PINK: E2E trace analysis — Pass 6 deep math/tests/concurrency/security (I1-I22)
Sixth pass: entry-fill accumulation bug (multiple partial fills overwrite size), crash durability (slot state lost between step 2-5 of process_intent), seen_event_ids lost on restart (double event processing), idempotency gap (no newClientOrderId), no graceful degradation, no startup reconcile from Zinc, Zinc SHM world-readable, KernelSlotView unrestricted write access, sys.path injection at import time. 22 new flaws. Combined catalog now 160. Co-authored-by: CommandCodeBot <noreply@commandcode.ai>
This commit is contained in:
Codex
@@ -20,7 +20,8 @@
|
||||
| F | Deep E2E (Pass 3) | 30 | 0 | 1 | 8 | 17 | 4 |
|
||||
| G | Domain Scans (Pass 4) | 36 | 4 | 11 | 11 | 8 | 2 |
|
||||
| H | Edge Domains (Pass 5) | 22 | 3 | 9 | 5 | 4 | 1 |
|
||||
| **Total** | | **138** | **8** | **30** | **37** | **44** | **19** |
|
||||
| I | Pass 6 (Math/Tests/Recovery/Security) | 22 | 3 | 11 | 4 | 2 | 2 |
|
||||
| **Total** | | **160** | **11** | **41** | **41** | **46** | **21** |
|
||||
|
||||
---
|
||||
|
||||
@@ -161,6 +162,37 @@
|
||||
|
||||
---
|
||||
|
||||
## I-Series: Math, Tests, Concurrency, Recovery, Security (Pass 6)
|
||||
|
||||
*Full detail in TRACE doc under "PASS 6 — MATH, TESTS, CONCURRENCY, RECOVERY, SECURITY."*
|
||||
|
||||
| # | Flaw | Layer | Severity |
|
||||
|---|------|-------|----------|
|
||||
| I1 | Entry `apply_fill` multiple partial fills overwrite size instead of accumulating | Rust | **Critical** |
|
||||
| I2 | Zero exit_ratio creates zero-size exit order — slot stuck in EXIT_REQUESTED | Rust | Medium |
|
||||
| I3 | entry_price inconsistency — Python falsy vs Rust `<= 0.0` gate | Bridge | Info |
|
||||
| I4 | Only 1 Rust unit test for 1765-line kernel — 99% untested at Rust layer | Rust | **High** |
|
||||
| I5 | MockVenueScenario rejection flags exist but zero tests use them | Test | **High** |
|
||||
| I6 | No LIMIT order test through full kernel path | Test | **High** |
|
||||
| I7 | Three weak/vacuous assertions in test_flaws.py | Test | Low |
|
||||
| I8 | Entry overfill no guard | Rust | Low |
|
||||
| I9 | No crash durability — slot state pure in-memory until step 7 of process_intent | Bridge | **Critical** |
|
||||
| I10 | seen_event_ids lost on restart — events double-processed | Rust | **Critical** |
|
||||
| I11 | No idempotency key sent to BingX — lost response creates duplicate orders | Venue | **High** |
|
||||
| I12 | No graceful degradation for ANY subsystem | All | **High** |
|
||||
| I13 | Stray venue event can reactivate CLOSED slot — no guard | Rust | **High** |
|
||||
| I14 | No reconcile_from_slots call on startup — Zinc state never loaded into kernel | Restart | **High** |
|
||||
| I15 | CANCEL_REJECT doesn't clear active_exit_order — slot stuck in EXIT_WORKING | Rust | Medium |
|
||||
| I16 | Zinc shared memory world-readable/writable by same-machine processes | Zinc | **High** |
|
||||
| I17 | KernelSlotView unrestricted getattr/setattr — bypasses all FSM guards | Bridge | **High** |
|
||||
| I18 | sys.path.insert(0) at import time in 3 production files — malicious module loading | Build | **High** |
|
||||
| I19 | pump_venue_events stale snapshot diff produces phantom position events | Venue | **High** |
|
||||
| I20 | exit_leg_ratios empty list — next_exit_ratio defaults to 1.0 (undocumented) | Contracts | Info |
|
||||
| I21 | RATE_LIMITED code path in both Python and Rust is completely untested | All | Medium |
|
||||
| I22 | Thread pool max_workers=3 shared across all adapter instances — never shut down | Venue | Medium |
|
||||
|
||||
---
|
||||
|
||||
## H-Series: Edge Domains — Dependencies, Error Handling, Types, Contracts (Pass 5)
|
||||
|
||||
*Full detail in TRACE doc under "PASS 5 — EDGE DOMAINS."*
|
||||
|
||||
Reference in New Issue
Block a user