@snovon/solast 0.2.0

package/dist/detectors/add-reentrancy-on-weth-contract.d.ts

@@ -0,0 +1,7 @@
+import type { ScanResult } from '../index';
+export declare class AddReentrancyOnWethContractDetector {
+    readonly id = "add-reentrancy-on-weth-contract";
+    readonly patternKey = "add-reentrancy-on-weth-contract";
+    readonly supportedAstKinds: "parser"[];
+    scanAst(ast: any, file: string, sourceText?: string): ScanResult[];
+}

package/dist/detectors/add-reentrancy-on-weth-contract.js

@@ -0,0 +1,536 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.AddReentrancyOnWethContractDetector = void 0;
+const RULE_ID = 'add-reentrancy-on-weth-contract';
+const ASSIGNMENT_OPERATORS = new Set(['=', '+=', '-=', '*=', '/=', '%=', '&=', '|=', '^=', '<<=', '>>=']);
+const REENTRANCY_GUARD_RE = /^(nonreentrant|nonreentrantview)$|reentrancyguard/i;
+const ACCESS_CONTROL_MODIFIER_RE = /^(onlyowner|onlyadmin|onlyrole|onlygovernance|onlygovernor|onlyguardian|onlyauthorized|onlyoperator|onlymanager)$/i;
+class AddReentrancyOnWethContractDetector {
+    id = RULE_ID;
+    patternKey = RULE_ID;
+    supportedAstKinds = ['parser'];
+    scanAst(ast, file, sourceText) {
+        if (!ast || typeof ast !== 'object')
+            return [];
+        const findings = [];
+        const lineOffsets = buildLineOffsets(sourceText);
+        for (const contractNode of collectContracts(ast)) {
+            if (isInterfaceLike(contractNode))
+                continue;
+            const stateVars = collectStateVars(contractNode);
+            if (stateVars.size === 0)
+                continue;
+            const functions = new Map();
+            for (const fn of getContractFunctions(contractNode)) {
+                const body = getFunctionBody(fn);
+                const name = functionDisplayName(fn);
+                functions.set(name, {
+                    node: fn,
+                    name,
+                    body,
+                    directStateWrite: !!body && bodyHasStateWrite(body, stateVars, collectLocals(fn)),
+                });
+            }
+            for (const info of functions.values()) {
+                if (!isCandidateEntry(info.node, info.name))
+                    continue;
+                if (isGuarded(info.node) || hasInlineAccessControl(info.body))
+                    continue;
+                const findingNode = findVulnerableSequence(info, stateVars, functions);
+                if (!findingNode)
+                    continue;
+                const contractName = getName(contractNode) || '<anonymous>';
+                const loc = getLoc(findingNode, lineOffsets) || getLoc(info.node, lineOffsets) || { line: 0, column: 0 };
+                findings.push({
+                    file,
+                    contract: contractName,
+                    'function': info.name,
+                    line: loc.line,
+                    endLine: loc.line,
+                    column: loc.column,
+                    pattern: RULE_ID,
+                    confidence: 'high',
+                    ruleId: RULE_ID,
+                    severity: 'error',
+                    message: `Add/WETH reentrancy: '${info.name}' unwraps WETH and sends ETH before finalizing user accounting.`,
+                    rationale: 'WETH withdraw is followed by attacker-reachable ETH payout/external interaction and then state/accounting mutation in the same add-style flow.',
+                    suggestedFix: 'Apply checks-effects-interactions by finalizing accounting before WETH unwrap and payout, or guard the flow with a recognized nonReentrant/access-control modifier.',
+                    contractName,
+                    functionName: info.name,
+                    sourceLocation: { line: loc.line, column: loc.column },
+                    findingId: '',
+                    contractHash: '',
+                });
+            }
+        }
+        return findings;
+    }
+}
+exports.AddReentrancyOnWethContractDetector = AddReentrancyOnWethContractDetector;
+function findVulnerableSequence(info, stateVars, functions) {
+    const locals = collectLocals(info.node);
+    let sawWethWithdraw = false;
+    let sawPayoutAfterWithdraw = false;
+    let findingNode = null;
+    walkInSourceOrder(info.body, node => {
+        if (findingNode)
+            return 'skip-children';
+        if (isVariableDeclarationStatement(node)) {
+            for (const name of getVariableDeclarationNames(node)) {
