@snovon/solast 0.2.0

package/dist/detectors/erc4337-validation-storage-access.js

@@ -0,0 +1,232 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.Erc4337ValidationStorageAccessDetector = void 0;
+const ast_1 = require("./_common/ast");
+const access_control_1 = require("./_common/access-control");
+/**
+ * ERC-4337 validation-phase storage-access detector.
+ *
+ * ERC-4337 account abstraction relies on the bundler being able to
+ * simulate `validateUserOp` (account) and `validatePaymasterUserOp`
+ * (paymaster) and trust that the validation result is stable in the
+ * mempool. ERC-7562 codifies the storage rules that make simulation ==
+ * execution: during validation an entity may freely touch its own
+ * storage (any slot of the validating contract) and storage *associated
+ * with the account* — slots keyed by the account address, i.e. the
+ * `keccak256(addr . X) + n` "associated storage" pattern that a
+ * `mapping(address => ...)` keyed by the sender produces. Touching
+ * storage keyed by a *different* address makes the userOp's validity
+ * depend on state another userOp can change between simulation and
+ * inclusion, which bundlers reject and which is a classic mempool-
+ * griefing surface.
+ *
+ * This detector flags, inside `validateUserOp` / `validatePaymasterUserOp`,
+ * any read or write of an address-keyed state mapping whose index chain
+ * contains no account-identity key (`msg.sender`, `_msgSender()`,
+ * `userOp.sender`, `address(this)`, `this`). It is deliberately lenient:
+ * if any key in a nested-mapping chain is an account identity the access
+ * is treated as associated storage and is NOT flagged.
+ *
+ * Scope / known limitations (documented FNs, see the detector doc):
+ *   - Only the direct bodies of the two validation entry points are
+ *     analysed; storage touched through internal helper calls is not
+ *     followed (no call-graph).
+ *   - Only same-contract `mapping(address => ...)` declarations are
+ *     considered; mappings inherited from a base in another file or held
+ *     inside a diamond-storage struct (`s.balances[x]`) are not tracked.
+ *   - Non-address-keyed mappings, plain arrays, and scalar state are
+ *     treated as the validating contract's own (self) storage — allowed.
+ *   - External-contract storage reads via interface/static calls during
+ *     validation are out of scope here (staking status, which permits
+ *     them, is not statically knowable from the AST).
+ */
+const RULE_ID = 'erc4337-validation-storage-access';
+const PATTERN = `${RULE_ID}/non-associated-storage`;
+// ERC-4337 validation entry points subject to the ERC-7562 storage rules.
+const VALIDATION_FUNCTIONS = new Set(['validateUserOp', 'validatePaymasterUserOp']);
+class Erc4337ValidationStorageAccessDetector {
+    id = RULE_ID;
+    patternKey = RULE_ID;
+    supportedAstKinds = ['parser'];
+    descriptor = {
+        id: RULE_ID,
+        shortDescription: 'ERC-4337 validateUserOp/validatePaymasterUserOp reads or writes address-keyed storage not associated with the account being validated.',
+        helpUri: 'https://snovon.com/',
+        defaultSeverity: 'medium',
+        help: 'Detects ERC-4337 account/paymaster validation logic that touches address-keyed storage whose index is not the account identity (msg.sender / userOp.sender / address(this)), violating the ERC-7562 validation-phase storage rules and exposing the userOp to mempool griefing.',
+    };
+    currentFile = '';
+    currentContract = '';
+    findings = [];
+    // address-keyed state mappings declared on the current contract.
+    addressKeyedMappings = new Set();
+    // The validation function currently being walked (null when outside one).
+    validationFnNode = null;
+    validationFnName = '';
+    // Inner IndexAccess nodes already folded into an outer chain — skipped
+    // when the walker reaches them so a nested `m[a][b]` is judged once.
+    foldedIndexNodes = new WeakSet();
+    // Dedup key set, so `m[x] = m[x] + 1` (two IndexAccess nodes on the
+    // same slot/line) emits a single finding.
