@snovon/solast 0.2.0

package/dist/detectors/erc20-unchecked-non-standard-return.d.ts

@@ -0,0 +1,55 @@
+import type { ScanResult } from '../index';
+export declare class Erc20UncheckedNonStandardReturnDetector {
+    readonly id = "erc20-unchecked-non-standard-return";
+    readonly patternKey = "erc20-unchecked-non-standard-return";
+    readonly supportedAstKinds: "parser"[];
+    private currentFile;
+    private currentContract;
+    private currentFunction;
+    private findings;
+    private contractVariableTypes;
+    private localVariableTypes;
+    private checkedTransferFromCalls;
+    private deferredTransferFromCalls;
+    private pendingTransferFromByVariable;
+    private assemblyDepth;
+    setFile(file: string): void;
+    getFindings(): ScanResult[];
+    ContractDefinition(node: any): void;
+    'ContractDefinition:exit'(_node: any): void;
+    FunctionDefinition(node: any): void;
+    'FunctionDefinition:exit'(_node: any): void;
+    VariableDeclarationStatement(node: any): void;
+    BinaryOperation(node: any): void;
+    IfStatement(node: any): void;
+    WhileStatement(node: any): void;
+    ForStatement(node: any): void;
+    ReturnStatement(node: any): void;
+    FunctionCall(node: any): void;
+    private asErc20MutatingCall;
+    private markCheckedExpression;
+    private collectTransferFromCalls;
+    private findSingleTransferFromCall;
+    private collectIdentifiers;
+    private isRequireOrAssertCall;
+    private firstDeclaredVariableName;
+    private identifierName;
+    InlineAssemblyStatement(_node: any): void;
+    'InlineAssemblyStatement:exit'(_node: any): void;
+    AssemblyBlock(_node: any): void;
+    'AssemblyBlock:exit'(_node: any): void;
+    private recordVariableTypes;
+    private typeName;
+    private variableType;
+    private isEligibleReceiver;
+    private isAddressOrContractType;
+    private calleeTypeName;
+    private rootIdentifier;
+    private unwrapCallOptions;
+    private lowLevelMemberName;
+    private isSelfReceiver;
+    private makeFinding;
+    private locOf;
+    private callKey;
+    private childNodes;
+}

package/dist/detectors/erc20-unchecked-non-standard-return.js

@@ -0,0 +1,454 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.Erc20UncheckedNonStandardReturnDetector = void 0;
+const RULE_ID = 'erc20-unchecked-non-standard-return';
+const PATTERN = `${RULE_ID}/non-standard-return`;
+// ERC20 mutating methods with deterministic arg counts. The arg-count gate
+// is what distinguishes `IERC20.transfer(to, amount)` (2 args) from
+// `address.transfer(value)` (1 arg, the ETH-transfer primitive).
