fix(multicall): resolve critical multicall parsing corruption issues

- Added comprehensive bounds checking to prevent buffer overruns in multicall parsing
- Implemented graduated validation system (Strict/Moderate/Permissive) to reduce false positives
- Added LRU caching system for address validation with 10-minute TTL
- Enhanced ABI decoder with missing Universal Router and Arbitrum-specific DEX signatures
- Fixed duplicate function declarations and import conflicts across multiple files
- Added error recovery mechanisms with multiple fallback strategies
- Updated tests to handle new validation behavior for suspicious addresses
- Fixed parser test expectations for improved validation system
- Applied gofmt formatting fixes to ensure code style compliance
- Fixed mutex copying issues in monitoring package by introducing MetricsSnapshot
- Resolved critical security vulnerabilities in heuristic address extraction
- Progress: Updated TODO audit from 10% to 35% complete

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>

tools/security-audit/go.mod

@@ -0,0 +1,7 @@
+module github.com/fraktal/mev-beta/tools/security-audit
+
+go 1.24
+
+replace github.com/fraktal/mev-beta => ../../
+
+require github.com/fraktal/mev-beta v0.0.0-00010101000000-000000000000

tools/security-audit/main.go

@@ -0,0 +1,67 @@
+package main
+
+import (
+	"context"
+	"flag"
+	"fmt"
+	"log"
+	"os"
+	"time"
+
+	"github.com/fraktal/mev-beta/tools/security-audit/internal"
+)
+
+func main() {
+	var (
+		scanType        = flag.String("scan", "all", "Scan type: code, dependencies, secrets, permissions, network, all")
+		outputDir       = flag.String("output", "reports/security", "Output directory")
+		verbose         = flag.Bool("verbose", false, "Enable verbose output")
+		deepScan        = flag.Bool("deep", false, "Perform deep security analysis")
+		includeTests    = flag.Bool("include-tests", false, "Include test files in security scan")
+		riskThreshold   = flag.String("risk-threshold", "medium", "Risk threshold: low, medium, high, critical")
+		reportFormat    = flag.String("format", "json", "Report format: json, sarif, txt")
+		timeout         = flag.Duration("timeout", 10*time.Minute, "Timeout for security operations")
+		baseline        = flag.String("baseline", "", "Baseline security report for comparison")
+		remediationMode = flag.Bool("remediation", false, "Include remediation suggestions")
+		complianceCheck = flag.Bool("compliance", false, "Include compliance checks")
+	)
+	flag.Parse()
+
+	// Create output directory
+	if err := os.MkdirAll(*outputDir, 0755); err != nil {
+		log.Fatalf("Failed to create output directory: %v", err)
+	}
+
+	// Initialize security auditor
+	auditor, err := internal.NewSecurityAuditor(&internal.SecurityAuditConfig{
+		ScanType:        *scanType,
+		OutputDir:       *outputDir,
+		Verbose:         *verbose,
+		DeepScan:        *deepScan,
+		IncludeTests:    *includeTests,
+		RiskThreshold:   *riskThreshold,
+		ReportFormat:    *reportFormat,
+		Timeout:         *timeout,
+		Baseline:        *baseline,
+		RemediationMode: *remediationMode,
+		ComplianceCheck: *complianceCheck,
+	})
+	if err != nil {
+		log.Fatalf("Failed to initialize security auditor: %v", err)
+	}
+
+	ctx := context.Background()
+	ctx, cancel := context.WithTimeout(ctx, *timeout)
+	defer cancel()
+
+	fmt.Printf("Starting security audit: %s scan...\n", *scanType)
+	if err := auditor.RunSecurityAudit(ctx); err != nil {
+		log.Fatalf("Security audit failed: %v", err)
+	}
+
+	if err := auditor.GenerateReport(); err != nil {
+		log.Fatalf("Report generation failed: %v", err)
+	}
+
+	fmt.Printf("Security audit complete. Reports saved to: %s\n", *outputDir)
+}