@snovon/solast 0.2.0

package/dist/detectors/eip7702-eoa-assumption.d.ts

@@ -0,0 +1,57 @@
+import type { ScanResult } from '../index';
+export declare class EIP7702EOAAssumptionDetector {
+    readonly id = "eip7702-eoa-assumption";
+    readonly patternKey = "eip7702-eoa-assumption";
+    readonly supportedAstKinds: "parser"[];
+    private findings;
+    private currentContract;
+    private callableStack;
+    private currentFile;
+    private extCodesizeVars;
+    private helperFuncs;
+    private potentialCalls;
+    private functionStack;
+    private helperReturnExpressions;
+    private guardIntentStack;
+    private create2AddressVars;
+    setFile(file: string): void;
+    getFindings(): ScanResult[];
+    ContractDefinition(node: any): void;
+    ContractDefinition_post(): void;
+    AssemblyAssignment(node: any): void;
+    AssemblyLocalDefinition(node: any): void;
+    FunctionDefinition(node: any): void;
+    FunctionDefinition_post(): void;
+    ModifierDefinition(node: any): void;
+    ModifierDefinition_post(): void;
+    private classifyHelperFunction;
+    FunctionCall(node: any): void;
+    FunctionCall_post(node: any): void;
+    IfStatement(node: any): void;
+    IfStatement_post(node: any): void;
+    UnaryOperation(node: any): void;
+    VariableDeclarationStatement(node: any): void;
+    AssignmentStatement(node: any): void;
+    BinaryOperation(node: any): void;
+    private isTxOrigin;
+    private isCodeLength;
+    private isZeroLiteral;
+    private isZeroCodeComparison;
+    private isExtCodesizeVar;
+    private currentCallableName;
+    private guardIntentForFunctionCall;
+    private guardIntentForIfStatement;
+    private currentGuardIntent;
+    private shouldEmitZeroCodeFinding;
+    private classifyGuardIntent;
+    private normalizeText;
+    private nodeText;
+    private collectNodeText;
+    private singleReturnExpression;
+    private isCreate2PredeployExistenceCheck;
+    private codeLengthAddressName;
+    private identifierName;
+    private isCreate2AddressDerivation;
+    private containsCreate2SaltedHash;
+    private callName;
+}

package/dist/detectors/eip7702-eoa-assumption.js

@@ -0,0 +1,461 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.EIP7702EOAAssumptionDetector = void 0;
+const ast_1 = require("./_common/ast");
+const RULE_ID = 'eip7702-eoa-assumption';
+class EIP7702EOAAssumptionDetector {
+    id = RULE_ID;
+    patternKey = RULE_ID;
+    supportedAstKinds = ['parser'];
+    findings = [];
+    currentContract = '';
+    callableStack = [];
+    currentFile = '';
+    extCodesizeVars = new Set();
+    // functionName -> object describing what it returns
+    helperFuncs = new Map();
+    // calls to potential helpers
+    potentialCalls = [];
+    functionStack = [];
+    helperReturnExpressions = new WeakSet();
+    guardIntentStack = [];
+    create2AddressVars = new Set();
+    setFile(file) {
+        this.findings = [];
+        this.currentContract = '';
+        this.callableStack = [];
+        this.currentFile = file;
+        this.extCodesizeVars.clear();
+        this.helperFuncs.clear();
+        this.potentialCalls = [];
+        this.functionStack = [];
+        this.helperReturnExpressions = new WeakSet();
+        this.guardIntentStack = [];
+        this.create2AddressVars.clear();
+    }
+    getFindings() {
+        return this.findings;
+    }
+    ContractDefinition(node) {
+        this.currentContract = node.name || '';
+        this.callableStack = [];
+        this.extCodesizeVars.clear();
+        this.helperFuncs.clear();
+        this.potentialCalls = [];
+        this.functionStack = [];
+        this.helperReturnExpressions = new WeakSet();
+        this.guardIntentStack = [];
+        this.create2AddressVars.clear();
+    }
+    ContractDefinition_post() {
+        for (const call of this.potentialCalls) {
+            const helper = this.helperFuncs.get(call.name);
+            if (helper) {
+                if (!this.shouldEmitZeroCodeFinding(call.context, call.node))
+                    continue;
+                if ((helper.returnsCodeLengthGt0 && call.isNegated) || (helper.returnsCodeLengthEq0 && !call.isNegated)) {
+                    this.findings.push({
+                        file: this.currentFile,
+                        ruleId: this.id,
+                        severity: 'medium',
+                        confidence: 'medium',
+                        contract: this.currentContract,
+                        contractName: this.currentContract,
+                        function: call.callableName,
+                        functionName: call.callableName,
+                        ...(0, ast_1.assertLoc)(call.node),
+                        findingId: '',
+                        contractHash: '',
+                        message: 'code.length == 0 no longer implies EOA under EIP-7702. A delegated EOA carries code and will pass this guard.'
