@snovon/solast 0.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (738) hide show
  1. package/LICENSE +201 -0
  2. package/README.md +190 -0
  3. package/dist/api.d.ts +89 -0
  4. package/dist/api.js +33 -0
  5. package/dist/ast/resolve-return-names.d.ts +2 -0
  6. package/dist/ast/resolve-return-names.js +199 -0
  7. package/dist/ast/solc-walker.d.ts +17 -0
  8. package/dist/ast/solc-walker.js +497 -0
  9. package/dist/ast/storage-layout.d.ts +21 -0
  10. package/dist/ast/storage-layout.js +64 -0
  11. package/dist/cli.d.ts +65 -0
  12. package/dist/cli.js +755 -0
  13. package/dist/config.d.ts +9 -0
  14. package/dist/config.js +284 -0
  15. package/dist/dedup/files.d.ts +1 -0
  16. package/dist/dedup/files.js +74 -0
  17. package/dist/dedup/findings.d.ts +41 -0
  18. package/dist/dedup/findings.js +211 -0
  19. package/dist/detectors/_common/access-control.d.ts +204 -0
  20. package/dist/detectors/_common/access-control.js +377 -0
  21. package/dist/detectors/_common/ast.d.ts +139 -0
  22. package/dist/detectors/_common/ast.js +239 -0
  23. package/dist/detectors/_common/compiler-profile.d.ts +14 -0
  24. package/dist/detectors/_common/compiler-profile.js +66 -0
  25. package/dist/detectors/_common/dataflow.d.ts +75 -0
  26. package/dist/detectors/_common/dataflow.js +57 -0
  27. package/dist/detectors/_common/fhe.d.ts +7 -0
  28. package/dist/detectors/_common/fhe.js +40 -0
  29. package/dist/detectors/_common/integer-overflow-helpers.d.ts +58 -0
  30. package/dist/detectors/_common/integer-overflow-helpers.js +422 -0
  31. package/dist/detectors/_common/loop-call-stack.d.ts +9 -0
  32. package/dist/detectors/_common/loop-call-stack.js +132 -0
  33. package/dist/detectors/_common/oracle.d.ts +5 -0
  34. package/dist/detectors/_common/oracle.js +64 -0
  35. package/dist/detectors/_common/price-rate.d.ts +116 -0
  36. package/dist/detectors/_common/price-rate.js +446 -0
  37. package/dist/detectors/_common/source-text.d.ts +11 -0
  38. package/dist/detectors/_common/source-text.js +82 -0
  39. package/dist/detectors/_common/weighted-pool-invariant.d.ts +21 -0
  40. package/dist/detectors/_common/weighted-pool-invariant.js +105 -0
  41. package/dist/detectors/aave-v2-reentrancy.d.ts +7 -0
  42. package/dist/detectors/aave-v2-reentrancy.js +286 -0
  43. package/dist/detectors/access-control.d.ts +103 -0
  44. package/dist/detectors/access-control.js +983 -0
  45. package/dist/detectors/add-reentrancy-on-weth-contract.d.ts +7 -0
  46. package/dist/detectors/add-reentrancy-on-weth-contract.js +536 -0
  47. package/dist/detectors/ai-generated-randomness.d.ts +32 -0
  48. package/dist/detectors/ai-generated-randomness.js +239 -0
  49. package/dist/detectors/amm-spot-oracle-manipulation.d.ts +52 -0
  50. package/dist/detectors/amm-spot-oracle-manipulation.js +420 -0
  51. package/dist/detectors/analyzing-the-uniswap-v3-exploit.d.ts +26 -0
  52. package/dist/detectors/analyzing-the-uniswap-v3-exploit.js +279 -0
  53. package/dist/detectors/any-token-is-destroyed.d.ts +34 -0
  54. package/dist/detectors/any-token-is-destroyed.js +527 -0
  55. package/dist/detectors/anyswap-anytoken-permit-allowance-drain.d.ts +7 -0
  56. package/dist/detectors/anyswap-anytoken-permit-allowance-drain.js +524 -0
  57. package/dist/detectors/anyswap-insufficient-token-validation.d.ts +24 -0
  58. package/dist/detectors/anyswap-insufficient-token-validation.js +342 -0
  59. package/dist/detectors/approval-based-drain.d.ts +7 -0
  60. package/dist/detectors/approval-based-drain.js +772 -0
  61. package/dist/detectors/arbitrary-account-balance-transfer.d.ts +7 -0
  62. package/dist/detectors/arbitrary-account-balance-transfer.js +485 -0
  63. package/dist/detectors/arbitrary-address-spoofing-attack.d.ts +7 -0
  64. package/dist/detectors/arbitrary-address-spoofing-attack.js +444 -0
  65. package/dist/detectors/arbitrary-address-spoofing.d.ts +9 -0
  66. package/dist/detectors/arbitrary-address-spoofing.js +657 -0
  67. package/dist/detectors/arbitrary-call-error.d.ts +127 -0
  68. package/dist/detectors/arbitrary-call-error.js +1163 -0
  69. package/dist/detectors/arbitrary-call.d.ts +4 -0
  70. package/dist/detectors/arbitrary-call.js +11 -0
  71. package/dist/detectors/arbitrary-delegatecall-target.d.ts +35 -0
  72. package/dist/detectors/arbitrary-delegatecall-target.js +554 -0
  73. package/dist/detectors/arbitrary-recipient-no-access-control.d.ts +7 -0
  74. package/dist/detectors/arbitrary-recipient-no-access-control.js +638 -0
  75. package/dist/detectors/arbitrary-storage-proof-forgery.d.ts +35 -0
  76. package/dist/detectors/arbitrary-storage-proof-forgery.js +340 -0
  77. package/dist/detectors/arbitrary-transfer-from.d.ts +38 -0
  78. package/dist/detectors/arbitrary-transfer-from.js +339 -0
  79. package/dist/detectors/arbitrum-cross-chain-message-replay.d.ts +22 -0
  80. package/dist/detectors/arbitrum-cross-chain-message-replay.js +477 -0
  81. package/dist/detectors/avs-slashing-without-quorum-check.d.ts +50 -0
  82. package/dist/detectors/avs-slashing-without-quorum-check.js +386 -0
  83. package/dist/detectors/bad-debt-propagation.d.ts +13 -0
  84. package/dist/detectors/bad-debt-propagation.js +480 -0
  85. package/dist/detectors/bad-k-value-verification.d.ts +7 -0
  86. package/dist/detectors/bad-k-value-verification.js +512 -0
  87. package/dist/detectors/bad-randomness-zero-blockhash.d.ts +29 -0
  88. package/dist/detectors/bad-randomness-zero-blockhash.js +115 -0
  89. package/dist/detectors/balancer-flash-loan-manipulation.d.ts +33 -0
  90. package/dist/detectors/balancer-flash-loan-manipulation.js +178 -0
  91. package/dist/detectors/balancer-pause-guard.d.ts +33 -0
  92. package/dist/detectors/balancer-pause-guard.js +307 -0
  93. package/dist/detectors/balancer-weighted-pool-flash-loan.d.ts +42 -0
  94. package/dist/detectors/balancer-weighted-pool-flash-loan.js +275 -0
  95. package/dist/detectors/batch-transfer-overflow.d.ts +7 -0
  96. package/dist/detectors/batch-transfer-overflow.js +465 -0
  97. package/dist/detectors/beneficiary-validation.d.ts +7 -0
  98. package/dist/detectors/beneficiary-validation.js +696 -0
  99. package/dist/detectors/borrow-behalf-consent.d.ts +7 -0
  100. package/dist/detectors/borrow-behalf-consent.js +400 -0
  101. package/dist/detectors/break-continue-scope.d.ts +7 -0
  102. package/dist/detectors/break-continue-scope.js +194 -0
  103. package/dist/detectors/bridge-accounting-bypass.d.ts +65 -0
  104. package/dist/detectors/bridge-accounting-bypass.js +449 -0
  105. package/dist/detectors/bridge-business-logic-flaw-incorrect-acc.d.ts +43 -0
  106. package/dist/detectors/bridge-business-logic-flaw-incorrect-acc.js +394 -0
  107. package/dist/detectors/bridge-collateral-drain.d.ts +7 -0
  108. package/dist/detectors/bridge-collateral-drain.js +630 -0
  109. package/dist/detectors/bridge-forged-proof.d.ts +7 -0
  110. package/dist/detectors/bridge-forged-proof.js +754 -0
  111. package/dist/detectors/bridge-missing-message-nonce.d.ts +57 -0
  112. package/dist/detectors/bridge-missing-message-nonce.js +638 -0
  113. package/dist/detectors/bridge-swap-metapool-attack.d.ts +20 -0
  114. package/dist/detectors/bridge-swap-metapool-attack.js +230 -0
  115. package/dist/detectors/business-logic-flaw-flashloan-price-mani.d.ts +7 -0
  116. package/dist/detectors/business-logic-flaw-flashloan-price-mani.js +353 -0
  117. package/dist/detectors/business-logic-flaw-incorrect-recipient-balance.d.ts +7 -0
  118. package/dist/detectors/business-logic-flaw-incorrect-recipient-balance.js +403 -0
  119. package/dist/detectors/business-logic-flaw.d.ts +21 -0
  120. package/dist/detectors/business-logic-flaw.js +339 -0
  121. package/dist/detectors/business-logic.d.ts +17 -0
  122. package/dist/detectors/business-logic.js +22 -0
  123. package/dist/detectors/bypassed-insolvency-check.d.ts +30 -0
  124. package/dist/detectors/bypassed-insolvency-check.js +232 -0
  125. package/dist/detectors/bytecode-divergence-risk.d.ts +32 -0
  126. package/dist/detectors/bytecode-divergence-risk.js +150 -0
  127. package/dist/detectors/cache-array-length.d.ts +30 -0
  128. package/dist/detectors/cache-array-length.js +177 -0
  129. package/dist/detectors/cache-storage-reads.d.ts +46 -0
  130. package/dist/detectors/cache-storage-reads.js +323 -0
  131. package/dist/detectors/calldata-secret-access-control.d.ts +36 -0
  132. package/dist/detectors/calldata-secret-access-control.js +446 -0
  133. package/dist/detectors/capital-cross-contract-reentrancy.d.ts +34 -0
  134. package/dist/detectors/capital-cross-contract-reentrancy.js +481 -0
  135. package/dist/detectors/cartel-custom-approval-logic.d.ts +7 -0
  136. package/dist/detectors/cartel-custom-approval-logic.js +407 -0
  137. package/dist/detectors/ccip-receiver-missing-replay-guard.d.ts +22 -0
  138. package/dist/detectors/ccip-receiver-missing-replay-guard.js +413 -0
  139. package/dist/detectors/chain-coupling-risk.d.ts +8 -0
  140. package/dist/detectors/chain-coupling-risk.js +203 -0
  141. package/dist/detectors/chainlink-deprecated-function.d.ts +7 -0
  142. package/dist/detectors/chainlink-deprecated-function.js +205 -0
  143. package/dist/detectors/chainlink-tx-origin.d.ts +7 -0
  144. package/dist/detectors/chainlink-tx-origin.js +363 -0
  145. package/dist/detectors/check-effects-interactions.d.ts +39 -0
  146. package/dist/detectors/check-effects-interactions.js +783 -0
  147. package/dist/detectors/check-permit-missing-chainid.d.ts +27 -0
  148. package/dist/detectors/check-permit-missing-chainid.js +456 -0
  149. package/dist/detectors/classic-reentrancy.d.ts +93 -0