+                if (name)
+                    locals.add(name);
+            }
+            return;
+        }
+        if (isAssignment(node) && expressionTargetsState(getAssignmentLeft(node), stateVars, locals)) {
+            if (sawPayoutAfterWithdraw)
+                findingNode = node;
+            return 'skip-children';
+        }
+        if (isFunctionCall(node)) {
+            if (sawPayoutAfterWithdraw && callMutatesStateViaInternalHelper(node, functions, new Set())) {
+                findingNode = node;
+                return 'skip-children';
+            }
+            if (isWethWithdrawCall(node)) {
+                sawWethWithdraw = true;
+                return 'skip-children';
+            }
+            if (sawWethWithdraw && isEthPayoutOrExternalInteraction(node)) {
+                sawPayoutAfterWithdraw = true;
+                return 'skip-children';
+            }
+        }
+    });
+    return findingNode;
+}
+function callMutatesStateViaInternalHelper(call, functions, seen) {
+    const name = sameContractCallName(call.expression);
+    if (!name || seen.has(name))
+        return false;
+    const info = functions.get(name);
+    if (!info)
+        return false;
+    if (info.directStateWrite)
+        return true;
+    seen.add(name);
+    let mutates = false;
+    walkInSourceOrder(info.body, node => {
+        if (mutates)
+            return 'skip-children';
+        if (isFunctionCall(node) && callMutatesStateViaInternalHelper(node, functions, seen))
+            mutates = true;
+    });
+    return mutates;
+}
+function isCandidateEntry(fn, name) {
+    if (!isExternallyCallable(fn))
+        return false;
+    return /^(add|deposit|mint|join)/i.test(name);
+}
+function isWethWithdrawCall(call) {
+    const callee = unwrapCallOptions(call.expression);
+    if (isNode(callee, 'MemberAccess')) {
+        if (String(callee.memberName || '').toLowerCase() === 'withdraw')
+            return true;
+        if (String(callee.memberName || '').toLowerCase() === 'call') {
+            return getCallArguments(call).some(containsWithdrawSignature);
+        }
+    }
+    return false;
+}
+function isEthPayoutOrExternalInteraction(call) {
+    const callee = unwrapCallOptions(call.expression);
+    if (!isNode(callee, 'MemberAccess'))
+        return false;
+    const member = String(callee.memberName || '').toLowerCase();
+    if ((member === 'call' || member === 'send') && callHasValue(call))
+        return true;
+    if (member === 'transfer')
+        return true;
+    return false;
+}
+function callHasValue(call) {
+    const expr = call.expression;
+    if (!isNode(expr, 'NameValueExpression') && !isNode(expr, 'FunctionCallOptions'))
+        return false;
+    const names = Array.isArray(expr.names)
+        ? expr.names
+        : Array.isArray(expr.options?.names)
+            ? expr.options.names
+            : Array.isArray(expr.arguments?.names)
+                ? expr.arguments.names
+                : [];
+    if (names.some(name => nodeName(name).toLowerCase() === 'value'))
+        return true;
+    const optionEntries = Array.isArray(expr.options)
+        ? expr.options
+        : Array.isArray(expr.arguments)
+            ? expr.arguments
+            : [];
+    if (optionEntries.some(option => nodeName(option?.name || option?.keyName || option).toLowerCase() === 'value'))
+        return true;
+    if (expr.options && !Array.isArray(expr.options) && Object.prototype.hasOwnProperty.call(expr.options, 'value'))
+        return true;
+    return Array.isArray(expr.arguments) && expr.arguments.length > 0;
+}
+function containsWithdrawSignature(node) {
+    let found = false;
+    walkInSourceOrder(node, child => {
+        if (found)
+            return 'skip-children';
+        if (isStringLiteral(child) && String(child.value || '').includes('withdraw(uint256)'))
+            found = true;
+    });
+    return found;
+}
+function bodyHasStateWrite(body, stateVars, locals) {
+    let found = false;
+    walkInSourceOrder(body, node => {
+        if (found)
+            return 'skip-children';
+        if (isVariableDeclarationStatement(node)) {
+            for (const name of getVariableDeclarationNames(node)) {
+                if (name)
+                    locals.add(name);
+            }
+            return;
+        }
+        if (isAssignment(node) && expressionTargetsState(getAssignmentLeft(node), stateVars, locals)) {
+            found = true;
+            return 'skip-children';