+const TARGET_METHODS = {
+    transfer: 2,
+    transferFrom: 3,
+    approve: 2,
+};
+const LOW_LEVEL_CALLS = new Set(['call', 'delegatecall', 'staticcall', 'send']);
+const SAFE_METHOD_FOR = {
+    transfer: 'safeTransfer',
+    transferFrom: 'safeTransferFrom',
+    approve: 'safeApprove',
+};
+class Erc20UncheckedNonStandardReturnDetector {
+    id = RULE_ID;
+    patternKey = RULE_ID;
+    supportedAstKinds = ['parser'];
+    currentFile = '';
+    currentContract = null;
+    currentFunction = null;
+    findings = [];
+    contractVariableTypes = new Map();
+    localVariableTypes = new Map();
+    checkedTransferFromCalls = new Set();
+    deferredTransferFromCalls = new Set();
+    pendingTransferFromByVariable = new Map();
+    assemblyDepth = 0;
+    setFile(file) {
+        this.currentFile = file;
+        this.currentContract = null;
+        this.currentFunction = null;
+        this.findings = [];
+        this.contractVariableTypes = new Map();
+        this.localVariableTypes = new Map();
+        this.checkedTransferFromCalls = new Set();
+        this.deferredTransferFromCalls = new Set();
+        this.pendingTransferFromByVariable = new Map();
+        this.assemblyDepth = 0;
+    }
+    getFindings() {
+        return this.findings;
+    }
+    ContractDefinition(node) {
+        if (node?.kind === 'interface' || node?.kind === 'library') {
+            this.currentContract = null;
+            this.contractVariableTypes.clear();
+            return;
+        }
+        this.currentContract = node;
+        this.contractVariableTypes.clear();
+        for (const subNode of Array.isArray(node?.subNodes) ? node.subNodes : []) {
+            if (subNode?.type !== 'StateVariableDeclaration')
+                continue;
+            this.recordVariableTypes(subNode.variables, this.contractVariableTypes);
+        }
+    }
+    'ContractDefinition:exit'(_node) {
+        this.currentContract = null;
+        this.contractVariableTypes.clear();
+    }
+    FunctionDefinition(node) {
+        if (!this.currentContract || !node?.body) {
+            this.currentFunction = null;
+            return;
+        }
+        this.currentFunction = node;
+        this.checkedTransferFromCalls.clear();
+        this.deferredTransferFromCalls.clear();
+        this.pendingTransferFromByVariable.clear();
+        this.localVariableTypes.clear();
+        this.recordVariableTypes(node.parameters, this.localVariableTypes);
+    }
+    'FunctionDefinition:exit'(_node) {
+        if (this.currentContract && this.currentFunction) {
+            for (const pending of this.pendingTransferFromByVariable.values()) {
+                if (!pending.checked) {
+                    this.findings.push(this.makeFinding(this.currentFile, this.currentContract, this.currentFunction, pending.match));
+                }
+            }
+        }
+        this.currentFunction = null;
+        this.checkedTransferFromCalls.clear();
+        this.deferredTransferFromCalls.clear();
+        this.pendingTransferFromByVariable.clear();
+        this.localVariableTypes.clear();
+    }
+    VariableDeclarationStatement(node) {
+        if (!this.currentFunction)
+            return;
+        this.recordVariableTypes(node?.variables, this.localVariableTypes);
+        const initialValue = node?.initialValue;
+        const match = this.findSingleTransferFromCall(initialValue);
+        if (!match)
+            return;
+        const variableName = this.firstDeclaredVariableName(node);
+        if (!variableName)
+            return;
+        const key = this.callKey(match.node);
+        this.deferredTransferFromCalls.add(key);
+        this.pendingTransferFromByVariable.set(variableName, {
+            match,
+            checked: false,
+        });
+    }
+    BinaryOperation(node) {
+        if (!this.currentFunction)
+            return;
+        if (node?.operator === '=') {
+            const variableName = this.identifierName(node.left);
+            const match = this.findSingleTransferFromCall(node.right);
+            if (variableName && match) {
+                const key = this.callKey(match.node);
+                this.deferredTransferFromCalls.add(key);
+                this.pendingTransferFromByVariable.set(variableName, {
+                    match,
+                    checked: false,
+                });
+            }
+            return;
+        }
+    }
+    IfStatement(node) {
+        this.markCheckedExpression(node?.condition);
+    }
+    WhileStatement(node) {
+        this.markCheckedExpression(node?.condition);
+    }
+    ForStatement(node) {
+        this.markCheckedExpression(node?.conditionExpression);
+    }
+    ReturnStatement(node) {
+        this.markCheckedExpression(node?.expression);
+    }
+    FunctionCall(node) {
+        if (!this.currentContract || !this.currentFunction)
+            return;
+        if (this.assemblyDepth > 0)
+            return;
+        if (this.isRequireOrAssertCall(node)) {
+            this.markCheckedExpression(Array.isArray(node.arguments) ? node.arguments[0] : null);
+        }
+        const match = this.asErc20MutatingCall(node);
+        if (!match)
+            return;
+        const key = this.callKey(node);
+        if (match.name === 'transferFrom') {
+            if (this.checkedTransferFromCalls.has(key))
+                return;
+            if (this.deferredTransferFromCalls.has(key))
+                return;
+        }
+        this.findings.push(this.makeFinding(this.currentFile, this.currentContract, this.currentFunction, match));
+    }
+    asErc20MutatingCall(node) {
+        const expression = this.unwrapCallOptions(node?.expression);
+        if (!expression || expression.type !== 'MemberAccess')
+            return null;
+        const name = expression.memberName;
+        if (typeof name !== 'string')
+            return null;
+        const requiredArgs = TARGET_METHODS[name];
+        if (requiredArgs === undefined)
+            return null;
+        const argCount = Array.isArray(node.arguments) ? node.arguments.length : 0;
+        if (argCount !== requiredArgs)
+            return null;
+        // Suppression: self-calls — `this.transfer(...)` / `address(this).transfer(...)`
+        // / `payable(this).transfer(...)`. The contract IS its own ERC20
+        // implementation, so the call resolves to a known-compliant function.
