copper-tone-tech/mev-beta
1
0
Fork 0
Code Issues Pull Requests 7 Actions Packages Projects Releases Wiki Activity
Files
v2-master-dev
mev-beta/scripts/audit.sh
Administrator 3505921207 feat: comprehensive audit infrastructure and Phase 1 refactoring 
This commit includes:

## Audit & Testing Infrastructure
- scripts/audit.sh: 12-section comprehensive codebase audit
- scripts/test.sh: 7 test types (unit, integration, race, bench, coverage, contracts, pkg)
- scripts/check-compliance.sh: SPEC.md compliance validation
- scripts/check-docs.sh: Documentation coverage checker
- scripts/dev.sh: Unified development script with all commands

## Documentation
- SPEC.md: Authoritative technical specification
- docs/AUDIT_AND_TESTING.md: Complete testing guide (600+ lines)
- docs/SCRIPTS_REFERENCE.md: All scripts documented (700+ lines)
- docs/README.md: Documentation index and navigation
- docs/DEVELOPMENT_SETUP.md: Environment setup guide
- docs/REFACTORING_PLAN.md: Systematic refactoring plan

## Phase 1 Refactoring (Critical Fixes)
- pkg/validation/helpers.go: Validation functions for addresses/amounts
- pkg/sequencer/selector_registry.go: Thread-safe selector registry
- pkg/sequencer/reader.go: Fixed race conditions with atomic metrics
- pkg/sequencer/swap_filter.go: Fixed race conditions, added error logging
- pkg/sequencer/decoder.go: Added address validation

## Changes Summary
- Fixed race conditions on 13 metric counters (atomic operations)
- Added validation at all ingress points
- Eliminated silent error handling
- Created selector registry for future ABI migration
- Reduced SPEC.md violations from 7 to 5

Build Status:  All packages compile
Compliance:  No race conditions, no silent failures
Documentation:  1,700+ lines across 5 comprehensive guides

🤖 Generated with Claude Code
Co-Authored-By: Claude <noreply@anthropic.com>
2025-11-11 07:17:13 +01:00