+        }
+    });
+    return found;
+}
+function collectStateVars(contractNode) {
+    const result = new Set();
+    for (const child of getContractMembers(contractNode)) {
+        if (isNode(child, 'StateVariableDeclaration')) {
+            for (const v of child.variables || []) {
+                const name = getName(v);
+                if (name)
+                    result.add(name);
+            }
+        }
+        else if (isNode(child, 'VariableDeclaration') && child.stateVariable) {
+            const name = getName(child);
+            if (name)
+                result.add(name);
+        }
+    }
+    return result;
+}
+function collectLocals(fn) {
+    const locals = new Set();
+    for (const p of getParameters(fn)) {
+        const name = getName(p);
+        if (name)
+            locals.add(name);
+    }
+    for (const p of getReturnParameters(fn)) {
+        const name = getName(p);
+        if (name)
+            locals.add(name);
+    }
+    return locals;
+}
+function expressionTargetsState(expr, stateVars, locals) {
+    if (!expr || typeof expr !== 'object')
+        return false;
+    if (isNode(expr, 'Identifier')) {
+        const name = getName(expr);
+        return stateVars.has(name) && !locals.has(name);
+    }
+    if (isNode(expr, 'IndexAccess'))
+        return expressionTargetsState(expr.base || expr.baseExpression, stateVars, locals);
+    if (isNode(expr, 'MemberAccess'))
+        return expressionTargetsState(expr.expression, stateVars, locals);
+    if (isNode(expr, 'TupleExpression'))
+        return (expr.components || []).some((component) => expressionTargetsState(component, stateVars, locals));
+    return false;
+}
+function isGuarded(fn) {
+    for (const modifier of fn.modifiers || []) {
+        const name = getModifierName(modifier);
+        if (REENTRANCY_GUARD_RE.test(name) || ACCESS_CONTROL_MODIFIER_RE.test(name))
+            return true;
+    }
+    return false;
+}
+function hasInlineAccessControl(body) {
+    for (const stmt of getBlockStatements(body)) {
+        if (isRequireOrAssertWithCallerGuard(stmt))
+            return true;
+        if (isNode(stmt, 'IfStatement') && conditionDeniesCaller(stmt.condition) && bodyUnconditionallyExits(stmt.trueBody))
+            return true;
+    }
+    return false;
+}
+function isRequireOrAssertWithCallerGuard(stmt) {
+    if (!isNode(stmt, 'ExpressionStatement'))
+        return false;
+    const expr = stmt.expression;
+    if (!isNode(expr, 'FunctionCall'))
+        return false;
+    const name = sameContractCallName(expr.expression).toLowerCase();
+    if (name !== 'require' && name !== 'assert')
+        return false;
+    return conditionGuardsCaller(expr.arguments?.[0]);
+}
+function conditionGuardsCaller(node) {
+    if (!node || typeof node !== 'object')
+        return false;
+    if (isCallerEqualityCheck(node))
+        return true;
+    for (const child of childrenOf(node)) {
+        if (conditionGuardsCaller(child))
+            return true;
+    }
+    return false;
+}
+function conditionDeniesCaller(node) {
+    if (!node || typeof node !== 'object')
+        return false;
+    if (isNode(node, 'UnaryOperation') && String(node.operator || '') === '!')
+        return conditionGuardsCaller(node.subExpression);
+    if (isNode(node, 'BinaryOperation')) {
+        const op = String(node.operator || '');
+        const left = node.left || node.leftExpression;
+        const right = node.right || node.rightExpression;
+        if ((op === '!=' || op === '!==') && ((isMsgSender(left) && isAuthSubject(right)) || (isMsgSender(right) && isAuthSubject(left))))
+            return true;
+    }
+    return false;
+}
+function isCallerEqualityCheck(node) {
+    if (!isNode(node, 'BinaryOperation'))
+        return false;
+    const op = String(node.operator || '');
+    if (op !== '==' && op !== '===')
+        return false;
+    const left = node.left || node.leftExpression;
+    const right = node.right || node.rightExpression;
+    return (isMsgSender(left) && isAuthSubject(right)) || (isMsgSender(right) && isAuthSubject(left));
+}
+function isAuthSubject(node) {
+    if (!node || typeof node !== 'object')
+        return false;
+    if (isNode(node, 'Identifier'))
+        return /^(owner|admin|governance|governor|guardian|authority|operator|manager)$/i.test(String(node.name || ''));
+    if (isNode(node, 'MemberAccess'))