  150. package/dist/detectors/classic-reentrancy.js +645 -0
  151. package/dist/detectors/coinbase-morpho-wethloan-policy.d.ts +29 -0
  152. package/dist/detectors/coinbase-morpho-wethloan-policy.js +368 -0
  153. package/dist/detectors/compoundv2-inflation-attack.d.ts +7 -0
  154. package/dist/detectors/compoundv2-inflation-attack.js +675 -0
  155. package/dist/detectors/constructor-address-validation.d.ts +24 -0
  156. package/dist/detectors/constructor-address-validation.js +335 -0
  157. package/dist/detectors/constructor-interface-no-address-validation.d.ts +32 -0
  158. package/dist/detectors/constructor-interface-no-address-validation.js +283 -0
  159. package/dist/detectors/cross-chain-arbitrary-call.d.ts +7 -0
  160. package/dist/detectors/cross-chain-arbitrary-call.js +601 -0
  161. package/dist/detectors/cross-chain-input-validation.d.ts +31 -0
  162. package/dist/detectors/cross-chain-input-validation.js +347 -0
  163. package/dist/detectors/cross-chain-intent-replay.d.ts +38 -0
  164. package/dist/detectors/cross-chain-intent-replay.js +453 -0
  165. package/dist/detectors/cross-chain-intent-stale-resolution.d.ts +7 -0
  166. package/dist/detectors/cross-chain-intent-stale-resolution.js +463 -0
  167. package/dist/detectors/cross-chain-message-order-dependency.d.ts +8 -0
  168. package/dist/detectors/cross-chain-message-order-dependency.js +472 -0
  169. package/dist/detectors/cross-chain-message-replay.d.ts +8 -0
  170. package/dist/detectors/cross-chain-message-replay.js +568 -0
  171. package/dist/detectors/cross-chain-messaging.d.ts +7 -0
  172. package/dist/detectors/cross-chain-messaging.js +663 -0
  173. package/dist/detectors/cross-chain-msg-truncation.d.ts +7 -0
  174. package/dist/detectors/cross-chain-msg-truncation.js +453 -0
  175. package/dist/detectors/cross-chain-truncation.d.ts +7 -0
  176. package/dist/detectors/cross-chain-truncation.js +422 -0
  177. package/dist/detectors/cross-contract-integer-overflow.d.ts +76 -0
  178. package/dist/detectors/cross-contract-integer-overflow.js +554 -0
  179. package/dist/detectors/cross-contract-reentrancy-trusted-callee.d.ts +39 -0
  180. package/dist/detectors/cross-contract-reentrancy-trusted-callee.js +385 -0
  181. package/dist/detectors/cross-contract-reentrancy.d.ts +63 -0
  182. package/dist/detectors/cross-contract-reentrancy.js +631 -0
  183. package/dist/detectors/cross-function-reentrancy.d.ts +37 -0
  184. package/dist/detectors/cross-function-reentrancy.js +648 -0
  185. package/dist/detectors/cross-protocol-contagion.d.ts +20 -0
  186. package/dist/detectors/cross-protocol-contagion.js +445 -0
  187. package/dist/detectors/cross-protocol-oracle-collateral.d.ts +38 -0
  188. package/dist/detectors/cross-protocol-oracle-collateral.js +487 -0
  189. package/dist/detectors/cross-vm-reentrancy.d.ts +7 -0
  190. package/dist/detectors/cross-vm-reentrancy.js +484 -0
  191. package/dist/detectors/decimals-mismatch.d.ts +89 -0
  192. package/dist/detectors/decimals-mismatch.js +451 -0
  193. package/dist/detectors/deferred-state-update.d.ts +16 -0
  194. package/dist/detectors/deferred-state-update.js +35 -0
  195. package/dist/detectors/deflationary-token.d.ts +27 -0
  196. package/dist/detectors/deflationary-token.js +751 -0
  197. package/dist/detectors/delegate-transfer-unrestricted-caller.d.ts +44 -0
  198. package/dist/detectors/delegate-transfer-unrestricted-caller.js +410 -0
  199. package/dist/detectors/delegatecall-fallback-reentrancy-bypass.d.ts +14 -0
  200. package/dist/detectors/delegatecall-fallback-reentrancy-bypass.js +241 -0
  201. package/dist/detectors/delegatecall-in-loops.d.ts +7 -0
  202. package/dist/detectors/delegatecall-in-loops.js +129 -0
  203. package/dist/detectors/delegatecall-init-owner-mutator.d.ts +8 -0
  204. package/dist/detectors/delegatecall-init-owner-mutator.js +655 -0
  205. package/dist/detectors/delegatecall-init.d.ts +7 -0
  206. package/dist/detectors/delegatecall-init.js +769 -0
  207. package/dist/detectors/delegatecall-untrusted-implementation.d.ts +41 -0
  208. package/dist/detectors/delegatecall-untrusted-implementation.js +888 -0
  209. package/dist/detectors/delegated-authorization-bypass.d.ts +7 -0
  210. package/dist/detectors/delegated-authorization-bypass.js +370 -0
  211. package/dist/detectors/denial-of-service.d.ts +117 -0
  212. package/dist/detectors/denial-of-service.js +947 -0
  213. package/dist/detectors/division-before-multiplication.d.ts +7 -0
  214. package/dist/detectors/division-before-multiplication.js +303 -0
  215. package/dist/detectors/dn404-mirror-access-control.d.ts +26 -0
  216. package/dist/detectors/dn404-mirror-access-control.js +315 -0
  217. package/dist/detectors/doge-flashloan.d.ts +29 -0
  218. package/dist/detectors/doge-flashloan.js +329 -0
  219. package/dist/detectors/donate-inflation-exchangerate-roundin.d.ts +7 -0
  220. package/dist/detectors/donate-inflation-exchangerate-roundin.js +621 -0
  221. package/dist/detectors/donation-share-inflation.d.ts +24 -0
  222. package/dist/detectors/donation-share-inflation.js +466 -0
  223. package/dist/detectors/dont-let-eth-get-rekt.d.ts +84 -0
  224. package/dist/detectors/dont-let-eth-get-rekt.js +1151 -0
  225. package/dist/detectors/dos-unbounded-loop-external-call-revert.d.ts +37 -0
  226. package/dist/detectors/dos-unbounded-loop-external-call-revert.js +541 -0
  227. package/dist/detectors/eip1167-proxy-reentrancy.d.ts +7 -0
  228. package/dist/detectors/eip1167-proxy-reentrancy.js +508 -0
  229. package/dist/detectors/eip4626-vault-reentrancy.d.ts +32 -0
  230. package/dist/detectors/eip4626-vault-reentrancy.js +312 -0
  231. package/dist/detectors/eip5792-auth-replay.d.ts +45 -0
  232. package/dist/detectors/eip5792-auth-replay.js +519 -0
  233. package/dist/detectors/eip712-domain-separator.d.ts +42 -0
  234. package/dist/detectors/eip712-domain-separator.js +524 -0
  235. package/dist/detectors/eip712-signature-verification.d.ts +49 -0
  236. package/dist/detectors/eip712-signature-verification.js +689 -0
  237. package/dist/detectors/eip7702-auth-replay.d.ts +7 -0
  238. package/dist/detectors/eip7702-auth-replay.js +768 -0
  239. package/dist/detectors/eip7702-cross-chain-replay.d.ts +27 -0
  240. package/dist/detectors/eip7702-cross-chain-replay.js +307 -0
  241. package/dist/detectors/eip7702-delegated-eoa-approval-race.d.ts +39 -0
  242. package/dist/detectors/eip7702-delegated-eoa-approval-race.js +413 -0
  243. package/dist/detectors/eip7702-delegation-reentrancy.d.ts +21 -0
  244. package/dist/detectors/eip7702-delegation-reentrancy.js +705 -0
  245. package/dist/detectors/eip7702-delegation-risk.d.ts +7 -0
  246. package/dist/detectors/eip7702-delegation-risk.js +745 -0
  247. package/dist/detectors/eip7702-eoa-assumption.d.ts +57 -0
  248. package/dist/detectors/eip7702-eoa-assumption.js +461 -0
  249. package/dist/detectors/erc1155-batch-missing-per-id-approval.d.ts +23 -0
  250. package/dist/detectors/erc1155-batch-missing-per-id-approval.js +343 -0
  251. package/dist/detectors/erc1155-reentrancy.d.ts +31 -0
  252. package/dist/detectors/erc1155-reentrancy.js +217 -0
  253. package/dist/detectors/erc1271-stub-implementation.d.ts +21 -0
  254. package/dist/detectors/erc1271-stub-implementation.js +268 -0
  255. package/dist/detectors/erc20-safe-wrapper-return-unchecked.d.ts +43 -0
  256. package/dist/detectors/erc20-safe-wrapper-return-unchecked.js +368 -0
  257. package/dist/detectors/erc20-unchecked-non-standard-return.d.ts +55 -0
  258. package/dist/detectors/erc20-unchecked-non-standard-return.js +454 -0
  259. package/dist/detectors/erc2612-permit-frontrunning.d.ts +23 -0
  260. package/dist/detectors/erc2612-permit-frontrunning.js +246 -0
  261. package/dist/detectors/erc2771-context-spoofing.d.ts +41 -0
  262. package/dist/detectors/erc2771-context-spoofing.js +510 -0
  263. package/dist/detectors/erc4337-validation-storage-access.d.ts +35 -0
  264. package/dist/detectors/erc4337-validation-storage-access.js +232 -0
  265. package/dist/detectors/erc4626-totalassets-stub.d.ts +17 -0
  266. package/dist/detectors/erc4626-totalassets-stub.js +216 -0
  267. package/dist/detectors/erc6909-balance-overflow.d.ts +7 -0
  268. package/dist/detectors/erc6909-balance-overflow.js +688 -0
  269. package/dist/detectors/erc6909-operator-scope.d.ts +49 -0
  270. package/dist/detectors/erc6909-operator-scope.js +494 -0
  271. package/dist/detectors/erc721-unchecked-transfer.d.ts +38 -0
  272. package/dist/detectors/erc721-unchecked-transfer.js +364 -0
  273. package/dist/detectors/erc7579-module-install-without-threshold.d.ts +40 -0
  274. package/dist/detectors/erc7579-module-install-without-threshold.js +338 -0
  275. package/dist/detectors/erc7683-fill-validation.d.ts +53 -0
  276. package/dist/detectors/erc7683-fill-validation.js +758 -0
  277. package/dist/detectors/erc7683-intent-resolution.d.ts +7 -0
  278. package/dist/detectors/erc7683-intent-resolution.js +457 -0
  279. package/dist/detectors/erc777-callback-reentrancy.d.ts +8 -0
  280. package/dist/detectors/erc777-callback-reentrancy.js +439 -0
  281. package/dist/detectors/erc777-reentrancy.d.ts +7 -0
  282. package/dist/detectors/erc777-reentrancy.js +488 -0
  283. package/dist/detectors/erc777-tokens-to-send-reentrancy.d.ts +47 -0
  284. package/dist/detectors/erc777-tokens-to-send-reentrancy.js +674 -0
  285. package/dist/detectors/estuary-token-flaw.d.ts +16 -0
  286. package/dist/detectors/estuary-token-flaw.js +547 -0
  287. package/dist/detectors/euler-debt-token-manipulation.d.ts +32 -0
  288. package/dist/detectors/euler-debt-token-manipulation.js +347 -0
