@snovon/solast 0.2.0

package/dist/detectors/erc1271-stub-implementation.js

@@ -0,0 +1,268 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.Erc1271StubImplementationDetector = void 0;
+const RULE_ID = 'erc1271-stub-implementation';
+const PATTERN = `${RULE_ID}/no-signature-primitive`;
+// EIP-1271 magic value for VALID signatures: bytes4(keccak256("isValidSignature(bytes32,bytes)")).
+// Canonical numeric form is 0x1626ba7e (decimal 371641470).
+const MAGIC_HEX = '0x1626ba7e';
+const MAGIC_DECIMAL = 0x1626ba7e;
+// Signature primitives whose presence anywhere in the function body
+// indicates a real signature check (v1 heuristic — see spec for the
+// full dominator-path version).
+//
+// `ecrecover` — Solidity builtin (Identifier call).
+// `recover` — ECDSA.recover / EIP712.recover (any MemberAccess call).
+// `isValidSignatureNow` — OpenZeppelin SignatureChecker.
+// `recoverSigner` — community helper name; common enough to whitelist.
+const SIGNATURE_PRIMITIVE_IDENTIFIERS = new Set(['ecrecover']);
+const SIGNATURE_PRIMITIVE_MEMBERS = new Set([
+    'recover',
+    'isValidSignatureNow',
+    'recoverSigner',
+    'isValidSignature', // nested delegation: return inner.isValidSignature(hash, sig)
+    'verify', // OZ MessageHashUtils-style: hash.verify(sig, signer)
+]);
+class Erc1271StubImplementationDetector {
+    id = RULE_ID;
+    patternKey = RULE_ID;
+    supportedAstKinds = ['parser'];
+    scanAst(ast, file) {
+        if (!ast || ast.type !== 'SourceUnit')
+            return [];
+        const findings = [];
+        for (const contract of ast.children || []) {
+            if (contract?.type !== 'ContractDefinition')
+                continue;
+            if (contract.kind === 'interface' || contract.kind === 'library')
+                continue;
+            for (const subNode of contract.subNodes || []) {
+                if (subNode?.type !== 'FunctionDefinition')
+                    continue;
+                if (!this.matchesEip1271(subNode))
+                    continue;
+                if (!subNode.body)
+                    continue;
+                const callsSignaturePrimitive = this.bodyCallsSignaturePrimitive(subNode.body);
+                const returnsMagicValue = this.bodyReturnsMagicValue(subNode.body);
+                const returnsZeroSelector = this.bodyReturnsZeroSelector(subNode.body);
+                if ((returnsMagicValue || returnsZeroSelector) && !callsSignaturePrimitive) {
+                    findings.push(this.makeFinding(file, contract, subNode));
+                }
+            }
+        }
+        return findings;
+    }
+    matchesEip1271(fn) {
+        if (fn.name !== 'isValidSignature')
+            return false;
+        const params = Array.isArray(fn.parameters) ? fn.parameters : [];
+        if (params.length !== 2)
+            return false;
+        const firstType = this.elementaryTypeName(params[0]);
+        if (firstType !== 'bytes32')
+            return false;
+        const secondType = this.elementaryTypeName(params[1]);
+        if (secondType !== 'bytes')
+            return false;
+        // Return type — EIP-1271 requires bytes4. If returnParameters is missing
+        // or has the wrong shape, skip (avoid false positives on accidental
+        // name collisions with non-EIP-1271 functions).
+        const returnParams = Array.isArray(fn.returnParameters) ? fn.returnParameters : [];
+        if (returnParams.length !== 1)
+            return false;
+        const returnType = this.elementaryTypeName(returnParams[0]);
+        if (returnType !== 'bytes4')
+            return false;
+        return true;
+    }
+    elementaryTypeName(param) {
+        if (!param)
+            return null;
+        const tn = param.typeName;
+        if (!tn)
+            return null;
+        if (tn.type === 'ElementaryTypeName')
+            return tn.name || null;
+        return null;
+    }
+    bodyCallsSignaturePrimitive(body) {
+        return this.findDescendant(body, (node) => {
+            if (node?.type !== 'FunctionCall')
+                return false;
+            const expr = node.expression;
+            if (!expr)
+                return false;
+            // Bare identifier call: ecrecover(hash, v, r, s)
+            if (expr.type === 'Identifier' && SIGNATURE_PRIMITIVE_IDENTIFIERS.has(expr.name)) {
+                return true;
+            }
+            // MemberAccess call: ECDSA.recover(...) / hash.recover(sig) / SignatureChecker.isValidSignatureNow(...)
