Universal Crypto MCP

CODEBASE_TODOS.md•25.3 KiB

# Codebase Audit: TODOs, FIXMEs, and Incomplete Code **Audit Date:** January 31, 2026 **Audited By:** Claude Opus 4.5 **Total Findings:** 250+ actionable items --- ## Executive Summary This audit identifies all TODO, FIXME, HACK, and incomplete code comments across the universal-crypto-mcp codebase. Findings are categorized by priority and area. ### Quick Stats | Category | Count | Priority | |----------|-------|----------| | High Priority TODOs | 9 | 🔴 Critical | | Medium Priority TODOs | 50+ | 🟡 Important | | Low Priority TODOs | 30+ | 🟢 Nice-to-have | | FIXME Items | 30+ | 🟡 Edge cases | | Incomplete Tests | 13+ | 🟡 Coverage | | Empty Catch Blocks | 50+ | 🔴 Silent failures | | Zero Address Placeholders | 25+ | 🔴 Not deployed | | Mock/Placeholder Data | 40+ | 🟡 Real data needed | | Skipped Tests | 5+ | 🟡 Re-enable | | Debug Console.log | 30+ | 🟢 Remove before production | --- ## 🔴 HIGH PRIORITY - Critical Implementation Gaps ### 1. Smart Contract Deployment (scripts/deploy/) | File | Line | Issue | |------|------|-------| | [deploy-marketplace.ts](scripts/deploy/deploy-marketplace.ts#L125) | 125 | `// TODO: Implement actual ERC20 contract deployment` | | [deploy-marketplace.ts](scripts/deploy/deploy-marketplace.ts#L132) | 132 | `// TODO: Implement actual contract deployment` | | [deploy-marketplace.ts](scripts/deploy/deploy-marketplace.ts#L137) | 137 | `// TODO: Implement with initialize()` | | [deploy-marketplace.ts](scripts/deploy/deploy-marketplace.ts#L142) | 142 | `// TODO: Implement with initialize()` | ### 2. Security-Critical Items | File | Line | Issue | |------|------|-------| | [x402-gateway.ts](deploy/src/gateway/x402-gateway.ts#L339) | 339 | `// TODO: Verify signature cryptographically` | | [addresses.ts](src/modules/tool-marketplace/contracts/addresses.ts#L26) | 26 | `// TODO(nich): Update with deployed addresses` | ### 3. Payment/Settlement Logic | File | Line | Issue | |------|------|-------| | [facilitator.ts](packages/automation/sweep/src/services/payments/facilitator.ts#L457) | 457 | `// TODO: Implement refund logic` | | [payments.ts](packages/defi/protocols/src/x402/payments.ts#L148) | 148 | `// TODO: Implement actual on-chain verification` | | [payment.ts](packages/defi/protocols/src/x402/ucai/payment.ts#L405) | 405 | `// TODO: Implement actual refund logic` | --- ## 🟡 MEDIUM PRIORITY - Feature Completeness ### 4. Volume Bot MCP Server (packages/automation/volume/) | File | Line | Issue | |------|------|-------| | [cli.ts](packages/automation/volume/packages/mcp-server/src/cli.ts#L56) | 56 | `// TODO: Implement database initialization` | | [cli.ts](packages/automation/volume/packages/mcp-server/src/cli.ts#L76) | 76 | `// TODO: Implement migrations` | | [campaign-handlers.ts](packages/automation/volume/packages/mcp-server/src/tools/handlers/campaign-handlers.ts#L35) | 35 | `// TODO: Integrate with orchestrator package` | | [campaign-handlers.ts](packages/automation/volume/packages/mcp-server/src/tools/handlers/campaign-handlers.ts#L73) | 73 | `// TODO: Integrate with orchestrator package` | | [campaign-handlers.ts](packages/automation/volume/packages/mcp-server/src/tools/handlers/campaign-handlers.ts#L88) | 88 | `// TODO: Integrate with orchestrator package` | | [campaign-handlers.ts](packages/automation/volume/packages/mcp-server/src/tools/handlers/campaign-handlers.ts#L103) | 103 | `// TODO: Integrate with orchestrator package` | | [campaign-handlers.ts](packages/automation/volume/packages/mcp-server/src/tools/handlers/campaign-handlers.ts#L118) | 118 | `// TODO: Integrate with orchestrator package` | | [campaign-handlers.ts](packages/automation/volume/packages/mcp-server/src/tools/handlers/campaign-handlers.ts#L134) | 