@snovon/solast 0.2.0

package/dist/detectors/erc6909-balance-overflow.js

@@ -0,0 +1,688 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.Erc6909BalanceOverflowDetector = void 0;
+const index_1 = require("../index");
+const ast_1 = require("./_common/ast");
+const RULE_ID = 'erc6909-balance-overflow';
+const BALANCE_NAMES = new Set([
+    'balanceof', '_balanceof',
+    'balance', '_balance',
+    'balances', '_balances',
+]);
+const SUPPLY_NAMES = new Set([
+    'totalsupply', '_totalsupply',
+]);
+const BARE_ARITH_OPS = new Set(['+', '-', '*']);
+const COMPOUND_ARITH_OPS = new Set(['+=', '-=', '*=']);
+const ASSIGNMENT_OPS = new Set(['=', '+=', '-=', '*=']);
+class Erc6909BalanceOverflowDetector {
+    id = RULE_ID;
+    patternKey = RULE_ID;
+    supportedAstKinds = ['parser'];
+    scanAst(ast, file) {
+        if (!ast || ast.type !== 'SourceUnit')
+            return [];
+        const isPre08 = sourceUnitAllowsPre08(ast);
+        const findings = [];
+        for (const child of ast.children || []) {
+            if (!isNode(child, 'ContractDefinition'))
+                continue;
+            if (child.kind === 'interface' || child.kind === 'library')
+                continue;
+            const tracked = collectTrackedMappings(child);
+            if (tracked.balance.size === 0 && tracked.supply.size === 0)
+                continue;
+            const contractName = String(child.name || '<anonymous>');
+            for (const sub of child.subNodes || []) {
+                if (!isNode(sub, 'FunctionDefinition'))
+                    continue;
+                if (!sub.body)
+                    continue;
+                const finding = analyzeFunction(file, contractName, sub, tracked, isPre08);
+                if (finding)
+                    findings.push(finding);
+            }
+        }
+        return findings;
+    }
+}
+exports.Erc6909BalanceOverflowDetector = Erc6909BalanceOverflowDetector;
+function analyzeFunction(file, contractName, fn, tracked, isPre08) {
+    const fnName = String(fn.name || (fn.isConstructor ? '<constructor>' : '<anonymous>'));
+    let firstSite = null;
+    const unsafeLocalArithmetic = new Set();
+    const localSlotAliases = new Map();
+    const guards = [];
+    function walk(node, uncheckedDepth) {
+        if (firstSite || !node || typeof node !== 'object')
+            return;
+        if (isNode(node, 'UncheckedStatement')) {
+            // @solidity-parser/parser exposes the inner block on `block`, not `body`.
+            walk(node.block, uncheckedDepth + 1);
+            return;
+        }
+        rememberLocalSlotAlias(node, tracked, localSlotAliases);
+        // Recognise dominating, slot-specific arithmetic guards. Unrelated
+        // requires (e.g. `require(to != address(0))`) and postcondition checks
+        // placed after the unchecked write are intentionally not honoured.