+                    });
+                }
+                else if (helper.returnsExtcodesizeEq0 && !call.isNegated) {
+                    this.findings.push({
+                        file: this.currentFile,
+                        ruleId: this.id,
+                        severity: 'medium',
+                        confidence: 'medium',
+                        contract: this.currentContract,
+                        contractName: this.currentContract,
+                        function: call.callableName,
+                        functionName: call.callableName,
+                        ...(0, ast_1.assertLoc)(call.node),
+                        findingId: '',
+                        contractHash: '',
+                        message: 'extcodesize guard for EOA inference is unsafe under EIP-7702. A delegated EOA carries code and will fail this check.'
+                    });
+                }
+            }
+        }
+        this.currentContract = '';
+        this.callableStack = [];
+        this.extCodesizeVars.clear();
+        this.guardIntentStack = [];
+        this.create2AddressVars.clear();
+    }
+    AssemblyAssignment(node) {
+        if (node.expression && node.expression.type === 'AssemblyCall' && node.expression.functionName === 'extcodesize') {
+            if (node.names && node.names.length > 0) {
+                this.extCodesizeVars.add(node.names[0].name);
+            }
+        }
+    }
+    AssemblyLocalDefinition(node) {
+        if (node.expression && node.expression.type === 'AssemblyCall' && node.expression.functionName === 'extcodesize') {
+            if (node.names && node.names.length > 0) {
+                this.extCodesizeVars.add(node.names[0].name);
+            }
+        }
+    }
+    FunctionDefinition(node) {
+        this.extCodesizeVars.clear();
+        this.guardIntentStack = [];
+        this.create2AddressVars.clear();
+        this.functionStack.push(node);
+        this.callableStack.push(node.name || '<anonymous>');
+        const returnExpression = this.singleReturnExpression(node);
+        if (returnExpression?.type === 'BinaryOperation') {
+            this.helperReturnExpressions.add(returnExpression);
+        }
+    }
+    FunctionDefinition_post() {
+        const node = this.functionStack.pop();
+        this.classifyHelperFunction(node);
+        this.callableStack.pop();
+        this.extCodesizeVars.clear();
+        this.guardIntentStack = [];
+        this.create2AddressVars.clear();
+    }
+    ModifierDefinition(node) {
+        this.extCodesizeVars.clear();
+        this.guardIntentStack = [];
+        this.create2AddressVars.clear();
+        this.callableStack.push(node.name || '');
+    }
+    ModifierDefinition_post() {
+        this.callableStack.pop();
+        this.extCodesizeVars.clear();
+        this.guardIntentStack = [];
+        this.create2AddressVars.clear();
+    }
+    classifyHelperFunction(node) {
+        if (!node?.name)
+            return;
+        const binOp = this.singleReturnExpression(node);
+        if (binOp?.type === 'BinaryOperation') {
+            const isCodeLen = this.isCodeLength(binOp.left) || this.isCodeLength(binOp.right);
+            const isExtVar = this.isExtCodesizeVar(binOp.left, this.extCodesizeVars) || this.isExtCodesizeVar(binOp.right, this.extCodesizeVars);
+            const isZero = this.isZeroLiteral(binOp.left) || this.isZeroLiteral(binOp.right);
+            if (isCodeLen && isZero) {
+                if (binOp.operator === '>' || binOp.operator === '!=') {
+                    this.helperFuncs.set(node.name, { returnsCodeLengthGt0: true, returnsCodeLengthEq0: false, returnsExtcodesizeEq0: false });
+                }
+                else if (this.isZeroCodeComparison(binOp, (expr) => this.isCodeLength(expr))) {
+                    this.helperFuncs.set(node.name, { returnsCodeLengthGt0: false, returnsCodeLengthEq0: true, returnsExtcodesizeEq0: false });
+                }
+            }
+            else if (isExtVar && isZero && this.isZeroCodeComparison(binOp, (expr) => this.isExtCodesizeVar(expr, this.extCodesizeVars))) {
+                this.helperFuncs.set(node.name, { returnsCodeLengthGt0: false, returnsCodeLengthEq0: false, returnsExtcodesizeEq0: true });
+            }
+        }
+    }
+    FunctionCall(node) {
+        const guardIntent = this.guardIntentForFunctionCall(node);
+        if (guardIntent)
+            this.guardIntentStack.push(guardIntent);