134 | `// TODO: Integrate with orchestrator package` | | [campaign-handlers.ts](packages/automation/volume/packages/mcp-server/src/tools/handlers/campaign-handlers.ts#L157) | 157 | `// TODO: Integrate with orchestrator package` | | [trading-handlers.ts](packages/automation/volume/packages/mcp-server/src/tools/handlers/trading-handlers.ts#L23) | 23 | `// TODO: Integrate with trading-engine package` | | [trading-handlers.ts](packages/automation/volume/packages/mcp-server/src/tools/handlers/trading-handlers.ts#L47) | 47 | `// TODO: Integrate with trading-engine package` | | [trading-handlers.ts](packages/automation/volume/packages/mcp-server/src/tools/handlers/trading-handlers.ts#L76) | 76 | `// TODO: Integrate with trading-engine package` | | [analysis-handlers.ts](packages/automation/volume/packages/mcp-server/src/tools/handlers/analysis-handlers.ts#L19) | 19 | `// TODO: Integrate with solana-core package` | | [analysis-handlers.ts](packages/automation/volume/packages/mcp-server/src/tools/handlers/analysis-handlers.ts#L42) | 42 | `// TODO: Integrate with solana-core package` | | [analysis-handlers.ts](packages/automation/volume/packages/mcp-server/src/tools/handlers/analysis-handlers.ts#L56) | 56 | `// TODO: Integrate with prices package` | | [analysis-handlers.ts](packages/automation/volume/packages/mcp-server/src/tools/handlers/analysis-handlers.ts#L69) | 69 | `// TODO: Integrate with solana-core package` | | [analysis-handlers.ts](packages/automation/volume/packages/mcp-server/src/tools/handlers/analysis-handlers.ts#L92) | 92 | `// TODO: Integrate with solana-core package` | | [analysis-handlers.ts](packages/automation/volume/packages/mcp-server/src/tools/handlers/analysis-handlers.ts#L105) | 105 | `// TODO: Integrate with prices package` | | [bot-resources.ts](packages/automation/volume/packages/mcp-server/src/resources/bot-resources.ts#L27) | 27 | `// TODO: Integrate with orchestrator` | | [bot-resources.ts](packages/automation/volume/packages/mcp-server/src/resources/bot-resources.ts#L41) | 41 | `// TODO: Integrate with orchestrator` | | [campaign-resources.ts](packages/automation/volume/packages/mcp-server/src/resources/campaign-resources.ts#L33) | 33 | `// TODO: Integrate with orchestrator` | | [campaign-resources.ts](packages/automation/volume/packages/mcp-server/src/resources/campaign-resources.ts#L47) | 47 | `// TODO: Integrate with orchestrator` | | [campaign-resources.ts](packages/automation/volume/packages/mcp-server/src/resources/campaign-resources.ts#L59) | 59 | `// TODO: Integrate with orchestrator` | | [token-resources.ts](packages/automation/volume/packages/mcp-server/src/resources/token-resources.ts#L21) | 21 | `// TODO: Integrate with solana-core` | | [wallet-resources.ts](packages/automation/volume/packages/mcp-server/src/resources/wallet-resources.ts#L33) | 33 | `// TODO: Integrate with wallet-manager` | | [wallet-resources.ts](packages/automation/volume/packages/mcp-server/src/resources/wallet-resources.ts#L47) | 47 | `// TODO: Integrate with wallet-manager` | | [wallet-resources.ts](packages/automation/volume/packages/mcp-server/src/resources/wallet-resources.ts#L59) | 59 | `// TODO: Integrate with wallet-manager` | ### 5. Sweep Automation (packages/automation/sweep/) | File | Line | Issue | |------|------|-------| | [workers.ts](packages/automation/sweep/src/workers.ts#L49) | 49 | `// TODO: Implement actual sweep logic` | | [workers.ts](packages/automation/sweep/src/workers.ts#L96) | 96 | `// TODO: Implement price fetching from CoinGecko/DeFiLlama` | | [workers.ts](packages/automation/sweep/src/workers.ts#L122) | 122 | `// TODO: Implement health checks for each protocol` | | [bridge.ts](packages/automation/sweep/src/queue/workers/bridge.ts#L105) | 105 | `// TODO: