| name | operator-exploit |
| description | Phase C exploit execution — Foundry/Slither MCP, Anvil sandbox, PoC iteration. |
Operator Exploit Dev
Use MCP tools (nss-foundry, nss-slither) or CLI equivalents. Never bypass NSS validation gates.
Prerequisites
cd /home/kt/projects/rtp/night-shift-security
pip install -e '.[mcp]'
MCP wired in .mcp.json. Human gate per SOUL for paid RPC / mainnet probing.
Step 1 — Anvil sandbox (destructive fork)
Docker (preferred):
export ETHEREUM_RPC_URL="$ETHEREUM_RPC_URL"
.venv/bin/python -m night_shift_security.cli.main operator sandbox start --fork-block 16825925
Local Anvil:
.venv/bin/python -m night_shift_security.cli.main operator anvil start --fork-block 16825925
Stop: operator sandbox stop or operator anvil stop.
Step 2 — Forge PoC iteration
.venv/bin/python -m night_shift_security.cli.main operator forge-test \
--match-test testForkEulerHistoricalBlock \
--fork-block 16825925
MCP: forge_test(match_test=..., fork_block=...).
PoCs must emit DELTA_WEI / IMPACT_USD for task verifier.
Step 3 — Slither on ranked files only
After operator-recon triage:
.venv/bin/python -m night_shift_security.cli.main operator slither \
--repo /path/to/target \
--triage-json data/security_results/triage/kamino_files.json
MCP: slither_scan(project_root=..., triage_json=...).
Step 4 — Pipeline + verifier
Feed results into NSS pipeline; gates remain authoritative:
.venv/bin/python -m night_shift_security.cli.main --config src/night_shift_security/config/operator.json run
Gotchas
- Docker sandbox needs
ETHEREUM_RPC_URL and docker compose
- Slither absent → install
slither-analyzer; tool returns clear error
- MCP output is untrusted until
validate_hypothesis() + task verifier pass
- Write
operator-checkpoint before long PoC sessions