+        if (isNode(node, 'FunctionCall') && isGuardCall(node)) {
+            const guard = extractOverflowGuard(node.arguments?.[0], tracked, localSlotAliases);
+            if (guard)
+                guards.push(guard);
+        }
+        if (isNode(node, 'IfStatement')) {
+            const guard = extractRevertingIfGuard(node, tracked, localSlotAliases);
+            if (guard)
+                guards.push(guard);
+        }
+        const vulnerableContext = uncheckedDepth > 0 || isPre08;
+        if (vulnerableContext) {
+            rememberUnsafeLocalArithmetic(node, tracked, unsafeLocalArithmetic);
+        }
+        if (isAssignmentNode(node)) {
+            const write = flaggableWrite(node, tracked, unsafeLocalArithmetic, localSlotAliases);
+            if (write && (vulnerableContext || writesUnsafeLocalArithmetic(node, tracked, unsafeLocalArithmetic))) {
+                if (!guards.some(guard => guardProtectsWrite(guard, write))) {
+                    firstSite = write.loc;
+                }
+                return;
+            }
+        }
+        for (const childNode of children(node)) {
+            walk(childNode, uncheckedDepth);
+            if (firstSite)
+                return;
+        }
+    }
+    walk(fn.body, 0);
+    if (!firstSite)
+        return null;
+    return makeFinding(file, contractName, fnName, firstSite);
+}
+function flaggableWrite(node, tracked, unsafeLocalArithmetic, aliases) {
+    const op = operatorOf(node);
+    if (!ASSIGNMENT_OPS.has(op))
+        return null;
+    const left = assignmentLeft(node);
+    const right = assignmentRight(node);
+    if (!refersToTrackedMapping(left, tracked))
+        return null;
+    const slotKey = canonicalTrackedSlotKey(left, tracked);
+    if (!slotKey)
+        return null;
+    if (COMPOUND_ARITH_OPS.has(op)) {
+        const kind = compoundWriteKind(op);
+        return { loc: locOf(node), slotKey, rhs: right, kind, valueKey: canonicalExpressionKey(right) };
+    }
+    if (op === '=') {
+        if (containsBareArithmetic(right) || isUnsafeLocalArithmeticRef(right, unsafeLocalArithmetic)) {
+            const kind = expressionArithmeticKind(right);
+            return { loc: locOf(node), slotKey, rhs: right, kind, valueKey: writeValueKey(slotKey, right, kind, tracked, aliases) };
+        }
+    }
+    return null;
+}
+function writesUnsafeLocalArithmetic(node, tracked, unsafeLocalArithmetic) {
+    return operatorOf(node) === '=' &&
+        refersToTrackedMapping(assignmentLeft(node), tracked) &&
+        isUnsafeLocalArithmeticRef(assignmentRight(node), unsafeLocalArithmetic);
+}
+function rememberUnsafeLocalArithmetic(node, tracked, unsafeLocalArithmetic) {
+    if (isNode(node, 'VariableDeclarationStatement')) {
+        const name = variableDeclarationName(node);
+        if (name && containsBareArithmeticReferencingTracked(node.initialValue, tracked)) {
+            unsafeLocalArithmetic.add(name);
+        }
+        return;
+    }
+    if (!isAssignmentNode(node) || operatorOf(node) !== '=')
+        return;
+    const left = assignmentLeft(node);
+    if (!isNode(left, 'Identifier'))
+        return;
+    if (containsBareArithmeticReferencingTracked(assignmentRight(node), tracked)) {
+        unsafeLocalArithmetic.add(String(left.name || ''));
+    }
+}
+function rememberLocalSlotAlias(node, tracked, aliases) {
+    if (isNode(node, 'VariableDeclarationStatement')) {
+        const name = variableDeclarationName(node);
+        if (!name)
+            return;
+        const slotKey = canonicalTrackedSlotKey(node.initialValue, tracked);
+        if (slotKey) {
+            aliases.set(name, slotKey);
+        }
+        else {
+            aliases.delete(name);
+        }
+        return;
+    }
+    if (!isAssignmentNode(node) || operatorOf(node) !== '=')
+        return;
+    const left = assignmentLeft(node);
+    if (!isNode(left, 'Identifier'))
+        return;
+    const name = String(left.name || '');
+    const slotKey = canonicalTrackedSlotKey(assignmentRight(node), tracked);
+    if (slotKey) {