+    emitted = new Set();
+    setFile(file) {
+        this.currentFile = file;
+        this.currentContract = '';
+        this.findings = [];
+        this.addressKeyedMappings = new Set();
+        this.validationFnNode = null;
+        this.validationFnName = '';
+        this.foldedIndexNodes = new WeakSet();
+        this.emitted = new Set();
+    }
+    getFindings() {
+        return this.findings;
+    }
+    ContractDefinition(node) {
+        this.currentContract = node?.name || '';
+        this.addressKeyedMappings = this.collectAddressKeyedMappings(node);
+        this.validationFnNode = null;
+        this.validationFnName = '';
+    }
+    ContractDefinition_post() {
+        this.currentContract = '';
+        this.addressKeyedMappings = new Set();
+        this.validationFnNode = null;
+        this.validationFnName = '';
+    }
+    ['ContractDefinition:exit']() {
+        this.ContractDefinition_post();
+    }
+    FunctionDefinition(node) {
+        const name = typeof node?.name === 'string' ? node.name : '';
+        if (node?.body && VALIDATION_FUNCTIONS.has(name)) {
+            this.validationFnNode = node;
+            this.validationFnName = name;
+            this.emitted = new Set();
+        }
+    }
+    FunctionDefinition_post(node) {
+        if (node === this.validationFnNode) {
+            this.validationFnNode = null;
+            this.validationFnName = '';
+        }
+    }
+    ['FunctionDefinition:exit'](node) {
+        this.FunctionDefinition_post(node);
+    }
+    IndexAccess(node) {
+        if (!this.validationFnNode)
+            return;
+        if (this.foldedIndexNodes.has(node))
+            return;
+        const { rootName, keys } = this.resolveChain(node);
+        if (!rootName || !this.addressKeyedMappings.has(rootName))
+            return;
+        // Associated storage: allowed if ANY key in the chain is the account
+        // identity. Lenient on purpose to keep false positives low.
+        for (const key of keys) {
+            if (this.isAccountIdentity(key))
+                return;
+        }
+        const { line, column } = (0, ast_1.assertLoc)(node, this.validationFnNode);
+        const dedupKey = `${rootName}@${line}:${column}`;
+        if (this.emitted.has(dedupKey))
+            return;
+        this.emitted.add(dedupKey);
+        this.findings.push({
+            file: this.currentFile,
+            contract: this.currentContract,
+            function: this.validationFnName,
+            line,
+            column,
+            pattern: PATTERN,
+            confidence: 'medium',
+            ruleId: RULE_ID,
+            severity: 'medium',
+            message: `ERC-4337 validation function '${this.validationFnName}' accesses address-keyed storage '${rootName}' ` +
+                `that is not associated with the account being validated (no msg.sender / userOp.sender / address(this) key). ` +
+                `Validation-phase storage access must stay within self and account-associated slots (ERC-7562), otherwise the ` +
+                `userOp can be invalidated by another account's state and griefed out of the mempool.`,
+            contractName: this.currentContract,
+            functionName: this.validationFnName,
+            findingId: '',
+            contractHash: '',
+        });
+    }
+    // Walk an IndexAccess chain (`m[a][b]...`) bottom-up, collecting every
+    // key expression and resolving the root mapping identifier name.
+    resolveChain(node) {
+        const keys = [];
+        let cur = node;
+        while (cur && (0, ast_1.isNode)(cur, 'IndexAccess')) {
+            const idx = cur.index !== undefined ? cur.index : cur.indexExpression;
+            keys.push(idx);
+            if (cur !== node)
+                this.foldedIndexNodes.add(cur);
+            cur = cur.base !== undefined ? cur.base : cur.baseExpression;
+        }
+        const rootName = cur && (0, ast_1.isNode)(cur, 'Identifier') ? String(cur.name || '') : null;
+        return { rootName, keys };
+    }
+    // Does `expr` resolve to the address of the account being validated?