Integrate with push notification service` | | [bridge.ts](packages/automation/sweep/src/queue/workers/bridge.ts#L106) | 106 | `// TODO: Integrate with email service for important events` | | [bridge.ts](packages/automation/sweep/src/queue/workers/bridge.ts#L107) | 107 | `// TODO: Integrate with webhook service for programmatic notifications` | | [bridge.ts](packages/automation/sweep/src/queue/workers/bridge.ts#L218) | 218 | `// TODO: Execute the transaction using smart wallet / AA` | | [sweep.ts](packages/automation/sweep/src/queue/workers/sweep.ts#L104) | 104 | `// TODO: Implement actual sweep execution` | | [sweep.ts](packages/automation/sweep/src/queue/workers/sweep.ts#L220) | 220 | `// TODO: Implement actual transaction tracking` | | [index.ts](packages/automation/sweep/src/services/bridge/index.ts#L119) | 119 | `// TODO: Implement Synapse protocol` | | [server.ts](packages/automation/sweep/src/api/server.ts#L218) | 218 | `// TODO: Implement sweep quote generation` | | [server.ts](packages/automation/sweep/src/api/server.ts#L236) | 236 | `// TODO: Implement sweep execution` | | [server.ts](packages/automation/sweep/src/api/server.ts#L254) | 254 | `// TODO: Implement consolidation execution` | ### 6. Hosting/Runtime (packages/defi/protocols/src/hosting/) | File | Line | Issue | |------|------|-------| | [types.ts](packages/defi/protocols/src/hosting/types.ts#L222) | 222 | `// TODO: Check database for existing subdomains` | | [runtime.ts](packages/defi/protocols/src/hosting/runtime.ts#L117) | 117 | `// TODO: Verify payment on-chain` | | [runtime.ts](packages/defi/protocols/src/hosting/runtime.ts#L149) | 149 | `// TODO: Increment call count in database` | | [runtime.ts](packages/defi/protocols/src/hosting/runtime.ts#L182) | 182 | `// TODO: Implement MCP-to-MCP proxy` | | [runtime.ts](packages/defi/protocols/src/hosting/runtime.ts#L240) | 240 | `// TODO: Load config from database` | | [runtime.ts](packages/defi/protocols/src/hosting/runtime.ts#L262) | 262 | `// TODO: Route the request through the server` | | [auth.ts](packages/defi/protocols/src/hosting/auth.ts#L17) | 17 | `// TODO: Replace with database storage (Prisma/Postgres)` | | [router.ts](packages/defi/protocols/src/hosting/router.ts#L61) | 61 | `// TODO: Replace with actual database query` | | [router.ts](packages/defi/protocols/src/hosting/router.ts#L70) | 70 | `// TODO: Replace with actual database update` | | [revenue.ts](packages/defi/protocols/src/hosting/revenue.ts#L519) | 519 | `// TODO: Implement actual USDC transfer` | | [stripe.ts](packages/defi/protocols/src/hosting/stripe.ts#L161) | 161 | `// TODO: Send email notification to user` | --- ## 🟢 LOW PRIORITY - Code Quality & Optimization ### 7. x402 Protocol TODOs | File | Line | Issue | |------|------|-------| | [x402ResourceServer.ts](x402/typescript/packages/core/src/server/x402ResourceServer.ts#L422) | 422 | `// TODO: Remove this fallback once implementations are registered` | | [index.ts](x402/typescript/packages/legacy/x402-express/src/index.ts#L128) | 128 | `// TODO: create a shared middleware function` | | [index.ts](x402/typescript/packages/legacy/x402-express/src/index.ts#L141) | 141 | `// TODO: Rename outputSchema to requestStructure` | | [index.ts](x402/typescript/packages/legacy/x402-express/src/index.ts#L184) | 184 | `// TODO: Rename outputSchema to requestStructure` | | [index.ts](x402/typescript/packages/legacy/x402-hono/src/index.ts#L138) | 138 | `// TODO: create a shared middleware function` | | [index.ts](x402/typescript/packages/legacy/x402-hono/src/index.ts#L151) | 151 | `// TODO: Rename outputSchema to requestStructure` | | [index.ts](x402/typescript/packages/legacy/x402-hono/src/index.ts#L194) | 194 | `// TODO: Rename outputSchema to requestStructure` | | [index.ts](x402/typescript/packages/legacy/x402-hono/src/index.ts#L218) | 218 | `// TODO: handle paywall html for solana` | | [rpc.ts](x402/typescript/packages/legacy/x402/src/shared/svm/rpc.ts#L83) | 83 | `// TODO: should the networks be replaced with enum references?