copper-tone-tech/mev-beta
1
0
Fork 0
Code Issues Pull Requests 7 Actions Packages Projects Releases Wiki Activity
Files
3095163a956f21e19a843991ec6e9c3897f1068e
mev-beta/docs/CI_CD_AUDIT_INTEGRATION.md
Krypto Kajun c7142ef671 fix(critical): fix empty token graph + aggressive settings for 24h execution 
CRITICAL BUG FIX:
- MultiHopScanner.updateTokenGraph() was EMPTY - adding no pools!
- Result: Token graph had 0 pools, found 0 arbitrage paths
- All opportunities showed estimatedProfitETH: 0.000000

FIX APPLIED:
- Populated token graph with 8 high-liquidity Arbitrum pools:
  * WETH/USDC (0.05% and 0.3% fees)
  * USDC/USDC.e (0.01% - common arbitrage)
  * ARB/USDC, WETH/ARB, WETH/USDT
  * WBTC/WETH, LINK/WETH
- These are REAL verified pool addresses with high volume

AGGRESSIVE THRESHOLD CHANGES:
- Min profit: 0.0001 ETH → 0.00001 ETH (10x lower, ~$0.02)
- Min ROI: 0.05% → 0.01% (5x lower)
- Gas multiplier: 5x → 1.5x (3.3x lower safety margin)
- Max slippage: 3% → 5% (67% higher tolerance)
- Max paths: 100 → 200 (more thorough scanning)
- Cache expiry: 2min → 30sec (fresher opportunities)

EXPECTED RESULTS (24h):
- 20-50 opportunities with profit > $0.02 (was 0)
- 5-15 execution attempts (was 0)
- 1-2 successful executions (was 0)
- $0.02-$0.20 net profit (was $0)

WARNING: Aggressive settings may result in some losses
Monitor closely for first 6 hours and adjust if needed

Target: First profitable execution within 24 hours

🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
2025-10-29 04:18:27 -05:00

