d-bis/proxmox
4
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
b7eebb87b33ea4af3efe689c5a0469df4a134313
proxmox/docs/04-configuration/MEV_EXECUTION_VALUE_SOURCES_AND_READINESS.md
defiQUG 0c58ccaf6c Add MEV post-deploy config patch helper
2026-04-13 15:59:41 -07:00

7.3 KiB
Raw Blame History

MEV Execution Value Sources And Readiness

Last Updated: 2026-04-13
Purpose: Identify every execution-critical MEV value, where it is supposed to come from, what this repo currently knows, and what is still missing before live bundle submission can be enabled.

This document is intentionally strict. It separates:

  • values that are already authoritative in repo docs or config
  • values that must come from a secret store or runtime env
  • values that must come from an actual on-chain deployment and therefore cannot be guessed

Use the verifier before promoting or committing execution-related config:

bash scripts/verify/check-mev-execution-readiness.sh \
  --config MEV_Bot/mev-platform/config.toml \
  --env-file config/mev-platform/mev-platform-backend-ct.env.example \
  --rpc-url https://eth.llamarpc.com

To compare local expectations with the live public admin API:

MEV_API_KEY='...'
bash scripts/verify/check-mev-execution-readiness.sh \
  --config MEV_Bot/mev-platform/config.toml \
  --env-file config/mev-platform/mev-platform-backend-ct.env.example \
  --base https://mev.defi-oracle.io \
  --api-key "$MEV_API_KEY"

What is already known

Value Source Current state
Public GUI URL MEV_CONTROL_DEFI_ORACLE_IO_DEPLOYMENT.md https://mev.defi-oracle.io
Backend CT IP MEV_CONTROL_LAN_BRINGUP_CHECKLIST.md 192.168.11.223
Admin API port config/mev-platform/mev-platform-backend-ct.env.example 9090
Supervisor port config/mev-platform/mev-platform-backend-ct.env.example 9091
Relay URL MEV_Bot/mev-platform/config.toml https://relay.flashbots.net
Mainnet factory addresses MEV_Bot/mev-platform/config.toml Uniswap V2 and Sushi factory addresses are present
Current safety truth Public /api/safety/signer Live endpoint reports the active blocker set

Execution-critical values

Value Where it should come from Needed for Current repo state
MEV_EXECUTOR_PRIVATE_KEY Runtime secret env only; never commit Signing real bundle txs Missing from repo examples except commented placeholder
MEV_SUBMIT_DISABLED Runtime env Guardrail for shadow vs live submission Present and intentionally set to 1 in examples
chains.<id>.execution.executor_contract Real deployed contract address executeArbitrage(...) destination Still zero address in checked-in config
chains.<id>.execution.flash_loan_provider Real deployed venue/provider address Arbitrage executor input Still zero address in checked-in config
chains.<id>.execution.relay_url Config / operator choice Relay submission target Present in config
chains.<id>.factories[].router for uniswap_v2 / sushiswap Authoritative DEX router addresses for the chain Router-based swap-step encoding Missing in checked-in config
owner() on executor contract On-chain contract state Must match signer EOA Only checkable after real deploy
pendingOwner() on executor contract On-chain contract state Must be zero before live execution Only checkable after real deploy
paused() on executor contract On-chain contract state Must be false before live execution Only checkable after real deploy

What the current live API confirms

As of the current public deployment, the live signer readiness endpoint reports:

  • MEV_EXECUTOR_PRIVATE_KEY is not configured
  • submit_disabled is enabled
  • chain 1: router missing for dex uniswap_v2
  • chain 1: router missing for dex sushiswap
  • chain 1: executor_contract is zero address
  • chain 1: flash_loan_provider is zero address

That means the code path is present, but the deployment inputs for real execution are not.

Values that must not be guessed

These must come from a controlled operator source, secret manager, or an actual deployment result:

  • MEV_EXECUTOR_PRIVATE_KEY
  • chains.<id>.execution.executor_contract
  • chains.<id>.execution.flash_loan_provider

The repo currently does not contain authoritative values for them. If they are to be committed into non-secret config, they must first exist as real deployment outputs.

Values that still need operator selection

These may be public addresses, but they still need to be selected intentionally for the exact chain and venue plan:

  • chains.<id>.factories[].router for each V2-style DEX used by execution
  • any non-default relay endpoint if Flashbots is not the intended submission path

They should not be filled by assumption if the deployment target is expected to be canonical and auditable.

Recommended source order

  1. Runtime secret store or backend CT env for MEV_EXECUTOR_PRIVATE_KEY.
  2. Actual deployment output from the MEV contracts deployment process for executor_contract.
  3. Actual deployment output or operator-selected venue address for flash_loan_provider.
  4. Canonical chain venue inventory for router addresses, then validate through the readiness script and live /api/safety/signer.

Auditable deployment capture

The repo now includes a deployment helper that uses the existing Foundry script and captures the resulting addresses into a JSON artifact instead of relying on manual copy/paste:

bash scripts/deployment/deploy-mev-execution-contracts.sh --dry-run \
  --rpc-url "$RPC_URL" \
  --flash-loan-provider 0x...

When you are ready to broadcast:

PRIVATE_KEY=0x... \
bash scripts/deployment/deploy-mev-execution-contracts.sh \
  --rpc-url "$RPC_URL" \
  --flash-loan-provider 0x... \
  --treasury 0x...

This produces a JSON artifact under reports/status/ and prints the exact non-secret config values to update next.

The helper also records the deployed executor's on-chain:

  • owner()
  • pendingOwner()
  • paused()
  • flashLoanProvider()
  • treasury()

so you have an auditable deployment record instead of stdout-only notes.

Cutover-ready config patching

Once the contracts are actually broadcast, use the artifact to patch the MEV config deterministically instead of editing TOML by hand:

bash scripts/deployment/apply-mev-execution-config-from-artifact.sh \
  --artifact reports/status/mev_execution_deploy_YYYYMMDD_HHMMSS.json \
  --config MEV_Bot/mev-platform/config.toml \
  --uniswap-v2-router 0x... \
  --sushiswap-router 0x...

That runs in dry-run mode by default and prints a unified diff. Add --apply when the diff is correct.

This patch step updates:

  • chains.<id>.execution.executor_contract
  • chains.<id>.execution.flash_loan_provider
  • chains.<id>.factories[].router for uniswap_v2
  • chains.<id>.factories[].router for sushiswap
  • optional relay_url if --relay-url is supplied

Commit policy

Safe to commit:

  • non-secret config schema changes
  • docs that list required values and readiness checks
  • verification scripts
  • non-secret deployed contract addresses only after they are real and validated

Not safe to commit:

  • MEV_EXECUTOR_PRIVATE_KEY
  • ad hoc guessed addresses
  • config values copied from memory without an auditable source
Reference in New Issue View Git Blame Copy Permalink