@snovon/solast 0.2.0

package/dist/detectors/flashloan-price-manipulation.js

@@ -0,0 +1,950 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.FlashloanPriceManipulationDetector = void 0;
+const price_rate_1 = require("./_common/price-rate");
+const RULE_ID = 'flashloan-price-manipulation';
+const SPOT_SOURCE_CALLS = price_rate_1.SPOT_PRICE_SOURCE_CALL_NAMES;
+const FRESHNESS_BOUNDED_SOURCE_CALLS = new Set([
+    'getPriceNoOlderThan',
+]);
+const FRESHNESS_SUPPRESSIBLE_SOURCE_CALLS = new Set([
+    'latestRoundData',
+    'getPrice',
+    'getPriceUnsafe',
+]);
+const SINK_CALL_NAMES = new Set([
+    'transfer',
+    'transferfrom',
+    'safetransfer',
+    'safetransferfrom',
+    'mint',
+    '_mint',
+    'burn',
+    '_burn',
+    'borrow',
+    '_borrow',
+    'redeem',
+    '_redeem',
+    'liquidate',
+    '_liquidate',
+    'settle',
+    '_settle',
+    'swap',
+    '_swap',
+    'swapexacttokensfortokens',
+    'swaptokensforexacttokens',
+    'sendvalue',
+]);
+const ACCESS_CONTROL_MODIFIERS = new Set([
+    'onlyowner',
+    'onlyrole',
+    'onlyadmin',
+    'onlyauthorized',
+    'onlyoperator',
+    'onlygovernance',
+    'onlygovernor',
+    'onlyguardian',
+    'onlymanager',
+    'onlytrusted',
+    'onlypauser',
+    'onlyminter',
+    'onlydao',
+]);
+const REFERENCE_TERMS = [
+    'twap',
+    'reference',
+    'lastprice',
+    'storedprice',
+    'oracleprice',
+    'medianprice',
+    'trustedprice',
+    'pegprice',
+    'maxdeviation',
+    'lastrecorded',
+];
+const FRESHNESS_FIELD_TERMS = [
+    'updatedat',
+    'updatedtime',
+    'updatetime',
+    'lastupdate',
+    'lastupdated',
+    'lastupdatetime',
+    'lastrefresh',
+    'lastsync',
+    'publishtime',
+    'publishedat',
+    'publishtimestamp',
+    'roundtimestamp',
+    'oracletimestamp',
+    'pricetimestamp',
+    'feedtimestamp',
+    'timestampupdated',
+];
+const FRESHNESS_THRESHOLD_TERMS = [
+    'maxage',
+    'staleness',
+    'stalethreshold',
+    'stalenessperiod',
+    'freshness',
+    'maxdelay',
+    'maxstaleness',
+    'heartbeat',
+    'validity',
+];
+class FlashloanPriceManipulationDetector {
+    id = RULE_ID;
+    patternKey = RULE_ID;
+    supportedAstKinds = ['parser', 'solc'];
+    scanAst(ast, file, sourceText) {
+        if (!ast || typeof ast !== 'object')
+            return [];
+        const findings = [];
+        const lineOffsets = buildLineOffsets(sourceText);
+        const seen = new Set();
+        for (const contractNode of collectContracts(ast)) {
+            if (isInterfaceLike(contractNode))
+                continue;
+            const contractName = getName(contractNode) || '<anonymous>';
+            for (const fn of getContractFunctions(contractNode)) {
+                if (!isExternallyCallable(fn))
+                    continue;
+                const body = fn.body;
+                if (!body)
+                    continue;
+                if (hasAccessControlModifier(fn))
+                    continue;
+                const fnName = getName(fn) || '<anonymous>';
+                const sources = collectSourceCalls(body);
+                if (sources.length === 0)
+                    continue;
+                let findingFlow = null;
+                for (const sourceCall of sources) {
+                    const tainted = computeTaintedFromSource(body, sourceCall.node);
+                    if (tainted.size === 0)
+                        continue;
+                    const sink = findSink(body, tainted);
+                    if (!sink)
+                        continue;
+                    if (sourceHasFlowLocalFreshnessGuard(body, sourceCall, tainted))
+                        continue;
+                    if (hasInlineAccessControlBefore(body, sourceCall.node, sink.node))
+                        continue;
+                    findingFlow = { sourceCall, sink };
+                    break;
+                }
+                if (!findingFlow)
+                    continue;
+                const key = `${contractName}:${fnName}`;
+                if (seen.has(key))
+                    continue;
+                seen.add(key);
+                const { sourceCall, sink } = findingFlow;
+                const sourceLabel = describeCall(sourceCall.node);
+                const loc = getLoc(sourceCall.node, lineOffsets) || getLoc(fn, lineOffsets) || { line: 0, column: 0 };
+                const message = `Flashloan price manipulation risk in '${contractName}.${fnName}': ` +
