@snovon/solast 0.2.0

package/dist/detectors/generalized-frontrunning.js

@@ -0,0 +1,836 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.GeneralizedFrontrunningDetector = void 0;
+const access_control_1 = require("./_common/access-control");
+const RULE_ID = 'generalized-frontrunning';
+const SWAP_PATTERN = `${RULE_ID}/permissive-swap-bound`;
+const LIQUIDATION_PATTERN = `${RULE_ID}/oracle-driven-execution-without-bound`;
+const APPROVE_RACE_PATTERN = `${RULE_ID}/approve-race`;
+const RESULT_REVEAL_PATTERN = `${RULE_ID}/result-revealing-no-commit`;
+const SPOT_SETTLEMENT_PATTERN = `${RULE_ID}/unprotected-spot-settlement`;
+const FIRST_CLAIMER_PATTERN = `${RULE_ID}/first-claimer-race`;
+const PROVENANCE = 'issue-1650-generalized-frontrunning';
+const SWAP_SPECS = {
+    swapExactTokensForTokens: { minIndex: 1, deadlineIndex: 4 },
+    swapExactTokensForETH: { minIndex: 1, deadlineIndex: 4 },
+    swapExactETHForTokens: { minIndex: 0, deadlineIndex: 3 },
+    swapExactTokensForTokensSupportingFeeOnTransferTokens: { minIndex: 1, deadlineIndex: 4 },
+    swapExactTokensForETHSupportingFeeOnTransferTokens: { minIndex: 1, deadlineIndex: 4 },
+    swapExactETHForTokensSupportingFeeOnTransferTokens: { minIndex: 0, deadlineIndex: 3 },
+    swapTokensForExactTokens: { maxIndex: 1, deadlineIndex: 4 },
+    swapTokensForExactETH: { maxIndex: 1, deadlineIndex: 4 },
+    exchange: { minIndex: 3 },
+    exchange_underlying: { minIndex: 3 },
+};
+class GeneralizedFrontrunningDetector {
+    id = RULE_ID;
+    patternKey = RULE_ID;
+    supportedAstKinds = ['parser', 'solc'];
+    scanAst(ast, file, sourceText = '') {
+        if (!ast || typeof ast !== 'object')
+            return [];
+        if (!isNode(ast, 'SourceUnit'))
+            return [];
+        const findings = [];
+        const seen = new Set();
+        for (const contract of collectContracts(ast)) {
+            if (isInterfaceLike(contract))
+                continue;
+            const contractName = getName(contract) || '<anonymous>';
+            const contractFunctionNames = new Set(getContractFunctions(contract)
+                .map(getName)
+                .filter(Boolean));
+            for (const fn of getContractFunctions(contract)) {
+                if (!fn.body)
+                    continue;
+                if (!isExternallyCallable(fn))
+                    continue;
+                const functionName = getName(fn) || '<anonymous>';
+                const params = new Set();
+                for (const param of getParameters(fn)) {
+                    const name = getName(param);
+                    if (name)
+                        params.add(name);
+                }
+                const ctx = {
+                    file,
+                    sourceText,
+                    contractName,
+                    functionName,
+                    contractFunctionNames,
+                    params,
+                    zeroValues: new Set(),
+                    maxValues: new Set(),
+                    oracleDerived: new Set(),
+                    guardedOutputs: new Set(),
+                };
+                for (const sink of scanFunctionShape(fn, contract, ctx)) {
+                    const loc = locOf(sink.node, sourceText) || locOf(fn, sourceText) || { line: 1, column: 0 };
+                    const key = `${contractName}:${functionName}:${loc.line}:${loc.column}:${sink.pattern}`;
+                    if (seen.has(key))
+                        continue;
+                    seen.add(key);
+                    findings.push(makeFinding(ctx, loc, sink));
+                }
+                for (const sink of scanBlock(fn.body, ctx)) {
+                    const loc = locOf(sink.node, sourceText) || locOf(fn, sourceText) || { line: 1, column: 0 };
+                    const key = `${contractName}:${functionName}:${loc.line}:${loc.column}:${sink.pattern}`;
+                    if (seen.has(key))
+                        continue;
+                    seen.add(key);
+                    findings.push(makeFinding(ctx, loc, sink));
+                }
+            }
+        }
+        return findings;
+    }
+}
+exports.GeneralizedFrontrunningDetector = GeneralizedFrontrunningDetector;
+function scanFunctionShape(fn, contract, ctx) {
+    const out = [];
+    if (isUnsafeApproveRace(fn, ctx)) {
+        out.push({
