DEV Community

Sai
Sai

Posted on • Originally published at cryptomotifs.github.io

I built a Solana signal engine solo. Here's the 150-page playbook.

#solana #crypto #python #algotrading

Four months ago I started building a Solana-native signal engine + autonomous trading bot solo, on a $0/mo infrastructure budget, in Canada.

I dispatched ~10 parallel senior-role analyses along the way — one as Head of Trading, one as Head of Risk, one as Security Engineer, one as Compliance (Canadian), one as CTO / architect, one as Head of Revenue, one as Head of Ops — to force every decision to be defended from its own expert lens.

The research compressed into 12 playbooks, ~150 pages total. I published the entire bundle publicly on GitHub today and priced the convenience PDF + Discord access at $9 pay-what-you-want in SOL. Repo: cryptomotifs/cipher-starter.

This post is the distilled version — 10 key findings that surprised me or cost me the most when I got them wrong.

1. Your old bot wallets are probably compromised

Salvage audit of ~/Downloads/ found my prior Solana bot projects stored raw base58 private keys, mnemonic phrases as comments, and encryption passwords all in plaintext .env files — with .gitignore missing .env in some cases. Two specific wallet addresses that were "creator" / "trader" identities were exposed.

Before any new bot touches real money: sweep via CEX hop to fresh addresses. Don't overwrite the compromised wallets — they're dead forever.

2. MEV sandwich tax is ~40%/year if you don't mitigate

The biggest non-obvious drag at $1k scale isn't strategy — it's the MEV sandwich tax. Estimated 40%/yr annualised bleed on naive public-mempool trades. Required defenses:

  • Jito bundles — tip-based inclusion, never public mempool
  • Limit orders where possible — even 50bp above spot saves the sandwich
  • Illiquidity blocklist — skip tokens with < $1M pool depth
  • Oracle gate — reject trades where Jupiter quote > 0.5% off Pyth spot

3. Three-tier wallet architecture at $1k scale

Single-wallet = single-drain risk. Two-tier = better but still bot-controlled cold. The defensible split:

  • $100 hot — bot-signing wallet, KMS envelope-encrypted seed, isolated signer subprocess with program allowlist + daily spend cap
  • $300 warm — manual-top-up buffer on founder's phone (Phantom Secure Enclave)
  • $600 cold — untouchable for ≥6 months, Ledger Nano S Plus or Squads 2-of-2 multisig

Single-incident max loss = $100. Total drain requires compromising 2+ physically-separated factors.

4. No perps at $1k capital

My first instinct was to use Drift / Zeta / Hyperliquid for leverage. The Risk playbook vetoed it:

  • Liquidation cascade on even 5x leverage can wipe a position before the bot's stop-loss monitor polls
  • Protocol insolvency risk (has happened)
  • Funding rate compounding on multi-day holds

At $10k+ capital, perps with 2-3x max are fine. At $1k, spot-only via Jupiter.

5. Canadian NI 31-103 exemption is narrower than people think

If you're Canadian and planning to sell signal subscriptions, the compliance path is:

  • Trading your own money = zero registration needed (not CIRO, not OSC, not FINTRAC)
  • Selling signals = must position as "quantitative market data + research content" (NI 31-103 exemption)
  • Never say "we recommend"
  • Never personalize to user finances
  • Never custody customer funds
  • Never co-sign customer wallets / copy-trade

Each of those hard lines triggers Portfolio Manager / Investment Fund Manager / MSB registration (~CAD $500k/yr combined).

6. SR&ED R&D credit is the hidden goldmine for solo Canadian devs

35-43% refundable tax credit on imputed founder-salary rate for R&D spend. For 4 months of design docs + commit history, plausible claim is $3-10k as a sole proprietor.

Start the logbook day 1 — every sprint file, design decision, technical-uncertainty workaround = evidence. Likely outvalues 12-24 months of $1k trading P&L.

7. Oracle Cloud Always Free is underrated

4 ARM cores + 24 GB RAM + 200 GB storage, forever free. Nobody talks about this because it's not AWS.

Deploy pattern: systemd native (not Docker in prod at this scale), SQLite WAL → Neon Postgres at 500MB, Cloudflare Tunnel (no open ports), Grafana Cloud Free for logs/metrics/traces, Sentry Free for errors, BetterStack for uptime, Healthchecks.io for cron heartbeats.

Total: $0/mo at zero P&L, ≤$45/mo at $5k P&L. That's lower than the $105/mo SaaS-stack typical indie-hacker setup.

8. 30-day paper-trade gate before live capital, no exceptions

The hardest rule to enforce. Every solo founder's instinct is to "just try live with $50." The gate:

  • 30 consecutive days of paper trading on real Jupiter quotes (not backtest)
  • Sharpe ≥ 0.8
  • Max drawdown < 12%
  • All 7 P0 trading modules shipped (wallet, jupiter_client, isolated tx_signer, jito_client, executor, emergency_halt, pnl_tracker)
  • CircuitBreaker fault-injection tests pass
  • 72h Oracle Cloud uptime met

Missing any = extend paper. Force-going-live at -5% paper Sharpe is how $1000 turns into $600.

9. Which prior Solana bot code is salvageable

Audited 4 prior bot projects in ~/Downloads/:

  • sol-volume-bot-v3 (Node.js) — most reusable, verified on-chain bundle-landing success. Lines 188-236 of index.js = Jito bundle landing + signature idempotence. Port to Python.
  • solana-arb-bot (Rust) — crates/predator-execution/{jito,simulator,alt,ata}.rs are gold, port to Python. Skip all strategy crates (memecoin/MEV, landed 0 bundles in 8 days).
  • Generic "Solana Trading Bot" folder — 500-file monolith that made $1.45. Skip entirely.
  • 140 of 151 phase backup directories — zero-byte nul files from failed robocopies. Delete.

10. Subscription launch gate (explicit)

Don't launch paid signals until ALL three are true:

  1. 30 consecutive days of live (not paper) P&L published
  2. Cumulative net-of-fees P&L positive OR live Sharpe ≥ 0.5
  3. 50+ email subs OR 200+ Twitter followers

Earliest plausible = Day 61, target = Day 90. Launch $29 tier only at first — not the full $29/$49/$79/$249 ladder.

Why I'm sharing this

The 150-page bundle is public on GitHub (cryptomotifs/cipher-starter). Read any of the 12 playbooks directly.

I priced the PDF + Discord at $9 pay-what-you-want (Solana only) as a signal — the research is done, but v2 (backtest results + 30-day live paper-trade data) depends on validation that anyone found this useful.

Landing page + QR code: https://cryptomotifs.github.io/cipher-starter/

Feedback welcome — especially on what's missing for v2.

Not investment advice. Not a signal subscription. You build your own bot. Risk is yours.

Top comments (0)