Uncompromising
Safety.
The bot is engineered with a paranoid security model. Every function is wrapped in multiple layers of validation to protect capital, state, and credentials.
Minimum Balance
Default $20 . Checked after every single trade and during 5-min reconciliation. If violated, trading pauses instantly.
Safety Buffer
Default $10 . Hard-locked. Even with a 40% margin opportunity, the bot treats this capital as non-existent.
Per-Trade Caps
Trade size is strictly capped by the actual book liquidity . The bot literally cannot spend more than the book can fill.
FOK Validation & The "Ghost" Order
Polymarket edge case: expiration=0 orders (FOK) can sometimes persist as "Live" limit orders if not matched instantly.
Submits Order (FOK)
Checks Status immediately
If status == "live" → triggered via API.
Price Buffer Protection
WebSockets are 50-200ms stale. Submitting at exact ask often causes rejection. We buffer the limit price, but execution still happens at the best available price.
Prevents "order couldn't be fully filled" rejections.
Circuit Breaker Architecture
-
Prevents reconnection storms. -
Stops capital burn on broken API. -
Trips on 429s/5xx to prevent bans.
Startup Check
Detects manual trades made while bot was off, balance mismatches, or partial hedges. Blocks startup on Critical discrepancies until resolved.
Periodic Check (5min)
Catches external events (fees, withdrawals). If balance drops below min threshold, effectively pauses trading dynamically without crashing.
-
Private keys stored in ~/.secrets (not config).
-
Keys zeroized in memory after use.
-
Logs automatically redacted via secrecy crate.
Calculates ceil($1 / leg_price) to ensure budget meets API minimums before sending.
Adaptive backoff + jitter for Orders and WebSocket connections. Token bucket for notifications.