+            node: fn,
+            pattern: APPROVE_RACE_PATTERN,
+            message: `Generalized front-running risk in '${ctx.contractName}.${ctx.functionName}': approve overwrites an existing allowance without a zero-first guard or delta allowance alternative.`,
+            rationale: 'ERC-20 allowance changes from one non-zero value to another are transaction-order dependent because the spender can race the allowance overwrite.',
+        });
+    }
+    if (isResultRevealingResolution(fn, contract, ctx)) {
+        out.push({
+            node: fn,
+            pattern: RESULT_REVEAL_PATTERN,
+            message: `Generalized front-running risk in '${ctx.contractName}.${ctx.functionName}': calldata-visible input is accepted and resolved for value in the same transaction without commit-reveal protection.`,
+            rationale: 'When the winning guess or bid is visible in calldata before execution, another transaction can copy or reorder around it unless the protocol separates commitment from reveal.',
+        });
+    }
+    if (isFirstClaimerRace(fn, ctx)) {
+        out.push({
+            node: fn,
+            pattern: FIRST_CLAIMER_PATTERN,
+            message: `Generalized front-running risk in '${ctx.contractName}.${ctx.functionName}': an anyone-callable first-claim or initializer path assigns order-dependent privileged state.`,
+            rationale: 'First-claimer and initializer flows are transaction-order dependent when any caller can win the race to capture owner, depositor, or initialization state.',
+        });
+    }
+    return out;
+}
+function scanBlock(block, ctx) {
+    const findings = [];
+    for (const stmt of getBlockStatements(block)) {
+        findings.push(...scanStatement(stmt, ctx));
+    }
+    return findings;
+}
+function scanStatement(stmt, ctx) {
+    if (!stmt || typeof stmt !== 'object')
+        return [];
+    if (isNode(stmt, 'Block'))
+        return scanBlock(stmt, ctx);
+    if (isNode(stmt, 'IfStatement')) {
+        const findings = [];
+        const trueCtx = cloneCtx(ctx);
+        collectBoundGuards(stmt.condition, trueCtx);
+        if (stmt.trueBody)
+            findings.push(...scanStatement(stmt.trueBody, trueCtx));
+        if (stmt.falseBody)
+            findings.push(...scanStatement(stmt.falseBody, cloneCtx(ctx)));
+        return findings;
+    }
+    if (isRequireOrAssertStatement(stmt)) {
+        collectBoundGuards(getCallArguments(stmt.expression)[0], ctx);
+        collectAssignments(stmt, ctx);
+        return [];
+    }
+    const findings = findSinkCandidates(stmt, ctx);
+    collectAssignments(stmt, ctx);
+    return findings;
+}
+function collectAssignments(stmt, ctx) {
+    walk(stmt, node => {
+        if (isNode(node, 'VariableDeclarationStatement')) {
+            const init = node.initialValue ?? node.initialValueExpression ?? node.value;
+            for (const decl of getVariableDeclarations(node)) {
+                const name = getName(decl);
+                if (!name)
+                    continue;
+                if (isZeroExpression(init, ctx))
+                    ctx.zeroValues.add(name);
+                if (isMaxExpression(init, ctx))
+                    ctx.maxValues.add(name);
+                if (isOracleDerivedExpression(init, ctx))
+                    ctx.oracleDerived.add(name);
+            }
+            return;
+        }
+        if (!isAssignmentNode(node))
+            return;
+        const right = getBinaryRight(node);
+        for (const name of collectAssignTargets(getBinaryLeft(node))) {
+            if (isZeroExpression(right, ctx))
+                ctx.zeroValues.add(name);
+            if (isMaxExpression(right, ctx))
+                ctx.maxValues.add(name);
+            if (isOracleDerivedExpression(right, ctx))
+                ctx.oracleDerived.add(name);
+        }
+    });
+}
+function collectBoundGuards(condition, ctx) {
+    walk(condition, node => {
+        if (!isNode(node, 'BinaryOperation'))
+            return;
+        const op = String(node.operator || '');
+        if (!['>', '>=', '<', '<=', '!='].includes(op))
+            return;
+        const left = getBinaryLeft(node);
+        const right = getBinaryRight(node);
+        if ((op === '>' || op === '>=' || op === '!=') && isOracleDerivedExpression(left, ctx) && isCallerBound(right, ctx)) {