+                    `manipulable spot price source ${sourceLabel} flows into sensitive sink ${sink.label} ` +
+                    `in the same transaction without a TWAP, delay, bounded deviation, ` +
+                    `freshness guard, or reference price check.`;
+                findings.push({
+                    file,
+                    contract: contractName,
+                    'function': fnName,
+                    line: loc.line,
+                    endLine: loc.line,
+                    column: loc.column,
+                    pattern: RULE_ID,
+                    confidence: 'high',
+                    ruleId: RULE_ID,
+                    severity: 'error',
+                    message,
+                    rationale: 'Same-transaction dataflow from a manipulable on-chain spot price ' +
+                        '(AMM reserves, raw aggregator answer, or unfresh oracle read) into a value ' +
+                        'transfer, mint/burn amount, collateral check, liquidation predicate, or swap ' +
+                        'output enables flashloan-amplified price manipulation (zoomprofinance pattern).',
+                    suggestedFix: 'Use a TWAP or bounded deviation against a reference price for the value ' +
+                        'decision, validate Chainlink/Pyth freshness with block.timestamp and ' +
+                        'positive-price/confidence checks, or restrict spot price reads to a ' +
+                        'governance-only path that does not directly gate user-callable transfers.',
+                    contractName,
+                    functionName: fnName,
+                    sourceLocation: loc,
+                    findingId: '',
+                    contractHash: '',
+                });
+            }
+        }
+        return findings;
+    }
+}
+exports.FlashloanPriceManipulationDetector = FlashloanPriceManipulationDetector;
+function collectSourceCalls(body) {
+    const sources = [];
+    walk(body, node => {
+        if (!isFunctionCall(node))
+            return;
+        const name = getCalleeName(node);
+        if (SPOT_SOURCE_CALLS.has(name))
+            sources.push({ node, name });
+    });
+    return sources;
+}
+function computeTaintedFromSource(body, sourceCall) {
+    const tainted = new Set();
+    let changed = true;
+    let safety = 0;
+    while (changed && safety < 8) {
+        changed = false;
+        safety += 1;
+        walk(body, node => {
+            if (isVariableDeclarationStatement(node)) {
+                const initial = node.initialValue;
+                if (!initial)
+                    return;
+                if (!containsNode(initial, sourceCall) && !expressionUsesTaintedIdentifier(initial, tainted))
+                    return;
+                for (const decl of getDeclaredVariables(node)) {
+                    if (decl && typeof decl.name === 'string' && decl.name.length > 0 && !tainted.has(decl.name)) {
+                        tainted.add(decl.name);
+                        changed = true;
+                    }
+                }
+                return;
+            }
+            if (isAssignmentNode(node)) {
+                const rhs = getAssignmentRight(node);
+                const lhs = getAssignmentLeft(node);
+                if (!rhs || !lhs)
+                    return;
+                if (!containsNode(rhs, sourceCall) && !expressionUsesTaintedIdentifier(rhs, tainted))
+                    return;
+                const lhsName = getIdentifierBaseName(lhs);
+                if (lhsName && !tainted.has(lhsName)) {
+                    tainted.add(lhsName);
+                    changed = true;
+                }
+            }
+        });
+    }
+    return tainted;
+}
+function expressionIsTainted(expr, tainted) {
+    let result = false;
+    walk(expr, node => {
+        if (result)
+            return;
+        if (isFunctionCall(node)) {
+            const name = getCalleeName(node);
+            if (SPOT_SOURCE_CALLS.has(name))
+                result = true;
+        }
+        else if (isNode(node, 'Identifier')) {
+            const name = String(node.name || '');
+            if (tainted.has(name))
+                result = true;
+        }
+    });
+    return result;
+}
+function expressionUsesTaintedIdentifier(expr, tainted) {
+    let result = false;
+    walk(expr, node => {
+        if (result)