  289. package/dist/detectors/exploiting-a-vulnerability-in-curve-fina.d.ts +29 -0
  290. package/dist/detectors/exploiting-a-vulnerability-in-curve-fina.js +210 -0
  291. package/dist/detectors/fallback-delegatecall-reentrancy.d.ts +14 -0
  292. package/dist/detectors/fallback-delegatecall-reentrancy.js +236 -0
  293. package/dist/detectors/farm-business-logic-flaw-lack-of-access.d.ts +7 -0
  294. package/dist/detectors/farm-business-logic-flaw-lack-of-access.js +665 -0
  295. package/dist/detectors/fee-mechanism-exploitation.d.ts +20 -0
  296. package/dist/detectors/fee-mechanism-exploitation.js +400 -0
  297. package/dist/detectors/fee-on-transfer-balance-mismatch.d.ts +49 -0
  298. package/dist/detectors/fee-on-transfer-balance-mismatch.js +394 -0
  299. package/dist/detectors/fhe-encrypted-input-validation.d.ts +29 -0
  300. package/dist/detectors/fhe-encrypted-input-validation.js +210 -0
  301. package/dist/detectors/fhe-handle-leakage.d.ts +44 -0
  302. package/dist/detectors/fhe-handle-leakage.js +315 -0
  303. package/dist/detectors/fhe-oz-pattern-misuse.d.ts +26 -0
  304. package/dist/detectors/fhe-oz-pattern-misuse.js +311 -0
  305. package/dist/detectors/fhe-state-leakage.d.ts +8 -0
  306. package/dist/detectors/fhe-state-leakage.js +400 -0
  307. package/dist/detectors/fi-bridges.d.ts +33 -0
  308. package/dist/detectors/fi-bridges.js +428 -0
  309. package/dist/detectors/finance-access-control-price-oracle-man.d.ts +9 -0
  310. package/dist/detectors/finance-access-control-price-oracle-man.js +640 -0
  311. package/dist/detectors/finance-bridge-address0safetransferfrom.d.ts +8 -0
  312. package/dist/detectors/finance-bridge-address0safetransferfrom.js +574 -0
  313. package/dist/detectors/finance-business-logic-in-mint.d.ts +54 -0
  314. package/dist/detectors/finance-business-logic-in-mint.js +687 -0
  315. package/dist/detectors/finance-erc667-reentrancy.d.ts +7 -0
  316. package/dist/detectors/finance-erc667-reentrancy.js +509 -0
  317. package/dist/detectors/finance-flashloan-price-oracle-manipul.d.ts +7 -0
  318. package/dist/detectors/finance-flashloan-price-oracle-manipul.js +546 -0
  319. package/dist/detectors/finance-flashloan-reentrancy.d.ts +7 -0
  320. package/dist/detectors/finance-flashloan-reentrancy.js +547 -0
  321. package/dist/detectors/finance-swap-metapool-attack.d.ts +19 -0
  322. package/dist/detectors/finance-swap-metapool-attack.js +321 -0
  323. package/dist/detectors/flashloan-price-manipulation.d.ts +7 -0
  324. package/dist/detectors/flashloan-price-manipulation.js +950 -0
  325. package/dist/detectors/flashloan-reentrancy-rari.d.ts +28 -0
  326. package/dist/detectors/flashloan-reentrancy-rari.js +577 -0
  327. package/dist/detectors/flashloan-reentrancy.d.ts +7 -0
  328. package/dist/detectors/flashloan-reentrancy.js +383 -0
  329. package/dist/detectors/flashloan-token-migrate.d.ts +7 -0
  330. package/dist/detectors/flashloan-token-migrate.js +274 -0
  331. package/dist/detectors/force-fed-eth-state-corruption.d.ts +32 -0
  332. package/dist/detectors/force-fed-eth-state-corruption.js +293 -0
  333. package/dist/detectors/free-mint-bug.d.ts +41 -0
  334. package/dist/detectors/free-mint-bug.js +483 -0
  335. package/dist/detectors/front-running-orderbook-state-update.d.ts +37 -0
  336. package/dist/detectors/front-running-orderbook-state-update.js +471 -0
  337. package/dist/detectors/front-running-shared-collateral-write.d.ts +41 -0
  338. package/dist/detectors/front-running-shared-collateral-write.js +508 -0
  339. package/dist/detectors/fusion-v1-settlement-arbitrary-yul-calld.d.ts +30 -0
  340. package/dist/detectors/fusion-v1-settlement-arbitrary-yul-calld.js +354 -0
  341. package/dist/detectors/generalized-frontrunning.d.ts +7 -0
  342. package/dist/detectors/generalized-frontrunning.js +836 -0
  343. package/dist/detectors/governance-flash-loan.d.ts +62 -0
  344. package/dist/detectors/governance-flash-loan.js +452 -0
  345. package/dist/detectors/governance-flashloan-vote.d.ts +41 -0
  346. package/dist/detectors/governance-flashloan-vote.js +272 -0
  347. package/dist/detectors/halborn-security-report-aave-v3.d.ts +6 -0
  348. package/dist/detectors/halborn-security-report-aave-v3.js +357 -0
  349. package/dist/detectors/incorrect-access-control.d.ts +26 -0
  350. package/dist/detectors/incorrect-access-control.js +328 -0
  351. package/dist/detectors/incorrect-burn-accounting.d.ts +10 -0
  352. package/dist/detectors/incorrect-burn-accounting.js +387 -0
  353. package/dist/detectors/incorrect-dividends-calculation.d.ts +27 -0
  354. package/dist/detectors/incorrect-dividends-calculation.js +524 -0
  355. package/dist/detectors/incorrect-dividends.d.ts +27 -0
  356. package/dist/detectors/incorrect-dividends.js +485 -0
  357. package/dist/detectors/incorrect-input-validation.d.ts +23 -0
  358. package/dist/detectors/incorrect-input-validation.js +312 -0
  359. package/dist/detectors/incorrect-signature-verification.d.ts +26 -0
  360. package/dist/detectors/incorrect-signature-verification.js +530 -0
  361. package/dist/detectors/infinite-loop.d.ts +7 -0
  362. package/dist/detectors/infinite-loop.js +440 -0
  363. package/dist/detectors/infinite-number-of-loans.d.ts +13 -0
  364. package/dist/detectors/infinite-number-of-loans.js +565 -0
  365. package/dist/detectors/inheritance-override.d.ts +26 -0
  366. package/dist/detectors/inheritance-override.js +320 -0
  367. package/dist/detectors/initialization-access-control.d.ts +8 -0
  368. package/dist/detectors/initialization-access-control.js +659 -0
  369. package/dist/detectors/insecure-randomness.d.ts +73 -0
  370. package/dist/detectors/insecure-randomness.js +610 -0
  371. package/dist/detectors/insufficient-access-control-trusted-param.d.ts +39 -0
  372. package/dist/detectors/insufficient-access-control-trusted-param.js +356 -0
  373. package/dist/detectors/insufficient-dvn-threshold.d.ts +32 -0
  374. package/dist/detectors/insufficient-dvn-threshold.js +585 -0
  375. package/dist/detectors/integer-overflow-detector.d.ts +45 -0
  376. package/dist/detectors/integer-overflow-detector.js +284 -0
  377. package/dist/detectors/integer-overflow.d.ts +95 -0
  378. package/dist/detectors/integer-overflow.js +344 -0
  379. package/dist/detectors/integer-underflow.d.ts +7 -0
  380. package/dist/detectors/integer-underflow.js +422 -0
  381. package/dist/detectors/intent-settlement-balance-manipulation.d.ts +22 -0
  382. package/dist/detectors/intent-settlement-balance-manipulation.js +548 -0
  383. package/dist/detectors/l1-to-l2-message-reentrancy.d.ts +7 -0
  384. package/dist/detectors/l1-to-l2-message-reentrancy.js +545 -0
  385. package/dist/detectors/l2-withdrawal-validation.d.ts +8 -0
  386. package/dist/detectors/l2-withdrawal-validation.js +303 -0
  387. package/dist/detectors/lack-of-access-control.d.ts +7 -0
  388. package/dist/detectors/lack-of-access-control.js +425 -0
  389. package/dist/detectors/lack-of-calldata-validation.d.ts +16 -0
  390. package/dist/detectors/lack-of-calldata-validation.js +914 -0
  391. package/dist/detectors/lack-of-input-validation-reentrancy.d.ts +7 -0
  392. package/dist/detectors/lack-of-input-validation-reentrancy.js +637 -0
  393. package/dist/detectors/lack-of-slippage-control.d.ts +7 -0
  394. package/dist/detectors/lack-of-slippage-control.js +513 -0
  395. package/dist/detectors/lack-of-slippage-protection.d.ts +7 -0
  396. package/dist/detectors/lack-of-slippage-protection.js +474 -0
  397. package/dist/detectors/lack-of-validation-data.d.ts +23 -0
  398. package/dist/detectors/lack-of-validation-data.js +391 -0
  399. package/dist/detectors/lack-of-validation-pool.d.ts +7 -0
  400. package/dist/detectors/lack-of-validation-pool.js +492 -0
  401. package/dist/detectors/lack-of-validation-userdata.d.ts +7 -0
  402. package/dist/detectors/lack-of-validation-userdata.js +583 -0
  403. package/dist/detectors/lack-of-validation.d.ts +27 -0
  404. package/dist/detectors/lack-of-validation.js +609 -0
  405. package/dist/detectors/layerzero-dvn-quorum-missing.d.ts +22 -0
  406. package/dist/detectors/layerzero-dvn-quorum-missing.js +464 -0
  407. package/dist/detectors/layerzero-v2-unverified-origin.d.ts +40 -0
  408. package/dist/detectors/layerzero-v2-unverified-origin.js +368 -0
  409. package/dist/detectors/liquidation-accounting-desync.d.ts +14 -0
  410. package/dist/detectors/liquidation-accounting-desync.js +145 -0
  411. package/dist/detectors/liquidation-gain-manipulation.d.ts +42 -0
  412. package/dist/detectors/liquidation-gain-manipulation.js +606 -0
  413. package/dist/detectors/liquidation-price-rounding-advantage.d.ts +26 -0
  414. package/dist/detectors/liquidation-price-rounding-advantage.js +283 -0
  415. package/dist/detectors/liquidity-poisoning.d.ts +25 -0
  416. package/dist/detectors/liquidity-poisoning.js +339 -0
  417. package/dist/detectors/loans-malicious-proposal-price-oracle.d.ts +44 -0
  418. package/dist/detectors/loans-malicious-proposal-price-oracle.js +813 -0
  419. package/dist/detectors/logic-flaw.d.ts +186 -0
  420. package/dist/detectors/logic-flaw.js +3356 -0
  421. package/dist/detectors/manipulation-of-funds.d.ts +31 -0
  422. package/dist/detectors/manipulation-of-funds.js +304 -0
  423. package/dist/detectors/merkl-unsafe-claim-callback.d.ts +22 -0
  424. package/dist/detectors/merkl-unsafe-claim-callback.js +94 -0
  425. package/dist/detectors/mev-boost-timestamp.d.ts +7 -0
  426. package/dist/detectors/mev-boost-timestamp.js +318 -0
  427. package/dist/detectors/mev-merge-exploit.d.ts +29 -0
  428. package/dist/detectors/mev-merge-exploit.js +397 -0