+        aliases.set(name, slotKey);
+    }
+    else {
+        aliases.delete(name);
+    }
+}
+function containsBareArithmetic(node) {
+    if (!node || typeof node !== 'object')
+        return false;
+    if (isNode(node, 'BinaryOperation') && BARE_ARITH_OPS.has(String(node.operator || ''))) {
+        return true;
+    }
+    return children(node).some(containsBareArithmetic);
+}
+function containsBareArithmeticReferencingTracked(node, tracked) {
+    if (!node || typeof node !== 'object')
+        return false;
+    if (isNode(node, 'BinaryOperation') && BARE_ARITH_OPS.has(String(node.operator || ''))) {
+        return refersToTrackedMapping(node.left, tracked) || refersToTrackedMapping(node.right, tracked);
+    }
+    return children(node).some(child => containsBareArithmeticReferencingTracked(child, tracked));
+}
+function isUnsafeLocalArithmeticRef(node, unsafeLocalArithmetic) {
+    return isNode(node, 'Identifier') && unsafeLocalArithmetic.has(String(node.name || ''));
+}
+function isAssignmentNode(node) {
+    return (isNode(node, 'BinaryOperation') || isNode(node, 'Assignment')) && ASSIGNMENT_OPS.has(operatorOf(node));
+}
+function operatorOf(node) {
+    return String(node?.operator || '');
+}
+function assignmentLeft(node) {
+    return node?.left || node?.leftHandSide || node?.leftExpression;
+}
+function assignmentRight(node) {
+    return node?.right || node?.rightHandSide || node?.rightExpression;
+}
+function variableDeclarationName(node) {
+    const variables = node?.variables || [];
+    for (const variable of variables) {
+        const name = variable?.name;
+        if (typeof name === 'string' && name)
+            return name;
+    }
+    return null;
+}
+function refersToTrackedMapping(expr, tracked) {
+    if (!isNode(expr, 'IndexAccess'))
+        return false;
+    const dim = indexAccessDimension(expr);
+    if (dim === 0)
+        return false;
+    const baseName = indexAccessBaseName(expr);
+    if (!baseName)
+        return false;
+    if (dim >= 2 && tracked.balance.has(baseName))
+        return true;
+    if (dim === 1 && tracked.supply.has(baseName))
+        return true;
+    return false;
+}
+function indexAccessDimension(node) {
+    let depth = 0;
+    let current = node;
+    while (isNode(current, 'IndexAccess')) {
+        depth += 1;
+        current = current.base;
+    }
+    return depth;
+}
+function indexAccessBaseName(node) {
+    let current = node;
+    while (isNode(current, 'IndexAccess'))
+        current = current.base;
+    if (isNode(current, 'Identifier'))
+        return String(current.name || '');
+    return null;
+}
+function isGuardCall(call) {
+    const callee = call?.expression;
+    if (!isNode(callee, 'Identifier'))
+        return false;
+    const name = String(callee.name || '');
+    if (name !== 'require' && name !== 'assert')
+        return false;
+    const args = call.arguments || [];
+    if (args.length === 0)
+        return false;
+    return true;
+}
+function extractOverflowGuard(condition, tracked, aliases) {
+    return extractAdditionGuard(condition, tracked, aliases) ||
+        extractSubtractionGuard(condition, tracked, aliases);
+}
+function extractAdditionGuard(condition, tracked, aliases) {
+    const typeMaxGuard = typeMaxGuardInfo(condition);
+    if (typeMaxGuard) {
+        return guardForSlotExpr(typeMaxGuard.slotExpr, typeMaxGuard.valueExpr, tracked, aliases, 'addition');
+    }
+    const capacityGuard = capacitySubtractionGuardInfo(condition);
+    if (capacityGuard) {
+        return guardForSlotExpr(capacityGuard.slotExpr, capacityGuard.valueExpr, tracked, aliases, 'addition');
+    }
+    const safeMathGuard = safeMathStyleGuardInfo(condition);
+    if (safeMathGuard) {
+        return guardForSlotExpr(safeMathGuard.slotExpr, safeMathGuard.valueExpr, tracked, aliases, 'addition');
+    }
+    return null;
+}
+function guardForSlotExpr(checkedExpr, valueExpr, tracked, aliases, kind) {
+    const valueKey = canonicalExpressionKey(valueExpr);
+    const directSlot = canonicalTrackedSlotKey(checkedExpr, tracked);