+        if (this.isSelfReceiver(expression.expression))
+            return null;
+        if (!this.isEligibleReceiver(expression.expression))
+            return null;
+        return { name, node };
+    }
+    markCheckedExpression(node) {
+        if (!node || typeof node !== 'object')
+            return;
+        for (const call of this.collectTransferFromCalls(node)) {
+            this.checkedTransferFromCalls.add(this.callKey(call.node));
+        }
+        for (const identifier of this.collectIdentifiers(node)) {
+            const pending = this.pendingTransferFromByVariable.get(identifier);
+            if (pending)
+                pending.checked = true;
+        }
+    }
+    collectTransferFromCalls(node, out = []) {
+        if (!node || typeof node !== 'object')
+            return out;
+        if (node.type === 'FunctionCall') {
+            const match = this.asErc20MutatingCall(node);
+            if (match?.name === 'transferFrom')
+                out.push(match);
+        }
+        for (const child of this.childNodes(node)) {
+            this.collectTransferFromCalls(child, out);
+        }
+        return out;
+    }
+    findSingleTransferFromCall(node) {
+        const calls = this.collectTransferFromCalls(node);
+        return calls.length === 1 ? calls[0] : null;
+    }
+    collectIdentifiers(node, out = new Set()) {
+        if (!node || typeof node !== 'object')
+            return out;
+        if (node.type === 'Identifier' && typeof node.name === 'string') {
+            out.add(node.name);
+        }
+        for (const child of this.childNodes(node)) {
+            this.collectIdentifiers(child, out);
+        }
+        return out;
+    }
+    isRequireOrAssertCall(node) {
+        const expression = this.unwrapCallOptions(node?.expression);
+        return expression?.type === 'Identifier'
+            && (expression.name === 'require' || expression.name === 'assert');
+    }
+    firstDeclaredVariableName(node) {
+        const variables = Array.isArray(node?.variables) ? node.variables : [];
+        for (const variable of variables) {
+            const name = this.identifierName(variable);
+            if (name)
+                return name;
+        }
+        return null;
+    }
+    identifierName(node) {
+        if (!node || typeof node !== 'object')
+            return null;
+        if (node.type === 'Identifier' && typeof node.name === 'string')
+            return node.name;
+        if (typeof node.name === 'string')
+            return node.name;
+        return null;
+    }
+    InlineAssemblyStatement(_node) {
+        this.assemblyDepth += 1;
+    }
+    'InlineAssemblyStatement:exit'(_node) {
+        this.assemblyDepth = Math.max(0, this.assemblyDepth - 1);
+    }
+    AssemblyBlock(_node) {
+        this.assemblyDepth += 1;
+    }
+    'AssemblyBlock:exit'(_node) {
+        this.assemblyDepth = Math.max(0, this.assemblyDepth - 1);
+    }
+    recordVariableTypes(variables, out) {
+        for (const variable of Array.isArray(variables) ? variables : []) {
+            const name = this.identifierName(variable);
+            const typeName = this.typeName(variable?.typeName);
+            if (name && typeName)
+                out.set(name, typeName);
+        }
+    }
+    typeName(node) {
+        if (!node || typeof node !== 'object')
+            return null;
+        if (typeof node.namePath === 'string')
+            return node.namePath;
+        if (typeof node.name === 'string')
+            return node.name;
+        if (node.type === 'Mapping') {
+            const valueType = this.typeName(node.valueType);
+            return valueType ? `mapping=>${valueType}` : 'mapping';
+        }
+        if (node.type === 'ArrayTypeName')
+            return this.typeName(node.baseTypeName);
+        return null;
+    }
+    variableType(name) {