+    isAccountIdentity(expr) {
+        if (!expr || typeof expr !== 'object')
+            return false;
+        // msg.sender, _msgSender(), this._msgSender()
+        if ((0, access_control_1.isCallerIdentityExpression)(expr))
+            return true;
+        // address(this)
+        if (this.isAddressThis(expr))
+            return true;
+        // userOp.sender, op.sender, _userOp.getSender()-style `.sender` members
+        if ((0, ast_1.isNode)(expr, 'MemberAccess') && String(expr.memberName || '') === 'sender')
+            return true;
+        // bare `this`
+        if ((0, ast_1.isNode)(expr, 'Identifier') && String(expr.name || '') === 'this')
+            return true;
+        return false;
+    }
+    isAddressThis(expr) {
+        if (!expr || !(0, ast_1.isNode)(expr, 'FunctionCall'))
+            return false;
+        const args = expr.arguments || [];
+        if (args.length !== 1)
+            return false;
+        const arg0 = args[0];
+        if (!arg0 || !(0, ast_1.isNode)(arg0, 'Identifier') || String(arg0.name || '') !== 'this')
+            return false;
+        const callee = expr.expression;
+        if (!callee)
+            return false;
+        if ((0, ast_1.isNode)(callee, 'ElementaryTypeName') && String(callee.name || '') === 'address')
+            return true;
+        if ((0, ast_1.isNode)(callee, 'Identifier') && String(callee.name || '') === 'address')
+            return true;
+        return false;
+    }
+    collectAddressKeyedMappings(contract) {
+        const set = new Set();
+        for (const sub of contract?.subNodes || []) {
+            if (!(0, ast_1.isNode)(sub, 'StateVariableDeclaration'))
+                continue;
+            for (const v of sub.variables || []) {
+                if (!v?.name)
+                    continue;
+                if (this.isAddressKeyedMapping(v.typeName))
+                    set.add(String(v.name));
+            }
+        }
+        return set;
+    }
+    isAddressKeyedMapping(typeName) {
+        if (!typeName || !(0, ast_1.isNode)(typeName, 'Mapping'))
+            return false;
+        const keyType = typeName.keyType;
+        if (!keyType)
+            return false;
+        // address / address payable key types — the associated-storage surface.
+        return (0, ast_1.isNode)(keyType, 'ElementaryTypeName') && String(keyType.name || '').startsWith('address');
+    }
+}
+exports.Erc4337ValidationStorageAccessDetector = Erc4337ValidationStorageAccessDetector;
+//# sourceMappingURL=erc4337-validation-storage-access.js.map

package/dist/detectors/erc4626-totalassets-stub.d.ts

@@ -0,0 +1,17 @@
+import type { ScanResult } from '../index';
+export declare class Erc4626TotalassetsStubDetector {
+    readonly id = "erc4626-totalassets-stub";
+    readonly patternKey = "erc4626-totalassets-stub";
+    readonly supportedAstKinds: "parser"[];
+    scanAst(ast: any, file: string): ScanResult[];
+    private looksLikeErc4626Vault;
+    private matchesTotalAssets;
+    private elementaryTypeName;
+    private normalizeElementaryIntType;
+    private bodyCallsBalancePrimitive;
+    private bodyContainsBalanceShapedAccess;
+    private findDescendant;
+    private childNodes;
+    private makeFinding;
+    private locOf;
+}

package/dist/detectors/erc4626-totalassets-stub.js

@@ -0,0 +1,216 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.Erc4626TotalassetsStubDetector = void 0;
+const RULE_ID = 'erc4626-totalassets-stub';
+const PATTERN = `${RULE_ID}/totalassets-stub`;
+// Balance-read primitives whose presence anywhere in the function body
+// counts as "totalAssets() actually computes a balance". The function
+// signature gate restricts to contracts that look like ERC-4626 vaults,
+// so this whitelist is intentionally narrow: any MemberAccess call
+// named `balanceOf` is a real balance read, plus a few common helper
+// names that vaults use to wrap the same operation.
+const BALANCE_PRIMITIVE_MEMBERS = new Set([
+    'balanceOf', // IERC20.balanceOf — the canonical EIP-4626 totalAssets shape
+    'getBalance', // common wrapper name
+    'totalAssets', // delegation to another contract's totalAssets
+    'totalSupply', // for wrapped-share variants
+    'underlyingBalance',
+    'getUnderlyingBalance',
+]);
+// Storage-shaped reads that signal the function pulls from a balance-like
+// source rather than a literal. Index access on a mapping/array (e.g.
