR. https://github.com/agberohq/keeper/issues/2 -- YMMV but wanted something to do with my coffee, thanks!
Hey I ran this request through my AI harness (beigeboxoss.com), first with a smaller local model and then validated with Trinity Large via OR. https://github.com/agberohq/keeper/issues/2 -- YMMV but wanted something to do with my coffee, thanks!
The first bug has been confirmed however The second `vulnerability` would only be exploitable if an attacker could also break SHA-256 preimage resistance to forge valid checksums ??? correct me if am wrong
> The VerifyHMAC() function unconditionally returns true when the HMAC field is empty
This kind of thing is super common in vibecoded crypto, I wonder why it keeps happening.
Not sure, I've seen common things like this pop up a lot too, the same errors being tripped over. I'm not sure if it is a context thing or just a limitation of how the models work presently? For stuff that I'm using myself, I will run these through like the top 10 reasoning models on OR and just see where everything pans out.
Edit: here is an example of the process and output with something I put together the other day: https://github.com/RALaBarge/garlicpress/blob/master/portfol...
Even when you have a proper function and use AI for auto documentation, it silently changes it (insane) … I will defiantly fix this.