+        return this.localVariableTypes.get(name)
+            || this.contractVariableTypes.get(name)
+            || null;
+    }
+    isEligibleReceiver(node) {
+        if (!node || typeof node !== 'object')
+            return false;
+        const receiver = this.unwrapCallOptions(node);
+        if (!receiver || typeof receiver !== 'object')
+            return false;
+        if (receiver.type === 'Identifier') {
+            if (receiver.name === 'this')
+                return true;
+            const typeName = this.variableType(receiver.name);
+            return typeName ? this.isAddressOrContractType(typeName) : true;
+        }
+        if (receiver.type === 'MemberAccess') {
+            return this.isEligibleReceiver(receiver.expression);
+        }
+        if (receiver.type === 'IndexAccess') {
+            const root = this.rootIdentifier(receiver.base);
+            if (!root)
+                return true;
+            const typeName = this.variableType(root);
+            return typeName ? this.isAddressOrContractType(typeName) : true;
+        }
+        if (receiver.type === 'FunctionCall') {
+            if (this.lowLevelMemberName(receiver.expression))
+                return false;
+            return true;
+        }
+        return false;
+    }
+    isAddressOrContractType(typeName) {
+        if (!typeName)
+            return false;
+        const normalized = typeName.replace(/\s+/g, '').toLowerCase();
+        if (normalized === 'address' || normalized === 'addresspayable')
+            return true;
+        if (normalized.startsWith('mapping=>')) {
+            return this.isAddressOrContractType(typeName.slice('mapping=>'.length));
+        }
+        return ![
+            'bool',
+            'string',
+            'bytes',
+            'byte',
+            'int',
+            'uint',
+            'fixed',
+            'ufixed',
+        ].some(prefix => normalized === prefix || /^u?int[0-9]+$/.test(normalized) || normalized.startsWith(`${prefix}[`));
+    }
+    calleeTypeName(node) {
+        if (!node || typeof node !== 'object')
+            return null;
+        if (node.type === 'Identifier')
+            return node.name || null;
+        if (node.type === 'UserDefinedTypeName')
+            return node.namePath || node.name || null;
+        if (node.type === 'ElementaryTypeName')
+            return node.name || null;
+        return null;
+    }
+    rootIdentifier(node) {
+        let current = node;
+        while (current && typeof current === 'object') {
+            if (current.type === 'Identifier')
+                return current.name || null;
+            if (current.type === 'MemberAccess') {
+                current = current.expression;
+                continue;
+            }
+            if (current.type === 'IndexAccess') {
+                current = current.base;
+                continue;
+            }
+            return null;
+        }
+        return null;
+    }
+    unwrapCallOptions(node) {
+        let current = node;
+        while (current?.type === 'NameValueExpression' || current?.type === 'FunctionCallOptions') {
+            current = current.expression;
+        }
+        return current;
+    }
+    lowLevelMemberName(expr) {
+        const unwrapped = this.unwrapCallOptions(expr);
+        if (unwrapped?.type === 'MemberAccess' && LOW_LEVEL_CALLS.has(unwrapped.memberName)) {
+            return unwrapped.memberName;
+        }
+        return null;
+    }
+    isSelfReceiver(base) {
+        // Unwrap arbitrary cast chains: ITransferable(address(this)) → address(this) → this,
+        // payable(this) → this. Only unwrap 1-arg FunctionCalls with a simple callee
+        // (ElementaryTypeName or Identifier) — these are syntactically casts, not
+        // method calls. The loop bottoms out at an Identifier; if its name is 'this',
+        // the receiver is self.