  429. package/dist/detectors/mev-sandwich-vulnerability.d.ts +24 -0
  430. package/dist/detectors/mev-sandwich-vulnerability.js +648 -0
  431. package/dist/detectors/mev-slot-manipulation.d.ts +36 -0
  432. package/dist/detectors/mev-slot-manipulation.js +691 -0
  433. package/dist/detectors/mevbot-insufficient-validation.d.ts +48 -0
  434. package/dist/detectors/mevbot-insufficient-validation.js +574 -0
  435. package/dist/detectors/migration-rebalance-without-bound.d.ts +7 -0
  436. package/dist/detectors/migration-rebalance-without-bound.js +514 -0
  437. package/dist/detectors/mint-hardcoded-asset-parity.d.ts +31 -0
  438. package/dist/detectors/mint-hardcoded-asset-parity.js +356 -0
  439. package/dist/detectors/miscalculation-on-spendallowance.d.ts +7 -0
  440. package/dist/detectors/miscalculation-on-spendallowance.js +188 -0
  441. package/dist/detectors/misconfiguration.d.ts +27 -0
  442. package/dist/detectors/misconfiguration.js +410 -0
  443. package/dist/detectors/missing-access-control-caller-supplied-auth.d.ts +7 -0
  444. package/dist/detectors/missing-access-control-caller-supplied-auth.js +550 -0
  445. package/dist/detectors/missing-access-control-receiver-payout.d.ts +7 -0
  446. package/dist/detectors/missing-access-control-receiver-payout.js +460 -0
  447. package/dist/detectors/missing-access-control-role-or-transferfrom.d.ts +7 -0
  448. package/dist/detectors/missing-access-control-role-or-transferfrom.js +663 -0
  449. package/dist/detectors/missing-access-control.d.ts +19 -0
  450. package/dist/detectors/missing-access-control.js +781 -0
  451. package/dist/detectors/missing-sequencer-uptime-check.d.ts +30 -0
  452. package/dist/detectors/missing-sequencer-uptime-check.js +348 -0
  453. package/dist/detectors/missing-storage-gap.d.ts +19 -0
  454. package/dist/detectors/missing-storage-gap.js +193 -0
  455. package/dist/detectors/missing-swap-deadline-slippage.d.ts +31 -0
  456. package/dist/detectors/missing-swap-deadline-slippage.js +231 -0
  457. package/dist/detectors/missing-zk-proof-verification.d.ts +60 -0
  458. package/dist/detectors/missing-zk-proof-verification.js +547 -0
  459. package/dist/detectors/my-experience-with-yearn-finance.d.ts +7 -0
  460. package/dist/detectors/my-experience-with-yearn-finance.js +552 -0
  461. package/dist/detectors/network-bridge-ronin.d.ts +7 -0
  462. package/dist/detectors/network-bridge-ronin.js +408 -0
  463. package/dist/detectors/network-bridge.d.ts +7 -0
  464. package/dist/detectors/network-bridge.js +444 -0
  465. package/dist/detectors/network-underflow.d.ts +7 -0
  466. package/dist/detectors/network-underflow.js +517 -0
  467. package/dist/detectors/nft-denial-of-service.d.ts +7 -0
  468. package/dist/detectors/nft-denial-of-service.js +223 -0
  469. package/dist/detectors/nft-marketplace-order-reentrancy.d.ts +7 -0
  470. package/dist/detectors/nft-marketplace-order-reentrancy.js +427 -0
  471. package/dist/detectors/nft-token-standard-access-control.d.ts +7 -0
  472. package/dist/detectors/nft-token-standard-access-control.js +455 -0
  473. package/dist/detectors/oracle-manipulation-amm-spot-price.d.ts +42 -0
  474. package/dist/detectors/oracle-manipulation-amm-spot-price.js +321 -0
  475. package/dist/detectors/oracle-manipulation-liquidity-withdrawal.d.ts +27 -0
  476. package/dist/detectors/oracle-manipulation-liquidity-withdrawal.js +192 -0
  477. package/dist/detectors/oracle-manipulation.d.ts +90 -0
  478. package/dist/detectors/oracle-manipulation.js +1023 -0
  479. package/dist/detectors/oracle-vortex-manipulation.d.ts +30 -0
  480. package/dist/detectors/oracle-vortex-manipulation.js +473 -0
  481. package/dist/detectors/overpriced-asset-in-oracle.d.ts +41 -0
  482. package/dist/detectors/overpriced-asset-in-oracle.js +420 -0
  483. package/dist/detectors/oz-access-control-roles.d.ts +33 -0
  484. package/dist/detectors/oz-access-control-roles.js +359 -0
  485. package/dist/detectors/pair-manipulation-transfer-hook.d.ts +38 -0
  486. package/dist/detectors/pair-manipulation-transfer-hook.js +366 -0
  487. package/dist/detectors/parameter-access-control.d.ts +47 -0
  488. package/dist/detectors/parameter-access-control.js +511 -0
  489. package/dist/detectors/parameter-manipulation.d.ts +7 -0
  490. package/dist/detectors/parameter-manipulation.js +505 -0
  491. package/dist/detectors/parity-multisig-delegatecall.d.ts +7 -0
  492. package/dist/detectors/parity-multisig-delegatecall.js +707 -0
  493. package/dist/detectors/permissionless-claim-amm-spot-pricing.d.ts +7 -0
  494. package/dist/detectors/permissionless-claim-amm-spot-pricing.js +351 -0
  495. package/dist/detectors/permit-future-dated-deadline.d.ts +31 -0
  496. package/dist/detectors/permit-future-dated-deadline.js +339 -0
  497. package/dist/detectors/phishing-attack-bybit.d.ts +37 -0
  498. package/dist/detectors/phishing-attack-bybit.js +513 -0
  499. package/dist/detectors/post-insolvency-check.d.ts +7 -0
  500. package/dist/detectors/post-insolvency-check.js +277 -0
  501. package/dist/detectors/precision-loss-vulnerability.d.ts +7 -0
  502. package/dist/detectors/precision-loss-vulnerability.js +472 -0
  503. package/dist/detectors/precision-truncation.d.ts +8 -0
  504. package/dist/detectors/precision-truncation.js +425 -0
  505. package/dist/detectors/price-dependency-veth.d.ts +41 -0
  506. package/dist/detectors/price-dependency-veth.js +588 -0
  507. package/dist/detectors/price-feed-verification.d.ts +7 -0
  508. package/dist/detectors/price-feed-verification.js +557 -0
  509. package/dist/detectors/price-manipulation-reentrancy.d.ts +32 -0
  510. package/dist/detectors/price-manipulation-reentrancy.js +445 -0
  511. package/dist/detectors/price-manipulation-via-reentranc.d.ts +7 -0
  512. package/dist/detectors/price-manipulation-via-reentranc.js +569 -0
  513. package/dist/detectors/price-oracle-manipulation.d.ts +25 -0
  514. package/dist/detectors/price-oracle-manipulation.js +530 -0
  515. package/dist/detectors/project-instant-rewards-unlocked.d.ts +6 -0
  516. package/dist/detectors/project-instant-rewards-unlocked.js +462 -0
  517. package/dist/detectors/protocol-reentrancy.d.ts +7 -0
  518. package/dist/detectors/protocol-reentrancy.js +457 -0
  519. package/dist/detectors/proxy-init-race.d.ts +11 -0
  520. package/dist/detectors/proxy-init-race.js +634 -0
  521. package/dist/detectors/proxy-storage-slot-collision.d.ts +7 -0
  522. package/dist/detectors/proxy-storage-slot-collision.js +135 -0
  523. package/dist/detectors/public-internal-function.d.ts +39 -0
  524. package/dist/detectors/public-internal-function.js +233 -0
  525. package/dist/detectors/quote-silent-zero.d.ts +25 -0
  526. package/dist/detectors/quote-silent-zero.js +156 -0
  527. package/dist/detectors/readonly-reentrancy.d.ts +9 -0
  528. package/dist/detectors/readonly-reentrancy.js +108 -0
  529. package/dist/detectors/receipt-redemption-missing-validation.d.ts +31 -0
  530. package/dist/detectors/receipt-redemption-missing-validation.js +453 -0
  531. package/dist/detectors/reentrancy-balance.d.ts +36 -0
  532. package/dist/detectors/reentrancy-balance.js +577 -0
  533. package/dist/detectors/reentrancy-business-logic-game.d.ts +36 -0
  534. package/dist/detectors/reentrancy-business-logic-game.js +616 -0
  535. package/dist/detectors/reentrancy-on-sell-nft.d.ts +23 -0
  536. package/dist/detectors/reentrancy-on-sell-nft.js +510 -0
  537. package/dist/detectors/reflection-token-balance-desync.d.ts +28 -0
  538. package/dist/detectors/reflection-token-balance-desync.js +246 -0
  539. package/dist/detectors/registry-engine.d.ts +34 -0
  540. package/dist/detectors/registry-engine.js +388 -0
  541. package/dist/detectors/rollup-unvalidated-state-update.d.ts +35 -0
  542. package/dist/detectors/rollup-unvalidated-state-update.js +286 -0
  543. package/dist/detectors/s-horizon-bridge-private-key-compromis.d.ts +8 -0
  544. package/dist/detectors/s-horizon-bridge-private-key-compromis.js +615 -0
  545. package/dist/detectors/share-price-manipulation.d.ts +7 -0
  546. package/dist/detectors/share-price-manipulation.js +653 -0
  547. package/dist/detectors/signature-replay.d.ts +30 -0
  548. package/dist/detectors/signature-replay.js +367 -0
  549. package/dist/detectors/simpleswap-unverified-approval.d.ts +27 -0
  550. package/dist/detectors/simpleswap-unverified-approval.js +198 -0
  551. package/dist/detectors/single-spot-oracle-collateral-valuation.d.ts +22 -0
  552. package/dist/detectors/single-spot-oracle-collateral-valuation.js +419 -0
  553. package/dist/detectors/skim-token-balance.d.ts +7 -0
  554. package/dist/detectors/skim-token-balance.js +788 -0
  555. package/dist/detectors/sky-oft-governance-payload.d.ts +7 -0
  556. package/dist/detectors/sky-oft-governance-payload.js +515 -0
  557. package/dist/detectors/sky-oft-governance-truncation.d.ts +32 -0
  558. package/dist/detectors/sky-oft-governance-truncation.js +377 -0
  559. package/dist/detectors/solana-evm-bridge-truncation.d.ts +7 -0
  560. package/dist/detectors/solana-evm-bridge-truncation.js +638 -0
  561. package/dist/detectors/solhint-unchecked-low-level-call.d.ts +74 -0
  562. package/dist/detectors/solhint-unchecked-low-level-call.js +463 -0
  563. package/dist/detectors/stablecoin-pair-spot-oracle.d.ts +7 -0
  564. package/dist/detectors/stablecoin-pair-spot-oracle.js +364 -0
  565. package/dist/detectors/staked-rate-as-oracle.d.ts +44 -0
  566. package/dist/detectors/staked-rate-as-oracle.js +497 -0
  567. package/dist/detectors/stale-oracle.d.ts +63 -0
  568. package/dist/detectors/stale-oracle.js +649 -0
  569. package/dist/detectors/starkware-proof-validation-gap.d.ts +18 -0