+            addAccessRoot(left, ctx.guardedOutputs);
+        }
+        if ((op === '<' || op === '<=' || op === '!=') && isOracleDerivedExpression(right, ctx) && isCallerBound(left, ctx)) {
+            addAccessRoot(right, ctx.guardedOutputs);
+        }
+    });
+}
+function findSinkCandidates(stmt, ctx) {
+    const candidates = [];
+    walk(stmt, node => {
+        if (!isNode(node, 'FunctionCall'))
+            return;
+        const callee = unwrapCallOptions(node.expression);
+        if (!isNode(callee, 'MemberAccess'))
+            return;
+        const method = String(callee.memberName || '');
+        const swapSpec = SWAP_SPECS[method];
+        if (swapSpec) {
+            const reasons = vulnerableSwapReasons(node, swapSpec, ctx);
+            if (reasons.length > 0) {
+                candidates.push({
+                    node,
+                    pattern: SWAP_PATTERN,
+                    message: `Generalized front-running risk in '${ctx.contractName}.${ctx.functionName}': ${method} uses ${reasons.join(' and ')}.`,
+                    rationale: 'Caller-visible swap execution with missing or permissive slippage/deadline protection can be sandwiched or reordered before inclusion.',
+                });
+            }
+            return;
+        }
+        const transferAmount = getTransferAmount(method, node);
+        if (!transferAmount)
+            return;
+        if (!isOracleDerivedExpression(transferAmount, ctx))
+            return;
+        const amountName = accessRoot(transferAmount);
+        if (amountName && ctx.guardedOutputs.has(amountName))
+            return;
+        const pattern = isLiquidationLikeFunction(ctx.functionName) ? LIQUIDATION_PATTERN : SPOT_SETTLEMENT_PATTERN;
+        candidates.push({
+            node,
+            pattern,
+            message: pattern === LIQUIDATION_PATTERN
+                ? `Generalized front-running risk in '${ctx.contractName}.${ctx.functionName}': externally influenced price or reserve data drives value-sensitive execution without a caller-provided bound.`
+                : `Generalized front-running risk in '${ctx.contractName}.${ctx.functionName}': spot-derived settlement moves value without caller-provided min-out, nonce, or deadline protection.`,
+            rationale: pattern === LIQUIDATION_PATTERN
+                ? 'Liquidation or arbitrage-sensitive execution derived from fresh external price/reserve state can be transaction-ordering sensitive when no min/max guard constrains the result.'
+                : 'Spot oracle or reserve reads can be sandwiched or reordered when settlement transfers the derived amount directly and the caller cannot constrain the execution result.',
+        });
+    });
+    return candidates;
+}
+function isUnsafeApproveRace(fn, ctx) {
+    if (ctx.functionName !== 'approve')
+        return false;
+    const params = getParameters(fn);
+    if (params.length < 2)
+        return false;
+    const spenderName = getName(params[0]);
+    const amountName = getName(params[1]);
+    if (!spenderName || !amountName)
+        return false;
+    if (ctx.contractFunctionNames.has('increaseAllowance') && ctx.contractFunctionNames.has('decreaseAllowance'))
+        return false;
+    if (hasZeroFirstAllowanceGuard(fn, amountName))
+        return false;
+    return walkAny(fn.body, node => {
+        if (!isAssignmentNode(node))
+            return false;
+        const left = getBinaryLeft(node);
+        const right = getBinaryRight(node);
+        return isAllowanceAccess(left) && accessRoot(right) === amountName;
+    });
+}
+function hasZeroFirstAllowanceGuard(fn, amountName) {
+    return walkAny(fn.body, node => {
+        if (!isRequireOrAssertStatement(node))
+            return false;
+        const condition = getCallArguments(node.expression)[0];
+        return isZeroFirstCondition(condition, amountName);
+    });
+}
+function isZeroFirstCondition(expr, amountName) {
+    if (!expr || typeof expr !== 'object')
+        return false;
+    if (isNode(expr, 'BinaryOperation') && String(expr.operator || '') === '||') {
+        const left = getBinaryLeft(expr);
+        const right = getBinaryRight(expr);
+        return (isAmountZeroCheck(left, amountName) && isAllowanceZeroCheck(right))
+            || (isAmountZeroCheck(right, amountName) && isAllowanceZeroCheck(left));