+            return;
+        if (!isNode(node, 'Identifier'))
+            return;
+        const name = String(node.name || '');
+        if (tainted.has(name))
+            result = true;
+    });
+    return result;
+}
+function findSink(body, tainted) {
+    let found = null;
+    walk(body, node => {
+        if (found)
+            return;
+        if (isFunctionCall(node)) {
+            const callee = getCalleeName(node);
+            const calleeLower = callee.toLowerCase();
+            if (calleeLower === 'require' || calleeLower === 'assert') {
+                const condition = (node.arguments || [])[0];
+                if (!condition)
+                    return;
+                if (!expressionIsTainted(condition, tainted))
+                    return;
+                if (conditionIsBoundedAgainstReference(condition, tainted))
+                    return;
+                const followupLabel = nextSensitiveSinkLabelAfter(body, node, tainted);
+                if (!followupLabel)
+                    return;
+                const conditionLabel = renderCondition(condition);
+                found = { node, kind: 'gating-require', label: `${conditionLabel}/${followupLabel}` };
+                return;
+            }
+            if (SINK_CALL_NAMES.has(calleeLower)) {
+                const taintedArg = findTaintedArgumentName(node, tainted);
+                if (!taintedArg)
+                    return;
+                const callLabel = describeCall(node);
+                const kind = ['transfer', 'transferfrom', 'safetransfer', 'safetransferfrom', 'sendvalue'].includes(calleeLower)
+                    ? 'transfer'
+                    : ['mint', '_mint', 'burn', '_burn'].includes(calleeLower)
+                        ? 'mint'
+                        : 'sensitive-call';
+                found = { node, kind, label: `${callLabel}/${taintedArg}` };
+            }
+            return;
+        }
+        if (isAssignmentNode(node) && !isVariableDeclarationStatement(node)) {
+            const lhs = getAssignmentLeft(node);
+            const rhs = getAssignmentRight(node);
+            if (!lhs || !rhs)
+                return;
+            if (!isNode(lhs, 'IndexAccess'))
+                return;
+            if (!expressionIsTainted(rhs, tainted))
+                return;
+            const rhsName = getIdentifierBaseName(rhs) || flattenNames(rhs).split(/\s+/).find(token => tainted.has(token)) || 'tainted';
+            const baseName = getIdentifierBaseName(lhs) || flattenNames(lhs).split(/\s+/)[0] || 'mapping';
+            found = { node, kind: 'mapping-write', label: `${rhsName}/${baseName}` };
+        }
+    });
+    return found;
+}
+function findTaintedArgumentName(call, tainted) {
+    for (const arg of call.arguments || []) {
+        if (!arg)
+            continue;
+        if (!expressionIsTainted(arg, tainted))
+            continue;
+        const directName = getIdentifierBaseName(arg);
+        if (directName && tainted.has(directName))
+            return directName;
+        const flattened = flattenNames(arg).split(/\s+/).filter(Boolean);
+        const tokenMatch = flattened.find(token => tainted.has(token));
+        if (tokenMatch)
+            return tokenMatch;
+        if (flattened.length > 0)
+            return flattened[flattened.length - 1];
+    }
+    return null;
+}
+function conditionIsBoundedAgainstReference(condition, tainted) {
+    let result = false;
+    walk(condition, node => {
+        if (result)
+            return;
+        if (!isNode(node, 'BinaryOperation'))
+            return;
+        const operator = String(node.operator || '');
+        if (!['<', '<=', '>', '>='].includes(operator))
+            return;
+        const namesString = flattenNames(node).toLowerCase();
+        const taintedTokens = Array.from(tainted).map(t => t.toLowerCase());
+        const mentionsTainted = taintedTokens.some(t => namesString.split(/\s+/).includes(t));
+        if (!mentionsTainted)
+            return;
+        if (REFERENCE_TERMS.some(term => namesString.includes(term))) {
+            result = true;
+        }
+    });
+    return result;
+}
+function renderCondition(condition) {
+    return flattenIdentifiersForCondition(condition);
+}
+function flattenIdentifiersForCondition(node) {
+    if (!node || typeof node !== 'object')
+        return '';
+    if (isNode(node, 'Identifier'))
+        return String(node.name || '');
