mev-beta/.claude/commands/security-audit.md

Security Audit

Perform a comprehensive security audit of the MEV bot focusing on: $ARGUMENTS

Security Audit Checklist:

1. Code Security Analysis

# Static security analysis
gosec ./...

# Dependency vulnerabilities
go list -json -m all | nancy sleuth

# Secret scanning
git-secrets --scan

2. Input Validation Review

• Transaction data parsing validation
• RPC response validation
• Configuration parameter validation
• Mathematical overflow/underflow checks
• Buffer overflow prevention

3. Cryptographic Security

• Private key handling and storage
• Signature verification processes
• Random number generation
• Hash function usage
• Encryption at rest and in transit

4. Network Security

• RPC endpoint authentication
• TLS/SSL configuration
• Rate limiting implementation
• DDoS protection mechanisms
• WebSocket connection security

5. Runtime Security

• Memory safety in Go code
• Goroutine safety and race conditions
• Resource exhaustion protection
• Error information disclosure
• Logging security (no sensitive data)

Specific MEV Bot Security Areas:

Transaction Processing

• Validate all transaction inputs
• Prevent transaction replay attacks
• Secure handling of swap calculations
• Protection against malicious contract calls

Market Data Integrity

• Price feed validation
• Oracle manipulation detection
• Historical data integrity
• Real-time data verification

Financial Security

• Gas estimation accuracy
• Slippage protection
• Minimum profit validation
• MEV protection mechanisms

Output Requirements:

• Detailed security findings report
• Risk assessment (Critical/High/Medium/Low)
• Remediation recommendations
• Implementation timeline for fixes
• Security testing procedures