+    }
+    return false;
+}
+function isAmountZeroCheck(expr, amountName) {
+    if (!isNode(expr, 'BinaryOperation'))
+        return false;
+    if (!['==', '===', '<='].includes(String(expr.operator || '')))
+        return false;
+    const left = getBinaryLeft(expr);
+    const right = getBinaryRight(expr);
+    return (accessRoot(left) === amountName && isZeroLiteral(right))
+        || (accessRoot(right) === amountName && isZeroLiteral(left));
+}
+function isAllowanceZeroCheck(expr) {
+    if (!isNode(expr, 'BinaryOperation'))
+        return false;
+    if (!['==', '===', '<='].includes(String(expr.operator || '')))
+        return false;
+    const left = getBinaryLeft(expr);
+    const right = getBinaryRight(expr);
+    return (isAllowanceAccess(left) && isZeroLiteral(right))
+        || (isAllowanceAccess(right) && isZeroLiteral(left));
+}
+function isAllowanceAccess(expr) {
+    return (accessRoot(expr) || '').toLowerCase() === 'allowance';
+}
+function isResultRevealingResolution(fn, contract, ctx) {
+    if (contractHasCommitReveal(contract))
+        return false;
+    const visibleInputs = [...ctx.params].filter(isRevealedResultInputName);
+    if (visibleInputs.length === 0)
+        return false;
+    if (!functionMovesValue(fn))
+        return false;
+    return walkAny(fn.body, node => {
+        if (!isNode(node, 'BinaryOperation'))
+            return false;
+        const op = String(node.operator || '');
+        if (op !== '==' && op !== '===')
+            return false;
+        const left = getBinaryLeft(node);
+        const right = getBinaryRight(node);
+        return visibleInputs.some(name => accessRoot(left) === name || accessRoot(right) === name);
+    });
+}
+function contractHasCommitReveal(contract) {
+    const functions = getContractFunctions(contract);
+    const hasCommitPhase = functions.some(fn => isCommitLikeFunction(fn) && writesCallerCommitment(fn));
+    if (!hasCommitPhase)
+        return false;
+    return functions.some(fn => isRevealLikeFunction(fn) && validatesCommittedHash(fn));
+}
+function isCommitLikeFunction(fn) {
+    return /^(commit|submitCommitment|seal|submitSealed)$/i.test(getName(fn));
+}
+function isRevealLikeFunction(fn) {
+    return /^(reveal|claim|settle)$/i.test(getName(fn));
+}
+function writesCallerCommitment(fn) {
+    return walkAny(fn.body, node => {
+        if (!isAssignmentNode(node))
+            return false;
+        const left = getBinaryLeft(node);
+        return isCommitmentAccess(left) && walkAny(left, child => isMsgSenderLike(child));
+    });
+}
+function validatesCommittedHash(fn) {
+    return walkAny(fn.body, node => {
+        if (!isRequireOrAssertStatement(node))
+            return false;
+        return comparesCommitmentToHash(getCallArguments(node.expression)[0]);
+    });
+}
+function comparesCommitmentToHash(expr) {
+    return walkAny(expr, node => {
+        if (!isNode(node, 'BinaryOperation'))
+            return false;
+        const op = String(node.operator || '');
+        if (op !== '==' && op !== '===')
+            return false;
+        const left = getBinaryLeft(node);
+        const right = getBinaryRight(node);
+        return (isCommitmentAccess(left) && containsKeccak256Call(right))
+            || (isCommitmentAccess(right) && containsKeccak256Call(left));
+    });
+}
+function isCommitmentAccess(expr) {
+    const root = accessRoot(expr) || '';
+    return /commit|sealed/i.test(root);
+}
+function containsKeccak256Call(expr) {
+    return walkAny(expr, node => isNode(node, 'FunctionCall') && getCalleeIdentifierName(node.expression).toLowerCase() === 'keccak256');
+}
+function isRevealedResultInputName(name) {
+    return /^(guess|bid|answer|value|choice|secret|solution|claim)$/i.test(name);
+}
+function functionMovesValue(fn) {
+    return walkAny(fn.body, node => {
+        if (!isNode(node, 'FunctionCall'))
+            return false;
+        const callee = unwrapCallOptions(node.expression);
+        if (isNode(callee, 'MemberAccess')) {
+            const method = String(callee.memberName || '').toLowerCase();
+            if (method === 'transfer' || method === 'send')
+                return true;
+            if (method === 'call')
+                return callHasValueOption(node) || callHasValueOption(callee.expression);
+        }
+        return false;