+        if (node.expression.type === 'Identifier') {
+            this.potentialCalls.push({ name: node.expression.name, isNegated: false, node, callableName: this.currentCallableName(), context: this.currentGuardIntent() });
+        }
+    }
+    FunctionCall_post(node) {
+        if (this.guardIntentForFunctionCall(node))
+            this.guardIntentStack.pop();
+    }
+    IfStatement(node) {
+        const intent = this.guardIntentForIfStatement(node);
+        if (intent)
+            this.guardIntentStack.push(intent);
+    }
+    IfStatement_post(node) {
+        if (this.guardIntentForIfStatement(node))
+            this.guardIntentStack.pop();
+    }
+    UnaryOperation(node) {
+        if (node.operator === '!' && node.subExpression && node.subExpression.type === 'FunctionCall' && node.subExpression.expression.type === 'Identifier') {
+            this.potentialCalls.push({ name: node.subExpression.expression.name, isNegated: true, node, callableName: this.currentCallableName(), context: this.currentGuardIntent() });
+        }
+    }
+    VariableDeclarationStatement(node) {
+        if (!this.isCreate2AddressDerivation(node?.initialValue))
+            return;
+        for (const variable of node.variables || []) {
+            if (variable?.name)
+                this.create2AddressVars.add(variable.name);
+        }
+    }
+    AssignmentStatement(node) {
+        if (!this.isCreate2AddressDerivation(node?.right))
+            return;
+        const name = this.identifierName(node?.left);
+        if (name)
+            this.create2AddressVars.add(name);
+    }
+    BinaryOperation(node) {
+        if (node.operator === '=') {
+            if (this.isCreate2AddressDerivation(node.right)) {
+                const name = this.identifierName(node.left);
+                if (name)
+                    this.create2AddressVars.add(name);
+            }
+            return;
+        }
+        if (node.operator === '==' || node.operator === '!=' || node.operator === '<=' || node.operator === '>=') {
+            if (this.isTxOrigin(node.left) || this.isTxOrigin(node.right)) {
+                this.findings.push({
+                    file: this.currentFile,
+                    ruleId: this.id,
+                    severity: 'medium',
+                    confidence: 'medium',
+                    contract: this.currentContract,
+                    contractName: this.currentContract,
+                    function: this.currentCallableName(),
+                    functionName: this.currentCallableName(),
+                    ...(0, ast_1.assertLoc)(node),
+                    findingId: '',
+                    contractHash: '',
+                    message: 'tx.origin authorization is unsafe under EIP-7702 delegated execution. A delegated EOA preserves tx.origin while executing arbitrary delegate code.'
+                });
+            }
+            const isExtVar = this.isExtCodesizeVar(node.left, this.extCodesizeVars) || this.isExtCodesizeVar(node.right, this.extCodesizeVars);
+            const isCodeLen = this.isCodeLength(node.left) || this.isCodeLength(node.right);
+            const isZero = this.isZeroLiteral(node.left) || this.isZeroLiteral(node.right);
+            const isExtZeroComparison = this.isZeroCodeComparison(node, (expr) => this.isExtCodesizeVar(expr, this.extCodesizeVars));
+            const isCodeLenZeroComparison = this.isZeroCodeComparison(node, (expr) => this.isCodeLength(expr));
+            if (isZero && (isExtVar || isCodeLen) && this.helperReturnExpressions.has(node))
+                return;
+            const guardIntent = this.currentGuardIntent();
+            if (isExtZeroComparison && this.shouldEmitZeroCodeFinding(guardIntent, node)) {
+                this.findings.push({
+                    file: this.currentFile,
+                    ruleId: this.id,
+                    severity: 'medium',
+                    confidence: 'medium',
+                    contract: this.currentContract,
+                    contractName: this.currentContract,
+                    function: this.currentCallableName(),
+                    functionName: this.currentCallableName(),
+                    ...(0, ast_1.assertLoc)(node),
+                    findingId: '',
+                    contractHash: '',
+                    message: 'extcodesize guard for EOA inference is unsafe under EIP-7702. A delegated EOA carries code and will fail this check.'