+    if (directSlot)
+        return { slotKey: directSlot, checkedVar: identifierName(checkedExpr), kind, valueKey };
+    const checkedVar = identifierName(checkedExpr);
+    if (checkedVar && aliases.has(checkedVar)) {
+        return { slotKey: aliases.get(checkedVar) || null, checkedVar, kind, valueKey };
+    }
+    return checkedVar ? { slotKey: null, checkedVar, kind, valueKey } : null;
+}
+function capacitySubtractionGuardInfo(node) {
+    if (!node || typeof node !== 'object')
+        return null;
+    if (isNode(node, 'BinaryOperation') && comparisonAllowsEquality(String(node.operator || ''))) {
+        const leftCapacity = subtractionCapacityInfo(node.left, node.right);
+        if (leftCapacity)
+            return leftCapacity;
+        const rightCapacity = subtractionCapacityInfo(node.right, node.left);
+        if (rightCapacity)
+            return rightCapacity;
+    }
+    for (const childNode of children(node)) {
+        const found = capacitySubtractionGuardInfo(childNode);
+        if (found)
+            return found;
+    }
+    return null;
+}
+function subtractionCapacityInfo(capacityExpr, valueExpr) {
+    if (!isNode(capacityExpr, 'BinaryOperation') || String(capacityExpr.operator || '') !== '-')
+        return null;
+    if (!capacityExpr.left || !capacityExpr.right)
+        return null;
+    return { slotExpr: capacityExpr.right, valueExpr };
+}
+function typeMaxGuardInfo(node) {
+    if (!node || typeof node !== 'object')
+        return null;
+    if (isNode(node, 'BinaryOperation') && isComparison(String(node.operator || ''))) {
+        const leftSlot = typeMaxSubtrahend(node.left);
+        if (leftSlot)
+            return { slotExpr: leftSlot, valueExpr: node.right };
+        const rightSlot = typeMaxSubtrahend(node.right);
+        if (rightSlot)
+            return { slotExpr: rightSlot, valueExpr: node.left };
+    }
+    for (const childNode of children(node)) {
+        const found = typeMaxGuardInfo(childNode);
+        if (found)
+            return found;
+    }
+    return null;
+}
+function typeMaxSubtrahend(node) {
+    if (!node || typeof node !== 'object')
+        return null;
+    if (isNode(node, 'BinaryOperation') && String(node.operator || '') === '-' && containsTypeMax(node.left)) {
+        return node.right;
+    }
+    return null;
+}
+function safeMathStyleGuardInfo(node) {
+    if (!node || typeof node !== 'object')
+        return null;
+    if (isNode(node, 'BinaryOperation') && comparisonAllowsEquality(String(node.operator || ''))) {
+        const leftAdd = binaryAddOperands(node.left);
+        if (leftAdd && (expressionsEqual(leftAdd.left, node.right) || expressionsEqual(leftAdd.right, node.right))) {
+            return {
+                slotExpr: node.right,
+                valueExpr: expressionsEqual(leftAdd.left, node.right) ? leftAdd.right : leftAdd.left,
+            };
+        }
+        const rightAdd = binaryAddOperands(node.right);
+        if (rightAdd && (expressionsEqual(rightAdd.left, node.left) || expressionsEqual(rightAdd.right, node.left))) {
+            return {
+                slotExpr: node.left,
+                valueExpr: expressionsEqual(rightAdd.left, node.left) ? rightAdd.right : rightAdd.left,
+            };
+        }
+    }
+    for (const childNode of children(node)) {
+        const found = safeMathStyleGuardInfo(childNode);
+        if (found)
+            return found;
+    }
+    return null;
+}
+function extractSubtractionGuard(condition, tracked, aliases) {
+    const comparison = findLowerBoundComparison(condition);
+    if (!comparison)
+        return null;
+    return guardForSlotExpr(comparison.slotExpr, comparison.valueExpr, tracked, aliases, 'subtraction');
+}
+function findLowerBoundComparison(node) {
+    if (!node || typeof node !== 'object')
+        return null;
+    if (isNode(node, 'BinaryOperation')) {
+        const op = String(node.operator || '');
+        if (op === '>=' || op === '>') {
+            return { slotExpr: node.left, valueExpr: node.right };
+        }