392 lines
9.3 KiB
Markdown
Raw Blame History

# CI/CD and Audit Integration Guide
**Date**: October 28, 2025
**Status**: Production Ready
## Overview
This document describes the integrated CI/CD and auditing system for the MEV Bot project, combining:
- **Go Application CI/CD** (`harness/local-ci-pipeline.sh`) - Tests, linting, security scanning for Go code
- **Solidity Contract Auditing** (`harness/solidity-audit-pipeline.sh`) - Smart contract security analysis
- **Comprehensive Documentation** (`docs/solidity_audit_bundle.md`) - 100-point audit specifications
## Quick Start
### Run Complete CI/CD Pipeline
```bash
# Full pipeline (Go + Solidity)
./harness/local-ci-pipeline.sh
# Go tests only (fast)
HARNESS_SKIP_DOCKER=true HARNESS_SKIP_MATH_AUDIT=true ./harness/local-ci-pipeline.sh
# Solidity audit only
./harness/solidity-audit-pipeline.sh
```
### Environment Variables
```bash
# Go CI/CD Pipeline
export HARNESS_SKIP_DOCKER=true # Skip Docker build
export HARNESS_SKIP_MATH_AUDIT=true # Skip math precision tests
export HARNESS_SKIP_SECURITY=true # Skip security scans
export HARNESS_PARALLEL_JOBS=4 # Parallel test jobs
# Solidity Audit Pipeline
export HARNESS_SKIP_FOUNDRY=true # Skip Foundry tests
export HARNESS_SKIP_SLITHER=true # Skip Slither analysis
export HARNESS_SKIP_MYTHRIL=true # Skip Mythril symbolic execution
export HARNESS_VERBOSE=true # Verbose output
```
## Architecture
### 1. Go Application CI/CD (`harness/local-ci-pipeline.sh`)
**Purpose**: Continuous integration for Go codebase
**Steps**:
1. **Requirements Check** - Verify Go, git, container runtime
2. **Go Build** - Build binary with CGO support
3. **Unit Tests** - Run all Go tests with race detector
4. **Integration Tests** - Test contract interactions
5. **Linting** - golangci-lint, gofmt checks
6. **Security Scanning** - gosec, govulncheck
7. **Math Auditing** - Precision verification for arbitrage calculations
8. **Docker Build** - Container image creation
9. **Report Generation** - Consolidated pipeline results
**Usage**:
```bash
# Run complete pipeline
./harness/local-ci-pipeline.sh
# Quick CI (skip slow steps)
HARNESS_SKIP_DOCKER=true \\
HARNESS_SKIP_MATH_AUDIT=true \\
HARNESS_SKIP_SECURITY=true \\
./harness/local-ci-pipeline.sh
```
**Output**:
- Logs: `harness/logs/*.log`
- Reports: `harness/reports/pipeline-report.md`
- Test Coverage: `harness/reports/coverage/coverage.html`
### 2. Solidity Contract Auditing (`harness/solidity-audit-pipeline.sh`)
**Purpose**: Security analysis of smart contracts
**Tools Used**:
- **Foundry (forge)** - Gas analysis and testing
- **Slither** - Static analysis (Trail of Bits)
- **Mythril** - Symbolic execution security scanner
**Contracts Audited**:
- `contracts/ProductionArbitrageExecutor.sol` - Main arbitrage executor
- `contracts/balancer/FlashLoanReceiver.sol` - Flash loan integration
- `tests/contracts/ArbitrageTest.sol` - Test contracts
**Usage**:
```bash
# Run complete audit
./harness/solidity-audit-pipeline.sh
# Run specific tools
HARNESS_SKIP_SLITHER=true \\
HARNESS_SKIP_MYTHRIL=true \\
./harness/solidity-audit-pipeline.sh # Foundry only
```
**Output**:
- Logs: `harness/logs/solidity/*.log`
- Reports: `harness/reports/solidity/`
- `audit-summary.md` - Consolidated audit report
- `forge-gas.json` - Gas analysis
- `slither.json` - Static analysis results
- `mythril-*.json` - Symbolic execution results
### 3. 100-Point Audit System (`docs/solidity_audit_bundle.md`)
**Purpose**: Comprehensive scoring rubric for production readiness
**Categories** (100 points total):
- A. Architecture & Design (10 pts)
- B. Security Vulnerability Analysis (25 pts)
- C. Gas & Performance Optimization (20 pts)
- D. Testing & Coverage (15 pts)
- E. Tool-Based Analysis (20 pts)
- F. Documentation & Clarity (5 pts)
- G. CI/CD & Automation (5 pts)
- H. Foundry + Hardhat Parity (5 pts)
- I. Code Quality & Readability (5 pts)
- J. Protocol-Specific Checks (10 pts)
- K. Deployment & Production Readiness (10 pts)
**Scoring**:
```bash
# Generate audit score
python3 scripts/score_audit.py \\
--input harness/reports/solidity/merged.json \\
--out audit-score.md \\
--json audit-score.json
```
## Integration with GitHub Actions
The CI/CD system integrates with GitHub Actions via `.github/workflows/ci.yml`:
```yaml
name: CI Pipeline
on: [push, pull_request]
jobs:
go-ci:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Set up Go
uses: actions/setup-go@v4
with:
go-version: '1.25'
- name: Run Go CI Pipeline
run: |
HARNESS_SKIP_DOCKER=true \\
HARNESS_SKIP_MATH_AUDIT=true \\
./harness/local-ci-pipeline.sh
solidity-audit:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Install Foundry
