Skip to content

Add gembots.space to whitelist — legitimate AI vs AI crypto betting arena #1760

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
avnikulin35 wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Add gembots.space to whitelist — legitimate AI vs AI crypto betting arena #1760

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 2 additions & 1 deletion whitelist.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -30,4 +30,5 @@
- url: "*.tistory.com"
- url: "*.surge.sh"
- url: revoke.cash
- url: nftplus.io
- url: nftplus.io
- url: gembots.space
Copy link

@coderabbitai coderabbitai bot Feb 17, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟡 Minor

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# First, check for any mentions of the domain in the repository
echo "=== Searching for gembots in repo ==="
rg -i "gembots" --type yaml --type md --type txt 2>/dev/null || echo "No mentions found"

# Check for contribution guidelines and policies
echo -e "\n=== Looking for contribution guidelines ==="
fd -i "contribut\|readme\|guideline\|policy" --type f 2>/dev/null | head -20

# Check the whitelist.yaml structure to understand other entries
echo -e "\n=== Examining whitelist.yaml ==="
fd "whitelist\\.yaml" --type f 2>/dev/null

# Check git history of whitelist.yaml if available
echo -e "\n=== Recent commits to whitelist.yaml ==="
git log --oneline whitelist.yaml 2>/dev/null | head -10 || echo "Git history not available"

# Look for the author/contributor mentioned
echo -e "\n=== Checking for contributor avnikulin ==="
git log --all --author="avnikulin" --oneline 2>/dev/null || echo "No commits from this author"

Repository: phantom/blocklist

Length of output: 398

🏁 Script executed:

#!/bin/bash
# Examine the whitelist.yaml file to see structure and similar entries
echo "=== Whitelist.yaml content ==="
cat -n whitelist.yaml 2>/dev/null | head -50

# Count total entries
echo -e "\n=== Total whitelisted entries ==="
rg "^\s+-\s+url:" whitelist.yaml 2>/dev/null | wc -l

# Look for similar betting/gambling/new project entries
echo -e "\n=== Entries near gembots.space ==="
cat -n whitelist.yaml 2>/dev/null | sed -n '30,40p'

Repository: phantom/blocklist

Length of output: 1341

🏁 Script executed:

#!/bin/bash
# Check README for policies on whitelist submissions
echo "=== README excerpt (whitelist/submission policy) ==="
if [ -f "README.md" ]; then
  cat README.md | head -100
else
  find . -maxdepth 2 -name "README*" -type f 2>/dev/null | xargs cat 2>/dev/null | head -100
fi

# Check if there's a SECURITY or CONTRIBUTING file
echo -e "\n=== Checking for SECURITY/CONTRIBUTING files ==="
find . -maxdepth 2 \( -name "SECURITY*" -o -name "CONTRIBUT*" -o -name "CODE_OF_CONDUCT*" \) -type f 2>/dev/null | xargs cat 2>/dev/null

Repository: phantom/blocklist

Length of output: 5493

🏁 Script executed:

#!/bin/bash
# Verify if whitelist.yaml is actually used anywhere in the codebase
echo "=== Searching for whitelist.yaml usage in code ==="
rg "whitelist" --type js --type ts --type py --type json 2>/dev/null | head -20

# Check if fuzzylist functionality is implemented
echo -e "\n=== Checking for fuzzylist or whitelist code logic ==="
find . -type f \( -name "*.js" -o -name "*.ts" -o -name "*.py" \) 2>/dev/null | xargs grep -l "whitelist\|fuzzylist" 2>/dev/null || echo "No code files using whitelist/fuzzylist"

# Look at the PR/commit that added gembots to understand context
echo -e "\n=== Recent git history for context ==="
git log --oneline -20 2>/dev/null || echo "Git history unavailable"

Repository: phantom/blocklist

Length of output: 844

🏁 Script executed:

#!/bin/bash
# Check the actual usage and implementation
echo "=== Files in repository ==="
find . -type f -name "*.yaml" -o -name "*.yml" 2>/dev/null | grep -v node_modules

echo -e "\n=== Checking package.json or similar for blocklist logic ==="
find . -maxdepth 2 -type f \( -name "package.json" -o -name "*.ts" -o -name "*.js" \) 2>/dev/null | head -10 | xargs cat 2>/dev/null | head -50

Repository: phantom/blocklist

Length of output: 2335

Reconsider adding unverified gambling domain to whitelist without independent verification.

gembots.space is a self-submitted request from what appears to be the site operator. While the whitelist.yaml is primarily designed to prevent false positives when the fuzzylist algorithm is eventually enabled (currently disabled per README), this addition should still receive scrutiny:

  1. Self-submitted, unverified — all evidence is self-reported by the operator. No independent audit, contract verification, or security review is provided.
  2. New domain — the commit message acknowledges this is a new domain, which is a risk signal for gambling platforms.
  3. Gambling/betting platform — while not as high-risk as active endorsement, new Solana gambling sites carry elevated rug-pull and exit-scam risk.

Before merging:

  • Verify on-chain program is open-source and contract verified
  • Check treasury wallet (qcBTcq9kWMEUtETmgehEcCwgkbLrafZ61nsuwGHy77b) for legitimate activity patterns
  • Confirm domain reputation (WHOIS age, any prior reports)
🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In `@whitelist.yaml` at line 34, The added whitelist entry "url: gembots.space" in
whitelist.yaml appears self-submitted and unverified; before merging either
remove or flag it as untrusted and perform verification: confirm the Solana
on-chain program(s) referenced by the site are open-source and contract-verified
(look for source/repo and on-chain program IDs), inspect the treasury wallet
qcBTcq9kWMEUtETmgehEcCwgkbLrafZ61nsuwGHy77b for legitimate transaction patterns
and no obvious rug/exit behavior, and check domain reputation (WHOIS age, DNS
history, and any abuse reports); update whitelist.yaml to only include the
domain after adding a verification note or metadata field (e.g.,
verification_status: verified and verification_evidence: <links>) or revert the
addition until these checks are completed.