+    });
+}
+function callHasValueOption(node) {
+    return walkAny(node, child => isNode(child, 'NameValueExpression') && nodeName(child.name).toLowerCase() === 'value');
+}
+function isFirstClaimerRace(fn, ctx) {
+    const name = ctx.functionName.toLowerCase();
+    if ((0, access_control_1.hasRecognisedAccessControlModifier)(fn))
+        return false;
+    if (hasInlineAccessControl(fn))
+        return false;
+    if (name === 'initialize' || name === 'init')
+        return hasFirstStateGate(fn) && assignsPrivilegedOrInitializerState(fn);
+    if (/^(deposit|mint|seed|join|register|claim)$/.test(name))
+        return hasFirstStateGate(fn) && assignsCallerCapturedState(fn);
+    return false;
+}
+function hasInlineAccessControl(fn) {
+    return walkAny(fn.body, node => {
+        if (!isRequireOrAssertStatement(node))
+            return false;
+        const condition = getCallArguments(node.expression)[0];
+        return (0, access_control_1.requireExpressesAccessControl)(condition, name => (0, access_control_1.isPrivilegedIdentifier)(name));
+    });
+}
+function assignsPrivilegedOrInitializerState(fn) {
+    return walkAny(fn.body, node => {
+        if (!isAssignmentNode(node))
+            return false;
+        const left = getBinaryLeft(node);
+        const target = accessRoot(left) || '';
+        return (0, access_control_1.isPrivilegedIdentifier)(target) || isInitializerStateName(target);
+    });
+}
+function hasFirstStateGate(fn) {
+    return walkAny(fn.body, node => {
+        if (!isRequireOrAssertStatement(node))
+            return false;
+        const condition = getCallArguments(node.expression)[0];
+        if (isNegatedInitializedCheck(condition))
+            return true;
+        return walkAny(condition, child => {
+            if (!isNode(child, 'BinaryOperation'))
+                return false;
+            const op = String(child.operator || '');
+            if (!['==', '===', '<=', '<'].includes(op))
+                return false;
+            const left = getBinaryLeft(child);
+            const right = getBinaryRight(child);
+            return (isFirstStateName(accessRoot(left) || '') && isZeroLiteral(right))
+                || (isFirstStateName(accessRoot(right) || '') && isZeroLiteral(left))
+                || isNegatedInitializedCheck(child);
+        });
+    });
+}
+function isNegatedInitializedCheck(expr) {
+    return isNode(expr, 'UnaryOperation')
+        && String(expr.operator || '') === '!'
+        && isInitializerStateName(accessRoot(expr.subExpression) || '');
+}
+function assignsCallerCapturedState(fn) {
+    return walkAny(fn.body, node => {
+        if (!isAssignmentNode(node))
+            return false;
+        const left = getBinaryLeft(node);
+        const right = getBinaryRight(node);
+        const target = accessRoot(left) || '';
+        return isFirstStateName(target) || isMsgSenderLike(right);
+    });
+}
+function isFirstStateName(name) {
+    return /^(totalShares|firstDepositor|firstDeposit|seeded|initialized)$/i.test(name);
+}
+function isInitializerStateName(name) {
+    return /^(initialized|initialised|initializer|owner|admin)$/i.test(name);
+}
+function isMsgSenderLike(expr) {
+    return collectAccessPath(expr) === 'msg.sender';
+}
+function isLiquidationLikeFunction(name) {
+    return /liquidat|arbitrage|rebalance/i.test(name);
+}
+function vulnerableSwapReasons(call, spec, ctx) {
+    const reasons = [];
+    const minArg = getNamedCallArgument(call, ['amountoutmin', 'amountoutminimum', 'minout', 'minimumamountout'])
+        || (spec.minIndex === undefined ? null : getCallArguments(call)[spec.minIndex]);
+    if (spec.minIndex !== undefined && (!minArg || isZeroExpression(minArg, ctx))) {
+        reasons.push('a missing or zero minimum output bound');
+    }
+    const maxArg = getNamedCallArgument(call, ['amountinmax', 'maxin', 'maximumamountin'])
+        || (spec.maxIndex === undefined ? null : getCallArguments(call)[spec.maxIndex]);
+    if (spec.maxIndex !== undefined && (!maxArg || isMaxExpression(maxArg, ctx))) {
+        reasons.push('a missing or unbounded maximum input');
+    }
+    const deadlineArg = getNamedCallArgument(call, ['deadline'])
+        || (spec.deadlineIndex === undefined ? null : getCallArguments(call)[spec.deadlineIndex]);
