feat: Enhanced Claude Code configuration with comprehensive best practices
- Updated project CLAUDE.md with detailed commands, workflows, and guidelines - Added environment configuration and performance monitoring commands - Enhanced security guidelines and commit message conventions - Created 5 custom slash commands for common MEV bot development tasks: * /analyze-performance - Comprehensive performance analysis * /debug-issue - Structured debugging workflow * /implement-feature - Feature implementation framework * /security-audit - Security audit checklist * /optimize-performance - Performance optimization strategy - Updated global CLAUDE.md with universal best practices - Improved file organization and development standards 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>
This commit is contained in:
Krypto Kajun
72
.claude/commands/security-audit.md
Normal file
72
.claude/commands/security-audit.md
Normal file
@@ -0,0 +1,72 @@
|
||||
# MEV Bot Security Audit
|
||||
|
||||
Perform a comprehensive security audit of the MEV bot focusing on: $ARGUMENTS
|
||||
|
||||
## Security Audit Checklist:
|
||||
|
||||
### 1. **Code Security Analysis**
|
||||
```bash
|
||||
# Static security analysis
|
||||
gosec ./...
|
||||
|
||||
# Dependency vulnerabilities
|
||||
go list -json -m all | nancy sleuth
|
||||
|
||||
# Secret scanning
|
||||
git-secrets --scan
|
||||
```
|
||||
|
||||
### 2. **Input Validation Review**
|
||||
- Transaction data parsing validation
|
||||
- RPC response validation
|
||||
- Configuration parameter validation
|
||||
- Mathematical overflow/underflow checks
|
||||
- Buffer overflow prevention
|
||||
|
||||
### 3. **Cryptographic Security**
|
||||
- Private key handling and storage
|
||||
- Signature verification processes
|
||||
- Random number generation
|
||||
- Hash function usage
|
||||
- Encryption at rest and in transit
|
||||
|
||||
### 4. **Network Security**
|
||||
- RPC endpoint authentication
|
||||
- TLS/SSL configuration
|
||||
- Rate limiting implementation
|
||||
- DDoS protection mechanisms
|
||||
- WebSocket connection security
|
||||
|
||||
### 5. **Runtime Security**
|
||||
- Memory safety in Go code
|
||||
- Goroutine safety and race conditions
|
||||
- Resource exhaustion protection
|
||||
- Error information disclosure
|
||||
- Logging security (no sensitive data)
|
||||
|
||||
## Specific MEV Bot Security Areas:
|
||||
|
||||
### **Transaction Processing**
|
||||
- Validate all transaction inputs
|
||||
- Prevent transaction replay attacks
|
||||
- Secure handling of swap calculations
|
||||
- Protection against malicious contract calls
|
||||
|
||||
### **Market Data Integrity**
|
||||
- Price feed validation
|
||||
- Oracle manipulation detection
|
||||
- Historical data integrity
|
||||
- Real-time data verification
|
||||
|
||||
### **Financial Security**
|
||||
- Gas estimation accuracy
|
||||
- Slippage protection
|
||||
- Minimum profit validation
|
||||
- MEV protection mechanisms
|
||||
|
||||
## Output Requirements:
|
||||
- Detailed security findings report
|
||||
- Risk assessment (Critical/High/Medium/Low)
|
||||
- Remediation recommendations
|
||||
- Implementation timeline for fixes
|
||||
- Security testing procedures
|
||||
Reference in New Issue
Block a user