  570. package/dist/detectors/starkware-proof-validation-gap.js +629 -0
  571. package/dist/detectors/steth-transfer-reentrancy.d.ts +8 -0
  572. package/dist/detectors/steth-transfer-reentrancy.js +317 -0
  573. package/dist/detectors/storage-collision-malicious-proposal.d.ts +27 -0
  574. package/dist/detectors/storage-collision-malicious-proposal.js +386 -0
  575. package/dist/detectors/timestamp-manipulation.d.ts +49 -0
  576. package/dist/detectors/timestamp-manipulation.js +383 -0
  577. package/dist/detectors/token-access-control.d.ts +7 -0
  578. package/dist/detectors/token-access-control.js +544 -0
  579. package/dist/detectors/token-incorrect-signature-verification.d.ts +23 -0
  580. package/dist/detectors/token-incorrect-signature-verification.js +434 -0
  581. package/dist/detectors/token-transfer-logic-flaw.d.ts +33 -0
  582. package/dist/detectors/token-transfer-logic-flaw.js +267 -0
  583. package/dist/detectors/transfer-double-debit-pool-recipient.d.ts +7 -0
  584. package/dist/detectors/transfer-double-debit-pool-recipient.js +542 -0
  585. package/dist/detectors/treasury-reentrancy.d.ts +7 -0
  586. package/dist/detectors/treasury-reentrancy.js +442 -0
  587. package/dist/detectors/tstore-poison.d.ts +32 -0
  588. package/dist/detectors/tstore-poison.js +417 -0
  589. package/dist/detectors/tstore-race-condition.d.ts +7 -0
  590. package/dist/detectors/tstore-race-condition.js +632 -0
  591. package/dist/detectors/types.d.ts +85 -0
  592. package/dist/detectors/types.js +20 -0
  593. package/dist/detectors/unauthorized-payer-transferfrom.d.ts +66 -0
  594. package/dist/detectors/unauthorized-payer-transferfrom.js +339 -0
  595. package/dist/detectors/unauthorized-transferfrom-shell.d.ts +7 -0
  596. package/dist/detectors/unauthorized-transferfrom-shell.js +504 -0
  597. package/dist/detectors/unauthorized-transferfrom.d.ts +16 -0
  598. package/dist/detectors/unauthorized-transferfrom.js +838 -0
  599. package/dist/detectors/unbound-zk-verifier-input.d.ts +7 -0
  600. package/dist/detectors/unbound-zk-verifier-input.js +445 -0
  601. package/dist/detectors/unbounded-share-price-collateral-oracle.d.ts +48 -0
  602. package/dist/detectors/unbounded-share-price-collateral-oracle.js +566 -0
  603. package/dist/detectors/uncapped-reward-emission.d.ts +7 -0
  604. package/dist/detectors/uncapped-reward-emission.js +493 -0
  605. package/dist/detectors/unchecked-call-forwarding.d.ts +31 -0
  606. package/dist/detectors/unchecked-call-forwarding.js +330 -0
  607. package/dist/detectors/unchecked-external-call-unconditional-state-mutation.d.ts +18 -0
  608. package/dist/detectors/unchecked-external-call-unconditional-state-mutation.js +311 -0
  609. package/dist/detectors/unchecked-external-call.d.ts +66 -0
  610. package/dist/detectors/unchecked-external-call.js +389 -0
  611. package/dist/detectors/unchecked-oft-return.d.ts +13 -0
  612. package/dist/detectors/unchecked-oft-return.js +118 -0
  613. package/dist/detectors/unguarded-governance-execution.d.ts +35 -0
  614. package/dist/detectors/unguarded-governance-execution.js +422 -0
  615. package/dist/detectors/unguarded-governance-executor.d.ts +35 -0
  616. package/dist/detectors/unguarded-governance-executor.js +349 -0
  617. package/dist/detectors/unindexed-event-address.d.ts +7 -0
  618. package/dist/detectors/unindexed-event-address.js +268 -0
  619. package/dist/detectors/uninitialized-implementation.d.ts +27 -0
  620. package/dist/detectors/uninitialized-implementation.js +333 -0
  621. package/dist/detectors/uninitialized-storage-pointer.d.ts +7 -0
  622. package/dist/detectors/uninitialized-storage-pointer.js +110 -0
  623. package/dist/detectors/uniswap-skim-token-balance-attack.d.ts +8 -0
  624. package/dist/detectors/uniswap-skim-token-balance-attack.js +331 -0
  625. package/dist/detectors/uniswap-v4-hook-state-manipulation.d.ts +7 -0
  626. package/dist/detectors/uniswap-v4-hook-state-manipulation.js +296 -0
  627. package/dist/detectors/unprotected-admin-or-fund-sink.d.ts +7 -0
  628. package/dist/detectors/unprotected-admin-or-fund-sink.js +643 -0
  629. package/dist/detectors/unprotected-dex-swap.d.ts +43 -0
  630. package/dist/detectors/unprotected-dex-swap.js +334 -0
  631. package/dist/detectors/unprotected-initializer.d.ts +7 -0
  632. package/dist/detectors/unprotected-initializer.js +707 -0
  633. package/dist/detectors/unprotected-pair-initializer.d.ts +22 -0
  634. package/dist/detectors/unprotected-pair-initializer.js +359 -0
  635. package/dist/detectors/unprotected-upgrade-function.d.ts +7 -0
  636. package/dist/detectors/unprotected-upgrade-function.js +180 -0
  637. package/dist/detectors/unreachable-code-0.8.28.d.ts +19 -0
  638. package/dist/detectors/unreachable-code-0.8.28.js +206 -0
  639. package/dist/detectors/unsafe-proxy-storage.d.ts +7 -0
  640. package/dist/detectors/unsafe-proxy-storage.js +436 -0
  641. package/dist/detectors/unsafe-transient-storage.d.ts +7 -0
  642. package/dist/detectors/unsafe-transient-storage.js +1052 -0
  643. package/dist/detectors/unsafe-tx-origin.d.ts +9 -0
  644. package/dist/detectors/unsafe-tx-origin.js +179 -0
  645. package/dist/detectors/unsigned-validity-window.d.ts +20 -0
  646. package/dist/detectors/unsigned-validity-window.js +220 -0
  647. package/dist/detectors/unvalidated-interface-address.d.ts +25 -0
  648. package/dist/detectors/unvalidated-interface-address.js +377 -0
  649. package/dist/detectors/uups-uninitialized-storage.d.ts +9 -0
  650. package/dist/detectors/uups-uninitialized-storage.js +366 -0
  651. package/dist/detectors/v2-error-k-value-attack.d.ts +33 -0
  652. package/dist/detectors/v2-error-k-value-attack.js +276 -0
  653. package/dist/detectors/v2-k-invariant-bypass.d.ts +33 -0
  654. package/dist/detectors/v2-k-invariant-bypass.js +283 -0
  655. package/dist/detectors/v4-hook-reentrancy.d.ts +9 -0
  656. package/dist/detectors/v4-hook-reentrancy.js +488 -0
  657. package/dist/detectors/vault-inflation-rounding.d.ts +23 -0
  658. package/dist/detectors/vault-inflation-rounding.js +477 -0
  659. package/dist/detectors/vault-share-price-manipulation.d.ts +7 -0
  660. package/dist/detectors/vault-share-price-manipulation.js +332 -0
  661. package/dist/detectors/vortex-interaction-guard.d.ts +45 -0
  662. package/dist/detectors/vortex-interaction-guard.js +275 -0
  663. package/dist/detectors/vortex-protocol-reentrancy-guard.d.ts +27 -0
  664. package/dist/detectors/vortex-protocol-reentrancy-guard.js +408 -0
  665. package/dist/detectors/vulnerable-price-dependency.d.ts +41 -0
  666. package/dist/detectors/vulnerable-price-dependency.js +473 -0
  667. package/dist/detectors/weak-random-mint.d.ts +37 -0
  668. package/dist/detectors/weak-random-mint.js +271 -0
  669. package/dist/detectors/withdraw-be-to-withdraw.d.ts +26 -0
  670. package/dist/detectors/withdraw-be-to-withdraw.js +329 -0
  671. package/dist/detectors/wrong-function-visibility.d.ts +29 -0
  672. package/dist/detectors/wrong-function-visibility.js +147 -0
  673. package/dist/detectors/wrong-price-calculation.d.ts +42 -0
  674. package/dist/detectors/wrong-price-calculation.js +387 -0
  675. package/dist/detectors/yearn-vault-v2-share-price-manipulation.d.ts +32 -0
  676. package/dist/detectors/yearn-vault-v2-share-price-manipulation.js +248 -0
  677. package/dist/detectors/zero-fee.d.ts +7 -0
  678. package/dist/detectors/zero-fee.js +596 -0
  679. package/dist/detectors/zetachain-gateway-hack-analysis.d.ts +7 -0
  680. package/dist/detectors/zetachain-gateway-hack-analysis.js +629 -0
  681. package/dist/detectors/zk-rollup-da-gap.d.ts +8 -0
  682. package/dist/detectors/zk-rollup-da-gap.js +322 -0
  683. package/dist/detectors/zksync-batch-validation.d.ts +8 -0
  684. package/dist/detectors/zksync-batch-validation.js +461 -0
  685. package/dist/detectors/zksync-era-rollup-state-update.d.ts +60 -0
  686. package/dist/detectors/zksync-era-rollup-state-update.js +360 -0
  687. package/dist/detectors/zksync-simulation-drift.d.ts +35 -0
  688. package/dist/detectors/zksync-simulation-drift.js +309 -0
  689. package/dist/exit-codes.d.ts +15 -0
  690. package/dist/exit-codes.js +18 -0
  691. package/dist/formatters/github-actions.d.ts +2 -0
  692. package/dist/formatters/github-actions.js +61 -0
  693. package/dist/formatters/sarif.d.ts +24 -0
  694. package/dist/formatters/sarif.js +670 -0
  695. package/dist/formatters/text.d.ts +14 -0
  696. package/dist/formatters/text.js +152 -0
  697. package/dist/fp-rates.json +70 -0
  698. package/dist/identity/diff-baseline.d.ts +16 -0
  699. package/dist/identity/diff-baseline.js +152 -0
  700. package/dist/identity/hashing.d.ts +39 -0
  701. package/dist/identity/hashing.js +96 -0
  702. package/dist/index.d.ts +174 -0
  703. package/dist/index.js +358 -0
  704. package/dist/parallel-scan.d.ts +66 -0
  705. package/dist/parallel-scan.js +227 -0
  706. package/dist/registry.d.ts +17 -0
  707. package/dist/registry.js +118 -0
  708. package/dist/rules/glob.d.ts +5 -0
  709. package/dist/rules/glob.js +76 -0
  710. package/dist/rules/suppressions.d.ts +23 -0
  711. package/dist/rules/suppressions.js +136 -0
  712. package/dist/rules/tiers.d.ts +23 -0
  713. package/dist/rules/tiers.js +341 -0
  714. package/dist/scan-worker.d.ts +1 -0
  715. package/dist/scan-worker.js +61 -0
  716. package/dist/scan.d.ts +24 -0
  717. package/dist/scan.js +558 -0
  718. package/dist/semantic/contracts.d.ts +10 -0
  719. package/dist/semantic/contracts.js +141 -0
  720. package/dist/semantic/diagnostics.d.ts +29 -0
  721. package/dist/semantic/diagnostics.js +25 -0
