@snovon/solast 0.2.0

package/dist/detectors/insecure-randomness.d.ts

@@ -0,0 +1,73 @@
+import type { ScanResult } from '../index';
+export declare class InsecureRandomnessDetector {
+    readonly id = "insecure-randomness";
+    readonly patternKey = "insecure-randomness";
+    readonly supportedAstKinds: "parser"[];
+    readonly descriptor: {
+        id: string;
+        shortDescription: string;
+        helpUri: string;
+        defaultSeverity: "high";
+        help: string;
+    };
+    private currentFile;
+    private currentContract;
+    private currentFunction;
+    private currentFunctionNode;
+    private findings;
+    private locals;
+    private localBindings;
+    private stateTaint;
+    private reportedFunctions;
+    private hasVrfContext;
+    private currentFunctionIsVrfCallback;
+    private vrfCallbackParams;
+    private vrfDerivedLocals;
+    private vrfDerivedStateVars;
+    private stateVarNames;
+    setFile(file: string): void;
+    getFindings(): ScanResult[];
+    ContractDefinition(node: any): void;
+    ['ContractDefinition:exit'](_node: any): void;
+    FunctionDefinition(node: any): void;
+    ['FunctionDefinition:exit'](_node: any): void;
+    VariableDeclarationStatement(node: any): void;
+    Assignment(node: any): void;
+    BinaryOperation(node: any): void;
+    private observeAssignment;
+    IfStatement(node: any): void;
+    Conditional(node: any): void;
+    FunctionCall(node: any): void;
+    IndexAccess(node: any): void;
+    private inFunction;
+    private hasVrfSignal;
+    private inheritanceName;
+    private isSecurityRandomnessExpression;
+    private valueTransferDependsOnRandomness;
+    private isValueTransferCall;
+    private taintOf;
+    private isPredictableSource;
+    private isCurrentBlockhashCall;
+    private unwrapParentheses;
+    private isBlockNumber;
+    private isStrongEntropySource;
+    private isVrfDerivedExpression;
+    private containsPredictableSource;
+    private referencesVrfOutput;
+    private taintFromChildren;
+    private merge;
+    private assignmentTargets;
+    private isAssignmentNode;
+    private runtimeStateAssignmentTargets;
+    private collectStateTaintAssignments;
+    private prepassStateAssignmentTargets;
+    private isThisStateAccess;
+    private isDeadlineCheck;
+    private isTimestampOrNumber;
+    private isComparisonOperator;
+    private callName;
+    private memberName;
+    private callOptions;
+    private addFinding;
+    private forEachChild;
+}