+    if (spec.deadlineIndex !== undefined && (!deadlineArg || isDirectBlockTimestamp(deadlineArg))) {
+        reasons.push('missing or ineffective deadline protection');
+    }
+    return reasons;
+}
+function getTransferAmount(method, call) {
+    const args = getCallArguments(call);
+    if (method === 'transfer')
+        return args[1] || null;
+    if (method === 'transferFrom')
+        return args[2] || null;
+    if (/^(liquidate|executeLiquidation|rebalance|arbitrage)$/i.test(method))
+        return args[1] || args[0] || null;
+    return null;
+}
+function isOracleDerivedExpression(expr, ctx) {
+    if (!expr || typeof expr !== 'object')
+        return false;
+    const root = accessRoot(expr);
+    if (root && ctx.oracleDerived.has(root))
+        return true;
+    return walkAny(expr, node => {
+        const nestedRoot = accessRoot(node);
+        if (nestedRoot && ctx.oracleDerived.has(nestedRoot))
+            return true;
+        if (!isNode(node, 'FunctionCall'))
+            return false;
+        const callee = unwrapCallOptions(node.expression);
+        if (isNode(callee, 'MemberAccess'))
+            return isOracleLikeMethod(String(callee.memberName || ''));
+        if (isNode(callee, 'Identifier'))
+            return /^(uint|uint256|int|int256)$/i.test(String(callee.name || '')) && getCallArguments(node).some(arg => isOracleDerivedExpression(arg, ctx));
+        return false;
+    });
+}
+function isOracleLikeMethod(method) {
+    return /(price|quote|reserve|getreserve|latestanswer|latestrounddata|getamountsout|getamountout|consult|peek|read)/i.test(method);
+}
+function isCallerBound(expr, ctx) {
+    const root = accessRoot(expr);
+    return !!root && ctx.params.has(root) && isBoundName(root);
+}
+function isBoundName(name) {
+    return /(min|minimum|max|maximum|amountoutmin|amountinmax|slippage|limit|floor|ceiling|bound|worst|guaranteed)/i.test(name);
+}
+function isZeroExpression(expr, ctx) {
+    if (isZeroLiteral(expr))
+        return true;
+    const root = accessRoot(expr);
+    return !!root && ctx.zeroValues.has(root);
+}
+function isMaxExpression(expr, ctx) {
+    if (!expr || typeof expr !== 'object')
+        return false;
+    const root = accessRoot(expr);
+    if (root && ctx.maxValues.has(root))
+        return true;
+    return isTypeMaxExpression(expr);
+}
+function isZeroLiteral(expr) {
+    if (!expr || typeof expr !== 'object')
+        return false;
+    if (isNode(expr, 'NumberLiteral'))
+        return String(expr.number ?? expr.value ?? '') === '0';
+    if (isNode(expr, 'Literal'))
+        return String(expr.value ?? '') === '0';
+    return false;
+}
+function isTypeMaxExpression(expr) {
+    if (!isNode(expr, 'MemberAccess'))
+        return false;
+    if (String(expr.memberName || '').toLowerCase() !== 'max')
+        return false;
+    const inner = unwrapCallOptions(expr.expression);
+    if (!isNode(inner, 'FunctionCall'))
+        return false;
+    const callee = unwrapCallOptions(inner.expression);
+    return isNode(callee, 'Identifier') && String(callee.name || '').toLowerCase() === 'type';
+}
+function isDirectBlockTimestamp(expr) {
+    return collectAccessPath(expr) === 'block.timestamp';
+}
+function isRequireOrAssertStatement(stmt) {
+    if (!isNode(stmt, 'ExpressionStatement') || !isNode(stmt.expression, 'FunctionCall'))
+        return false;
+    const name = getCalleeIdentifierName(stmt.expression.expression).toLowerCase();
+    return name === 'require' || name === 'assert';
+}
+function makeFinding(ctx, loc, sink) {
+    return {
+        file: ctx.file,
+        contract: ctx.contractName,
+        'function': ctx.functionName,
+        line: loc.line,
+        endLine: loc.line,
+        column: loc.column,
+        pattern: sink.pattern,
+        confidence: 'medium',
+        ruleId: RULE_ID,
+        severity: 'medium',
+        message: sink.message,
+        rationale: sink.rationale,
+        suggestedFix: suggestedFixFor(sink.pattern),
+        contractName: ctx.contractName,
+        functionName: ctx.functionName,
+        sourceLocation: { line: loc.line, column: loc.column },
+        findingId: '',
+        contractHash: '',
+        provenance: PROVENANCE,
+        source: PROVENANCE,
+    };
+}
+function suggestedFixFor(pattern) {
+    if (pattern === APPROVE_RACE_PATTERN) {