+        let current = base;
+        while (current) {
+            if (current.type === 'Identifier' && current.name === 'this')
+                return true;
+            if (current.type !== 'FunctionCall')
+                return false;
+            const callee = current.expression;
+            const args = Array.isArray(current.arguments) ? current.arguments : [];
+            if (args.length !== 1)
+                return false;
+            if (callee?.type !== 'ElementaryTypeName' && callee?.type !== 'Identifier')
+                return false;
+            current = args[0];
+        }
+        return false;
+    }
+    makeFinding(file, contract, fn, match) {
+        const loc = this.locOf(match.node);
+        const contractName = contract.name || '<anonymous>';
+        const functionName = fn.name || (fn.isConstructor ? '<constructor>' : '<anonymous>');
+        const safeAlternative = SAFE_METHOD_FOR[match.name] || 'SafeERC20';
+        return {
+            file,
+            contract: contractName,
+            'function': functionName,
+            line: loc.line,
+            column: loc.column,
+            ruleId: RULE_ID,
+            pattern: PATTERN,
+            severity: 'medium',
+            confidence: 'medium',
+            category: 'unchecked-return-value',
+            message: `Direct ERC20.${match.name}() call: USDT-class tokens (no bool return on transfer/transferFrom/approve) will revert this caller with a decoder error. Use OpenZeppelin SafeERC20.${safeAlternative} or equivalent wrapper.`,
+            contractName,
+            functionName,
+            sourceLocation: loc,
+            findingId: '',
+            contractHash: '',
+        };
+    }
+    locOf(node) {
+        return {
+            line: node?.loc?.start?.line || 0,
+            column: node?.loc?.start?.column || 0,
+        };
+    }
+    callKey(node) {
+        if (Array.isArray(node?.range) && node.range.length >= 2) {
+            return `${node.range[0]}:${node.range[1]}`;
+        }
+        const loc = this.locOf(node);
+        return `${loc.line}:${loc.column}:${node?.type || 'unknown'}`;
+    }
+    childNodes(node) {
+        const children = [];
+        for (const [key, value] of Object.entries(node)) {
+            if (key === 'loc' || key === 'range')
+                continue;
+            if (Array.isArray(value)) {
+                for (const item of value) {
+                    if (item && typeof item === 'object')
+                        children.push(item);
+                }
+            }
+            else if (value && typeof value === 'object') {
+                children.push(value);
+            }
+        }
+        return children;
+    }
+}
+exports.Erc20UncheckedNonStandardReturnDetector = Erc20UncheckedNonStandardReturnDetector;
+//# sourceMappingURL=erc20-unchecked-non-standard-return.js.map

package/dist/detectors/erc2612-permit-frontrunning.d.ts

@@ -0,0 +1,23 @@
+import type { ScanResult } from '../index';
+export declare class Erc2612PermitFrontrunningDetector {
+    readonly id = "erc2612-permit-frontrunning";
+    readonly patternKey = "erc2612-permit-frontrunning";
+    readonly supportedAstKinds: "parser"[];
+    readonly descriptor: {
+        id: string;
+        shortDescription: string;
+        helpUri: string;
+        defaultSeverity: "medium";
+    };
+    private currentFile;
+    private currentContract;
+    private findings;
+    setFile(file: string): void;
+    getFindings(): ScanResult[];
+    ContractDefinition(node: any): void;
+    ContractDefinition_post(_node: any): void;
+    ['ContractDefinition:exit'](node: any): void;
+    FunctionDefinition(node: any): void;
+    private findUnsafePermitBeforeConsumption;
+    private makeFinding;
+}