+    if (isNode(node, 'MemberAccess')) {
+        const base = flattenIdentifiersForCondition(node.expression);
+        const member = String(node.memberName || '');
+        return base ? `${base}.${member}` : member;
+    }
+    if (isNode(node, 'IndexAccess')) {
+        const base = flattenIdentifiersForCondition(getIndexBase(node));
+        return base || '';
+    }
+    if (isNode(node, 'NumberLiteral') || isNode(node, 'Literal')) {
+        const raw = String(node.number ?? node.value ?? '');
+        return raw;
+    }
+    if (isNode(node, 'BinaryOperation')) {
+        const left = flattenIdentifiersForCondition(node.left ?? node.leftExpression);
+        const right = flattenIdentifiersForCondition(node.right ?? node.rightExpression);
+        const operator = String(node.operator || '');
+        return [left, operator, right].filter(Boolean).join(' ');
+    }
+    if (isNode(node, 'Assignment')) {
+        const left = flattenIdentifiersForCondition(node.leftHandSide);
+        const right = flattenIdentifiersForCondition(node.rightHandSide);
+        const operator = String(node.operator || '');
+        return [left, operator, right].filter(Boolean).join(' ');
+    }
+    if (isNode(node, 'FunctionCall')) {
+        const callee = getCalleeName(node);
+        return callee || '';
+    }
+    if (isNode(node, 'TupleExpression')) {
+        return (node.components || []).map(flattenIdentifiersForCondition).filter(Boolean).join(', ');
+    }
+    if (isNode(node, 'UnaryOperation')) {
+        const sub = flattenIdentifiersForCondition(node.subExpression);
+        const operator = String(node.operator || '');
+        return [operator, sub].filter(Boolean).join('');
+    }
+    return '';
+}
+function nextSensitiveCallNameAfter(body, requireCall) {
+    return nextSensitiveSinkLabelAfter(body, requireCall, new Set(), { callsOnly: true });
+}
+function nextSensitiveSinkLabelAfter(body, requireCall, tainted, options = {}) {
+    const statements = collectStatementsInOrder(body);
+    const requireIndex = statements.findIndex(s => containsNode(s, requireCall));
+    if (requireIndex < 0)
+        return null;
+    for (let index = requireIndex + 1; index < statements.length; index += 1) {
+        let foundSink = null;
+        walk(statements[index], node => {
+            if (foundSink)
+                return;
+            if (isFunctionCall(node)) {
+                const callee = getCalleeName(node);
+                const calleeLower = callee.toLowerCase();
+                if (SINK_CALL_NAMES.has(calleeLower))
+                    foundSink = callee;
+                return;
+            }
+            if (options.callsOnly)
+                return;
+            if (!isAssignmentNode(node) || isVariableDeclarationStatement(node))
+                return;
+            const lhs = getAssignmentLeft(node);
+            const rhs = getAssignmentRight(node);
+            if (!lhs || !rhs)
+                return;
+            if (!isNode(lhs, 'IndexAccess'))
+                return;
+            if (!expressionIsTainted(rhs, tainted))
+                return;
+            const baseName = getIdentifierBaseName(lhs) || flattenNames(lhs).split(/\s+/)[0] || 'mapping';
+            foundSink = baseName;
+        });
+        if (foundSink)
+            return foundSink;
+    }
+    return null;
+}
+function collectStatementsInOrder(body) {
+    const out = [];
+    if (!body || typeof body !== 'object')
+        return out;
+    const statements = body.statements || [];
+    if (!Array.isArray(statements))
+        return out;
+    for (const statement of statements) {
+        if (statement && typeof statement === 'object')
+            out.push(statement);
+    }
+    return out;
+}
+function containsNode(haystack, needle) {
+    let found = false;
+    walk(haystack, node => {
+        if (found)
+            return;
+        if (node === needle)
+            found = true;
+    });
+    return found;
+}
+function sourceHasFlowLocalFreshnessGuard(body, source, tainted) {
+    if (FRESHNESS_BOUNDED_SOURCE_CALLS.has(source.name))
+        return true;
+    if (!FRESHNESS_SUPPRESSIBLE_SOURCE_CALLS.has(source.name))
+        return false;
+    const sourceBindings = collectSourceBindingNames(body, source.node);
+    if (sourceBindings.size === 0)
+        return false;
+    return walkAny(body, node => {
+        if (!isFunctionCall(node))
+            return false;
