fix(multicall): resolve critical multicall parsing corruption issues
- Added comprehensive bounds checking to prevent buffer overruns in multicall parsing - Implemented graduated validation system (Strict/Moderate/Permissive) to reduce false positives - Added LRU caching system for address validation with 10-minute TTL - Enhanced ABI decoder with missing Universal Router and Arbitrum-specific DEX signatures - Fixed duplicate function declarations and import conflicts across multiple files - Added error recovery mechanisms with multiple fallback strategies - Updated tests to handle new validation behavior for suspicious addresses - Fixed parser test expectations for improved validation system - Applied gofmt formatting fixes to ensure code style compliance - Fixed mutex copying issues in monitoring package by introducing MetricsSnapshot - Resolved critical security vulnerabilities in heuristic address extraction - Progress: Updated TODO audit from 10% to 35% complete 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
This commit is contained in:
Krypto Kajun
@@ -145,6 +145,88 @@ go test -run TestSqrtPriceX96ToPrice ./pkg/uniswap/
|
||||
go test -run Test.*Price ./pkg/uniswap/
|
||||
```
|
||||
|
||||
### Math Audit CLI
|
||||
|
||||
The `tools/math-audit` CLI provides deterministic regression checks for the
|
||||
pricing engines across multiple DEX models (Uniswap V2/V3, Camelot/Algebra,
|
||||
Ramses, Curve, Balancer, TraderJoe). It also embeds pared-down versions of the
|
||||
round-trip and symmetry property tests so that math regressions are caught
|
||||
without relying on build tags.
|
||||
|
||||
```bash
|
||||
# Run the audit against the canonical vector set and emit reports
|
||||
go run ./tools/math-audit --vectors default --report reports/math/latest
|
||||
|
||||
# Or use the convenience script (writes to reports/math/latest)
|
||||
scripts/run_audit_suite.sh
|
||||
|
||||
# Via make target
|
||||
make math-audit
|
||||
```
|
||||
|
||||
The CLI writes both JSON (`report.json`) and Markdown (`report.md`) summaries
|
||||
into the provided directory, which can be attached to CI artifacts or shared
|
||||
with reviewers.
|
||||
|
||||
When the Drone `test-suite` pipeline runs, it persists
|
||||
`reports/math/latest/report.{json,md}` as build artifacts. The stage fails if
|
||||
either file is missing or empty, guaranteeing downstream Harness promotions have
|
||||
the math audit evidence available for review.
|
||||
|
||||
### Profitability Simulation CLI
|
||||
|
||||
The profitability harness at `tools/simulation` replays historical opportunity
|
||||
vectors and reports hit rate and net profit after gas costs.
|
||||
|
||||
```bash
|
||||
# Run against the bundled default vectors
|
||||
make simulate-profit
|
||||
|
||||
# Override vector file and report location
|
||||
SIMULATION_VECTORS=tools/simulation/vectors/my-slice.json \
|
||||
scripts/run_profit_simulation.sh /tmp/sim-report
|
||||
```
|
||||
|
||||
The CLI emits stdout summaries and writes structured reports to
|
||||
`reports/simulation/latest/summary.{json,md}` (or the directory passed via
|
||||
`--report`). Use the Markdown file for change-management artefacts and stash the
|
||||
JSON alongside math-audit outputs for reproducible profitability audits.
|
||||
|
||||
### Environment-Specific Pipelines & Local Hooks
|
||||
|
||||
CI/CD now runs through Drone and Harness:
|
||||
|
||||
- **Drone `test-suite`** — lint, race/coverage tests, binary build, smoke start,
|
||||
math audit, profitability simulation, and dry-run Docker build.
|
||||
- **Drone `security-suite`** — gosec, govulncheck, Nancy, and security fuzz
|
||||
tests on protected branches.
|
||||
- **Drone `integration-opt-in`** — manual stage for integration tests requiring
|
||||
RPC access or heavy fixtures.
|
||||
- **Harness `staging_promotion`** — builds on Drone artifacts, packages a Docker
|
||||
image, and upgrades the staging environment via Helm.
|
||||
|
||||
Use `drone exec --pipeline <name>` for local validation and `harness pipeline
|
||||
execute --file harness/pipelines/staging.yaml` (or the UI) for promotions.
|
||||
|
||||
Legacy fork-dependent suites are gated behind optional build tags:
|
||||
- `go test -tags='integration legacy' ./...` runs RPC-heavy legacy harnesses.
|
||||
- `go test -tags='integration forked' ./test/arbitrage_fork_test.go` exercises fork-only scenarios.
|
||||
|
||||
Developers should mirror the dev/test gates locally before pushing:
|
||||
|
||||
```bash
|
||||
# Fast dev parity with pipeline-dev
|
||||
./scripts/quality-check.sh
|
||||
|
||||
# Security/math parity with audit pipeline
|
||||
./scripts/run_audit_suite.sh
|
||||
```
|
||||
|
||||
The helper `scripts/git-workflow.sh push` command executes the same checks used
|
||||
by the CI pre-push hook (formatting, lint, unit tests). Add `./scripts/git-workflow.sh
|
||||
push` to your workflow or wire it into `.git/hooks/pre-push` to avoid CI
|
||||
surprises.
|
||||
|
||||
### Running Benchmarks
|
||||
|
||||
#### Basic Benchmarks
|
||||
@@ -263,4 +345,4 @@ Optimizations focus on:
|
||||
1. Continuous benchmark tracking
|
||||
2. Comparative benchmarking across versions
|
||||
3. Detailed profiling integration
|
||||
4. Resource usage monitoring
|
||||
4. Resource usage monitoring
|
||||
|
||||
Reference in New Issue
Block a user