+        return 'Require zero-first allowance updates or expose increaseAllowance/decreaseAllowance style delta updates instead of direct non-zero overwrites.';
+    }
+    if (pattern === RESULT_REVEAL_PATTERN) {
+        return 'Separate input commitment from value resolution with a commit-reveal or sealed-bid phase so the winning input is not visible before ordering is fixed.';
+    }
+    if (pattern === FIRST_CLAIMER_PATTERN) {
+        return 'Protect initializer and first-claimer flows with access control, constructor-time setup, or a deployment process that cannot be won by an arbitrary caller.';
+    }
+    if (pattern === SPOT_SETTLEMENT_PATTERN) {
+        return 'Require caller-supplied minOut/maxIn bounds, an effective deadline, and replay/nonce protection before moving value from a spot-derived amount.';
+    }
+    return 'Require caller-supplied non-zero minOut/maxIn bounds and forward an effective deadline such as a caller deadline or block.timestamp plus a bounded offset.';
+}
+function cloneCtx(ctx) {
+    return {
+        ...ctx,
+        params: new Set(ctx.params),
+        zeroValues: new Set(ctx.zeroValues),
+        maxValues: new Set(ctx.maxValues),
+        oracleDerived: new Set(ctx.oracleDerived),
+        guardedOutputs: new Set(ctx.guardedOutputs),
+    };
+}
+function getNamedCallArgument(call, targetNames) {
+    const targets = new Set(targetNames.map(name => name.toLowerCase()));
+    const names = getArgumentNames(call).map(name => name.toLowerCase());
+    const args = getCallArguments(call);
+    const index = names.findIndex(name => targets.has(name));
+    if (index >= 0)
+        return args[index] || null;
+    for (const rawArg of getRawCallArguments(call)) {
+        if (!isNode(rawArg, 'NameValueExpression'))
+            continue;
+        const name = nodeName(rawArg.name).toLowerCase();
+        if (targets.has(name))
+            return rawArg.expression ?? rawArg.value ?? null;
+    }
+    return null;
+}
+function getArgumentNames(call) {
+    if (Array.isArray(call?.names))
+        return call.names.map(nodeName);
+    if (Array.isArray(call?.arguments?.names))
+        return call.arguments.names.map(nodeName);
+    if (Array.isArray(call?.identifiers))
+        return call.identifiers.map(nodeName);
+    return [];
+}
+function getCallArguments(node) {
+    return getRawCallArguments(node).map(arg => isNode(arg, 'NameValueExpression') ? (arg.expression ?? arg.value ?? null) : arg);
+}
+function getRawCallArguments(node) {
+    return Array.isArray(node?.arguments) ? node.arguments : [];
+}
+function unwrapCallOptions(expr) {
+    let current = expr;
+    while (current && (isNode(current, 'NameValueExpression') || isNode(current, 'FunctionCallOptions'))) {
+        current = current.expression;
+    }
+    return current;
+}
+function getCalleeIdentifierName(expr) {
+    const unwrapped = unwrapCallOptions(expr);
+    if (isNode(unwrapped, 'Identifier'))
+        return String(unwrapped.name || '');
+    if (isNode(unwrapped, 'MemberAccess'))
+        return String(unwrapped.memberName || '');
+    return '';
+}
+function getVariableDeclarations(stmt) {
+    if (Array.isArray(stmt?.variables))
+        return stmt.variables;
+    if (Array.isArray(stmt?.declarations))
+        return stmt.declarations;
+    return [];
+}
+function collectAssignTargets(node) {
+    if (!node || typeof node !== 'object')
+        return [];
+    if (isNode(node, 'Identifier'))
+        return node.name ? [String(node.name)] : [];
+    if (isNode(node, 'TupleExpression'))
+        return getTupleComponents(node).flatMap(collectAssignTargets);
+    return [];
+}
+function getTupleComponents(node) {
+    if (Array.isArray(node?.components))
+        return node.components;
+    if (Array.isArray(node?.elements))
+        return node.elements;
+    return [];
+}
+function isAssignmentNode(node) {
+    if (!node || typeof node !== 'object')
+        return false;
+    if (isNode(node, 'Assignment'))
+        return true;
+    return isNode(node, 'BinaryOperation') && String(node.operator || '') === '=';
+}
+function getBinaryLeft(node) {
+    return node?.left ?? node?.leftExpression ?? node?.leftHandSide;
+}
+function getBinaryRight(node) {
+    return node?.right ?? node?.rightExpression ?? node?.rightHandSide;
+}
+function accessRoot(node) {
+    const path = collectAccessPath(node);
