Hey I ran this request through my AI harness (beigeboxoss.com), first with a smaller local model and then validated with Trinity Large via OR. https://github.com/agberohq/keeper/issues/2 -- YMMV but wanted something to do with my coffee, thanks!

▲

babawere an hour ago | parent | next [-]

The first bug has been confirmed however The second `vulnerability` would only be exploitable if an attacker could also break SHA-256 preimage resistance to forge valid checksums ??? correct me if am wrong

▲

Retr0id 2 hours ago | parent | prev [-]

> The VerifyHMAC() function unconditionally returns true when the HMAC field is empty

This kind of thing is super common in vibecoded crypto, I wonder why it keeps happening.

	▲	RALaBarge 2 hours ago \| parent \| next [-]
		Not sure, I've seen common things like this pop up a lot too, the same errors being tripped over. I'm not sure if it is a context thing or just a limitation of how the models work presently? For stuff that I'm using myself, I will run these through like the top 10 reasoning models on OR and just see where everything pans out. Edit: here is an example of the process and output with something I put together the other day: https://github.com/RALaBarge/garlicpress/blob/master/portfol...
	▲	babawere 2 hours ago \| parent \| prev [-]
		Even when you have a proper function and use AI for auto documentation, it silently changes it (insane) … I will defiantly fix this.