+                });
+            }
+            if (isCodeLenZeroComparison && this.shouldEmitZeroCodeFinding(guardIntent, node)) {
+                this.findings.push({
+                    file: this.currentFile,
+                    ruleId: this.id,
+                    severity: 'medium',
+                    confidence: 'medium',
+                    contract: this.currentContract,
+                    contractName: this.currentContract,
+                    function: this.currentCallableName(),
+                    functionName: this.currentCallableName(),
+                    ...(0, ast_1.assertLoc)(node),
+                    findingId: '',
+                    contractHash: '',
+                    message: 'code.length == 0 no longer implies EOA under EIP-7702. A delegated EOA carries code and will pass this guard.'
+                });
+            }
+        }
+    }
+    isTxOrigin(node) {
+        if (!node)
+            return false;
+        if (node.type === 'MemberAccess' && node.memberName === 'origin' && node.expression && node.expression.name === 'tx')
+            return true;
+        return false;
+    }
+    isCodeLength(node) {
+        if (!node)
+            return false;
+        if (node.type === 'MemberAccess' && node.memberName === 'length' && node.expression && node.expression.type === 'MemberAccess' && node.expression.memberName === 'code')
+            return true;
+        return false;
+    }
+    isZeroLiteral(node) {
+        if (!node)
+            return false;
+        if (node.type === 'NumberLiteral' && node.number === '0')
+            return true;
+        return false;
+    }
+    isZeroCodeComparison(node, isCodeExpr) {
+        if (node.operator === '==' || node.operator === '!=') {
+            return (isCodeExpr(node.left) && this.isZeroLiteral(node.right))
+                || (isCodeExpr(node.right) && this.isZeroLiteral(node.left));
+        }
+        if (node.operator === '<=') {
+            return isCodeExpr(node.left) && this.isZeroLiteral(node.right);
+        }
+        if (node.operator === '>=') {
+            return this.isZeroLiteral(node.left) && isCodeExpr(node.right);
+        }
+        return false;
+    }
+    isExtCodesizeVar(node, vars) {
+        if (!node)
+            return false;
+        if (node.type === 'Identifier' && vars.has(node.name))
+            return true;
+        return false;
+    }
+    currentCallableName() {
+        return this.callableStack[this.callableStack.length - 1] || '';
+    }
+    guardIntentForFunctionCall(node) {
+        const expression = node?.expression;
+        if (expression?.type !== 'Identifier')
+            return null;
+        const name = expression.name || '';
+        if (!['require', 'assert'].includes(name))
+            return null;
+        return this.classifyGuardIntent([this.currentCallableName(), this.nodeText(node)]);
+    }
+    guardIntentForIfStatement(node) {
+        return this.classifyGuardIntent([this.currentCallableName(), this.nodeText(node)]);
+    }
+    currentGuardIntent() {
+        let hasDeploymentCheck = false;
+        for (const intent of this.guardIntentStack) {
+            hasDeploymentCheck = hasDeploymentCheck || intent.hasDeploymentCheck;
+        }
+        return { hasDeploymentCheck };
+    }
+    shouldEmitZeroCodeFinding(intent, node) {
+        return !intent.hasDeploymentCheck && !this.isCreate2PredeployExistenceCheck(node);
+    }
+    classifyGuardIntent(parts) {
+        void parts;
+        return {
+            hasDeploymentCheck: false,
+        };
+    }
+    normalizeText(value) {
+        return value
+            .replace(/([a-z0-9])([A-Z])/g, '$1 $2')
+            .replace(/[^a-zA-Z0-9]+/g, ' ')
+            .toLowerCase()
+            .replace(/\s+/g, ' ')
+            .trim();
+    }
+    nodeText(node) {
+        const parts = [];
+        this.collectNodeText(node, parts, new Set());
+        return parts.join(' ');
+    }
+    collectNodeText(node, parts, seen) {
+        if (!node || typeof node !== 'object' || seen.has(node))
+            return;
+        seen.add(node);
+        if (typeof node.name === 'string')
+            parts.push(node.name);
+        if (typeof node.memberName === 'string')
+            parts.push(node.memberName);
+        if (typeof node.number === 'string')
+            parts.push(node.number);
+        if (typeof node.value === 'string')
+            parts.push(node.value);
+        if (typeof node.literal === 'string')
+            parts.push(node.literal);
+        for (const key of Object.keys(node)) {
+            if (key === 'loc' || key === 'range' || key === 'typeDescriptions')