+        const callee = getCalleeName(node).toLowerCase();
+        if (callee !== 'require' && callee !== 'assert')
+            return false;
+        const condition = (node.arguments || [])[0];
+        if (!condition)
+            return false;
+        if (!conditionIsOracleFreshnessCheck(condition))
+            return false;
+        return conditionReferencesSourceTuple(condition, sourceBindings, tainted);
+    });
+}
+function collectSourceBindingNames(body, sourceCall) {
+    const bindings = new Set();
+    walk(body, node => {
+        if (isVariableDeclarationStatement(node)) {
+            const initial = node.initialValue;
+            if (!initial || !containsNode(initial, sourceCall))
+                return;
+            for (const decl of getDeclaredVariables(node)) {
+                if (decl && typeof decl.name === 'string' && decl.name.length > 0)
+                    bindings.add(decl.name);
+            }
+            return;
+        }
+        if (isAssignmentNode(node)) {
+            const rhs = getAssignmentRight(node);
+            const lhs = getAssignmentLeft(node);
+            if (!rhs || !lhs || !containsNode(rhs, sourceCall))
+                return;
+            const lhsName = getIdentifierBaseName(lhs);
+            if (lhsName)
+                bindings.add(lhsName);
+        }
+    });
+    return bindings;
+}
+function conditionReferencesSourceTuple(condition, sourceBindings, tainted) {
+    const tokens = flattenNames(condition).split(/\s+/).filter(Boolean);
+    const tokenSet = new Set(tokens);
+    const lowerTokens = tokens.map(token => token.toLowerCase());
+    const referencesBinding = Array.from(sourceBindings).some(name => tokenSet.has(name));
+    const referencesTainted = Array.from(tainted).some(name => tokenSet.has(name));
+    const referencesFreshnessField = lowerTokens.some(token => FRESHNESS_FIELD_TERMS.some(term => token.includes(term)));
+    return referencesBinding && (referencesTainted || referencesFreshnessField);
+}
+function conditionIsOracleFreshnessCheck(condition) {
+    if (!conditionUsesBlockTimestamp(condition))
+        return false;
+    const namesLower = flattenNames(condition).toLowerCase();
+    const tokens = namesLower.split(/\s+/).filter(Boolean);
+    const mentionsFreshnessField = FRESHNESS_FIELD_TERMS.some(term => tokens.some(token => token.includes(term)));
+    if (mentionsFreshnessField)
+        return true;
+    const mentionsThreshold = FRESHNESS_THRESHOLD_TERMS.some(term => tokens.some(token => token.includes(term)));
+    return mentionsThreshold && conditionAgesBlockTimestamp(condition);
+}
+function conditionAgesBlockTimestamp(condition) {
+    return walkAny(condition, node => {
+        if (!isNode(node, 'BinaryOperation'))
+            return false;
+        const operator = String(node.operator || '');
+        if (operator !== '-' && operator !== '+')
+            return false;
+        const left = node.left ?? node.leftExpression;
+        const right = node.right ?? node.rightExpression;
+        return expressionUsesBlockTimestamp(left) || expressionUsesBlockTimestamp(right);
+    });
+}
+function expressionUsesBlockTimestamp(expr) {
+    return walkAny(expr, node => {
+        if (!isNode(node, 'MemberAccess'))
+            return false;
+        if (String(node.memberName || '') !== 'timestamp')
+            return false;
+        const inner = node.expression;
+        return isNode(inner, 'Identifier') && String(inner.name || '') === 'block';
+    });
+}
+function conditionUsesBlockTimestamp(condition) {
+    return walkAny(condition, node => {
+        if (!isNode(node, 'MemberAccess'))
+            return false;
+        if (String(node.memberName || '') !== 'timestamp')
+            return false;
+        const expr = node.expression;
+        if (isNode(expr, 'Identifier') && String(expr.name || '') === 'block')
+            return true;
+        return false;
+    });
+}
+function describeCall(call) {
+    const expr = call?.expression;
+    if (isNode(expr, 'Identifier'))
+        return String(expr.name || '');
+    if (isNode(expr, 'MemberAccess')) {
+        const baseName = flattenIdentifiersForCondition(expr.expression);
+        const member = String(expr.memberName || '');
+        return baseName ? `${baseName}.${member}` : member;
+    }
+    return '';
+}
+function getCalleeName(node) {
+    const expr = node?.expression;
+    if (isNode(expr, 'Identifier'))