+        return /^(owner|admin|governance|governor|guardian|authority|operator|manager)$/i.test(String(node.memberName || ''));
+    return false;
+}
+function isMsgSender(node) {
+    return isNode(node, 'MemberAccess') &&
+        String(node.memberName || '') === 'sender' &&
+        isNode(node.expression, 'Identifier') &&
+        String(node.expression.name || '') === 'msg';
+}
+function bodyUnconditionallyExits(body) {
+    if (!body || typeof body !== 'object')
+        return false;
+    if (isNode(body, 'Block'))
+        return getBlockStatements(body).some(statementGuaranteesExit);
+    return statementGuaranteesExit(body);
+}
+function statementGuaranteesExit(stmt) {
+    if (!stmt || typeof stmt !== 'object')
+        return false;
+    if (isNode(stmt, 'ThrowStatement') || isNode(stmt, 'RevertStatement'))
+        return true;
+    if (isNode(stmt, 'ExpressionStatement') && isNode(stmt.expression, 'FunctionCall')) {
+        return sameContractCallName(stmt.expression.expression).toLowerCase() === 'revert';
+    }
+    if (isNode(stmt, 'Block'))
+        return bodyUnconditionallyExits(stmt);
+    return false;
+}
+function sameContractCallName(expr) {
+    if (!expr || typeof expr !== 'object')
+        return '';
+    if (isNode(expr, 'Identifier'))
+        return String(expr.name || '');
+    if (isNode(expr, 'MemberAccess') && isNode(expr.expression, 'Identifier') && String(expr.expression.name || '') === 'this') {
+        return String(expr.memberName || '');
+    }
+    return '';
+}
+function isExternallyCallable(fn) {
+    if (!fn || isConstructor(fn))
+        return false;
+    const kind = String(fn.kind || '').toLowerCase();
+    if (kind === 'fallback' || kind === 'receive' || fn.isFallback === true || fn.isReceiveEther === true)
+        return true;
+    const visibility = String(fn.visibility || '').toLowerCase();
+    return visibility === 'public' || visibility === 'external';
+}
+function isConstructor(fn) {
+    return fn?.isConstructor === true || String(fn?.kind || '').toLowerCase() === 'constructor';
+}
+function isInterfaceLike(contractNode) {
+    const kind = String(contractNode?.kind || contractNode?.contractKind || '').toLowerCase();
+    return kind === 'interface' || kind === 'library';
+}
+function getContractFunctions(contractNode) {
+    return getContractMembers(contractNode).filter(child => isNode(child, 'FunctionDefinition'));
+}
+function getContractMembers(contractNode) {
+    if (!contractNode || typeof contractNode !== 'object')
+        return [];
+    if (Array.isArray(contractNode.subNodes))
+        return contractNode.subNodes;
+    if (Array.isArray(contractNode.nodes))
+        return contractNode.nodes;
+    return [];
+}
+function collectContracts(ast) {
+    const out = [];
+    walkInSourceOrder(ast, node => {
+        if (isNode(node, 'ContractDefinition')) {
+            out.push(node);
+            return 'skip-children';
+        }
+    });
+    return out;
+}
+function getBlockStatements(body) {
+    if (!body || typeof body !== 'object')
+        return [];
+    return Array.isArray(body.statements) ? body.statements : [];
+}
+function getFunctionBody(fn) {
+    return fn?.body || null;
+}
+function getParameters(fn) {
+    return fn.parameters?.parameters || fn.parameters || [];
+}
+function getReturnParameters(fn) {
+    return fn.returnParameters?.parameters || fn.returnParameters || [];
+}
+function functionDisplayName(fn) {
+    if (fn.isFallback === true)
+        return '<fallback>';
+    if (fn.isReceiveEther === true)
+        return '<receive>';
+    const kind = String(fn.kind || '').toLowerCase();
+    if (kind === 'fallback')
+        return '<fallback>';
+    if (kind === 'receive')
+        return '<receive>';
+    return getName(fn) || '<anonymous>';
+}
+function isVariableDeclarationStatement(node) {
+    return isNode(node, 'VariableDeclarationStatement');
+}
+function getVariableDeclarationNames(node) {
+    const declarations = node.variables || node.declarations || [];
+    return declarations.map((decl) => getName(decl)).filter(Boolean);
+}
+function isAssignment(node) {
+    return (isNode(node, 'BinaryOperation') || isNode(node, 'Assignment')) && ASSIGNMENT_OPERATORS.has(String(node.operator || ''));
+}
+function getAssignmentLeft(node) {
+    return node.left || node.leftHandSide;
+}
+function isFunctionCall(node) {
+    return isNode(node, 'FunctionCall');
+}
+function getCallArguments(node) {
+    return Array.isArray(node?.arguments) ? node.arguments : [];