+// `_balances[address(this)]`) and `address(this).balance` are treated as
+// balance reads.
+const BALANCE_SHAPED_PATTERNS = new Set([
+    'balance', // address(this).balance — native ETH balance
+]);
+class Erc4626TotalassetsStubDetector {
+    id = RULE_ID;
+    patternKey = RULE_ID;
+    supportedAstKinds = ['parser'];
+    scanAst(ast, file) {
+        if (!ast || ast.type !== 'SourceUnit')
+            return [];
+        const findings = [];
+        for (const contract of ast.children || []) {
+            if (contract?.type !== 'ContractDefinition')
+                continue;
+            if (contract.kind === 'interface' || contract.kind === 'library')
+                continue;
+            // Vault-shape gate: the contract must look like an EIP-4626 vault.
+            // We require an `asset()` function definition OR an `IERC4626`
+            // inheritance declaration. Without one of these, a function named
+            // `totalAssets` is plausibly something else entirely (a yield
+            // aggregator pre-4626, a portfolio tracker, etc.) and a finding
+            // would be a false positive.
+            if (!this.looksLikeErc4626Vault(contract))
+                continue;
+            for (const subNode of contract.subNodes || []) {
+                if (subNode?.type !== 'FunctionDefinition')
+                    continue;
+                if (!this.matchesTotalAssets(subNode))
+                    continue;
+                if (!subNode.body)
+                    continue;
+                const callsBalancePrimitive = this.bodyCallsBalancePrimitive(subNode.body);
+                const hasIndexAccess = this.bodyContainsBalanceShapedAccess(subNode.body);
+                if (!callsBalancePrimitive && !hasIndexAccess) {
+                    findings.push(this.makeFinding(file, contract, subNode));
+                }
+            }
+        }
+        return findings;
+    }
+    looksLikeErc4626Vault(contract) {
+        // Inheritance declaration: `contract Vault is IERC4626, ...` or
+        // `contract Vault is ERC4626, ...`. Match identifiers that contain
+        // `4626` (case-insensitive) for robustness against versioned bases.
+        const baseContracts = Array.isArray(contract.baseContracts) ? contract.baseContracts : [];
+        for (const base of baseContracts) {
+            const path = base?.baseName?.namePath || base?.baseName?.name;
+            if (typeof path === 'string' && path.toLowerCase().includes('4626')) {
+                return true;
+            }
+        }
+        // Function presence: an `asset()` function returning an address-like
+        // type signals a vault.
+        for (const subNode of contract.subNodes || []) {
+            if (subNode?.type === 'FunctionDefinition' && subNode.name === 'asset') {
+                const params = Array.isArray(subNode.parameters) ? subNode.parameters : [];
+                if (params.length === 0)
+                    return true;
+            }
+        }
+        return false;
+    }
+    matchesTotalAssets(fn) {
+        if (fn.name !== 'totalAssets')
+            return false;
+        const params = Array.isArray(fn.parameters) ? fn.parameters : [];
+        if (params.length !== 0)
+            return false;
+        const returnParams = Array.isArray(fn.returnParameters) ? fn.returnParameters : [];
+        if (returnParams.length !== 1)
+            return false;
+        const returnType = this.normalizeElementaryIntType(this.elementaryTypeName(returnParams[0]));
+        if (returnType !== 'uint256')
+            return false;
+        // Visibility must be public/external for the function to satisfy the
+        // EIP-4626 interface. Skip private/internal totalAssets helpers.
+        const vis = fn.visibility;
+        if (vis !== 'public' && vis !== 'external' && vis !== 'default')
+            return false;
+        return true;
+    }
+    elementaryTypeName(param) {
+        if (!param)
+            return null;
+        const tn = param.typeName;
+        if (!tn)
+            return null;
+        if (tn.type === 'ElementaryTypeName')
+            return tn.name || null;
+        return null;
+    }
+    // Solidity treats bare `uint` / `int` as aliases for `uint256` / `int256`;
+    // the ABI signature is identical, so a `totalAssets() returns (uint)` body
+    // satisfies the ERC-4626 interface and must be subject to the same stub
+    // checks as the explicit `uint256` form. Mapping is intentionally narrow:
+    // only the two bare aliases — sized variants pass through unchanged.