uses: foundry-rs/foundry-toolchain@v1
- name: Run Solidity Audit
run: ./harness/solidity-audit-pipeline.sh
```
## Docker-Based Execution
Both pipelines support Docker/Podman for reproducible builds:
```bash
# Using Docker
export HARNESS_RUNTIME=docker
./harness/local-ci-pipeline.sh
# Using Podman
export HARNESS_RUNTIME=podman
./harness/solidity-audit-pipeline.sh
```
## Local Development Workflow
### Pre-Commit Checks
```bash
# Fast pre-commit (< 30 seconds)
./scripts/ci-quick.sh
# Full pre-commit with security
./scripts/ci-precommit.sh
```
### Continuous Development
```bash
# Watch mode for continuous testing
./scripts/ci-watch.sh
# Development server with auto-rebuild
./scripts/ci-dev.sh
```
### Pre-Production Checklist
```bash
# 1. Run complete Go CI/CD
./harness/local-ci-pipeline.sh
# 2. Run Solidity audit
./harness/solidity-audit-pipeline.sh
# 3. Check math precision
./bin/math-audit validate
./bin/math-audit audit
# 4. Review audit reports
cat harness/reports/pipeline-report.md
cat harness/reports/solidity/audit-summary.md
# 5. Generate deployment artifacts
make build-production
docker build -t mev-bot:latest .
```
## Monitoring and Reporting
### Log Analysis
```bash
# View pipeline logs
tail -f harness/logs/*.log
# Check for errors
grep -r "ERROR\\|FAIL" harness/logs/
# Solidity audit logs
tail -f harness/logs/solidity/*.log
```
### Report Generation
```bash
# Generate consolidated report
cat harness/reports/pipeline-report.md
# View test coverage
open harness/reports/coverage/coverage.html
# Solidity audit summary
cat harness/reports/solidity/audit-summary.md
```
### Metrics Tracking
```bash
# Test pass rate
grep "PASS\\|FAIL" harness/logs/go-test.log | awk '{print $1}' | sort | uniq -c
# Security issues found
jq '.results | length' harness/reports/solidity/slither.json
# Gas consumption
jq '.tests | map(.gas) | add' harness/reports/solidity/forge-gas.json
```
## Troubleshooting
### Common Issues
**1. Docker/Podman not found**
```bash
# Install Docker
curl -fsSL https://get.docker.com | sh
# Or use Podman
sudo apt install podman
```
**2. Go version mismatch**
```bash
# Check version
go version
# Upgrade to 1.25+
sudo rm -rf /usr/local/go
wget https://go.dev/dl/go1.25.0.linux-amd64.tar.gz
sudo tar -C /usr/local -xzf go1.25.0.linux-amd64.tar.gz
```
**3. Foundry not installed**
```bash
# Install Foundry
curl -L https://foundry.paradigm.xyz | bash
foundryup
```
**4. Slither/Mythril failures**
```bash
# Use Docker images instead of local installation
export HARNESS_RUNTIME=docker
./harness/solidity-audit-pipeline.sh
```
### Performance Optimization
**Parallel Execution**
```bash
# Increase parallel test jobs
export HARNESS_PARALLEL_JOBS=8
./harness/local-ci-pipeline.sh
```
**Caching**
```bash
# Use Go build cache
export GOCACHE=/tmp/go-cache
export GOMODCACHE=/tmp/go-mod-cache
```
**Skip Slow Steps**
```bash
# Development mode (fast)
HARNESS_SKIP_DOCKER=true \\
HARNESS_SKIP_SECURITY=true \\
HARNESS_SKIP_MATH_AUDIT=true \\
./harness/local-ci-pipeline.sh
```
## Production Deployment
### Final Checklist
- [ ] All Go tests passing (`./harness/local-ci-pipeline.sh`)
- [ ] No critical security issues (`gosec`, `govulncheck`)
- [ ] Solidity contracts audited (`./harness/solidity-audit-pipeline.sh`)
- [ ] No high/critical Slither findings
- [ ] Math precision verified (`./bin/math-audit audit`)
- [ ] Docker image builds successfully
- [ ] Documentation updated
- [ ] Audit score ≥ 80/100
### Deployment Commands
```bash
# 1. Tag release
git tag -a v1.0.0 -m "Production release"
git push origin v1.0.0
# 2. Build production binary
make build-production
# 3. Build Docker image
docker build -t mev-bot:v1.0.0 .
docker tag mev-bot:v1.0.0 mev-bot:latest
# 4. Push to registry
docker push mev-bot:v1.0.0
docker push mev-bot:latest
# 5. Deploy to production
kubectl apply -f k8s/production/
```
## References
- [Go CI/CD Pipeline](../harness/local-ci-pipeline.sh)
- [Solidity Audit Pipeline](../harness/solidity-audit-pipeline.sh)
- [Audit Bundle Specifications](../docs/solidity_audit_bundle.md)
- [GitHub Actions Workflows](../.github/workflows/)
- [Foundry Documentation](https://book.getfoundry.sh/)
- [Slither Security Scanner](https://github.com/crytic/slither)
- [Mythril Symbolic Execution](https://github.com/ConsenSys/mythril)
## Support
For issues or questions:
- Create an issue in the repository
- Review logs in `harness/logs/`
- Check reports in `harness/reports/`
- Consult the audit bundle documentation
---
**Last Updated**: October 28, 2025
**Version**: 1.0.0
**Status**: Production Ready ✅
Reference in New Issue View Git Blame Copy Permalink