+            if (expr.type === 'MemberAccess' && typeof expr.memberName === 'string' && SIGNATURE_PRIMITIVE_MEMBERS.has(expr.memberName)) {
+                return true;
+            }
+            return false;
+        });
+    }
+    bodyReturnsMagicValue(body) {
+        return this.findDescendant(body, (node) => {
+            if (node?.type !== 'ReturnStatement')
+                return false;
+            const expr = node.expression;
+            if (!expr)
+                return false;
+            return this.expressionContainsMagicValue(expr);
+        });
+    }
+    bodyReturnsZeroSelector(body) {
+        return this.findDescendant(body, (node) => {
+            if (node?.type !== 'ReturnStatement')
+                return false;
+            const expr = node.expression;
+            if (!expr)
+                return false;
+            return this.expressionIsBytes4Zero(expr);
+        });
+    }
+    expressionContainsMagicValue(node) {
+        // Recursively check whether the expression contains the magic literal
+        // anywhere in its sub-tree. This catches ternaries, casts, and
+        // tuple-wrapped returns: `return _ok ? bytes4(0x1626ba7e) : bytes4(0)`.
+        return this.findDescendant(node, (n) => {
+            if (!n)
+                return false;
+            // Numeric literal — Solidity parser uses NumberLiteral with `number`
+            // being the as-written string. Hex literals come through as
+            // NumberLiteral too (the parser normalises both forms).
+            if (n.type === 'NumberLiteral' && this.isMagicNumberLiteral(n))
+                return true;
+            // HexLiteral — `hex"1626ba7e"` syntax.
+            if (n.type === 'HexLiteral' && typeof n.value === 'string') {
+                const v = n.value.toLowerCase().replace(/^hex"|"$/g, '');
+                if (v === '1626ba7e')
+                    return true;
+            }
+            // Stringliteral with `hex"..."` representation.
+            if (n.type === 'StringLiteral' && typeof n.value === 'string') {
+                // Some parser versions emit `hex"1626ba7e"` as a StringLiteral with isUnicode=false.
+                const v = n.value.toLowerCase();
+                if (v === '1626ba7e' || v === '\\x16\\x26\\xba\\x7e')
+                    return true;
+            }
+            // .selector form: `IERC1271.isValidSignature.selector` — MemberAccess
+            // where memberName='selector' and the inner expression is
+            // MemberAccess { memberName: 'isValidSignature' }.
+            if (n.type === 'MemberAccess' && n.memberName === 'selector') {
+                const inner = n.expression;
+                if (inner?.type === 'MemberAccess' && inner.memberName === 'isValidSignature')
+                    return true;
+            }
+            return false;
+        });
+    }
+    isMagicNumberLiteral(n) {
+        if (n?.type !== 'NumberLiteral')
+            return false;
+        const raw = typeof n.number === 'string' ? n.number.toLowerCase() : '';
+        if (raw === MAGIC_HEX || raw === MAGIC_DECIMAL.toString(10))
+            return true;
+        // Some parser versions strip the 0x prefix.
+        if (raw === MAGIC_HEX.slice(2))
+            return true;
+        // Parse as hex or decimal and compare numerically.