+    normalizeElementaryIntType(name) {
+        if (name === 'uint')
+            return 'uint256';
+        if (name === 'int')
+            return 'int256';
+        return name;
+    }
+    bodyCallsBalancePrimitive(body) {
+        return this.findDescendant(body, (node) => {
+            if (node?.type !== 'FunctionCall')
+                return false;
+            const expr = node.expression;
+            if (!expr)
+                return false;
+            if (expr.type === 'MemberAccess' && typeof expr.memberName === 'string' && BALANCE_PRIMITIVE_MEMBERS.has(expr.memberName)) {
+                return true;
+            }
+            return false;
+        });
+    }
+    bodyContainsBalanceShapedAccess(body) {
+        return this.findDescendant(body, (node) => {
+            if (!node)
+                return false;
+            // IndexAccess: `_balances[address(this)]` / `tokens[asset]` etc.
+            // Any IndexAccess at all is "reading from a storage-shaped data
+            // structure" — sufficient signal that the function isn't returning
+            // a literal.
+            if (node.type === 'IndexAccess')
+                return true;
+            // MemberAccess to `.balance` — address(this).balance.
+            if (node.type === 'MemberAccess' && typeof node.memberName === 'string' && BALANCE_SHAPED_PATTERNS.has(node.memberName)) {
+                return true;
+            }
+            return false;
+        });
+    }
+    findDescendant(node, predicate) {
+        if (!node || typeof node !== 'object')
+            return false;
+        if (predicate(node))
+            return true;
+        for (const child of this.childNodes(node)) {
+            if (this.findDescendant(child, predicate))
+                return true;
+        }
+        return false;
+    }
+    childNodes(node) {
+        const children = [];
+        for (const [key, value] of Object.entries(node)) {
+            if (key === 'loc' || key === 'range')
+                continue;
+            if (Array.isArray(value)) {
+                for (const item of value) {
+                    if (item && typeof item === 'object')
+                        children.push(item);
+                }
+            }
+            else if (value && typeof value === 'object') {
+                children.push(value);
+            }
+        }
+        return children;
+    }
+    makeFinding(file, contract, fn) {
+        const loc = this.locOf(fn);
+        const contractName = contract.name || '<anonymous>';
+        const functionName = fn.name || '<anonymous>';
+        return {
+            file,
+            contract: contractName,
+            'function': functionName,
+            line: loc.line,
+            column: loc.column,
+            ruleId: RULE_ID,
+            pattern: PATTERN,
+            severity: 'medium',
+            confidence: 'medium',
+            category: 'accounting-stub',
+            message: `EIP-4626 totalAssets() body contains no balance-read primitive (.balanceOf / .totalSupply / IndexAccess / address.balance). The function appears to return a constant or unbacked state variable — share-price calculations using this value will diverge from on-chain reality, breaking deposit/withdraw accounting and enabling first-depositor inflation attacks.`,
+            contractName,
+            functionName,
+            sourceLocation: loc,
+            findingId: '',
+            contractHash: '',
+        };
+    }
+    locOf(node) {
+        return {
+            line: node?.loc?.start?.line || 0,
+            column: node?.loc?.start?.column || 0,
+        };
+    }
+}
+exports.Erc4626TotalassetsStubDetector = Erc4626TotalassetsStubDetector;
+//# sourceMappingURL=erc4626-totalassets-stub.js.map

package/dist/detectors/erc6909-balance-overflow.d.ts

@@ -0,0 +1,7 @@
+import type { ScanResult } from '../index';
+export declare class Erc6909BalanceOverflowDetector {
+    readonly id = "erc6909-balance-overflow";
+    readonly patternKey = "erc6909-balance-overflow";
+    readonly supportedAstKinds: "parser"[];
+    scanAst(ast: any, file: string): ScanResult[];
+}