+        return String(expr.name || '');
+    if (isNode(expr, 'MemberAccess'))
+        return String(expr.memberName || '');
+    return '';
+}
+function isVariableDeclarationStatement(node) {
+    return isNode(node, 'VariableDeclarationStatement');
+}
+function getDeclaredVariables(node) {
+    if (Array.isArray(node?.variables))
+        return node.variables;
+    if (Array.isArray(node?.declarations))
+        return node.declarations;
+    return [];
+}
+function isAssignmentNode(node) {
+    if (isNode(node, 'Assignment'))
+        return true;
+    if (isNode(node, 'BinaryOperation')) {
+        const operator = String(node.operator || '');
+        return ASSIGNMENT_OPERATORS.has(operator);
+    }
+    return false;
+}
+const ASSIGNMENT_OPERATORS = new Set([
+    '=', '+=', '-=', '*=', '/=', '%=', '|=', '&=', '^=', '<<=', '>>=', '>>>=',
+]);
+function getAssignmentLeft(node) {
+    if (isNode(node, 'Assignment'))
+        return node.leftHandSide;
+    if (isNode(node, 'BinaryOperation'))
+        return node.left;
+    return null;
+}
+function getAssignmentRight(node) {
+    if (isNode(node, 'Assignment'))
+        return node.rightHandSide;
+    if (isNode(node, 'BinaryOperation'))
+        return node.right;
+    return null;
+}
+function getIdentifierBaseName(node) {
+    if (!node || typeof node !== 'object')
+        return '';
+    if (isNode(node, 'Identifier'))
+        return String(node.name || '');
+    if (isNode(node, 'MemberAccess'))
+        return getIdentifierBaseName(node.expression);
+    if (isNode(node, 'IndexAccess'))
+        return getIdentifierBaseName(getIndexBase(node));
+    if (isNode(node, 'TupleExpression')) {
+        const components = node.components || [];
+        if (components.length === 1)
+            return getIdentifierBaseName(components[0]);
+    }
+    return '';
+}
+function getIndexBase(node) {
+    if (!node || typeof node !== 'object')
+        return null;
+    if (node.baseExpression)
+        return node.baseExpression;
+    if (node.base)
+        return node.base;
+    return null;
+}
+function isFunctionCall(node) {
+    return isNode(node, 'FunctionCall');
+}
+function isExternallyCallable(fn) {
+    const visibility = String(fn?.visibility || '').toLowerCase();
+    return visibility === 'public' || visibility === 'external';
+}
+function hasAccessControlModifier(fn) {
+    const modifiers = fn?.modifiers || fn?.modifierList || [];
+    if (!Array.isArray(modifiers))
+        return false;
+    return modifiers.some((modifier) => ACCESS_CONTROL_MODIFIERS.has(getModifierName(modifier).toLowerCase()));
+}
+function hasInlineAccessControlBefore(body, sourceNode, sinkNode) {
+    const statements = collectStatementsInOrder(body);
+    if (statements.length === 0)
+        return false;
+    const sourceIndex = statements.findIndex(s => containsNode(s, sourceNode));
+    const sinkIndex = statements.findIndex(s => containsNode(s, sinkNode));
+    if (sourceIndex < 0 || sinkIndex < 0)
+        return false;
+    const dominanceLimit = Math.min(sourceIndex, sinkIndex);
+    for (let i = 0; i < dominanceLimit; i += 1) {
+        if (statementIsAccessGuard(statements[i]))
+            return true;
+    }
+    return false;
+}
+function statementIsAccessGuard(stmt) {
+    if (!stmt || typeof stmt !== 'object')
+        return false;
+    if (isNode(stmt, 'ExpressionStatement')) {
+        const expr = stmt.expression;
+        if (isNode(expr, 'FunctionCall')) {
+            const callee = getCalleeName(expr).toLowerCase();
+            if (callee === 'require' || callee === 'assert') {
+                const condition = (expr.arguments || [])[0];
+                return condition ? conditionAuthorizesCaller(condition) : false;
+            }
+            if (isAccessControlInternalCall(expr))
+                return true;
+        }
+        return false;
+    }
+    if (isNode(stmt, 'IfStatement')) {
+        const condition = stmt.condition;
+        const trueBody = stmt.trueBody ?? stmt.trueExpression;
+        if (condition && trueBody && conditionDeniesCaller(condition) && bodyUnconditionallyExits(trueBody)) {
+            return true;
+        }
+    }
+    return false;
+}
+function conditionAuthorizesCaller(condition) {
+    if (!condition || typeof condition !== 'object')
+        return false;
+    if (isCallerEqualityCheck(condition))
+        return true;
+    if (isAccessControlPredicateCall(condition))