+        try {
+            const parsed = raw.startsWith('0x') ? parseInt(raw, 16) : parseInt(raw, 10);
+            if (Number.isFinite(parsed) && parsed === MAGIC_DECIMAL)
+                return true;
+        }
+        catch {
+            /* ignore */
+        }
+        return false;
+    }
+    expressionIsBytes4Zero(node) {
+        if (node?.type !== 'FunctionCall')
+            return false;
+        const expr = node.expression;
+        if (!this.isBytes4Cast(expr))
+            return false;
+        const args = Array.isArray(node.arguments) ? node.arguments : [];
+        if (args.length !== 1)
+            return false;
+        return this.isZeroLiteral(args[0]);
+    }
+    isBytes4Cast(expr) {
+        if (!expr)
+            return false;
+        if (expr.type === 'ElementaryTypeName' && expr.name === 'bytes4')
+            return true;
+        return expr.type === 'ElementaryTypeNameExpression'
+            && expr.typeName?.type === 'ElementaryTypeName'
+            && expr.typeName.name === 'bytes4';
+    }
+    isZeroLiteral(node) {
+        if (node?.type !== 'NumberLiteral')
+            return false;
+        const raw = typeof node.number === 'string' ? node.number.toLowerCase() : '';
+        return raw === '0' || raw === '0x0' || raw === '0x00';
+    }
+    findDescendant(node, predicate) {
+        if (!node || typeof node !== 'object')
+            return false;
+        if (predicate(node))
+            return true;
+        for (const child of this.childNodes(node)) {
+            if (this.findDescendant(child, predicate))
+                return true;
+        }
+        return false;
+    }
+    childNodes(node) {
+        const children = [];
+        for (const [key, value] of Object.entries(node)) {
+            if (key === 'loc' || key === 'range')
+                continue;
+            if (Array.isArray(value)) {
+                for (const item of value) {
+                    if (item && typeof item === 'object')
+                        children.push(item);
+                }
+            }
+            else if (value && typeof value === 'object') {
+                children.push(value);
+            }
+        }
+        return children;
+    }
+    makeFinding(file, contract, fn) {
+        const loc = this.locOf(fn);
+        const contractName = contract.name || '<anonymous>';
+        const functionName = fn.name || '<anonymous>';
+        return {
+            file,
+            contract: contractName,
+            'function': functionName,
+            line: loc.line,
+            column: loc.column,
+            ruleId: RULE_ID,
+            pattern: PATTERN,
+            severity: 'high',
+            confidence: 'high',
+            category: 'access-control',
+            message: `isValidSignature(bytes32, bytes) returns a hard-coded ERC-1271 selector value but the function body calls no signature primitive (ecrecover / ECDSA.recover / SignatureChecker.isValidSignatureNow). The implementation is a stub or wrong-selector near miss, so signatures are not actually validated.`,
+            contractName,
+            functionName,
+            sourceLocation: loc,
+            findingId: '',
+            contractHash: '',
+        };
+    }
+    locOf(node) {
+        return {
+            line: node?.loc?.start?.line || 0,
+            column: node?.loc?.start?.column || 0,
+        };
+    }
+}
+exports.Erc1271StubImplementationDetector = Erc1271StubImplementationDetector;
+//# sourceMappingURL=erc1271-stub-implementation.js.map

package/dist/detectors/erc20-safe-wrapper-return-unchecked.d.ts

@@ -0,0 +1,43 @@
+import type { ScanResult } from '../index';
+import type { SemanticModel } from '../semantic/model';
+export declare class Erc20SafeWrapperReturnUncheckedDetector {
+    readonly id = "erc20-safe-wrapper-return-unchecked";
+    readonly patternKey = "erc20-safe-wrapper-return-unchecked";
+    readonly supportedAstKinds: "parser"[];
+    readonly descriptor: {
+        id: string;
+        shortDescription: string;
+        helpUri: string;
+        defaultSeverity: "medium";
+    };
+    private findings;
+    private currentFile;
+    private semantic;
+    private currentContractNode;
+    private currentContractName;
+    private functionsInContract;
+    private suppressByOzHeuristic;
+    setFile(file: string): void;
+    setSemanticModel(model: SemanticModel | undefined): void;
+    getFindings(): ScanResult[];
+    ContractDefinition(node: any): void;
+    'ContractDefinition:exit'(): void;
+    FunctionDefinition(node: any): void;
+    private resetContractState;
+    private isOzSafeERC20Contract;
+    private getMemberAccessPath;
+    private analyzeFunctionForUncheckedErc20;
+    private buildFunctionMap;
+    private resolveCrossFileContract;
+    private findContractInSameFile;
+    private findFunctionInSameFileContracts;
+    private findUncheckedErc20Calls;
+    private buildTypeMap;
+    private typeNameString;
+    private isErc20Type;
+    private collectInternalCalls;
+    private simpleIdentifierName;
+    private makeFinding;
+    private walk;
+    private walkWithParent;
+}

package/dist/detectors/erc20-safe-wrapper-return-unchecked.js