+}
+function unwrapCallOptions(expr) {
+    if (isNode(expr, 'NameValueExpression') || isNode(expr, 'FunctionCallOptions'))
+        return expr.expression;
+    return expr;
+}
+function getModifierName(modifier) {
+    if (!modifier || typeof modifier !== 'object')
+        return '';
+    if (typeof modifier.name === 'string')
+        return modifier.name;
+    if (modifier.name)
+        return getName(modifier.name);
+    if (modifier.modifierName)
+        return getName(modifier.modifierName);
+    return '';
+}
+function isStringLiteral(node) {
+    return isNode(node, 'StringLiteral') || (isNode(node, 'Literal') && String(node.kind || '').toLowerCase() === 'string');
+}
+function isNode(node, kind) {
+    return node?.type === kind || node?.nodeType === kind;
+}
+function getName(node) {
+    return String(node?.name || '');
+}
+function nodeName(node) {
+    if (typeof node === 'string')
+        return node;
+    return String(node?.name || node?.memberName || '');
+}
+function walkInSourceOrder(node, visitor) {
+    if (!node || typeof node !== 'object')
+        return;
+    const result = visitor(node);
+    if (result === 'skip-children')
+        return;
+    for (const child of childrenOf(node))
+        walkInSourceOrder(child, visitor);
+}
+function childrenOf(node) {
+    if (!node || typeof node !== 'object')
+        return [];
+    const children = [];
+    for (const key of childKeys(node)) {
+        const value = node[key];
+        if (Array.isArray(value)) {
+            children.push(...value.filter(item => item && typeof item === 'object'));
+        }
+        else if (value && typeof value === 'object') {
+            children.push(value);
+        }
+    }
+    return children;
+}
+function childKeys(node) {
+    const preferred = [
+        'children', 'nodes', 'subNodes', 'statements', 'body', 'expression',
+        'initialValue', 'value', 'left', 'right', 'leftHandSide', 'rightHandSide',
+        'leftExpression', 'rightExpression', 'base', 'index', 'baseExpression',
+        'indexExpression', 'arguments', 'declarations', 'variables', 'components',
+        'subExpression', 'condition', 'trueBody', 'falseBody',
+    ];
+    return preferred.filter(key => Object.prototype.hasOwnProperty.call(node, key));
+}
+function buildLineOffsets(sourceText) {
+    if (sourceText === undefined)
+        return undefined;
+    const lineOffsets = [0];
+    let byteOffset = 0;
+    for (const char of sourceText) {
+        byteOffset += Buffer.byteLength(char, 'utf8');
+        if (char === '\n')
+            lineOffsets.push(byteOffset);
+    }
+    return lineOffsets;
+}
+function getLoc(node, lineOffsets) {
+    if (node?.loc?.start)
+        return node.loc.start;
+    if (!node?.src || !lineOffsets)
+        return undefined;
+    const offset = Number(String(node.src).split(':')[0]);
+    if (!Number.isFinite(offset) || offset < 0)
+        return undefined;
+    let lineIndex = 0;
+    for (let i = 0; i < lineOffsets.length; i++) {
+        if (lineOffsets[i] <= offset)
+            lineIndex = i;
+        else
+            break;
+    }
+    return { line: lineIndex + 1, column: offset - lineOffsets[lineIndex] };
+}
+//# sourceMappingURL=add-reentrancy-on-weth-contract.js.map

package/dist/detectors/ai-generated-randomness.d.ts

@@ -0,0 +1,32 @@
+import type { ScanResult } from '../index';
+export declare class AiGeneratedRandomnessDetector {
+    readonly id = "ai-generated-randomness";
+    readonly patternKey = "ai-generated-randomness";
+    readonly supportedAstKinds: "parser"[];
+    private findings;
+    private currentFile;
+    private currentContract;
+    private currentFunction;
+    private entropyTaintedLocals;
+    private seen;
+    setFile(file: string): void;
+    getFindings(): ScanResult[];
+    ContractDefinition(node: any): void;
+    ContractDefinition_post(_node: any): void;
+    FunctionDefinition(node: any): void;
+    FunctionDefinition_post(_node: any): void;
+    VariableDeclarationStatement(node: any): void;
+    ExpressionStatement(node: any): void;
+    Assignment(node: any): void;
+    private trackAssignmentTaint;
+    BinaryOperation(node: any): void;
+    private isTimeUnitDivision;
+    private containsEntropyOrTaint;
+    private isTimestampEntropy;
+    private isTaintedIdentifier;
+    private identifierName;
+    private isBlockhashEntropy;
+    private isPredictableBlockField;
+    private getCalleeName;
+    private addFinding;
+}