` | | [rpc.ts](x402/typescript/packages/legacy/x402/src/shared/svm/rpc.ts#L107) | 107 | `// TODO: should the networks be replaced with enum references?` | | [verify.ts](x402/typescript/packages/legacy/x402/src/schemes/exact/svm/facilitator/verify.ts#L287) | 287 | `// TODO: allow max compute unit price parameter` | | [settle.ts](x402/typescript/packages/legacy/x402/src/schemes/exact/svm/facilitator/settle.ts#L48) | 48 | `// TODO: handle durable nonce lifetime transactions` | | [settle.ts](x402/typescript/packages/legacy/x402/src/schemes/exact/svm/facilitator/settle.ts#L112) | 112 | `// TODO: should this be moved to shared/svm/rpc.ts?` | | [settle.ts](x402/typescript/packages/legacy/x402/src/schemes/exact/svm/facilitator/settle.ts#L133) | 133 | `// TODO: can this be refactored to shared/svm/rpc.ts?` | | [settle.ts](x402/typescript/packages/legacy/x402/src/schemes/exact/svm/facilitator/settle.ts#L134) | 134 | `// TODO: should commitment and timeout be parameters?` | | [index.ts](x402/typescript/packages/legacy/x402/src/schemes/utils/index.ts#L3) | 3 | `// TODO: refactor paymentUtils to be shared between evm and svm` | | [utils.ts](x402/typescript/packages/legacy/x402-next/src/utils.ts#L278) | 278 | `// TODO(v2): Preserve original HTTP status code` | ### 8. Go Implementation TODOs | File | Line | Issue | |------|------|-------| | [server.go](x402/go/http/server.go#L334) | 334 | `// TODO: Add EnrichExtensions method if needed` | | [server.go](x402/go/http/server.go#L523) | 523 | `Accepted: x402.PaymentRequirements{}, // TODO: Convert` | | [server.go](x402/go/http/server.go#L590) | 590 | `Resource: nil, // TODO: convert` | | [facilitator_hooks_test.go](x402/go/facilitator_hooks_test.go#L28) | 28 | `// TODO: Integrate hooks into Verify execution` | | [facilitator_test.go](x402/go/facilitator_test.go#L503) | 503 | `// TODO: Re-enable strict check if needed` | | [facilitator_test.go](x402/go/facilitator_test.go#L559) | 559 | `// TODO: Reimplement if needed` | | [facilitator_test.go](x402/go/facilitator_test.go#L562) | 562 | `// TODO: Reimplement if needed` | | [evm_test.go](x402/go/test/integration/evm_test.go#L413) | 413 | `// TODO: Reimplement if legacy server support is needed` | ### 9. Python Implementation TODOs | File | Line | Issue | |------|------|-------| | [middleware.py](x402/python/legacy/src/x402/flask/middleware.py#L205) | 205 | `# TODO: Rename output_schema to request_structure` | | [middleware.py](x402/python/legacy/src/x402/fastapi/middleware.py#L113) | 113 | `# TODO: Rename output_schema to request_structure` | --- ## 🧪 INCOMPLETE TESTS (it.todo) ### 10. SVM Mechanism Tests | File | Line | Test Description | |------|------|------------------| | [index.test.ts](x402/typescript/packages/mechanisms/svm/test/unit/index.test.ts#L243) | 243 | `it.todo("should create a valid payment payload with ExactSvmScheme")` | | [index.test.ts](x402/typescript/packages/mechanisms/svm/test/unit/index.test.ts#L244) | 244 | `it.todo("should verify a valid payment with ExactSvmScheme")` | | [index.test.ts](x402/typescript/packages/mechanisms/svm/test/unit/index.test.ts#L245) | 245 | `it.todo("should reject invalid signatures")` | | [index.test.ts](x402/typescript/packages/mechanisms/svm/test/unit/index.test.ts#L246) | 246 | `it.todo("should reject insufficient amounts")` | | [index.test.ts](x402/typescript/packages/mechanisms/svm/test/unit/index.test.ts#L247) | 247 | `it.todo("should reject wrong