@@ -0,0 +1,368 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.Erc20SafeWrapperReturnUncheckedDetector = void 0;
+const ast_1 = require("./_common/ast");
+const RULE_ID = 'erc20-safe-wrapper-return-unchecked';
+const PATTERN = `${RULE_ID}/unchecked-erc20-return-in-wrapper`;
+const WRAPPER_NAMES = new Set(['safeTransfer', 'safeTransferFrom', 'safeApprove']);
+const ERC20_METHODS = new Set(['transfer', 'transferFrom', 'approve']);
+class Erc20SafeWrapperReturnUncheckedDetector {
+    id = RULE_ID;
+    patternKey = RULE_ID;
+    supportedAstKinds = ['parser'];
+    descriptor = {
+        id: RULE_ID,
+        shortDescription: 'Wrapper function named safeTransfer, safeTransferFrom, or safeApprove swallows the underlying ERC20 boolean return instead of asserting, assigning, or propagating it.',
+        helpUri: 'https://snovon.com/',
+        defaultSeverity: 'medium',
+    };
+    findings = [];
+    currentFile = '';
+    semantic;
+    currentContractNode = null;
+    currentContractName = '';
+    functionsInContract = [];
+    suppressByOzHeuristic = false;
+    setFile(file) {
+        this.currentFile = file;
+        this.findings = [];
+        this.currentContractNode = null;
+        this.currentContractName = '';
+        this.functionsInContract = [];
+        this.suppressByOzHeuristic = false;
+    }
+    setSemanticModel(model) {
+        this.semantic = model;
+    }
+    getFindings() {
+        return this.findings;
+    }
+    ContractDefinition(node) {
+        this.currentContractNode = node;
+        this.currentContractName = node?.name || '';
+        this.functionsInContract = [];
+        this.suppressByOzHeuristic = this.isOzSafeERC20Contract(node);
+    }
+    'ContractDefinition:exit'() {
+        if (this.suppressByOzHeuristic) {
+            this.resetContractState();
+            return;
+        }
+        const functionsByName = new Map();
+        for (const fn of this.functionsInContract) {
+            const name = fn?.name;
+            if (name)
+                functionsByName.set(name, fn);
+        }
+        for (const fn of this.functionsInContract) {
+            const name = fn?.name || '';
+            if (!WRAPPER_NAMES.has(name))
+                continue;
+            if (!fn.body)
+                continue;
+            const visited = new Set();
+            const wrapperFindings = this.analyzeFunctionForUncheckedErc20(fn, this.currentContractNode, this.currentFile, functionsByName, visited, name, fn, this.currentContractName, this.currentFile);
+            this.findings.push(...wrapperFindings);
+        }
+        this.resetContractState();
+    }
+    FunctionDefinition(node) {
+        this.functionsInContract.push(node);
+    }
+    resetContractState() {
+        this.currentContractNode = null;
+        this.currentContractName = '';
+        this.functionsInContract = [];
+        this.suppressByOzHeuristic = false;
+    }
+    isOzSafeERC20Contract(node) {
+        const name = String(node?.name || '').toLowerCase();
+        if (name === 'safeerc20')
+            return true;
+        for (const sub of node.subNodes || []) {
+            if (sub?.type === 'UsingForDeclaration') {
+                const libName = sub.libraryName;
+                if (libName?.type === 'Identifier' && libName.name?.toLowerCase() === 'safeerc20') {
+                    return true;
+                }
+                if (libName?.type === 'MemberAccess') {
+                    const path = this.getMemberAccessPath(libName);
+                    if (path?.toLowerCase() === 'safeerc20')
+                        return true;
+                }
+            }
+        }
+        return false;
+    }
+    getMemberAccessPath(node) {
+        if (!node || typeof node !== 'object')
+            return '';
+        if (node.type === 'Identifier')
+            return node.name || '';
+        if (node.type === 'MemberAccess') {
+            const base = this.getMemberAccessPath(node.expression);
+            const member = node.memberName || '';
+            return base ? `${base}.${member}` : member;
+        }
+        return '';
+    }
+    analyzeFunctionForUncheckedErc20(functionNode, contractNode, contractPath, sameFileFunctions, visited, originalWrapperName, originalWrapperNode, originalContractName, originalContractPath) {
+        const fnName = functionNode?.name || '<anonymous>';
+        const contractName = contractNode?.name || '<anonymous>';
+        const key = `${contractPath}::${contractName}::${fnName}`;
+        if (visited.has(key))
+            return [];
+        visited.add(key);
+        const results = [];
+        // Find direct unchecked ERC20 calls
+        const unchecked = this.findUncheckedErc20Calls(functionNode, contractNode);
+        for (const u of unchecked) {
+            results.push(this.makeFinding(originalContractPath, originalContractName, originalWrapperName, originalWrapperNode, u.node, u.method));
+        }
+        // Trace internal calls
+        const internalCalls = this.collectInternalCalls(functionNode.body);
+        for (const call of internalCalls) {
+            let targetFn;
