fix(multicall): resolve critical multicall parsing corruption issues

- Added comprehensive bounds checking to prevent buffer overruns in multicall parsing - Implemented graduated validation system (Strict/Moderate/Permissive) to reduce false positives - Added LRU caching system for address validation with 10-minute TTL - Enhanced ABI decoder with missing Universal Router and Arbitrum-specific DEX signatures - Fixed duplicate function declarations and import conflicts across multiple files - Added error recovery mechanisms with multiple fallback strategies - Updated tests to handle new validation behavior for suspicious addresses - Fixed parser test expectations for improved validation system - Applied gofmt formatting fixes to ensure code style compliance - Fixed mutex copying issues in monitoring package by introducing MetricsSnapshot - Resolved critical security vulnerabilities in heuristic address extraction - Progress: Updated TODO audit from 10% to 35% complete 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
2025-10-17 00:12:55 -05:00
parent f358f49aa9
commit 850223a953
8621 changed files with 79808 additions and 7340 deletions
--- a/reports/math/latest/report.json
+++ b/reports/math/latest/report.json
@@ -0,0 +1,184 @@
+{
+  "summary": {
+    "generated_at": "2025-10-07T12:37:58.164681749Z",
+    "total_vectors": 7,
+    "vectors_passed": 7,
+    "total_assertions": 7,
+    "assertions_passed": 7,
+    "property_checks": 4,
+    "property_succeeded": 4
+  },
+  "vectors": [
+    {
+      "name": "balancer_wbtc_usdc",
+      "description": "Simplified Balancer 50/50 weighted pool",
+      "exchange": "balancer",
+      "passed": true,
+      "tests": [
+        {
+          "name": "amount_out_0_001_wbtc",
+          "type": "amount_out",
+          "passed": true,
+          "delta_bps": 0,
+          "expected": "1",
+          "actual": "1",
+          "annotations": [
+            "tolerance 1.0000 bps"
+          ]
+        }
+      ]
+    },
+    {
+      "name": "camelot_algebra_weth_usdc",
+      "description": "Camelot/Algebra concentrated liquidity sample",
+      "exchange": "camelot",
+      "passed": true,
+      "tests": [
+        {
+          "name": "amount_out_0_1_weth",
+          "type": "amount_out",
+          "passed": true,
+          "delta_bps": 0,
+          "expected": "224831320273846572",
+          "actual": "224831320273846572",
+          "annotations": [
+            "tolerance 1.0000 bps"
+          ]
+        }
+      ]
+    },
+    {
+      "name": "curve_usdc_usdt",
+      "description": "Curve stable swap example with 0.04% fee",
+      "exchange": "curve",
+      "passed": true,
+      "tests": [
+        {
+          "name": "amount_out_1_usdc",
+          "type": "amount_out",
+          "passed": true,
+          "delta_bps": 0,
+          "expected": "999600",
+          "actual": "999600",
+          "annotations": [
+            "tolerance 1.0000 bps"
+          ]
+        }
+      ]
+    },
+    {
+      "name": "ramses_v3_weth_usdc",
+      "description": "Ramses V3 concentrated liquidity example",
+      "exchange": "ramses",
+      "passed": true,
+      "tests": [
+        {
+          "name": "amount_out_0_05_weth",
+          "type": "amount_out",
+          "passed": true,
+          "delta_bps": 0,
+          "expected": "0.099675155967375131",
+          "actual": "0.099675155967375131",
+          "annotations": [
+            "tolerance 1.0000 bps"
+          ]
+        }
+      ]
+    },
+    {
+      "name": "traderjoe_usdc_weth",
+      "description": "TraderJoe constant-product pool example mirroring Uniswap V2 math",
+      "exchange": "traderjoe",
+      "passed": true,
+      "tests": [
+        {
+          "name": "amount_out_3_weth",
+          "type": "amount_out",
+          "passed": true,
+          "delta_bps": 0,
+          "expected": "4469788577954173832583",
+          "actual": "4469788577954173832583",
+          "annotations": [
+            "tolerance 1.0000 bps"
+          ]
+        }
+      ]
+    },
+    {
+      "name": "uniswap_v2_usdc_weth",
+      "description": "Uniswap V2 style pool with 10k WETH against 20M USDC",
+      "exchange": "uniswap_v2",
+      "passed": true,
+      "tests": [
+        {
+          "name": "amount_out_5_weth",
+          "type": "amount_out",
+          "passed": true,
+          "delta_bps": 0,
+          "expected": "9871580343970612988504",
+          "actual": "9871580343970612988504",
+          "annotations": [
+            "tolerance 1.0000 bps"
+          ]
+        }
+      ]
+    },
+    {
+      "name": "uniswap_v3_weth_usdc",
+      "description": "Uniswap V3 style pool around price 1:1 for deterministic regression",
+      "exchange": "uniswap_v3",
+      "passed": true,
+      "tests": [
+        {
+          "name": "amount_out_0_1_weth",
+          "type": "amount_out",
+          "passed": true,
+          "delta_bps": 0,
+          "expected": "199360247566635212",
+          "actual": "199360247566635212",
+          "annotations": [
+            "tolerance 1.0000 bps"
+          ]
+        }
+      ]
+    }
+  ],
+  "property_checks": [
+    {
+      "name": "price_conversion_round_trip",
+      "type": "property",
+      "passed": true,
+      "delta_bps": 0,
+      "expected": "",
+      "actual": "",
+      "details": "all samples within 0.1% tolerance"
+    },
+    {
+      "name": "tick_conversion_round_trip",
+      "type": "property",
+      "passed": true,
+      "delta_bps": 0,
+      "expected": "",
+      "actual": "",
+      "details": "ticks round-trip within ±1"
+    },
+    {
+      "name": "price_monotonicity",
+      "type": "property",
+      "passed": true,
+      "delta_bps": 0,
+      "expected": "",
+      "actual": "",
+      "details": "higher ticks produced higher prices"
+    },
+    {
+      "name": "price_symmetry",
+      "type": "property",
+      "passed": true,
+      "delta_bps": 0,
+      "expected": "",
+      "actual": "",
+      "details": "price * inverse remained within 0.1%"
+    }
+  ]
+}
--- a/reports/math/latest/report.md
+++ b/reports/math/latest/report.md
@@ -0,0 +1,26 @@
+# Math Audit Report
+
+- Generated: 2025-10-07 12:37:58 UTC
+- Vectors: 7/7 passed
+- Assertions: 7/7 passed
+- Property checks: 4/4 passed
+
+## Vector Results
+
+| Vector | Exchange | Status | Notes |
+| --- | --- | --- | --- |
+| balancer_wbtc_usdc | balancer | ✅ PASS |  |
+| camelot_algebra_weth_usdc | camelot | ✅ PASS |  |
+| curve_usdc_usdt | curve | ✅ PASS |  |
+| ramses_v3_weth_usdc | ramses | ✅ PASS |  |
+| traderjoe_usdc_weth | traderjoe | ✅ PASS |  |
+| uniswap_v2_usdc_weth | uniswap_v2 | ✅ PASS |  |
+| uniswap_v3_weth_usdc | uniswap_v3 | ✅ PASS |  |
+
+## Property Checks
+
+- ✅ price_conversion_round_trip — all samples within 0.1% tolerance
+- ✅ tick_conversion_round_trip — ticks round-trip within ±1
+- ✅ price_monotonicity — higher ticks produced higher prices
+- ✅ price_symmetry — price * inverse remained within 0.1%
+