Skip to main content

Overview

Base Audit Bot uses environment variables for configuration. All settings are loaded from a .env file and validated on startup.

Configuration File Setup

1

Copy the environment template

cp .env.example .env
2

Edit the configuration file

Open .env in your text editor and configure the required variables.
3

Validate configuration

The bot automatically validates configuration on startup. Check logs for any validation errors.

Required Environment Variables

Base Chain Configuration

Type: String (URL)
Default: https://mainnet.base.org
Required: YesThe RPC endpoint URL for Base mainnet. Must be a valid HTTP(S) URL.
BASE_RPC_URL=https://mainnet.base.org
The bot validates that this value starts with http or https on startup.
Type: String
Required: YesYour Basescan API key for fetching verified contract source code.
BASESCAN_API_KEY=your_basescan_api_key_here
Get a free API key at https://basescan.org/apis

Anthropic API Configuration

Type: String
Required: YesYour Anthropic API key for Claude AI-powered contract auditing.
ANTHROPIC_API_KEY=your_anthropic_api_key_here
Create an account and get your API key at https://console.anthropic.com/

Twitter API Configuration

All Required: YesThe bot requires full Twitter API v2 credentials with OAuth 1.0a for posting tweets and reading DMs.
TWITTER_API_KEY=your_twitter_api_key_here
TWITTER_API_SECRET=your_twitter_api_secret_here
TWITTER_ACCESS_TOKEN=your_twitter_access_token_here
TWITTER_ACCESS_SECRET=your_twitter_access_secret_here
TWITTER_BEARER_TOKEN=your_twitter_bearer_token_here
All 5 credentials are required. Missing any will prevent the bot from starting.
1

Create Twitter Developer Account

Go to https://developer.twitter.com/ and create an account.
2

Create a Project and App

Create a new project and app in the developer portal.
3

Enable OAuth 1.0a

Enable OAuth 1.0a with read/write permissions in your app settings.
4

Generate Tokens

Generate all required API keys and access tokens.

Webhook Configuration

Type: String
Required: For webhook functionality
Default: Empty stringSecret key for verifying GitHub webhook signatures using HMAC-SHA256.
WEBHOOK_SECRET=your_random_webhook_secret_here
Use a strong, randomly generated secret. This must match the secret configured in your GitHub webhook settings.
Generate a secure secret:
openssl rand -hex 32
Type: Integer
Default: 5000
Required: NoPort number for the webhook server to listen on.
WEBHOOK_PORT=5000

Optional Configuration

Bot Behavior Settings

Type: Integer
Default: 15
Minimum: 1How frequently (in minutes) the bot scans for new contract deployments.
SCAN_INTERVAL_MINUTES=15
The bot validates this is at least 1 on startup.
Type: Integer
Default: 100
Minimum: 1Number of recent blocks to scan for new contract deployments each interval.
BLOCKS_TO_SCAN=100
Type: Integer
Default: 100Minimum contract bytecode size (in bytes) to audit. Filters out very small contracts.
MIN_CONTRACT_SIZE=100
Type: String
Default: INFO
Options: DEBUG, INFO, WARNING, ERROR, CRITICALLogging verbosity level.
LOG_LEVEL=INFO

Storage Configuration

Type: File Path
Default: ./data/bot.dbPath to SQLite database file for persistent storage.
DATABASE_PATH=./data/bot.db
The directory will be created automatically if it doesn’t exist.
Type: Directory Path
Default: ./temp_reposDirectory for temporarily cloning GitHub repositories during audits.
TEMP_DIR=./temp_repos
This directory can be safely cleared periodically to free up disk space.

Configuration Validation

The bot performs automatic validation on startup through the Config.validate() method in config.py:92:
  • BASE_RPC_URL: Must start with http or https
  • SCAN_INTERVAL_MINUTES: Must be at least 1
  • BLOCKS_TO_SCAN: Must be at least 1
  • Required fields: All required environment variables must be present
If validation fails, the bot will exit with an error message indicating which configuration is invalid.

Example Configuration

Here’s a complete example .env file: 
# Base Chain Configuration
BASE_RPC_URL=https://mainnet.base.org
BASESCAN_API_KEY=ABC123XYZ789

# Anthropic API
ANTHROPIC_API_KEY=sk-ant-api03-xyz

# Twitter API v2 Credentials
TWITTER_API_KEY=abc123
TWITTER_API_SECRET=secret123
TWITTER_ACCESS_TOKEN=token123
TWITTER_ACCESS_SECRET=tokensecret123
TWITTER_BEARER_TOKEN=bearer123

# Webhook Configuration
WEBHOOK_SECRET=a1b2c3d4e5f6g7h8i9j0
WEBHOOK_PORT=5000

# Bot Configuration
SCAN_INTERVAL_MINUTES=15
BLOCKS_TO_SCAN=100
MIN_CONTRACT_SIZE=100
LOG_LEVEL=INFO

# Database
DATABASE_PATH=./data/bot.db

# Temporary Directory for Cloning
TEMP_DIR=./temp_repos
```python

## Security Best Practices

<Warning>
**Never commit your `.env` file to version control!**

Add `.env` to your `.gitignore` file to prevent committing it accidentally.
</Warning>

```bash
echo ".env" >> .gitignore
Additional security recommendations:
  • Use strong, randomly generated secrets for WEBHOOK_SECRET
  • Rotate API keys regularly
  • Restrict API key permissions to minimum required
  • Monitor API usage for anomalies
  • Store production credentials securely (e.g., environment variables, secrets manager)

Loading Configuration

The configuration is loaded automatically from the .env file using the Config.from_env() method in config.py:44: 
from config import get_config

config = get_config()  # Loads and validates configuration
```python

The bot uses Python's `dotenv` library to load environment variables from the `.env` file before reading them.

Build docs developers (and LLMs) love

Get started for freeTalk to us