d-bis/proxmox
4
0
Fork 0
Code Issues 2 Pull Requests 13 Actions Packages Projects Releases Wiki Activity
Files
3f036df2a92dbc079ab2d9039197f32b0bb1233c
proxmox/scripts/lib/mev-protection.sh
defiQUG 4ebf2d7902
Some checks failed
Deploy to Phoenix / validate (push) Failing after 1s
Details
Deploy to Phoenix / deploy (push) Has been skipped
Details
Deploy to Phoenix / deploy-atomic-swap-dapp (push) Has been skipped
Details
Deploy to Phoenix / cloudflare (push) Has been skipped
Details
chore(repo): sync operator workspace (config, scripts, docs, multi-chain) 
Add optional Cosmos/Engine-X/act-runner templates, CWUSDC/EI-matrix tooling,
non-EVM route planner in multi-chain-execution (tests passing), token list and
extraction updates, and documentation (MetaMask matrix, GRU/CWUSDC packets).

Ignore institutional evidence tarballs/sha256 under reports/status.

Validated with: bash scripts/verify/run-all-validation.sh --skip-genesis

Co-authored-by: Cursor <cursoragent@cursor.com>
2026-05-11 16:25:08 -07:00

95 lines
2.6 KiB
Bash
Executable File
Raw Blame History

#!/usr/bin/env bash
# Shared protected-broadcast helpers for Engine X Mainnet actions.
#
# Source after scripts/lib/load-project-env.sh. Reads use the normal public RPC;
# sensitive writes should go through mev_cast_send so operators cannot
# accidentally broadcast quote-defense swaps through the public mempool.
mev_private_rpc_key() {
local key value
for key in ENGINE_X_PRIVATE_TX_RPC MEV_BLOCKER_RPC_URL FLASHBOTS_RPC_URL BLOXROUTE_RPC_URL BLINK_RPC_URL; do
value="${!key-}"
if [[ -n "${value}" ]]; then
printf '%s\n' "${key}"
return 0
fi
done
return 1
}
mev_has_private_rpc() {
mev_private_rpc_key >/dev/null 2>&1
}
mev_write_rpc_label() {
local key
if key="$(mev_private_rpc_key)"; then
case "${key}" in
ENGINE_X_PRIVATE_TX_RPC) printf '%s\n' "${ENGINE_X_PRIVATE_TX_RPC_LABEL:-engine-x-private-tx-rpc}" ;;
MEV_BLOCKER_RPC_URL) printf '%s\n' "mev-blocker" ;;
FLASHBOTS_RPC_URL) printf '%s\n' "flashbots" ;;
BLOXROUTE_RPC_URL) printf '%s\n' "bloxroute" ;;
BLINK_RPC_URL) printf '%s\n' "blink" ;;
*) printf '%s\n' "${key}" ;;
esac
return 0
fi
printf '%s\n' "public-mainnet-rpc"
}
mev_write_rpc_url() {
local key
if key="$(mev_private_rpc_key)"; then
printf '%s\n' "${!key}"
return 0
fi
if [[ "${ENGINE_X_MEV_PROTECTION:-1}" == "1" && "${ENGINE_X_ALLOW_PUBLIC_BROADCAST:-0}" != "1" ]]; then
return 1
fi
if [[ -z "${ETHEREUM_MAINNET_RPC:-}" ]]; then
return 1
fi
printf '%s\n' "${ETHEREUM_MAINNET_RPC}"
}
mev_require_private_for_action() {
local action="${1:-engine-x-sensitive-action}"
if [[ "${ENGINE_X_MEV_PROTECTION:-1}" != "1" ]]; then
echo "WARN: MEV protection disabled for ${action} (ENGINE_X_MEV_PROTECTION=0)." >&2
return 0
fi
if mev_has_private_rpc; then
return 0
fi
if [[ "${ENGINE_X_ALLOW_PUBLIC_BROADCAST:-0}" == "1" ]]; then
echo "WARN: public broadcast explicitly allowed for ${action} (ENGINE_X_ALLOW_PUBLIC_BROADCAST=1)." >&2
return 0
fi
cat >&2 <<EOF
MEV protected broadcast is required for ${action}, but no private/protected RPC is configured.
Set one of:
ENGINE_X_PRIVATE_TX_RPC
MEV_BLOCKER_RPC_URL
FLASHBOTS_RPC_URL
BLOXROUTE_RPC_URL
BLINK_RPC_URL
For an intentional public-mempool canary only, set ENGINE_X_ALLOW_PUBLIC_BROADCAST=1.
EOF
return 1
}
mev_cast_send() {
local target="${1:?target is required}"
shift
local rpc
if ! rpc="$(mev_write_rpc_url)"; then
echo "Unable to choose a write RPC; protected RPC required or ETHEREUM_MAINNET_RPC missing." >&2
return 1
fi
cast send "${target}" "$@" --private-key "${PRIVATE_KEY:?PRIVATE_KEY is required}" --rpc-url "${rpc}"
}
Reference in New Issue View Git Blame Copy Permalink