recipients")` | | [index.test.ts](x402/typescript/packages/mechanisms/svm/test/unit/index.test.ts#L248) | 248 | `it.todo("should reject expired transactions")` | | [index.test.ts](x402/typescript/packages/mechanisms/svm/test/unit/index.test.ts#L249) | 249 | `it.todo("should settle valid payments")` | | [index.test.ts](x402/typescript/packages/mechanisms/svm/test/unit/index.test.ts#L250) | 250 | `it.todo("should handle compute budget instructions")` | | [index.test.ts](x402/typescript/packages/mechanisms/svm/test/unit/index.test.ts#L251) | 251 | `it.todo("should verify both SPL Token and Token-2022 transfers")` | ### 11. Paywall Tests | File | Line | Test Description | |------|------|------------------| | [index.test.ts](x402/typescript/packages/http/paywall/src/index.test.ts#L18) | 18 | `// TODO: Add actual tests for paywall functionality` | | [index.test.ts](x402/typescript/packages/http/paywall/src/index.test.ts#L19) | 19 | `it.todo("should handle payment required responses")` | | [index.test.ts](x402/typescript/packages/http/paywall/src/index.test.ts#L20) | 20 | `it.todo("should render paywall UI")` | | [index.test.ts](x402/typescript/packages/http/paywall/src/index.test.ts#L21) | 21 | `it.todo("should process payments")` | ### 12. Lending Test Investigation | File | Line | Issue | |------|------|-------| | [lending.test.ts](src/evm/modules/lending/lending.test.ts#L750) | 750 | `// TODO: This test needs investigation - the borrow function may have` | --- ## 🔧 FIXME Comments (Edge Cases to Review) ### 13. Edge Case Reviews Needed | File | Line | Issue | |------|------|-------| | [chains.test.ts](src/x402/__tests__/chains.test.ts#L359) | 359 | `// FIXME(nich): review edge cases` | | [mocks/index.ts](src/x402/__tests__/mocks/index.ts#L155) | 155 | `// FIXME(nich): review edge cases` | | [scheme.ts](x402/typescript/packages/mechanisms/svm/src/exact/v1/facilitator/scheme.ts#L117) | 117 | `// FIXME(nich): review edge cases` | | [register.ts](x402/typescript/packages/mechanisms/svm/src/exact/client/register.ts#L19) | 19 | `// FIXME(nich): review edge cases` | | [scheme.ts](x402/typescript/packages/mechanisms/evm/src/exact/v1/client/scheme.ts#L60) | 60 | `// FIXME(nich): review edge cases` | | [facilitator.ts](x402/examples/typescript/facilitator/index.ts#L122) | 122 | `// FIXME(nich): review edge cases` | | [verify.py](x402/python/x402/mechanisms/evm/verify.py#L84) | 84 | `# FIXME(nich): review edge cases` | | [types.py](x402/python/x402/mechanisms/svm/types.py#L37) | 37 | `# FIXME(nich): review edge cases` | | [facilitator.py](x402/python/x402/extensions/bazaar/facilitator.py#L164) | 164 | `# FIXME(nich): review edge cases` | | [json.ts](x402/typescript/packages/legacy/x402/src/shared/json.ts#L30) | 30 | `// FIXME(nich): review edge cases` | --- ## 📊 Summary Statistics | Category | Count | |----------|-------| | **High Priority (Security/Deployment)** | 9 | | **Medium Priority (Feature Gaps)** | 50+ | | **Low Priority (Optimization)** | 30+ | | **Incomplete Tests (it.todo)** | 13 | | **FIXME Edge Cases** | 30+ | | **Mock/Placeholder Data** | 50+ | | **Skipped Tests** | 5+ | | **Total Actionable Items** | 200+ | --- ## 🟠 ADDITIONAL FINDINGS ### 14. Mock/Placeholder Data in Production Code | File | Line | Issue | |------|------|-------| | [tools/index.ts](deploy/src/tools/index.ts#L461) | 461 | `mockMarketDataResponse()` - Mock data responses | | [tools/index.ts](deploy/src/tools/index.ts#L437) | 437 | `"Mock DeFi data"` response | | [enterprise-gateway/index.ts](deploy/enterprise-gateway/src/index.ts#L175) | 175 | `// Execute the tool (placeholder - would call actual MCP server)` | | [platform.ts](src/modules/tool-marketplace/analytics/platform.ts#L400) | 400 | `// Calculate growth rates (mock for now - would need historical