Solana Funding Rate Arbitrage
WarnAudited by ClawScan on May 10, 2026.
Overview
This appears to be a real Solana trading bot, but it can use a wallet private key to place unattended trades on a schedule, so it needs careful review before use.
Install only if you understand Solana perpetual trading and are comfortable reviewing the code. Do not provide a main-wallet private key. Use dry-run first, use a separate low-balance wallet for any live test, avoid enabling cron until you have verified behavior, and remove the cron job immediately if you stop using the bot.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If live mode is enabled, the bot can place real trades and spend or risk funds automatically.
The code can automatically execute an arbitrage opportunity, sign it with the configured wallet, and submit it to Solana. That is high-impact financial action without clear per-trade user approval in this artifact.
if (best.profitBps >= this.config.minProfitBps) { ... await this.executeArbitrage(best); } ... transaction.sign(this.config.wallet); ... sendRawTransaction(transaction.serialize(), { skipPreflight: true, maxRetries: 3 })Use dry-run first, keep live trading disabled by default, require explicit confirmation for each live trade, and set strict position, slippage, and loss limits.
A Solana private key can authorize transactions from the wallet; misuse or bugs could directly affect funds.
The code reads a Solana private key for trading. The registry metadata says there is no primary credential or required environment variable, which under-declares a very sensitive permission.
const privateKeyEnv = process.env.SOLANA_PRIVATE_KEY;
Do not use a main wallet. Use a new limited wallet with only funds you can afford to lose, and prefer wallet-file or signing flows with explicit approvals over raw private keys in environment variables.
A failed second trade could leave you exposed to market movement, liquidation, or losses instead of being delta-neutral.
The code acknowledges that one leg of a trade can succeed while the second fails, leaving the user with an unmanaged position and requiring manual intervention.
// TODO: Handle partial execution - may need to manually close position
logger.error('CRITICAL: Sell failed after buy succeeded!');Avoid live auto-trading until there is robust partial-fill handling, rollback/hedging logic, and clear emergency-stop instructions.
The bot could keep checking and trading long after the initial setup unless the cron job is removed or disabled.
The cron runner loads secrets and runs the auto-trader on a schedule, enabling persistent unattended operation if the user adds it to crontab.
if [ -f "$HOME/.secrets/.env" ]; then source "$HOME/.secrets/.env" fi ... npx ts-node --transpile-only src/trading/auto-trader.ts
Only enable cron for dry-run or tightly limited wallets, document how to stop it, and review logs and positions frequently.
Users may over-trust the strategy and enable live trading with more funds than they should.
The guide uses strong safety language for a leveraged perpetuals strategy, despite other artifacts acknowledging liquidation, slippage, spread reversal, and partial-execution risks.
→ Zero price risk (hedged) → Collect funding from both sides!
Treat the yield and safety claims as promotional, not guaranteed. Start with dry-run and small isolated funds, and independently verify the strategy risks.