+        if (op === '<=' || op === '<') {
+            return { slotExpr: node.right, valueExpr: node.left };
+        }
+    }
+    for (const childNode of children(node)) {
+        const found = findLowerBoundComparison(childNode);
+        if (found)
+            return found;
+    }
+    return null;
+}
+function extractRevertingIfGuard(node, tracked, aliases) {
+    if (!statementAlwaysReverts(node.trueBody))
+        return null;
+    const inverted = invertLowerBoundFailure(node.condition);
+    if (!inverted)
+        return null;
+    return guardForSlotExpr(inverted.slotExpr, inverted.valueExpr, tracked, aliases, 'subtraction');
+}
+function invertLowerBoundFailure(condition) {
+    if (!isNode(condition, 'BinaryOperation'))
+        return null;
+    const op = String(condition.operator || '');
+    if (op === '<' || op === '<=')
+        return { slotExpr: condition.left, valueExpr: condition.right };
+    if (op === '>' || op === '>=')
+        return { slotExpr: condition.right, valueExpr: condition.left };
+    return null;
+}
+function statementAlwaysReverts(node) {
+    if (!node || typeof node !== 'object')
+        return false;
+    if (isNode(node, 'ThrowStatement'))
+        return true;
+    if (isNode(node, 'RevertStatement'))
+        return true;
+    if (isNode(node, 'FunctionCall'))
+        return isRevertCall(node);
+    if (isNode(node, 'ExpressionStatement'))
+        return statementAlwaysReverts(node.expression);
+    const statements = Array.isArray(node.statements) ? node.statements : Array.isArray(node.body) ? node.body : null;
+    return Array.isArray(statements) && statements.some(statementAlwaysReverts);
+}
+function isRevertCall(call) {
+    const callee = call.expression;
+    if (isNode(callee, 'Identifier') && String(callee.name || '') === 'revert')
+        return true;
+    if (isNode(callee, 'MemberAccess') && String(callee.memberName || '') === 'revert')
+        return true;
+    return false;
+}
+function guardProtectsWrite(guard, write) {
+    return !!guard.slotKey &&
+        guard.slotKey === write.slotKey &&
+        guard.kind === write.kind &&
+        !!guard.valueKey &&
+        guard.valueKey === write.valueKey;
+}
+function identifierName(node) {
+    return isNode(node, 'Identifier') ? String(node.name || '') || null : null;
+}
+function canonicalTrackedSlotKey(expr, tracked) {
+    if (!refersToTrackedMapping(expr, tracked))
+        return null;
+    return canonicalExpressionKey(expr);
+}
+function canonicalExpressionKey(expr) {
+    if (!expr || typeof expr !== 'object')
+        return null;
+    if (isNode(expr, 'Identifier'))
+        return String(expr.name || '');
+    if (isNode(expr, 'NumberLiteral'))
+        return String(expr.number || expr.value || '');
+    if (isNode(expr, 'StringLiteral'))
+        return JSON.stringify(String(expr.value || ''));
+    if (isNode(expr, 'BooleanLiteral'))
+        return String(expr.value);
+    if (isNode(expr, 'MemberAccess')) {
+        const base = canonicalExpressionKey(expr.expression);
+        if (!base)
+            return null;
+        return `${base}.${String(expr.memberName || '')}`;
+    }
+    if (isNode(expr, 'IndexAccess')) {
+        const base = canonicalExpressionKey(expr.base);
+        const index = canonicalExpressionKey(expr.index);
+        if (!base || !index)
+            return null;
+        return `${base}[${index}]`;
+    }
+    if (isNode(expr, 'TupleExpression')) {
+        const components = expr.components || [];
+        const keys = components.map(canonicalExpressionKey);
+        if (keys.some((key) => !key))
+            return null;
+        return `(${keys.join(',')})`;
+    }
+    return null;
+}
+function compoundWriteKind(op) {
+    if (op === '+=')
+        return 'addition';
+    if (op === '-=')
+        return 'subtraction';
+    if (op === '*=')
+        return 'multiplication';
+    return null;
+}
+function expressionArithmeticKind(expr) {
+    if (!expr || typeof expr !== 'object')
+        return null;
+    if (isNode(expr, 'BinaryOperation')) {