+            let targetContract;
+            let targetPath = contractPath;
+            if (call.contractName) {
+                if (call.contractName === 'this') {
+                    targetFn = sameFileFunctions.get(call.name);
+                    targetContract = contractNode;
+                }
+                else {
+                    const resolved = this.resolveCrossFileContract(contractPath, call.contractName);
+                    if (resolved) {
+                        targetContract = resolved.node;
+                        targetPath = resolved.sourcePath;
+                        targetFn = resolved.functions.find((f) => f.name === call.name)?.node;
+                    }
+                    else {
+                        // Fallback: search same-file contracts by walking the AST root
+                        targetFn = this.findFunctionInSameFileContracts(contractNode, call.contractName, call.name);
+                        if (targetFn) {
+                            targetContract = this.findContractInSameFile(contractNode, call.contractName);
+                            targetPath = contractPath;
+                        }
+                    }
+                }
+            }
+            else {
+                targetFn = sameFileFunctions.get(call.name);
+                if (!targetFn && this.semantic) {
+                    // Try inherited functions
+                    const contractId = `${contractPath}::${contractName}`;
+                    const inherited = this.semantic.inheritedFunctions(contractId);
+                    for (const fn of inherited) {
+                        if (fn.name === call.name) {
+                            targetFn = fn.node;
+                            const declarer = this.semantic.contracts.get(fn.contractId);
+                            if (declarer) {
+                                targetContract = declarer.node;
+                                targetPath = declarer.sourcePath;
+                            }
+                            break;
+                        }
+                    }
+                }
+                targetContract = targetContract || contractNode;
+            }
+            if (targetFn && targetContract) {
+                const nestedFunctionsByName = this.buildFunctionMap(targetContract);
+                const nested = this.analyzeFunctionForUncheckedErc20(targetFn, targetContract, targetPath, nestedFunctionsByName, visited, originalWrapperName, originalWrapperNode, originalContractName, originalContractPath);
+                results.push(...nested);
+            }
+        }
+        return results;
+    }
+    buildFunctionMap(contractNode) {
+        const map = new Map();
+        for (const sub of contractNode?.subNodes || []) {
+            if (sub?.type === 'FunctionDefinition' && sub.name) {
+                map.set(sub.name, sub);
+            }
+        }
+        return map;
+    }
+    resolveCrossFileContract(fromPath, visibleName) {
+        return this.semantic?.resolveContract(fromPath, visibleName);
+    }
+    findContractInSameFile(currentContractNode, contractName) {
+        // Walk up to the SourceUnit and search all ContractDefinitions
+        let parent = currentContractNode;
+        // No parent pointer in parser AST, so we can't walk up.
+        // Fallback: use the current contract if names match
+        if (currentContractNode?.name === contractName)
+            return currentContractNode;
+        return undefined;
+    }
+    findFunctionInSameFileContracts(currentContractNode, contractName, functionName) {
+        if (currentContractNode?.name === contractName) {
+            for (const sub of currentContractNode.subNodes || []) {
+                if (sub?.type === 'FunctionDefinition' && sub.name === functionName) {
+                    return sub;
+                }
+            }
+        }
+        return undefined;
+    }
+    findUncheckedErc20Calls(functionNode, contractNode) {
+        const results = [];
+        if (!functionNode?.body)
+            return results;
+        // Resolve the declared types of identifiers in scope so the detector
+        // emits only when the dropped boolean genuinely belongs to an ERC20-like
+        // token, not a lookalike abstraction (e.g. `IVault`) that happens to
+        // expose a `transfer`/`approve` member. Detection is semantic, not
+        // name-only — see docs/detectors for the heuristic and its FN limits.
+        const typeMap = this.buildTypeMap(functionNode, contractNode);
+        this.walkWithParent(functionNode.body, (n, parent) => {
+            if (n.type !== 'FunctionCall')
+                return;
+            const callee = n.expression;
+            if (callee?.type !== 'MemberAccess')
+                return;
+            const method = callee.memberName || '';
+            if (!ERC20_METHODS.has(method))
+                return;
+            // Only flag bare expression statements (return value discarded)
+            if (parent?.type !== 'ExpressionStatement')
+                return;
+            // The receiver of the call must resolve to an ERC20-like token type.