+        return true;
+    for (const child of childrenOf(condition)) {
+        if (conditionAuthorizesCaller(child))
+            return true;
+    }
+    return false;
+}
+function conditionDeniesCaller(condition) {
+    if (!condition || typeof condition !== 'object')
+        return false;
+    if (isNode(condition, 'UnaryOperation') && String(condition.operator || '') === '!') {
+        return conditionAuthorizesCaller(condition.subExpression);
+    }
+    if (isNode(condition, 'BinaryOperation')) {
+        const operator = String(condition.operator || '');
+        const left = condition.left ?? condition.leftExpression;
+        const right = condition.right ?? condition.rightExpression;
+        if (operator === '!=' || operator === '!==') {
+            if ((isMsgSender(left) && isAuthSubject(right)) || (isMsgSender(right) && isAuthSubject(left)))
+                return true;
+        }
+    }
+    return false;
+}
+function isCallerEqualityCheck(condition) {
+    if (!isNode(condition, 'BinaryOperation'))
+        return false;
+    const operator = String(condition.operator || '');
+    if (operator !== '==' && operator !== '===')
+        return false;
+    const left = condition.left ?? condition.leftExpression;
+    const right = condition.right ?? condition.rightExpression;
+    return (isMsgSender(left) && isAuthSubject(right)) || (isMsgSender(right) && isAuthSubject(left));
+}
+function isAccessControlPredicateCall(node) {
+    if (!isNode(node, 'FunctionCall'))
+        return false;
+    const callee = getCalleeName(node).toLowerCase();
+    if (callee !== 'hasrole' && callee !== 'isowner' && callee !== 'isadmin' && callee !== 'isauthorized' && callee !== 'isoperator') {
+        return false;
+    }
+    const args = node.arguments || [];
+    return args.some((arg) => containsMsgSender(arg)) || args.length === 0 || callee === 'isowner';
+}
+function isAccessControlInternalCall(call) {
+    const callee = getCalleeName(call).toLowerCase();
+    if (callee === '_checkowner' || callee === '_checkrole' || callee === 'checkowner' || callee === 'checkrole')
+        return true;
+    if (callee === 'onlyrole' || callee === 'onlyowner')
+        return true;
+    return false;
+}
+function containsMsgSender(node) {
+    return walkAny(node, child => isMsgSender(child));
+}
+function isMsgSender(node) {
+    if (!isNode(node, 'MemberAccess'))
+        return false;
+    if (String(node.memberName || '') !== 'sender')
+        return false;
+    const inner = node.expression;
+    return isNode(inner, 'Identifier') && String(inner.name || '') === 'msg';
+}
+function isAuthSubject(node) {
+    if (!node || typeof node !== 'object')
+        return false;
+    if (isNode(node, 'Identifier'))
+        return AUTH_SUBJECT_RE.test(String(node.name || ''));
+    if (isNode(node, 'MemberAccess'))
+        return AUTH_SUBJECT_RE.test(String(node.memberName || ''));
+    if (isNode(node, 'FunctionCall')) {
+        const callee = getCalleeName(node).toLowerCase();
+        return callee === 'owner' || callee === 'governor' || callee === 'admin' || callee === 'governance';
+    }
+    return false;
+}
+const AUTH_SUBJECT_RE = /^(owner|admin|governance|governor|guardian|authority|operator|manager|dao|trusted|pauser|minter)$/i;
+function bodyUnconditionallyExits(node) {
+    if (!node || typeof node !== 'object')
+        return false;
+    if (isNode(node, 'Block')) {
+        const stmts = collectStatementsInOrder(node);
+        return stmts.some(statementGuaranteesExit);
+    }
+    return statementGuaranteesExit(node);
+}
+function statementGuaranteesExit(stmt) {
+    if (!stmt || typeof stmt !== 'object')
+        return false;
+    if (isNode(stmt, 'ThrowStatement') || isNode(stmt, 'RevertStatement'))
+        return true;
+    if (isNode(stmt, 'ExpressionStatement') && isNode(stmt.expression, 'FunctionCall')) {
+        const callee = getCalleeName(stmt.expression).toLowerCase();
+        if (callee === 'revert')
+            return true;
+    }
+    if (isNode(stmt, 'Block'))
+        return bodyUnconditionallyExits(stmt);
+    return false;
+}
+function isInterfaceLike(contractNode) {
+    const kind = String(contractNode?.kind || contractNode?.contractKind || '').toLowerCase();
+    return kind === 'interface';
+}
+function getContractFunctions(contractNode) {
+    return getContractMembers(contractNode).filter(child => isNode(child, 'FunctionDefinition'));