  722. package/dist/semantic/eog.d.ts +56 -0
  723. package/dist/semantic/eog.js +545 -0
  724. package/dist/semantic/imports.d.ts +88 -0
  725. package/dist/semantic/imports.js +246 -0
  726. package/dist/semantic/index.d.ts +2 -0
  727. package/dist/semantic/index.js +8 -0
  728. package/dist/semantic/inheritance.d.ts +33 -0
  729. package/dist/semantic/inheritance.js +137 -0
  730. package/dist/semantic/model.d.ts +95 -0
  731. package/dist/semantic/model.js +232 -0
  732. package/dist/semantic/taint-tracker.d.ts +49 -0
  733. package/dist/semantic/taint-tracker.js +410 -0
  734. package/dist/semantic/types.d.ts +119 -0
  735. package/dist/semantic/types.js +18 -0
  736. package/dist/severity.d.ts +10 -0
  737. package/dist/severity.js +78 -0
  738. package/package.json +52 -0
package/dist/detectors/erc7683-fill-validation.js ADDED
@@ -0,0 +1,758 @@
1
+ "use strict";
2
+ Object.defineProperty(exports, "__esModule", { value: true });
3
+ exports.Erc7683FillValidationDetector = void 0;
4
+ const ast_1 = require("./_common/ast");
5
+ const RULE_ID = 'erc7683-fill-validation';
6
+ const FILL_ENTRY_RE = /^(fill|fillorder|executefill|settle|fulfill|fillordervrf|settleorder)$/i;
7
+ const FILL_SIGNATURE_RE = /(fillinstruction|resolvedcrosschainorder|orderdata|fillerdata|fillparams|execfill)/i;
8
+ const OUTPUT_FIELD_RE = /^(token|recipient|amount|value|output|outputs)$/i;
9
+ const AUTHORIZATION_NAME_RE = /(solver|filler|trusted|allow|whitelist|approved|authorized|operator)/i;
10
+ const AUTH_MODIFIER_RE = /^(only|require|when|has|is|enforce)/i;
11
+ const AUTH_MODIFIER_NAME_RE = /(role|owner|admin|guard|authenticated|solver|filler|trusted|whitelist|approved|authorized|operator|allowlist|allowed|permission|gated|restricted)/i;
12
+ const CALLER_IDENTITY_NAME_RE = /^(filler|solver|executor|caller)$/i;
13
+ const REPLAY_NAME_RE = /(filled|used|consumed|nullifier|nonce|deadline|expiry|expires|seen|claimed|processed)/i;
14
+ const CUSTODY_TRANSFER_RE = /^(transfer|transferfrom|safetransfer|safetransferfrom|release|mint|push|safepush)$/i;
15
+ const CUSTODY_TRANSFER_PARTIAL_RE = /(transfer|release|mint|push)/i;
16
+ const VALIDATION_HELPER_RE = /(validatefill|verifyfill|checkfill|validateoutput|verifyoutput|checkoutput|checksettlement|satisfyorder|enforcefill|assertfill)/i;
17
+ class Erc7683FillValidationDetector {
18
+ id = RULE_ID;
19
+ patternKey = RULE_ID;
20
+ supportedAstKinds = ['parser'];
21
+ scanAst(ast, file) {
22
+ if (!ast || ast.type !== 'SourceUnit')
23
+ return [];
24
+ const findings = [];
25
+ for (const contract of ast.children || []) {
26
+ if (contract?.type !== 'ContractDefinition')
27
+ continue;
28
+ if (contract.kind === 'interface' || contract.kind === 'library')
29
+ continue;
30
+ const stateVars = this.collectStateVars(contract);
31
+ const internalFunctions = this.collectInternalFunctions(contract);
32
+ for (const fn of contract.subNodes || []) {
33
+ if (fn?.type !== 'FunctionDefinition')
34
+ continue;
35
+ if (!fn.body)
36
+ continue;
37
+ const ctx = this.initContext(file, contract, fn, stateVars, internalFunctions);
38
+ if (!ctx)
39
+ continue;
40
+ this.applyModifierAuth(fn, ctx);
41
+ this.analyzeBody(fn.body, ctx);
42
+ const finding = this.summarize(ctx);
43
+ if (finding)
44
+ findings.push(finding);
45
+ }
46
+ }
47
+ return findings;
48
+ }
49
+ collectStateVars(contract) {
50
+ const vars = new Set();
51
+ for (const sub of contract.subNodes || []) {
52
+ if (sub?.type !== 'StateVariableDeclaration')
53
+ continue;
54
+ for (const variable of sub.variables || []) {
55
+ if (variable?.name)
56
+ vars.add(String(variable.name));
57
+ }
58
+ }
59
+ return vars;
60
+ }
61
+ collectInternalFunctions(contract) {
62
+ const fns = new Map();
63
+ for (const sub of contract.subNodes || []) {
64
+ if (sub?.type !== 'FunctionDefinition')
65
+ continue;
66
+ if (!sub.body)
67
+ continue;
68
+ const name = String(sub.name || '');
69
+ if (name)
70
+ fns.set(name, sub);
71
+ }
72
+ return fns;
73
+ }
74
+ initContext(file, contract, fn, stateVars, internalFunctions) {
75
+ const fnName = String(fn.name || '');
76
+ const params = (fn.parameters || []).map((p) => String(p?.name || ''));
77
+ const paramTypes = (fn.parameters || []).map((p) => this.sourceText(p?.typeName || ''));
78
+ const isFillEntry = FILL_ENTRY_RE.test(fnName);
79
+ if (!isFillEntry)
80
+ return null;
81
+ const isFillSignature = params.some((p) => FILL_SIGNATURE_RE.test(p))
82
+ || paramTypes.some((t) => FILL_SIGNATURE_RE.test(t));
83
+ const hasFillBody = FILL_SIGNATURE_RE.test(this.sourceText(fn.body));
84
+ if (!isFillSignature && !hasFillBody)
85
+ return null;
86
+ const localVars = this.collectLocalVars(fn);
87
+ return {
88
+ file,
89
+ contractName: String(contract.name || '<anon>'),
90
+ functionName: fnName,
91
+ stateVars,
92
+ localVars,
93
+ params,
94
+ paramTypes,
95
+ sawCustodyTransfer: false,
96
+ custodyTransferLoc: null,
97
+ validatedOutputFields: new Set(),
98
+ sawMeaningfulOutputValidation: false,
99
+ sawWeakValidation: false,
100
+ sawFillerAuthorization: false,
101
+ sawReplayGuard: false,
102
+ sawOriginBinding: false,
103
+ sawOrderHashBinding: false,
104
+ sawLowLevelCallWithFillData: false,
105
+ internalFunctions,
106
+ visitedHelpers: new Set(),
107
+ callerParamNames: new Set(params.filter((p) => CALLER_IDENTITY_NAME_RE.test(p))),
108
+ };
109
+ }
110
+ collectLocalVars(fn) {
111
+ const vars = new Set();
112
+ for (const p of fn.parameters || []) {
113
+ if (p?.name)
114
+ vars.add(String(p.name));
115
+ }
116
+ for (const p of fn.returnParameters || []) {
117
+ if (p?.name)
118
+ vars.add(String(p.name));
119
+ }
120
+ this.harvestLocals(fn.body, vars);
121
+ return vars;
122
+ }
123
+ harvestLocals(node, vars) {
124
+ if (!node || typeof node !== 'object')
125
+ return;
126
+ if (node.type === 'VariableDeclarationStatement') {
127
+ for (const v of node.variables || []) {
128
+ if (v?.name)
129
+ vars.add(String(v.name));
130
+ }
131
+ }
132
+ for (const child of this.childNodes(node)) {
133
+ this.harvestLocals(child, vars);
134
+ }
135
+ }
136
+ applyModifierAuth(fn, ctx) {
137
+ for (const mod of fn.modifiers || []) {
138
+ const name = String(mod?.name || '');
139
+ if (!name)
140
+ continue;
141
+ if (AUTH_MODIFIER_NAME_RE.test(name)) {
142
+ ctx.sawFillerAuthorization = true;
143
+ }
144
+ }
145
+ }
146
+ analyzeBody(node, ctx) {
147
+ if (!node || typeof node !== 'object')
148
+ return;
149
+ if (node.type === 'Block') {
150
+ for (const stmt of node.statements || [])
151
+ this.analyzeStmt(stmt, ctx);
152
+ return;
153
+ }
154
+ this.analyzeStmt(node, ctx);
155
+ }
156
+ analyzeStmt(node, ctx) {
157
+ if (!node || typeof node !== 'object')
158
+ return;
159
+ if (node.type === 'EmitStatement')
160
+ return;
161
+ if (node.type === 'IfStatement') {
162
+ const trueAborts = this.bodyAborts(node.trueBody);
163
+ const falseAborts = this.bodyAborts(node.falseBody);
164
+ if (node.condition && (trueAborts || falseAborts)) {
165
+ this.applyGuardCondition(node.condition, ctx, trueAborts);
166
+ }
167
+ this.analyzeNode(node.condition, ctx);
168
+ this.analyzeBody(node.trueBody, ctx);
169
+ this.analyzeBody(node.falseBody, ctx);
170
+ return;
171
+ }
172
+ if (node.type === 'VariableDeclarationStatement') {
173
+ this.analyzeNode(node.initialValue, ctx);
174
+ return;
175
+ }
176
+ if (node.type === 'ExpressionStatement') {
177
+ this.analyzeNode(node.expression, ctx);
178
+ return;
179
+ }
180
+ if (node.type === 'RevertStatement') {
181
+ return;
182
+ }
183
+ if (node.type === 'FunctionCall') {
184
+ this.handleFunctionCall(node, ctx);
185
+ for (const arg of node.arguments || [])
186
+ this.analyzeNode(arg, ctx);
187
+ return;
188
+ }
189
+ if (node.type === 'BinaryOperation') {
190
+ if (node.operator === '=' || node.operator === '+=' || node.operator === '-=') {
191
+ if (this.isStateRef(node.left, ctx)) {
192
+ if (node.right)
193
+ this.analyzeNode(node.right, ctx);
194
+ return;
195
+ }
196
+ }
197
+ this.analyzeNode(node.left, ctx);
198
+ this.analyzeNode(node.right, ctx);
199
+ return;
200
+ }
201
+ if (node.type === 'UnaryOperation') {
202
+ this.analyzeNode(node.subExpression, ctx);
203
+ return;
204
+ }
205
+ for (const child of this.childNodes(node)) {
206
+ this.analyzeNode(child, ctx);
207
+ }
208
+ }
209
+ analyzeNode(node, ctx) {
210
+ if (!node || typeof node !== 'object')
211
+ return;
212
+ if (node.type === 'FunctionCall') {
213
+ this.handleFunctionCall(node, ctx);
214
+ for (const arg of node.arguments || [])
215
+ this.analyzeNode(arg, ctx);
216
+ return;
217
+ }
218
+ for (const child of this.childNodes(node)) {
219
+ this.analyzeNode(child, ctx);
220
+ }
221
+ }
222
+ bodyAborts(node) {
223
+ if (!node || typeof node !== 'object')
224
+ return false;
225
+ if (node.type === 'RevertStatement')
226
+ return true;
227
+ if (node.type === 'ReturnStatement')
228
+ return true;
229
+ if (node.type === 'Break' || node.type === 'BreakStatement')
230
+ return false;
231
+ if (node.type === 'ExpressionStatement' && node.expression?.type === 'FunctionCall') {
232
+ const name = this.callName(node.expression);
233
+ if (name === 'revert')
234
+ return true;
235
+ }
236
+ if (node.type === 'Block') {
237
+ for (const stmt of node.statements || []) {
238
+ if (this.bodyAborts(stmt))
239
+ return true;
240
+ }
241
+ return false;
242
+ }
243
+ return false;
244
+ }
245
+ applyGuardCondition(cond, ctx, rejectsOnTrue = false) {
246
+ this.detectOutputValidationFields(cond, ctx);
247
+ if (this.isWeakValidation(cond))
248
+ ctx.sawWeakValidation = true;
249
+ if (this.isMeaningfulOutputValidation(cond, ctx))
250