+    return path ? path.split(/[.\[]/)[0] : null;
+}
+function addAccessRoot(node, target) {
+    const root = accessRoot(node);
+    if (root)
+        target.add(root);
+}
+function collectAccessPath(node) {
+    if (!node || typeof node !== 'object')
+        return null;
+    if (isNode(node, 'Identifier'))
+        return node.name ? String(node.name) : null;
+    if (isNode(node, 'MemberAccess')) {
+        const base = collectAccessPath(node.expression);
+        if (!base || !node.memberName)
+            return null;
+        return `${base}.${String(node.memberName)}`;
+    }
+    if (isNode(node, 'IndexAccess')) {
+        const base = collectAccessPath(node.base ?? node.baseExpression);
+        return base ? `${base}[]` : null;
+    }
+    return null;
+}
+function isExternallyCallable(fn) {
+    const visibility = String(fn.visibility || '').toLowerCase();
+    if (visibility === 'private' || visibility === 'internal')
+        return false;
+    const kind = String(fn.kind || '').toLowerCase();
+    return kind !== 'constructor' && !fn.isConstructor;
+}
+function isInterfaceLike(contract) {
+    const kind = String(contract?.kind || contract?.contractKind || '').toLowerCase();
+    return kind === 'interface' || kind === 'library';
+}
+function getParameters(fn) {
+    if (Array.isArray(fn?.parameters))
+        return fn.parameters;
+    if (Array.isArray(fn?.parameters?.parameters))
+        return fn.parameters.parameters;
+    return [];
+}
+function getContractFunctions(contract) {
+    return getContractMembers(contract).filter(node => isNode(node, 'FunctionDefinition'));
+}
+function getContractMembers(contract) {
+    if (Array.isArray(contract?.subNodes))
+        return contract.subNodes;
+    if (Array.isArray(contract?.nodes))
+        return contract.nodes;
+    return [];
+}
+function getBlockStatements(body) {
+    return Array.isArray(body?.statements) ? body.statements : [];
+}
+function collectContracts(ast) {
+    const out = [];
+    walk(ast, node => {
+        if (isNode(node, 'ContractDefinition'))
+            out.push(node);
+    });
+    return out;
+}
+function walk(node, visit) {
+    if (!node || typeof node !== 'object')
+        return;
+    visit(node);
+    for (const child of childrenOf(node))
+        walk(child, visit);
+}
+function walkAny(node, predicate) {
+    if (!node || typeof node !== 'object')
+        return false;
+    if (predicate(node))
+        return true;
+    for (const child of childrenOf(node)) {
+        if (walkAny(child, predicate))
+            return true;
+    }
+    return false;
+}
+function childrenOf(node) {
+    if (!node || typeof node !== 'object')
+        return [];
+    const out = [];
+    for (const [key, value] of Object.entries(node)) {
+        if (key === 'loc' || key === 'src' || key === 'range' || key === 'typeDescriptions' || key === 'id')
+            continue;
+        if (Array.isArray(value)) {
+            for (const item of value)
+                if (item && typeof item === 'object')
+                    out.push(item);
+        }
+        else if (value && typeof value === 'object') {
+            out.push(value);
+        }
+    }
+    return out;
+}
+function isNode(node, kind) {
+    return node?.type === kind || node?.nodeType === kind;
+}
+function getName(node) {
+    return typeof node?.name === 'string' ? node.name : '';
+}
+function nodeName(node) {
+    if (typeof node === 'string')
+        return node;
+    if (!node || typeof node !== 'object')
+        return '';
+    return String(node.name || node.namePath || node.memberName || '');
+}
+function locOf(node, sourceText = '') {
+    if (node?.loc?.start)
+        return { line: node.loc.start.line || 0, column: node.loc.start.column || 0 };
+    if (typeof node?.src === 'string' && sourceText) {
+        const start = Number(node.src.split(':')[0]);
+        if (Number.isFinite(start))
+            return offsetToLoc(sourceText, start);
+    }
+    return null;
+}
+function offsetToLoc(sourceText, offset) {
+    let line = 1;
+    let lineStart = 0;
+    for (let i = 0; i < sourceText.length && i < offset; i++) {
+        if (sourceText.charCodeAt(i) === 10) {
+            line++;
+            lineStart = i + 1;
+        }
+    }
+    return { line, column: Math.max(0, offset - lineStart) };
+}
+//# sourceMappingURL=generalized-frontrunning.js.map