+        const op = String(expr.operator || '');
+        if (op === '+')
+            return 'addition';
+        if (op === '-')
+            return 'subtraction';
+        if (op === '*')
+            return 'multiplication';
+    }
+    for (const childNode of children(expr)) {
+        const found = expressionArithmeticKind(childNode);
+        if (found)
+            return found;
+    }
+    return null;
+}
+function writeValueKey(slotKey, rhs, kind, tracked, aliases) {
+    if (!rhs || typeof rhs !== 'object')
+        return null;
+    if (kind !== 'addition' && kind !== 'subtraction')
+        return null;
+    if (isNode(rhs, 'BinaryOperation')) {
+        const op = String(rhs.operator || '');
+        if ((kind === 'addition' && op !== '+') || (kind === 'subtraction' && op !== '-'))
+            return null;
+        if (slotKeyForExpression(rhs.left, tracked, aliases) === slotKey)
+            return canonicalExpressionKey(rhs.right);
+        if (kind === 'addition' && slotKeyForExpression(rhs.right, tracked, aliases) === slotKey) {
+            return canonicalExpressionKey(rhs.left);
+        }
+    }
+    return null;
+}
+function slotKeyForExpression(expr, tracked, aliases) {
+    const direct = canonicalTrackedSlotKey(expr, tracked);
+    if (direct)
+        return direct;
+    const name = identifierName(expr);
+    return name ? aliases.get(name) || null : null;
+}
+function binaryAddOperands(expr) {
+    if (!isNode(expr, 'BinaryOperation') || String(expr.operator || '') !== '+')
+        return null;
+    return { left: expr.left, right: expr.right };
+}
+function isComparison(op) {
+    return op === '>=' || op === '>' || op === '<=' || op === '<';
+}
+function comparisonAllowsEquality(op) {
+    return isComparison(op);
+}
+function expressionsEqual(left, right) {
+    const leftKey = canonicalExpressionKey(left);
+    const rightKey = canonicalExpressionKey(right);
+    return !!leftKey && leftKey === rightKey;
+}
+function containsTypeMax(node) {
+    if (!node || typeof node !== 'object')
+        return false;
+    if (isNode(node, 'MemberAccess') && String(node.memberName || '') === 'max') {
+        const base = node.expression;
+        if (isNode(base, 'FunctionCall')) {
+            const callee = base.expression;
+            if (isNode(callee, 'Identifier') && String(callee.name || '') === 'type')
+                return true;
+        }
+    }
+    for (const childNode of children(node)) {
+        if (containsTypeMax(childNode))
+            return true;
+    }
+    return false;
+}
+function collectTrackedMappings(contract) {
+    const balance = new Set();
+    const supply = new Set();
+    for (const sub of contract.subNodes || []) {
+        if (!isNode(sub, 'StateVariableDeclaration'))
+            continue;
+        for (const variable of sub.variables || []) {
+            const rawName = String(variable?.name || '');
+            if (!rawName)
+                continue;
+            const lower = rawName.toLowerCase();
+            const typeName = variable.typeName;
+            if (BALANCE_NAMES.has(lower) && isErc6909BalanceShape(typeName)) {
+                balance.add(rawName);
+            }
+            else if (SUPPLY_NAMES.has(lower) && isPerIdSupplyShape(typeName)) {
+                supply.add(rawName);
+            }
+        }
+    }
+    return { balance, supply };
+}
+function isErc6909BalanceShape(typeName) {
+    if (!isNode(typeName, 'Mapping'))
+        return false;
+    const inner = typeName.valueType;
+    if (!isNode(inner, 'Mapping'))
+        return false;
+    if (!isUintType(inner.valueType))
+        return false;
+    const outerAddr = isAddressType(typeName.keyType);
+    const outerUint = isUintType(typeName.keyType);
+    const innerAddr = isAddressType(inner.keyType);
+    const innerUint = isUintType(inner.keyType);
+    // ERC-6909 requires one address-keyed and one uint-keyed dimension. Reject
+    // address->address (allowance-shaped) and uint->uint (per-id supply ledger
+    // wrapped in a 2D mapping by mistake) — those are FP shapes outside scope.