+ ctx.sawMeaningfulOutputValidation = true;
251
+ this.detectAuthorizationGuard(cond, ctx);
252
+ this.detectBindingGuard(cond, ctx, rejectsOnTrue);
253
+ }
254
+ handleFunctionCall(node, ctx) {
255
+ const name = this.callName(node);
256
+ const lowerName = name.toLowerCase();
257
+ if (lowerName === 'require' || lowerName === 'assert') {
258
+ const cond = node.arguments?.[0];
259
+ if (cond) {
260
+ this.applyGuardCondition(cond, ctx);
261
+ }
262
+ return;
263
+ }
264
+ if (lowerName === 'revert')
265
+ return;
266
+ const finalMember = this.finalMemberName(node);
267
+ if (finalMember && CUSTODY_TRANSFER_RE.test(finalMember)) {
268
+ ctx.sawCustodyTransfer = true;
269
+ ctx.custodyTransferLoc = ctx.custodyTransferLoc || this.locOf(node);
270
+ }
271
+ else if (CUSTODY_TRANSFER_PARTIAL_RE.test(name)) {
272
+ ctx.sawCustodyTransfer = true;
273
+ ctx.custodyTransferLoc = ctx.custodyTransferLoc || this.locOf(node);
274
+ }
275
+ if (VALIDATION_HELPER_RE.test(name)) {
276
+ const helperName = this.directIdentifierCallName(node);
277
+ if (helperName && ctx.internalFunctions.has(helperName) && !ctx.visitedHelpers.has(helperName)) {
278
+ ctx.visitedHelpers.add(helperName);
279
+ const helper = ctx.internalFunctions.get(helperName);
280
+ if (helper?.body)
281
+ this.analyzeBody(helper.body, ctx);
282
+ }
283
+ }
284
+ if (this.isLowLevelCall(node)) {
285
+ ctx.sawCustodyTransfer = true;
286
+ ctx.custodyTransferLoc = ctx.custodyTransferLoc || this.locOf(node);
287
+ if (this.callUsesFillInstructionData(node, ctx)) {
288
+ ctx.sawLowLevelCallWithFillData = true;
289
+ }
290
+ }
291
+ }
292
+ locOf(node) {
293
+ const { line, column } = (0, ast_1.assertLoc)(node);
294
+ return { line, column };
295
+ }
296
+ isLowLevelCall(node) {
297
+ const member = this.finalMemberName(node);
298
+ if (!member)
299
+ return false;
300
+ const lower = member.toLowerCase();
301
+ return lower === 'call' || lower === 'delegatecall';
302
+ }
303
+ callUsesFillInstructionData(node, ctx) {
304
+ const text = this.sourceText(node);
305
+ return /(callData|target|destination|payload|data)/i.test(text)
306
+ || (ctx.params.length > 0 && ctx.params.some(p => p && new RegExp(`\\b${p}\\b`).test(text)));
307
+ }
308
+ detectAuthorizationGuard(node, ctx) {
309
+ if (!node || typeof node !== 'object')
310
+ return;
311
+ this.recordCallerBoundComparison(node, ctx);
312
+ if (node.type === 'BinaryOperation' && (node.operator === '==' || node.operator === '!=')) {
313
+ if ((this.isCallerBoundExpression(node.left, ctx.callerParamNames) && this.isCallerIdentityName(node.right))
314
+ || (this.isCallerBoundExpression(node.right, ctx.callerParamNames) && this.isCallerIdentityName(node.left))) {
315
+ ctx.sawFillerAuthorization = true;
316
+ }
317
+ }
318
+ if (node.type === 'IndexAccess') {
319
+ const baseName = this.identifierName(node.base);
320
+ if (baseName
321
+ && AUTHORIZATION_NAME_RE.test(baseName)
322
+ && (ctx.stateVars.has(baseName) || ctx.localVars.has(baseName))
323
+ && this.isCallerBoundExpression(node.index || node.indexExpression, ctx.callerParamNames)) {
324
+ ctx.sawFillerAuthorization = true;
325
+ }
326
+ }
327
+ if (node.type === 'FunctionCall') {
328
+ const callName = this.callName(node);
329
+ if (AUTHORIZATION_NAME_RE.test(callName) || /(hasrole|requirerole|requireauth|requireallowed|onlyrole|enforce)/i.test(callName)) {
330
+ if ((node.arguments || []).some((arg) => this.isCallerBoundExpression(arg, ctx.callerParamNames))) {
331
+ ctx.sawFillerAuthorization = true;
332
+ }
333
+ }
334
+ }
335
+ for (const child of this.childNodes(node)) {
336
+ this.detectAuthorizationGuard(child, ctx);
337
+ }
338
+ }
339
+ recordCallerBoundComparison(node, ctx) {
340
+ if (!node || typeof node !== 'object')
341
+ return;
342
+ if (node.type !== 'BinaryOperation')
343
+ return;
344
+ if (node.operator !== '==' && node.operator !== '!=')
345
+ return;
346
+ const leftName = this.directIdentifierName(node.left);
347
+ const rightName = this.directIdentifierName(node.right);
348
+ if (leftName && ctx.localVars.has(leftName) && this.containsMsgSender(node.right)) {
349
+ ctx.callerParamNames.add(leftName);
350
+ }
351
+ if (rightName && ctx.localVars.has(rightName) && this.containsMsgSender(node.left)) {
352
+ ctx.callerParamNames.add(rightName);
353
+ }
354
+ }
355
+ isCallerBoundExpression(node, callerParamNames) {
356
+ if (!node || typeof node !== 'object')
357
+ return false;
358
+ if (this.containsMsgSender(node))
359
+ return true;
360
+ if (node.type === 'Identifier' && callerParamNames.has(String(node.name || '')))
361
+ return true;
362
+ for (const child of this.childNodes(node)) {
363
+ if (this.isCallerBoundExpression(child, callerParamNames))
364
+ return true;
365
+ }
366
+ return false;
367
+ }
368
+ containsMsgSender(node) {
369
+ if (!node || typeof node !== 'object')
370
+ return false;
371
+ if (node.type === 'MemberAccess'
372
+ && String(node.memberName || '') === 'sender'
373
+ && this.directIdentifierName(node.expression) === 'msg') {
374
+ return true;
375
+ }
376
+ for (const child of this.childNodes(node)) {
377
+ if (this.containsMsgSender(child))
378
+ return true;
379
+ }
380
+ return false;
381
+ }
382
+ isCallerIdentityName(node) {
383
+ const name = this.directIdentifierName(node);
384
+ return !!name && CALLER_IDENTITY_NAME_RE.test(name);
385
+ }
386
+ detectBindingGuard(node, ctx, rejectsOnTrue = false) {
387
+ if (this.containsOrderHashEquality(node, rejectsOnTrue))
388
+ ctx.sawOrderHashBinding = true;
389
+ if (this.containsOriginEquality(node))
390
+ ctx.sawOriginBinding = true;
391
+ if (this.containsReplayPattern(node, ctx))
392
+ ctx.sawReplayGuard = true;
393
+ }
394
+ containsOrderHashEquality(node, rejectsOnTrue = false) {
395
+ if (!node || typeof node !== 'object')
396
+ return false;
397
+ if (node.type === 'BinaryOperation' && (node.operator === '==' || node.operator === '!=')) {
398
+ const leftFill = this.referencesFillOrderHash(node.left);
399
+ const rightFill = this.referencesFillOrderHash(node.right);
400
+ const leftOrder = this.referencesResolvedOrderHash(node.left);
401
+ const rightOrder = this.referencesResolvedOrderHash(node.right);
402
+ if ((leftFill && rightOrder) || (leftOrder && rightFill)) {
403
+ if (node.operator === '!=')
404
+ return rejectsOnTrue;
405
+ return true;
406
+ }
407
+ }
408
+ if (node.type === 'BinaryOperation' && (node.operator === '&&' || node.operator === '||')) {
409
+ if (this.containsOrderHashEquality(node.left, rejectsOnTrue) || this.containsOrderHashEquality(node.right, rejectsOnTrue))
410
+ return true;
411
+ }
412
+ for (const child of this.childNodes(node)) {
413
+ if (this.containsOrderHashEquality(child, rejectsOnTrue))
414
+ return true;
415
+ }
416
+ return false;
417
+ }
418
+ referencesFillOrderHash(node) {
419
+ if (!node || typeof node !== 'object')
420
+ return false;
421
+ if (node.type === 'MemberAccess') {
422
+ const member = String(node.memberName || '');
423
+ if (/(orderhash|orderid)/i.test(member)) {
424
+ const baseName = this.identifierName(node.expression);
425
+ if (baseName && /(fi|fill|instruction|instr|cmd)/i.test(baseName))
426
+ return true;
427
+ }
428
+ }
429
+ for (const child of this.childNodes(node)) {
430
+ if (this.referencesFillOrderHash(child))
431
+ return true;
432
+ }
433
+ return false;
434
+ }
435
+ referencesResolvedOrderHash(node) {
436
+ if (!node || typeof node !== 'object')
437
+ return false;
438
+ if (node.type === 'MemberAccess') {
439
+ const member = String(node.memberName || '');
440
+ if (/(orderhash|orderid)/i.test(member)) {
441
+ const baseName = this.identifierName(node.expression);
442
+ if (baseName && /(order|resolved)/i.test(baseName))
443
+ return true;
444
+ }
445
+ }
446
+ for (const child of this.childNodes(node)) {
447
+ if (this.referencesResolvedOrderHash(child))
448
+ return true;
449
+ }
450
+ return false;
451
+ }
452
+ containsOriginEquality(node) {
453
+ if (!node || typeof node !== 'object')
454
+ return false;
455
+ if (node.type === 'BinaryOperation' && (node.operator === '==' || node.operator === '!=' || node.operator === '&&' || node.operator === '||')) {
456
+ if (this.referencesNamedMember(node.left, /(origindomain|sourcechain|sourcechainid|chainid|sourcedomain)/i)
457
+ || this.referencesNamedMember(node.right, /(origindomain|sourcechain|sourcechainid|chainid|sourcedomain)/i)) {
458
+ return true;
459
+ }
460
+ }
461
+ for (const child of this.childNodes(node)) {
462
+ if (this.containsOriginEquality(child))
463
+ return true;
464
+ }
465
+ return false;
466
+ }
467
+ containsReplayPattern(node, ctx) {
468
+ if (!node || typeof node !== 'object')
469
+ return false;
470
+ if (node.type === 'Identifier') {
471
+ const name = String(node.name || '');
472
+ if (REPLAY_NAME_RE.test(name) && (ctx.stateVars.has(name) || ctx.localVars.has(name)))
473
+ return true;
474
+ }
475
+ if (node.type === 'MemberAccess') {
476
+ const member = String(node.memberName || '');
477
+ if (REPLAY_NAME_RE.test(member))
478
+ return true;
479
+ }
480
+ if (node.type === 'IndexAccess') {
481
+ const baseName = this.identifierName(node.base);
482
+ if (baseName && REPLAY_NAME_RE.test(baseName) && (ctx.stateVars.has(baseName) || ctx.localVars.has(baseName)))
483
+ return true;
484
+ }
485
+ for (const child of this.childNodes(node)) {
486
+ if (this.containsReplayPattern(child, ctx))
487
+ return true;
488
+ }
489
+ return false;
490
+ }
491
+ referencesNamedMember(node, pattern) {
492
+ if (!node || typeof node !== 'object')
493
+ return false;
494
+ if (node.type === 'MemberAccess') {
495
+ if (pattern.test(String(node.memberName || '')))
496
