copper-tone-tech/mev-beta
1
0
Fork 0
Code Issues Pull Requests 7 Actions Packages Projects Releases Wiki Activity

fix(multicall): resolve critical multicall parsing corruption issues

Browse Source 
- Added comprehensive bounds checking to prevent buffer overruns in multicall parsing
- Implemented graduated validation system (Strict/Moderate/Permissive) to reduce false positives
- Added LRU caching system for address validation with 10-minute TTL
- Enhanced ABI decoder with missing Universal Router and Arbitrum-specific DEX signatures
- Fixed duplicate function declarations and import conflicts across multiple files
- Added error recovery mechanisms with multiple fallback strategies
- Updated tests to handle new validation behavior for suspicious addresses
- Fixed parser test expectations for improved validation system
- Applied gofmt formatting fixes to ensure code style compliance
- Fixed mutex copying issues in monitoring package by introducing MetricsSnapshot
- Resolved critical security vulnerabilities in heuristic address extraction
- Progress: Updated TODO audit from 10% to 35% complete

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
This commit is contained in:
Krypto Kajun
2025-10-17 00:12:55 -05:00
parent f358f49aa9
commit 850223a953
8621 changed files with 79808 additions and 7340 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
pkg/arbitrum/discovery/arbitrage.go
View File

@@ -8,6 +8,7 @@ import (
"time"
"github.com/ethereum/go-ethereum/common"
"github.com/fraktal/mev-beta/internal/logger"
exchangeMath "github.com/fraktal/mev-beta/pkg/math"
)

3
pkg/arbitrum/discovery/core.go
View File

@@ -11,9 +11,10 @@ import (
"github.com/ethereum/go-ethereum/common"
"github.com/ethereum/go-ethereum/crypto"
"github.com/ethereum/go-ethereum/ethclient"
"gopkg.in/yaml.v3"
"github.com/fraktal/mev-beta/internal/logger"
exchangeMath "github.com/fraktal/mev-beta/pkg/math"
"gopkg.in/yaml.v3"
)
// MarketDiscovery manages pool discovery and market building

43
pkg/arbitrum/discovery/pool_state.go
View File

@@ -3,12 +3,14 @@ package discovery
import (
"context"
"fmt"
"math"
"math/big"
"sync"
"time"
"github.com/ethereum/go-ethereum/common"
"github.com/ethereum/go-ethereum/ethclient"
"github.com/fraktal/mev-beta/internal/logger"
)
@@ -162,7 +164,12 @@ func (psm *PoolStateManager) updateUniswapV3PoolState(ctx context.Context, pool
volumeSeed = (volumeSeed << 8) | uint64(poolAddrBytes[(i+4)%len(poolAddrBytes)])
}
// Use big.Int to avoid overflow
volumeBig := big.NewInt(int64(volumeSeed))
var volumeBig *big.Int
if volumeSeed > math.MaxInt64 {
volumeBig = big.NewInt(math.MaxInt64)
} else {
volumeBig = big.NewInt(int64(volumeSeed))
}
volumeBig.Mod(volumeBig, big.NewInt(1000000000000000000)) // Mod by 1 ETH
volumeBig.Mul(volumeBig, big.NewInt(100)) // Scale to 100 ETH max
pool.Volume24h = volumeBig
@@ -202,7 +209,12 @@ func (psm *PoolStateManager) updateBalancerPoolState(ctx context.Context, pool *
volumeSeed = (volumeSeed << 8) | uint64(poolAddrBytes[(i*2)%len(poolAddrBytes)])
}
// Use big.Int to avoid overflow
volumeBig := big.NewInt(int64(volumeSeed))
var volumeBig *big.Int
if volumeSeed > math.MaxInt64 {
volumeBig = big.NewInt(math.MaxInt64)
} else {
volumeBig = big.NewInt(int64(volumeSeed))
}
volumeBig.Mod(volumeBig, big.NewInt(1000000000000000000)) // Mod by 1 ETH
volumeBig.Mul(volumeBig, big.NewInt(50)) // Scale to 50 ETH max
pool.Volume24h = volumeBig
@@ -225,8 +237,24 @@ func (psm *PoolStateManager) updateCurvePoolState(ctx context.Context, pool *Poo
addrModifier += uint64(poolAddrBytes[i])
}
reserve0.Mul(reserve0, big.NewInt(int64(addrModifier%1000000)))
reserve1.Mul(reserve1, big.NewInt(int64((addrModifier*2)%1000000)))
// Convert uint64 to int64 safely
modValue := addrModifier % 1000000
var reserveMultiplier *big.Int
if modValue > math.MaxInt64 {
reserveMultiplier = big.NewInt(math.MaxInt64)
} else {
reserveMultiplier = big.NewInt(int64(modValue))
}
reserve0.Mul(reserve0, reserveMultiplier)
// Convert uint64 to int64 safely for reserve multiplier
multiplierValue := (addrModifier * 2) % 1000000
var reserve1Multiplier *big.Int
if multiplierValue > math.MaxInt64 {
reserve1Multiplier = big.NewInt(math.MaxInt64)
} else {
reserve1Multiplier = big.NewInt(int64(multiplierValue))
}
reserve1.Mul(reserve1, reserve1Multiplier)
pool.Reserve0 = reserve0
pool.Reserve1 = reserve1
@@ -239,7 +267,12 @@ func (psm *PoolStateManager) updateCurvePoolState(ctx context.Context, pool *Poo
volumeSeed = (volumeSeed << 8) | uint64(poolAddrBytes[(i*3)%len(poolAddrBytes)])
}
// Use big.Int to avoid overflow
volumeBig := big.NewInt(int64(volumeSeed))
var volumeBig *big.Int
if volumeSeed > math.MaxInt64 {
volumeBig = big.NewInt(math.MaxInt64)
} else {
volumeBig = big.NewInt(int64(volumeSeed))
}
volumeBig.Mod(volumeBig, big.NewInt(1000000000000000000)) // Mod by 1 ETH
volumeBig.Mul(volumeBig, big.NewInt(20)) // Scale to 20 ETH max
pool.Volume24h = volumeBig