+            const base = callee.expression;
+            if (base?.type !== 'Identifier')
+                return;
+            const baseType = typeMap.get(base.name);
+            if (!baseType || !this.isErc20Type(baseType))
+                return;
+            results.push({ node: n, method });
+        });
+        return results;
+    }
+    buildTypeMap(functionNode, contractNode) {
+        const map = new Map();
+        const add = (decl) => {
+            if (!decl || typeof decl !== 'object')
+                return;
+            const name = decl.name;
+            const typeName = this.typeNameString(decl.typeName);
+            if (name && typeName)
+                map.set(name, typeName);
+        };
+        // Contract / library state variables.
+        for (const sub of contractNode?.subNodes || []) {
+            if (sub?.type === 'StateVariableDeclaration') {
+                for (const v of sub.variables || [])
+                    add(v);
+            }
+        }
+        // Function parameters (parser exposes these as a plain array).
+        const params = Array.isArray(functionNode?.parameters)
+            ? functionNode.parameters
+            : (functionNode?.parameters?.parameters || []);
+        for (const p of params)
+            add(p);
+        // Local variable declarations inside the function body.
+        this.walk(functionNode?.body, (n) => {
+            if (n.type === 'VariableDeclarationStatement') {
+                for (const v of n.variables || [])
+                    add(v);
+            }
+        });
+        return map;
+    }
+    typeNameString(typeName) {
+        if (!typeName || typeof typeName !== 'object')
+            return '';
+        if (typeName.type === 'UserDefinedTypeName')
+            return typeName.namePath || '';
+        if (typeName.type === 'ElementaryTypeName')
+            return typeName.name || '';
+        return '';
+    }
+    isErc20Type(typeName) {
+        // v1 heuristic: the declared type name must look like an ERC20 token
+        // interface. This deliberately keeps the detector high-signal — a token
+        // held under a non-ERC20-named type is a documented false negative.
+        return /erc20/i.test(typeName);
+    }
+    collectInternalCalls(node) {
+        const calls = [];
+        this.walk(node, (n) => {
+            if (n.type !== 'FunctionCall')
+                return;
+            const callee = n.expression;
+            if (callee?.type === 'MemberAccess') {
+                const baseName = this.simpleIdentifierName(callee.expression);
+                const memberName = callee.memberName;
+                if (memberName) {
+                    calls.push({ name: memberName, contractName: baseName });
+                }
+            }
+            else if (callee?.type === 'Identifier') {
+                calls.push({ name: callee.name });
+            }
+        });
+        return calls;
+    }
+    simpleIdentifierName(node) {
+        if (node?.type === 'Identifier')
+            return node.name;
+        return undefined;
+    }
+    makeFinding(file, contractName, functionName, fallbackNode, node, method) {
+        const loc = (0, ast_1.assertLoc)(node, fallbackNode);
+        return {
+            file,
+            contract: contractName,
+            'function': functionName,
+            line: loc.line,
+            column: loc.column,
+            ruleId: RULE_ID,
+            pattern: PATTERN,
+            severity: 'medium',
+            confidence: 'high',
+            message: `Unchecked ERC20 ${method} return value inside wrapper-style function '${functionName}': the underlying boolean is swallowed rather than asserted or propagated.`,
+            findingId: '',
+            contractHash: '',
+        };
+    }
+    walk(node, visitor) {
+        if (!node || typeof node !== 'object')
+            return;
+        visitor(node);
+        for (const [key, value] of Object.entries(node)) {
+            if (key === 'loc' || key === 'range' || key === 'src' || key === 'typeName')
+                continue;
+            if (Array.isArray(value)) {
+                for (const item of value) {
+                    if (item && typeof item === 'object')
+                        this.walk(item, visitor);
+                }
+            }
+            else if (value && typeof value === 'object') {
+                this.walk(value, visitor);
+            }
+        }
+    }
+    walkWithParent(node, visitor, parent = null) {
+        if (!node || typeof node !== 'object')
+            return;
+        visitor(node, parent);
+        for (const [key, value] of Object.entries(node)) {
+            if (key === 'loc' || key === 'range' || key === 'src' || key === 'typeName')
+                continue;
+            if (Array.isArray(value)) {
+                for (const item of value) {
+                    if (item && typeof item === 'object')
+                        this.walkWithParent(item, visitor, node);
+                }
+            }
+            else if (value && typeof value === 'object') {
+                this.walkWithParent(value, visitor, node);
+            }
+        }
+    }
+}
+exports.Erc20SafeWrapperReturnUncheckedDetector = Erc20SafeWrapperReturnUncheckedDetector;
+//# sourceMappingURL=erc20-safe-wrapper-return-unchecked.js.map