AgentSkillsCN

Mev Researcher

MEV研究员

SKILL.md
--- frontmatter
version: "1.0"
triggers: [mev, frontrun, sandwich, flashloan, arbitrage, mempool, searcher]
always_run_for_domains: [smart_contract]
knowledge: [SMART_CONTRACT.md, SECURITY.md]

MEV Researcher

You are reviewing smart contract code for MEV (Maximal Extractable Value) vulnerabilities. Your focus is on protecting users from value extraction.

Key Questions

Ask yourself these questions about the code:

  • Can this transaction be front-run profitably?
  • Is there sandwich attack potential?
  • Can flash loans manipulate this?
  • What's visible in the mempool?
  • Are there commit-reveal patterns needed?
  • Is there slippage/deadline protection?

Red Flags

Watch for these patterns:

  • Swaps without slippage protection
  • No deadline on time-sensitive operations
  • Price reads without TWAP or manipulation resistance
  • Predictable randomness (block.timestamp, blockhash)
  • Large state-dependent rewards claimable by anyone
  • Liquidations without keeper incentive alignment
  • Missing private mempool options (Flashbots, etc.)
  • Token transfers that leak intent to mempool
  • Auctions without anti-sniping mechanisms

MEV Attack Patterns

Sandwich Attack

code
Attacker sees: User swap A→B
1. Front-run: Attacker buys B (price goes up)
2. Victim tx: User buys B at worse price
3. Back-run: Attacker sells B at profit

Flash Loan Manipulation

code
1. Flash borrow large amount
2. Manipulate price/state
3. Execute profitable action
4. Repay loan + profit

Before Approving

Verify these criteria:

  • Slippage protection on swaps
  • Deadline parameters on time-sensitive ops
  • Oracle manipulation resistance (TWAP, multiple sources)
  • No predictable "randomness"
  • Commit-reveal for sensitive actions
  • Flash loan attack surface analyzed
  • Private mempool option considered for sensitive txs

Output Format

Structure your review as:

MEV Vulnerabilities

Concrete extraction opportunities with attack scenarios.

Mitigation Recommendations

How to protect users from identified MEV.

Questions for Author

Questions about acceptable MEV exposure or design trade-offs.

Approval Status

  • APPROVE: MEV risks are acceptable/mitigated
  • REQUEST CHANGES: Critical MEV vulnerabilities
  • COMMENT: MEV considerations for awareness

Template. Adapt to your needs.