+    return (outerAddr && innerUint) || (outerUint && innerAddr);
+}
+function isPerIdSupplyShape(typeName) {
+    if (!isNode(typeName, 'Mapping'))
+        return false;
+    return isUintType(typeName.keyType) && isUintType(typeName.valueType);
+}
+function isAddressType(typeName) {
+    if (!isNode(typeName, 'ElementaryTypeName'))
+        return false;
+    return String(typeName.name || '').toLowerCase().startsWith('address');
+}
+function isUintType(typeName) {
+    if (!isNode(typeName, 'ElementaryTypeName'))
+        return false;
+    return /^u?int\d*$/i.test(String(typeName.name || ''));
+}
+function sourceUnitAllowsPre08(ast) {
+    let sawPragma = false;
+    let allows = false;
+    for (const child of ast.children || []) {
+        if (!isNode(child, 'PragmaDirective'))
+            continue;
+        if (String(child.name || '').toLowerCase() !== 'solidity')
+            continue;
+        const value = typeof child.value === 'string'
+            ? child.value
+            : Array.isArray(child.literals)
+                ? child.literals.slice(1).join('')
+                : '';
+        if (!value)
+            continue;
+        sawPragma = true;
+        if ((0, index_1.pragmaAllowsPre080)(value))
+            allows = true;
+    }
+    return sawPragma ? allows : false;
+}
+function children(node) {
+    const out = [];
+    for (const [key, value] of Object.entries(node)) {
+        if (key === 'loc' || key === 'range' || key === 'typeName')
+            continue;
+        if (Array.isArray(value)) {
+            for (const item of value) {
+                if (item && typeof item === 'object')
+                    out.push(item);
+            }
+        }
+        else if (value && typeof value === 'object') {
+            out.push(value);
+        }
+    }
+    return out;
+}
+function isNode(node, type) {
+    return !!node && typeof node === 'object' && node.type === type;
+}
+function locOf(node) {
+    const { line, column } = (0, ast_1.assertLoc)(node);
+    return { line, column };
+}
+function makeFinding(file, contractName, functionName, loc) {
+    return {
+        file,
+        contract: contractName,
+        'function': functionName,
+        line: loc.line,
+        endLine: loc.line,
+        column: loc.column,
+        pattern: RULE_ID,
+        confidence: 'high',
+        ruleId: RULE_ID,
+        severity: 'high',
+        message: `Unchecked ERC-6909 multi-token balance arithmetic in '${contractName}.${functionName}': ` +
+            `arithmetic on an ID-indexed balance or per-id supply mapping is not protected by checked arithmetic.`,
+        rationale: 'ERC-6909 (id, account) balance and per-id totalSupply mappings can wrap when arithmetic runs in `unchecked {}` ' +
+            'or under a pre-0.8 compiler without an explicit overflow precondition such as `type(uint256).max - balance >= amount`.',
+        suggestedFix: 'Remove the surrounding `unchecked` block, raise the pragma to >= 0.8.0 so the compiler inserts overflow checks, ' +
+            'or add a dominating `require(type(uint256).max - balanceOf[..][..] >= amount)` (or equivalent SafeMath-style call) before the addition.',
+        contractName,
+        functionName,
+        sourceLocation: { line: loc.line, column: loc.column },
+        findingId: '',
+        contractHash: '',
+    };
+}
+//# sourceMappingURL=erc6909-balance-overflow.js.map