+}
+function getContractMembers(contractNode) {
+    if (!contractNode || typeof contractNode !== 'object')
+        return [];
+    if (Array.isArray(contractNode.subNodes))
+        return contractNode.subNodes;
+    if (Array.isArray(contractNode.nodes))
+        return contractNode.nodes;
+    return [];
+}
+function collectContracts(ast) {
+    const out = [];
+    walkContracts(ast, node => out.push(node));
+    return out;
+}
+function walkContracts(node, visit) {
+    if (!node || typeof node !== 'object')
+        return;
+    if (isNode(node, 'ContractDefinition')) {
+        visit(node);
+        return;
+    }
+    for (const child of childrenOf(node))
+        walkContracts(child, visit);
+}
+function walkAny(node, predicate) {
+    if (!node || typeof node !== 'object')
+        return false;
+    if (predicate(node))
+        return true;
+    return childrenOf(node).some(child => walkAny(child, predicate));
+}
+function walk(node, visit) {
+    if (!node || typeof node !== 'object')
+        return;
+    visit(node);
+    for (const child of childrenOf(node))
+        walk(child, visit);
+}
+function childrenOf(node) {
+    if (!node || typeof node !== 'object')
+        return [];
+    const children = [];
+    for (const [key, value] of Object.entries(node)) {
+        if (key === 'loc' ||
+            key === 'src' ||
+            key === 'range' ||
+            key === 'typeDescriptions' ||
+            key === 'typeName' ||
+            key === 'id') {
+            continue;
+        }
+        if (Array.isArray(value)) {
+            for (const item of value) {
+                if (item && typeof item === 'object')
+                    children.push(item);
+            }
+        }
+        else if (value && typeof value === 'object') {
+            children.push(value);
+        }
+    }
+    return children;
+}
+function isNode(node, kind) {
+    return node?.type === kind || node?.nodeType === kind;
+}
+function getName(node) {
+    return typeof node?.name === 'string' ? node.name : '';
+}
+function getModifierName(modifier) {
+    if (!modifier)
+        return '';
+    if (typeof modifier === 'string')
+        return modifier;
+    if (typeof modifier.name === 'string')
+        return modifier.name;
+    if (modifier.name && typeof modifier.name === 'object') {
+        if (typeof modifier.name.name === 'string')
+            return modifier.name.name;
+        if (typeof modifier.name.namePath === 'string')
+            return modifier.name.namePath;
+    }
+    if (modifier.modifierName) {
+        const inner = modifier.modifierName;
+        if (typeof inner === 'string')
+            return inner;
+        if (typeof inner.name === 'string')
+            return inner.name;
+    }
+    return '';
+}
+function flattenNames(node) {
+    const names = [];
+    walk(node, child => {
+        if (isNode(child, 'Identifier'))
+            names.push(String(child.name || ''));
+        if (isNode(child, 'MemberAccess'))
+            names.push(String(child.memberName || ''));
+    });
+    return names.join(' ');
+}
+function buildLineOffsets(sourceText) {
+    if (sourceText === undefined)
+        return undefined;
+    const lineOffsets = [0];
+    let byteOffset = 0;
+    for (const char of sourceText) {
+        byteOffset += Buffer.byteLength(char, 'utf8');
+        if (char === '\n')
+            lineOffsets.push(byteOffset);
+    }
+    return lineOffsets;
+}
+function getLoc(node, lineOffsets) {
+    if (node?.loc?.start)
+        return { line: node.loc.start.line || 0, column: node.loc.start.column || 0 };
+    if (!node?.src || !lineOffsets)
+        return undefined;
+    const [offsetRaw] = String(node.src).split(':');
+    const offset = Number(offsetRaw);
+    if (!Number.isFinite(offset) || offset < 0)
+        return undefined;
+    return byteOffsetToLineColumn(offset, lineOffsets);
+}
+function byteOffsetToLineColumn(byteOffset, lineOffsets) {
+    let low = 0;
+    let high = lineOffsets.length - 1;
+    let lineIndex = 0;
+    while (low <= high) {
+        const mid = Math.floor((low + high) / 2);
+        if (lineOffsets[mid] <= byteOffset) {
+            lineIndex = mid;
+            low = mid + 1;
+        }
+        else {
+            high = mid - 1;
+        }
+    }
+    return { line: lineIndex + 1, column: byteOffset - lineOffsets[lineIndex] };
+}
+//# sourceMappingURL=flashloan-price-manipulation.js.map