+ return true;
497
+ }
498
+ for (const child of this.childNodes(node)) {
499
+ if (this.referencesNamedMember(child, pattern))
500
+ return true;
501
+ }
502
+ return false;
503
+ }
504
+ detectOutputValidationFields(node, ctx) {
505
+ if (!node || typeof node !== 'object')
506
+ return;
507
+ if (node.type === 'BinaryOperation') {
508
+ const op = String(node.operator || '');
509
+ if (op === '==' || op === '!=' || op === '<' || op === '>' || op === '<=' || op === '>=') {
510
+ const leftHasOutput = this.referencesOutputFields(node.left);
511
+ const rightHasOutput = this.referencesOutputFields(node.right);
512
+ if (leftHasOutput && rightHasOutput && !this.isWeakValidation(node)) {
513
+ this.collectOutputFieldNames(node.left, ctx.validatedOutputFields);
514
+ this.collectOutputFieldNames(node.right, ctx.validatedOutputFields);
515
+ }
516
+ return;
517
+ }
518
+ if (op === '&&' || op === '||') {
519
+ this.detectOutputValidationFields(node.left, ctx);
520
+ this.detectOutputValidationFields(node.right, ctx);
521
+ return;
522
+ }
523
+ }
524
+ for (const child of this.childNodes(node)) {
525
+ this.detectOutputValidationFields(child, ctx);
526
+ }
527
+ }
528
+ collectOutputFieldNames(node, target) {
529
+ if (!node || typeof node !== 'object')
530
+ return;
531
+ if (node.type === 'MemberAccess') {
532
+ const member = String(node.memberName || '');
533
+ if (OUTPUT_FIELD_RE.test(member))
534
+ target.add(member);
535
+ }
536
+ if (node.type === 'Identifier') {
537
+ const name = String(node.name || '');
538
+ if (OUTPUT_FIELD_RE.test(name))
539
+ target.add(name);
540
+ }
541
+ for (const child of this.childNodes(node)) {
542
+ this.collectOutputFieldNames(child, target);
543
+ }
544
+ }
545
+ isWeakValidation(node) {
546
+ if (!node || typeof node !== 'object')
547
+ return false;
548
+ if (node.type === 'BinaryOperation') {
549
+ const op = String(node.operator || '');
550
+ if ((op === '>=' || op === '<=' || op === '>' || op === '<') && (this.isZeroLiteral(node.right) || this.isZeroLiteral(node.left))) {
551
+ const left = node.left;
552
+ const right = node.right;
553
+ const refs = (this.referencesOutputFields(left) ? 1 : 0) + (this.referencesOutputFields(right) ? 1 : 0);
554
+ if (refs === 1)
555
+ return true;
556
+ }
557
+ }
558
+ return false;
559
+ }
560
+ isZeroLiteral(node) {
561
+ if (!node || typeof node !== 'object')
562
+ return false;
563
+ if (node.type === 'NumberLiteral')
564
+ return String(node.number || '') === '0';
565
+ if (node.type === 'Identifier')
566
+ return String(node.name || '').toLowerCase() === 'zero';
567
+ return false;
568
+ }
569
+ isMeaningfulOutputValidation(node, ctx) {
570
+ if (!node || typeof node !== 'object')
571
+ return false;
572
+ return this.findOutputEqualityWithBothSides(node, ctx);
573
+ }
574
+ findOutputEqualityWithBothSides(node, ctx) {
575
+ if (!node || typeof node !== 'object')
576
+ return false;
577
+ if (node.type === 'BinaryOperation') {
578
+ const op = String(node.operator || '');
579
+ if (op === '==' || op === '!=' || op === '<' || op === '>' || op === '<=' || op === '>=') {
580
+ const leftHasOutput = this.referencesOutputFields(node.left);
581
+ const rightHasOutput = this.referencesOutputFields(node.right);
582
+ if (leftHasOutput && rightHasOutput) {
583
+ if (!this.isWeakValidation(node))
584
+ return true;
585
+ }
586
+ }
587
+ }
588
+ for (const child of this.childNodes(node)) {
589
+ if (this.findOutputEqualityWithBothSides(child, ctx))
590
+ return true;
591
+ }
592
+ return false;
593
+ }
594
+ referencesOutputFields(node) {
595
+ if (!node || typeof node !== 'object')
596
+ return false;
597
+ if (node.type === 'MemberAccess') {
598
+ const member = String(node.memberName || '');
599
+ if (OUTPUT_FIELD_RE.test(member))
600
+ return true;
601
+ }
602
+ if (node.type === 'Identifier') {
603
+ const name = String(node.name || '');
604
+ if (OUTPUT_FIELD_RE.test(name))
605
+ return true;
606
+ }
607
+ for (const child of this.childNodes(node)) {
608
+ if (this.referencesOutputFields(child))
609
+ return true;
610
+ }
611
+ return false;
612
+ }
613
+ hasAllRequiredOutputFields(ctx) {
614
+ return ctx.validatedOutputFields.has('token')
615
+ && ctx.validatedOutputFields.has('recipient')
616
+ && (ctx.validatedOutputFields.has('amount') || ctx.validatedOutputFields.has('value'));
617
+ }
618
+ summarize(ctx) {
619
+ if (!ctx.sawCustodyTransfer)
620
+ return null;
621
+ const loc = ctx.custodyTransferLoc || { line: 1, column: 0 };
622
+ if (ctx.sawLowLevelCallWithFillData && !ctx.sawOrderHashBinding) {
623
+ return this.makeFinding(ctx, loc, 'fill-instruction-divergence', 'high', `Fill function '${ctx.functionName}' executes caller-supplied fill-instruction call data without binding the instruction to the resolved order hash.`);
624
+ }
625
+ if (!ctx.sawMeaningfulOutputValidation || ctx.sawWeakValidation || !this.hasAllRequiredOutputFields(ctx)) {
626
+ return this.makeFinding(ctx, loc, 'missing-output-validation', 'high', `Fill function '${ctx.functionName}' releases custody without validating decoded output token, recipient, and amount against the resolved order.`);
627
+ }
628
+ if (!ctx.sawFillerAuthorization) {
629
+ return this.makeFinding(ctx, loc, 'missing-filler-auth', 'medium', `Fill function '${ctx.functionName}' is callable by any msg.sender with no filler/solver authorization check.`);
630
+ }
631
+ if (!ctx.sawReplayGuard || !ctx.sawOrderHashBinding) {
632
+ return this.makeFinding(ctx, loc, 'fill-instruction-divergence', 'high', `Fill function '${ctx.functionName}' settlement path can diverge: missing replay guard or order-hash binding allows stale or replayed intent data.`);
633
+ }
634
+ return null;
635
+ }
636
+ makeFinding(ctx, loc, pattern, severity, message) {
637
+ return {
638
+ file: ctx.file,
639
+ contract: ctx.contractName,
640
+ 'function': ctx.functionName,
641
+ line: loc.line,
642
+ column: loc.column,
643
+ pattern: `${RULE_ID}/${pattern}`,
644
+ confidence: 'medium',
645
+ ruleId: RULE_ID,
646
+ severity,
647
+ message,
648
+ contractName: ctx.contractName,
649
+ functionName: ctx.functionName,
650
+ sourceLocation: loc,
651
+ findingId: '',
652
+ contractHash: '',
653
+ };
654
+ }
655
+ directIdentifierCallName(node) {
656
+ if (!node || typeof node !== 'object')
657
+ return null;
658
+ if (node.type !== 'FunctionCall')
659
+ return null;
660
+ const callee = node.expression;
661
+ if (!callee || typeof callee !== 'object')
662
+ return null;
663
+ if (callee.type !== 'Identifier')
664
+ return null;
665
+ return String(callee.name || '') || null;
666
+ }
667
+ callName(node) {
668
+ if (!node || typeof node !== 'object')
669
+ return '';
670
+ if (node.type === 'FunctionCall' || node.type === 'FunctionCallOptions' || node.type === 'NameValueExpression') {
671
+ return this.callName(node.expression);
672
+ }
673
+ if (node.type === 'Identifier')
674
+ return String(node.name || '');
675
+ if (node.type === 'MemberAccess') {
676
+ const base = this.callName(node.expression);
677
+ return base ? `${base}.${node.memberName}` : String(node.memberName || '');
678
+ }
679
+ return '';
680
+ }
681
+ finalMemberName(node) {
682
+ if (!node || typeof node !== 'object')
683
+ return null;
684
+ if (node.type === 'FunctionCall' || node.type === 'FunctionCallOptions' || node.type === 'NameValueExpression') {
685
+ return this.finalMemberName(node.expression);
686
+ }
687
+ if (node.type === 'MemberAccess')
688
+ return String(node.memberName || '');
689
+ return null;
690
+ }
691
+ isStateRef(expr, ctx) {
692
+ const name = this.identifierName(expr);
693
+ return !!name && ctx.stateVars.has(name) && !ctx.localVars.has(name);
694
+ }
695
+ identifierName(node) {
696
+ if (!node || typeof node !== 'object')
697
+ return null;
698
+ if (node.type === 'Identifier')
699
+ return String(node.name || '');
700
+ if (node.type === 'IndexAccess')
701
+ return this.identifierName(node.base);
702
+ if (node.type === 'MemberAccess')
703
+ return this.identifierName(node.expression);
704
+ return null;
705
+ }
706
+ directIdentifierName(node) {
707
+ if (!node || typeof node !== 'object')
708
+ return null;
709
+ if (node.type !== 'Identifier')
710
+ return null;
711
+ return String(node.name || '') || null;
712
+ }
713
+ sourceText(node) {
714
+ if (!node || typeof node !== 'object')
715
+ return '';
716
+ const parts = [];
717
+ this.collectText(node, parts);
718
+ return parts.join(' ');
719
+ }
720
+ collectText(node, parts) {
721
+ if (!node || typeof node !== 'object')
722
+ return;
723
+ if (node.name)
724
+ parts.push(String(node.name));
725
+ if (node.memberName)
726
+ parts.push(String(node.memberName));
727
+ if (node.namePath)
728
+ parts.push(String(node.namePath));
729
+ if (node.typeName) {
730
+ const sub = [];
731
+ this.collectText(node.typeName, sub);
732
+ parts.push(...sub);
733
+ }
734
+ for (const child of this.childNodes(node))
735
+ this.collectText(child, parts);
736
+ }
737
+ childNodes(node) {
738
+ const children = [];
739
+ if (!node || typeof node !== 'object')
740
+ return children;
741
+ for (const [key, value] of Object.entries(node)) {
742
+ if (key === 'loc' || key === 'range' || key === 'comments')
743
+ continue;
744
+ if (Array.isArray(value)) {
745
+ for (const item of value) {
746
+ if (item && typeof item === 'object')
747
+ children.push(item);
748
+ }
749
+ }
750
+ else if (value && typeof value === 'object') {
751
+ children.push(value);
752
+ }
753
+ }
754
+ return children;
755
+ }
756
+ }
757
+ exports.Erc7683FillValidationDetector = Erc7683FillValidationDetector;
758
+ //# sourceMappingURL=erc7683-fill-validation.js.map