data)` | | [index.ts](src/modules/server-utils/index.ts#L410) | 410 | `// Mock rate limit data - in production, track actual usage` | | [index.ts](src/modules/portfolio/index.ts#L271) | 271 | `// Mock data - in production, fetch real balances` | | [index.ts](src/modules/portfolio/index.ts#L368) | 368 | `// Mock performance data` | | [index.ts](src/modules/wallet-analytics/index.ts#L38) | 38 | `// This provides the scoring framework and mock data` | | [index.ts](src/modules/wallet-analytics/index.ts#L134) | 134 | `// Mock whale data - in production, query actual holders` | | [calculator.ts](src/modules/token-unlocks/calculator.ts#L141) | 141 | `const liquidityRatio = 50; // placeholder` | | [calculator.ts](src/modules/token-unlocks/calculator.ts#L142) | 142 | `const historicalVolatility = 50; // placeholder` | | [calculator.ts](src/modules/token-unlocks/calculator.ts#L143) | 143 | `const marketSentiment = 50; // placeholder` | ### 15. Skipped Tests | File | Line | Issue | |------|------|-------| | [lending.test.ts](src/evm/modules/lending/lending.test.ts#L749) | 749 | `it.skip("should use stable rate mode when specified")` | | [testnet.test.ts](src/x402/__tests__/integration/testnet.test.ts#L33) | 33 | `describe.skip` for testnet tests | ### 16. "Coming Soon" / Not Yet Implemented | File | Line | Issue | |------|------|-------| | [import.ts](x402-deploy/src/cli/commands/import.ts#L60) | 60 | Coming soon functionality | | [runtime.ts](packages/defi/protocols/src/hosting/runtime.ts#L183) | 183 | `// TODO: Implement MCP-to-MCP proxy` - not yet implemented | | [index.ts](packages/automation/sweep/src/services/bridge/index.ts#L120) | 120 | Synapse protocol not yet implemented | ### 17. Deprecated Code Markers | File | Line | Issue | |------|------|-------| | [types.ts](src/modules/lyra-ecosystem/types.ts#L374) | 374 | `@deprecated Use wallets.evmPrivateKey instead` | | [types.ts](src/modules/lyra-ecosystem/types.ts#L376) | 376 | `@deprecated Use wallets.evmPrivateKey instead` | ### 18. Empty Catch Blocks (Silent Failures) | File | Lines | Issue | |------|-------|-------| | [security/tools.ts](src/evm/modules/security/tools.ts) | 602, 615, 629, 640, 647, 671, etc. | 20+ empty catch blocks | | [lending/tools.ts](src/evm/modules/lending/tools.ts) | 427, 495 | Empty catch blocks | | [deployment/tools.ts](src/evm/modules/deployment/tools.ts) | 442, 453, 530, 616 | Empty catch blocks | | [staking/tools.ts](src/evm/modules/staking/tools.ts) | 313, 324, 334, 344, 354, 521, 588, 598 | Empty catch blocks | | [multicall/tools.ts](src/evm/modules/multicall/tools.ts) | 339, 349, 359 | Empty catch blocks | ### 19. Zero Address Placeholders (Contract Addresses Not Deployed) | File | Line | Issue | |------|------|-------| | [addresses.ts](src/modules/tool-marketplace/contracts/addresses.ts#L30-73) | 30-73 | All contract addresses are `0x0000...0000` | | [registry.ts](src/modules/tool-marketplace/registry.ts#L86) | 86 | Platform address defaults to zero address | | [revenue.ts](src/modules/tool-marketplace/revenue.ts#L70) | 70 | Platform address defaults to zero address | | [bundles.ts](src/modules/tool-marketplace/discovery/bundles.ts#L91) | 91 | Platform address defaults to zero address | | [x402-discovery.ts](src/modules/news/x402-discovery.ts#L73) | 73 | PAY_TO_ADDRESS defaults to zero address | | [client.ts](src/modules/ai-predictions/client.ts#L54) | 54 | recipientAddress defaults to zero address | ### 20. Hardcoded Test API Keys | File | Line | Issue | |------|------|-------| | [server.py](packages/market-data/prices/src/coin_api_mcp/server.py#L383) | 383 | `api_key = "xxxxxxx"` hardcoded | ### 21. Debug Console.log Statements (Remove Before Production) | File | Lines | Issue | |------|-------|-------| | [server.ts](deploy/src/server.ts) | Multiple | Console.log for debugging | | [cli.ts](src/cli.ts) | Multiple | Console.log for debugging | | [dx.ts](src/utils/dx.ts) | Multiple | Console.log for debugging | | [x402-gateway.ts](deploy/src/gateway/x402-gateway.ts) | Multiple | Console.log for debugging | | [pricing-engine.ts](deploy/src/services/pricing-engine.ts) | Multiple | Console.log for debugging | --- ## Recommended Action Plan ### 🔴 Phase 1: Security & Deployment (IMMEDIATE - Week 1) **Priority: CRITICAL - Blocks Production** 1. **Deploy Smart Contracts** - Deploy all marketplace contracts (Registry, Payments, etc.) - Update [addresses.ts](src/modules/tool-marketplace/contracts/addresses.ts) with real addresses - Replace all 25+ zero address placeholders 2. **Fix Security Issues** - Implement cryptographic signature verification in [x402-gateway.ts#L339](deploy/src/gateway/x402-gateway.ts#L339) - Review and fix 50+ empty catch blocks (silent failure risk) - Remove hardcoded API keys from [server.py](packages/market-data/prices/src/coin_api_mcp/server.py) 3. **Complete Deployment Scripts** - Implement ERC20 contract deployment in [deploy-marketplace.ts](scripts/deploy/deploy-marketplace.ts) - Add proper contract initialization ### 🟡 Phase 2: Core Features (Week 2-3) **Priority: HIGH - Feature Completeness** 1. **Payment Infrastructure** - Implement refund logic in [facilitator.ts#L457](packages/automation/sweep/src/services/payments/facilitator.ts#L457) - Complete on-chain verification in [payments.ts#L148](packages/defi/protocols/src/x402/payments.ts#L148) - Add USDC payment support in [payment.ts#L113](packages/defi/protocols/src/x402/payment.ts#L113) 2. **MCP Server Integrations** - Complete Volume Bot MCP Server (API connection, caching, error handling) - Implement Sweep automation logic - Add real data sources to replace mock data 3. **Database & Storage** - Add database storage for hosting services - Replace mock implementations with real database queries - Implement proper state persistence ### 🟢 Phase 3: Tests & Quality (Week 4) **Priority: MEDIUM - Code Quality** 1. **Test Coverage** - Implement all 13+ `it.todo` test cases - Re-enable 5+ skipped tests - Add edge case tests for FIXME items 2. **Code Cleanup** - Remove 30+ console.log debug statements - Replace mock/placeholder data with real implementations - Address deprecated code warnings 3. **Optimization** - Review all FIXME performance edge cases - Implement caching where marked TODO - Add proper error handling to empty catch blocks ### 📊 Phase 4: Documentation & Polish (Week 5) **Priority: LOW - Nice-to-have** 1. Address all low-priority TODOs 2. Complete API documentation 3. Add inline code comments where HACK markers exist 4. Final code review pass --- ## Metrics to Track | Metric | Current | Target | |--------|---------|--------| | TODO comments | 100+ | 0 | | FIXME comments | 30+ | 0 | | Empty catch blocks | 50+ | 0 | | Zero addresses | 25+ | 0 | | Skipped tests | 5+ | 0 | | Console.log in prod | 30+ | 0 | --- *This audit was generated automatically on January 31, 2026 by Claude Opus 4.5. Manual review is recommended for critical security items marked with 🔴.*

Loading blob content...

Latest Blog Posts

Redis vs ioredis vs valkey-glide
By punkpeye on January 26, 2026.
benchmark
Redis
valkey
Quickstart: Publish an MCP Server to the MCP Registry
By punkpeye on January 24, 2026.
mcp
official reference mirror
Official MCP Registry Server.json Requirements
By punkpeye on January 24, 2026.
mcp
official reference mirror

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/nirholas/universal-crypto-mcp'

If you have feedback or need assistance with the MCP directory API, please join our Discord server

CODEBASE_TODOS.md•25.3 KiB