mev-beta/.claude/commands/security-audit.md

# Security Audit

Perform a comprehensive security audit of the MEV bot focusing on: $ARGUMENTS

## Security Audit Checklist:

### 1. **Code Security Analysis**
```bash
# Static security analysis
gosec ./...

# Dependency vulnerabilities
go list -json -m all | nancy sleuth

# Secret scanning
git-secrets --scan
```

### 2. **Input Validation Review**
- Transaction data parsing validation
- RPC response validation
- Configuration parameter validation
- Mathematical overflow/underflow checks
- Buffer overflow prevention

### 3. **Cryptographic Security**
- Private key handling and storage
- Signature verification processes
- Random number generation
- Hash function usage
- Encryption at rest and in transit

### 4. **Network Security**
- RPC endpoint authentication
- TLS/SSL configuration
- Rate limiting implementation
- DDoS protection mechanisms
- WebSocket connection security

### 5. **Runtime Security**
- Memory safety in Go code
- Goroutine safety and race conditions
- Resource exhaustion protection
- Error information disclosure
- Logging security (no sensitive data)

## Specific MEV Bot Security Areas:

### **Transaction Processing**
- Validate all transaction inputs
- Prevent transaction replay attacks  
- Secure handling of swap calculations
- Protection against malicious contract calls

### **Market Data Integrity**
- Price feed validation
- Oracle manipulation detection
- Historical data integrity
- Real-time data verification

### **Financial Security**
- Gas estimation accuracy
- Slippage protection
- Minimum profit validation
- MEV protection mechanisms

## Output Requirements:
- Detailed security findings report
- Risk assessment (Critical/High/Medium/Low)
- Remediation recommendations
- Implementation timeline for fixes
- Security testing procedures