315 lines
9.6 KiB
Bash
Executable File
Raw Permalink Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
#!/bin/bash
# Comprehensive codebase audit script
# Checks code quality, security, and compliance with SPEC.md
set -e
PROJECT_ROOT="/docker/mev-beta"
cd "$PROJECT_ROOT" || exit 1
# Colors
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
BLUE='\033[0;34m'
CYAN='\033[0;36m'
NC='\033[0m'
info() { echo -e "${BLUE}${NC} $1"; }
success() { echo -e "${GREEN}${NC} $1"; }
warn() { echo -e "${YELLOW}${NC} $1"; }
error() { echo -e "${RED}${NC} $1"; }
section() { echo -e "\n${CYAN}━━━ $1 ━━━${NC}\n"; }
ISSUES_FOUND=0
# Function to report issue
report_issue() {
local severity=$1
local message=$2
ISSUES_FOUND=$((ISSUES_FOUND + 1))
case "$severity" in
critical)
error "[CRITICAL] $message"
;;
high)
error "[HIGH] $message"
;;
medium)
warn "[MEDIUM] $message"
;;
low)
warn "[LOW] $message"
;;
info)
info "[INFO] $message"
;;
esac
}
echo "🔍 MEV Bot Codebase Audit"
echo "=========================="
echo "Date: $(date)"
echo "Path: $PROJECT_ROOT"
echo ""
# 1. SPEC.md Compliance Check
section "1. SPEC.md Compliance"
info "Checking for SPEC.md violations..."
# Check for hardcoded function selectors
if grep -r "0x[0-9a-f]\{8\}" pkg/ --include="*.go" | grep -v "Address" | grep -v "test" | grep -q "selector"; then
report_issue "high" "Found hardcoded function selectors (SPEC.md violation: use ABI-based detection)"
grep -r "0x[0-9a-f]\{8\}" pkg/ --include="*.go" | grep "selector" | head -5
else
success "No hardcoded function selectors found"
fi
# Check for HTTP RPC usage in sequencer code
if grep -r "http://" pkg/sequencer/ --include="*.go" | grep -v "test" | grep -q "rpc"; then
report_issue "critical" "HTTP RPC usage in sequencer (SPEC.md violation: use sequencer feed only)"
grep -r "http://" pkg/sequencer/ --include="*.go" | head -3
else
success "No HTTP RPC in sequencer code"
fi
# Check for blocking operations in hot paths
if grep -r "time.Sleep" pkg/sequencer/ pkg/pools/ --include="*.go" | grep -v "test" | grep -q "."; then
report_issue "medium" "Found blocking Sleep operations in hot path"
grep -r "time.Sleep" pkg/sequencer/ pkg/pools/ --include="*.go" | head -3
else
success "No blocking Sleep operations in hot paths"
fi
# Check for manual ABI files
if find bindings/ -name "*.json" -type f | grep -v "_abi.json" | grep -q "."; then
warn "Found manual ABI files (should use Foundry-generated ABIs)"
find bindings/ -name "*.json" -type f | grep -v "_abi.json"
else
success "No manual ABI files found"
fi
# 2. Go Code Quality
section "2. Go Code Quality"
info "Running go vet..."
if podman exec mev-go-dev sh -c "cd /workspace && go vet ./pkg/... ./cmd/..." 2>&1 | grep -q "^"; then
report_issue "high" "go vet found issues"
podman exec mev-go-dev sh -c "cd /workspace && go vet ./pkg/... ./cmd/..." 2>&1 | head -10
else
success "go vet passed"
fi
info "Checking for TODO/FIXME comments..."
TODO_COUNT=$(grep -r "TODO\|FIXME" pkg/ cmd/ --include="*.go" | wc -l)
if [ "$TODO_COUNT" -gt 0 ]; then
warn "Found $TODO_COUNT TODO/FIXME comments"
grep -r "TODO\|FIXME" pkg/ cmd/ --include="*.go" | head -5
else
success "No TODO/FIXME comments"
fi
info "Checking for panics in production code..."
PANIC_COUNT=$(grep -r "panic(" pkg/ --include="*.go" | grep -v "_test.go" | wc -l)
if [ "$PANIC_COUNT" -gt 0 ]; then
report_issue "high" "Found $PANIC_COUNT panic() calls in production code"
grep -r "panic(" pkg/ --include="*.go" | grep -v "_test.go" | head -5
else
success "No panic() in production code"
fi
# 3. Security Audit
section "3. Security Audit"
info "Checking for potential security issues..."
# Check for hardcoded private keys
if grep -r "0x[0-9a-f]\{64\}" . --include="*.go" --include="*.env" | grep -i "private\|key" | grep -q "."; then
report_issue "critical" "Potential hardcoded private key found"
else
success "No hardcoded private keys detected"
fi
# Check for SQL injection risks (should not be any, but check anyway)
if grep -r "Query.*+\|Exec.*+" pkg/ --include="*.go" | grep -v "test" | grep -q "."; then
report_issue "high" "Potential SQL injection risk (string concatenation in queries)"
else
success "No SQL injection risks"
fi
# Check for command injection risks
if grep -r "exec.Command.*+\|os.System" pkg/ --include="*.go" | grep -v "test" | grep -q "."; then
report_issue "high" "Potential command injection risk"
else
success "No command injection risks"
fi
# Check for unsafe pointer usage
if grep -r "unsafe\." pkg/ --include="*.go" | grep -v "test" | grep -q "."; then
warn "Found unsafe package usage"
grep -r "unsafe\." pkg/ --include="*.go" | grep -v "test"
else
success "No unsafe package usage"
fi
# 4. Concurrency Safety
section "4. Concurrency Safety"