+                continue;
+            const value = node[key];
+            if (Array.isArray(value)) {
+                for (const child of value)
+                    this.collectNodeText(child, parts, seen);
+            }
+            else if (value && typeof value === 'object') {
+                this.collectNodeText(value, parts, seen);
+            }
+        }
+    }
+    singleReturnExpression(node) {
+        if (!node?.body?.statements || node.body.statements.length === 0)
+            return null;
+        const stmt = node.body.statements[node.body.statements.length - 1];
+        if (stmt?.type !== 'ReturnStatement')
+            return null;
+        return stmt.expression || null;
+    }
+    isCreate2PredeployExistenceCheck(node) {
+        if (!node)
+            return false;
+        if (node.type === 'BinaryOperation') {
+            return this.create2AddressVars.has(this.codeLengthAddressName(node.left))
+                || this.create2AddressVars.has(this.codeLengthAddressName(node.right));
+        }
+        if (node.type === 'FunctionCall') {
+            return (node.arguments || []).some((arg) => this.create2AddressVars.has(this.identifierName(arg)));
+        }
+        if (node.type === 'UnaryOperation') {
+            return this.isCreate2PredeployExistenceCheck(node.subExpression);
+        }
+        return false;
+    }
+    codeLengthAddressName(node) {
+        if (!this.isCodeLength(node))
+            return '';
+        return this.identifierName(node.expression?.expression);
+    }
+    identifierName(node) {
+        return node?.type === 'Identifier' ? node.name || '' : '';
+    }
+    isCreate2AddressDerivation(node) {
+        return this.containsCreate2SaltedHash(node, new Set());
+    }
+    containsCreate2SaltedHash(node, seen) {
+        if (!node || typeof node !== 'object' || seen.has(node))
+            return false;
+        seen.add(node);
+        if (node.type === 'FunctionCall' && this.callName(node.expression) === 'keccak256') {
+            const text = this.normalizeText(this.nodeText(node));
+            if (text.includes('0xff') && (text.includes('salt') || text.includes('init code')))
+                return true;
+        }
+        for (const key of Object.keys(node)) {
+            if (key === 'loc' || key === 'range' || key === 'typeDescriptions')
+                continue;
+            const value = node[key];
+            if (Array.isArray(value)) {
+                if (value.some(child => this.containsCreate2SaltedHash(child, seen)))
+                    return true;
+            }
+            else if (value && typeof value === 'object' && this.containsCreate2SaltedHash(value, seen)) {
+                return true;
+            }
+        }
+        return false;
+    }
+    callName(node) {
+        if (!node)
+            return '';
+        if (node.type === 'Identifier')
+            return node.name || '';
+        if (node.type === 'ElementaryTypeName')
+            return node.name || '';
+        if (node.type === 'MemberAccess') {
+            const base = this.callName(node.expression);
+            return base ? `${base}.${node.memberName || ''}` : node.memberName || '';
+        }
+        return '';
+    }
+}
+exports.EIP7702EOAAssumptionDetector = EIP7702EOAAssumptionDetector;
+const proto = EIP7702EOAAssumptionDetector.prototype;
+proto['ContractDefinition:exit'] = proto.ContractDefinition_post;
+proto['FunctionDefinition:exit'] = proto.FunctionDefinition_post;
+proto['ModifierDefinition:exit'] = proto.ModifierDefinition_post;
+proto['FunctionCall:exit'] = proto.FunctionCall_post;
+proto['IfStatement:exit'] = proto.IfStatement_post;
+//# sourceMappingURL=eip7702-eoa-assumption.js.map

package/dist/detectors/erc1155-batch-missing-per-id-approval.d.ts

@@ -0,0 +1,23 @@
+import type { ScanResult } from '../index';
+export declare class Erc1155BatchMissingPerIdApprovalDetector {
+    readonly id = "erc1155-batch-missing-per-id-approval";
+    readonly patternKey = "erc1155-batch-missing-per-id-approval";
+    readonly supportedAstKinds: "parser"[];
+    readonly descriptor: {
+        id: string;
+        shortDescription: string;
+        helpUri: string;
+        defaultSeverity: "high";
+        help: string;
+    };
+    private currentFile;
+    private currentContract;
+    private currentContractKind;
+    private findings;
+    setFile(file: string): void;
+    getFindings(): ScanResult[];
+    ContractDefinition(node: any): void;
+    ContractDefinition_post(_node: any): void;
+    ['ContractDefinition:exit'](node: any): void;
+    FunctionDefinition(node: any): void;
+}