info "Checking for race condition risks..."
# Check for shared state without locks
if grep -r "var.*=.*make(map\|var.*\[\]" pkg/ --include="*.go" | grep -v "test" | grep -v "const" | grep -q "."; then
warn "Found package-level maps/slices (potential race condition)"
info "Verify these are protected by sync.Mutex or sync.RWMutex"
fi
# Check for mutex usage
MUTEX_COUNT=$(grep -r "sync.Mutex\|sync.RWMutex" pkg/ --include="*.go" | grep -v "test" | wc -l)
info "Found $MUTEX_COUNT mutex declarations"
# Check for channel usage
CHAN_COUNT=$(grep -r "make(chan\|chan " pkg/ --include="*.go" | grep -v "test" | wc -l)
info "Found $CHAN_COUNT channel declarations"
if [ "$CHAN_COUNT" -lt 5 ]; then
report_issue "medium" "Low channel usage (SPEC.md requires channel-based architecture)"
fi
# 5. Error Handling
section "5. Error Handling"
info "Checking error handling patterns..."
# Check for ignored errors
IGNORED_ERRORS=$(grep -r "_ =" pkg/ --include="*.go" | grep -v "test" | grep "err" | wc -l)
if [ "$IGNORED_ERRORS" -gt 0 ]; then
warn "Found $IGNORED_ERRORS potentially ignored errors"
grep -r "_ =" pkg/ --include="*.go" | grep -v "test" | grep "err" | head -5
else
success "No ignored errors found"
fi
# Check for proper error wrapping
if ! grep -r "fmt.Errorf.*%w" pkg/ --include="*.go" | grep -q "."; then
warn "Limited use of error wrapping (consider using %w for error context)"
fi
# 6. Documentation
section "6. Documentation"
info "Checking documentation coverage..."
# Count exported functions without comments
EXPORTED_FUNCS=$(grep -r "^func [A-Z]" pkg/ --include="*.go" | grep -v "test" | wc -l)
DOCUMENTED_FUNCS=$(grep -rB1 "^func [A-Z]" pkg/ --include="*.go" | grep "^//" | wc -l)
DOC_COVERAGE=$((DOCUMENTED_FUNCS * 100 / (EXPORTED_FUNCS + 1)))
info "Documentation coverage: $DOC_COVERAGE% ($DOCUMENTED_FUNCS/$EXPORTED_FUNCS)"
if [ "$DOC_COVERAGE" -lt 80 ]; then
warn "Documentation coverage below 80%"
else
success "Good documentation coverage"
fi
# 7. Test Coverage
section "7. Test Coverage"
info "Checking test coverage..."
TEST_FILES=$(find pkg/ -name "*_test.go" | wc -l)
GO_FILES=$(find pkg/ -name "*.go" | grep -v "_test.go" | wc -l)
TEST_RATIO=$((TEST_FILES * 100 / (GO_FILES + 1)))
info "Test file ratio: $TEST_RATIO% ($TEST_FILES test files for $GO_FILES source files)"
if [ "$TEST_RATIO" -lt 50 ]; then
warn "Test coverage may be low (< 50% test files)"
fi
# 8. Dependencies
section "8. Dependency Audit"
info "Checking for outdated dependencies..."
if [ -f "go.mod" ]; then
podman exec mev-go-dev sh -c "cd /workspace && go list -u -m all 2>/dev/null | grep '\[' || echo 'All dependencies up to date'"
fi
# 9. Contract Bindings
section "9. Contract Bindings"
info "Verifying contract bindings..."
BINDING_COUNT=$(find bindings/ -name "*.go" -type f | wc -l)
info "Found $BINDING_COUNT generated binding files"
if [ "$BINDING_COUNT" -lt 2 ]; then
report_issue "high" "Very few contract bindings (expected UniswapV2, UniswapV3, etc.)"
fi
# Check bindings are used
for binding_pkg in uniswap_v2 uniswap_v3; do
if grep -r "\".*bindings/$binding_pkg\"" pkg/ --include="*.go" | grep -q "."; then
success "Bindings package $binding_pkg is used"
else
warn "Bindings package $binding_pkg may not be used"
fi
done
# 10. Build & Compile Check
section "10. Build Verification"
info "Verifying code compiles..."
if podman exec mev-go-dev sh -c "cd /workspace && go build ./..." 2>&1 | grep -q "error"; then
report_issue "critical" "Code does not compile"
podman exec mev-go-dev sh -c "cd /workspace && go build ./..." 2>&1 | grep "error" | head -10
else
success "Code compiles successfully"
fi
# 11. File Organization
section "11. File Organization"
info "Checking file organization..."
# Check for large files
LARGE_FILES=$(find pkg/ -name "*.go" -type f -size +1000k)
if [ -n "$LARGE_FILES" ]; then
warn "Found large files (>1MB) - consider splitting:"
echo "$LARGE_FILES"
fi
# Check for deeply nested packages
DEEP_PACKAGES=$(find pkg/ -type d -printf '%d %p\n' | awk '$1 > 5 {print $2}')
if [ -n "$DEEP_PACKAGES" ]; then
warn "Found deeply nested packages (>5 levels):"
echo "$DEEP_PACKAGES"
fi
# 12. Git Status
section "12. Git Status"
info "Checking uncommitted changes..."
UNCOMMITTED=$(git status --porcelain | wc -l)
if [ "$UNCOMMITTED" -gt 0 ]; then
warn "Found $UNCOMMITTED uncommitted changes"
git status --short | head -10
else
success "No uncommitted changes"
fi
# Summary
section "Audit Summary"
if [ "$ISSUES_FOUND" -eq 0 ]; then
success "✅ Audit complete - No issues found!"
exit 0
else
warn "⚠️ Audit complete - Found $ISSUES_FOUND potential issues"
echo ""
echo "Review the issues above and address critical/high severity items."
exit 1
fi
Reference in New Issue View Git Blame Copy Permalink