package/dist/detectors/insecure-randomness.js

@@ -0,0 +1,610 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.InsecureRandomnessDetector = void 0;
+const ast_1 = require("./_common/ast");
+const RULE_ID = 'insecure-randomness';
+const EMPTY_TAINT = {
+    hasModulo: false,
+    hasComparison: false,
+    hashDerived: false,
+    hasSelection: false,
+    hasStrongEntropySource: false,
+};
+const TRANSFER_MEMBERS = new Set(['transfer', 'send', 'call']);
+const TOKEN_SINKS = new Set(['_mint', 'mint', '_transfer', 'transfer', 'safeTransfer']);
+const HASH_OR_ENCODING_CALLS = new Set(['keccak256', 'sha256', 'abi.encode', 'abi.encodePacked', 'abi.encodeWithSelector']);
+const REQUIRE_CALLS = new Set(['require', 'assert']);
+const VRF_CALLBACK_NAMES = new Set(['fulfillRandomness', 'fulfillRandomWords']);
+class InsecureRandomnessDetector {
+    id = RULE_ID;
+    patternKey = RULE_ID;
+    supportedAstKinds = ['parser'];
+    descriptor = {
+        id: RULE_ID,
+        shortDescription: 'Predictable block or gas values influence randomness-sensitive contract outcomes.',
+        helpUri: 'https://snovon.com/',
+        defaultSeverity: 'high',
+        help: 'Use verifiable randomness, a well-designed commit-reveal scheme, or another source that validators and callers cannot bias.'
+    };
+    currentFile = '';
+    currentContract = '';
+    currentFunction = '';
+    currentFunctionNode = null;
+    findings = [];
+    locals = new Map();
+    localBindings = new Set();
+    stateTaint = new Map();
+    reportedFunctions = new Set();
+    hasVrfContext = false;
+    currentFunctionIsVrfCallback = false;
+    vrfCallbackParams = new Set();
+    vrfDerivedLocals = new Set();
+    vrfDerivedStateVars = new Set();
+    stateVarNames = new Set();
+    setFile(file) {
+        this.currentFile = file;
+        this.currentContract = '';
+        this.currentFunction = '';
+        this.currentFunctionNode = null;
+        this.findings = [];
+        this.locals.clear();
+        this.localBindings.clear();
+        this.stateTaint.clear();
+        this.reportedFunctions.clear();
+        this.hasVrfContext = false;
+        this.currentFunctionIsVrfCallback = false;
+        this.vrfCallbackParams.clear();
+        this.vrfDerivedLocals.clear();
+        this.vrfDerivedStateVars.clear();
+        this.stateVarNames.clear();
+    }
+    getFindings() {
+        return this.findings;
+    }
+    ContractDefinition(node) {
+        this.currentContract = node.name || '<anonymous>';
+        this.hasVrfContext = this.hasVrfSignal(node);
+        this.stateTaint.clear();
+        this.vrfDerivedStateVars.clear();
+        this.stateVarNames.clear();
+        for (const sub of node.subNodes || []) {
+            if (!(0, ast_1.isNode)(sub, 'StateVariableDeclaration'))
+                continue;
+            for (const v of sub.variables || []) {
+                if (!v?.name)
+                    continue;
+                this.stateVarNames.add(v.name);
+                const initializer = v.expression || sub.initialValue;
+                const taint = this.taintOf(initializer);
+                if (taint)
+                    this.stateTaint.set(v.name, taint);
+            }
+        }
+        for (const sub of node.subNodes || []) {
+            if (!(0, ast_1.isNode)(sub, 'FunctionDefinition') || !sub.body)
+                continue;
+            this.collectStateTaintAssignments(sub);
+        }
+    }
+    ['ContractDefinition:exit'](_node) {
+        this.currentContract = '';
+        this.hasVrfContext = false;
+        this.stateTaint.clear();
+        this.vrfDerivedStateVars.clear();
+        this.stateVarNames.clear();
+    }
+    FunctionDefinition(node) {
+        this.currentFunction = node.name || (node.isConstructor ? '<constructor>' : '<anonymous>');
+        this.currentFunctionNode = node;
+        this.locals.clear();
+        this.localBindings.clear();
+        this.vrfDerivedLocals.clear();
+        this.vrfCallbackParams.clear();
+        this.currentFunctionIsVrfCallback = Boolean(node.name) && VRF_CALLBACK_NAMES.has(node.name);
+        for (const param of node.parameters || []) {
+            if (param?.name)
+                this.localBindings.add(param.name);
+        }
+        if (this.currentFunctionIsVrfCallback) {
+            for (const param of node.parameters || []) {
+                if (param?.name)
+                    this.vrfCallbackParams.add(param.name);
+            }
+        }
+    }
+    ['FunctionDefinition:exit'](_node) {
+        this.currentFunction = '';
+        this.currentFunctionNode = null;
+        this.locals.clear();
+        this.localBindings.clear();
+        this.vrfDerivedLocals.clear();
+        this.vrfCallbackParams.clear();
+        this.currentFunctionIsVrfCallback = false;
+    }
+    VariableDeclarationStatement(node) {
+        if (!this.inFunction())
+            return;
+        const initial = node.initialValue;
+        const values = (0, ast_1.isNode)(initial, 'TupleExpression') ? (initial.components || []) : null;
+        const variables = node.variables || [];
+        for (let i = 0; i < variables.length; i++) {
+            const variable = variables[i];
+            const name = variable?.name;
+            if (!name)
+                continue;
+            this.localBindings.add(name);
+            const value = values ? values[i] : initial;
+            const taint = this.taintOf(value);
+            if (taint)
+                this.locals.set(name, taint);
+            else
+                this.locals.delete(name);
+            if (this.isVrfDerivedExpression(value))
+                this.vrfDerivedLocals.add(name);
+            else
+                this.vrfDerivedLocals.delete(name);
+        }
+    }
+    Assignment(node) {
+        this.observeAssignment(node);
+    }
+    BinaryOperation(node) {
+        if (this.isAssignmentNode(node))
+            this.observeAssignment(node);
+    }
+    observeAssignment(node) {
+        if (!this.inFunction())
+            return;
+        const taint = this.taintOf(node.right);
+        const vrfDerived = this.isVrfDerivedExpression(node.right);
+        const stateTargets = new Set(this.runtimeStateAssignmentTargets(node.left));
+        for (const name of stateTargets) {
+            if (taint)
+                this.stateTaint.set(name, taint);
+            if (vrfDerived) {
+                if (this.currentFunctionIsVrfCallback)
+                    this.vrfDerivedStateVars.add(name);
+            }
+            else if (this.currentFunctionIsVrfCallback) {
+                this.vrfDerivedStateVars.delete(name);
+            }
+        }
+        for (const name of this.assignmentTargets(node.left)) {
+            if (stateTargets.has(name))
+                continue;
+            if (taint)
+                this.locals.set(name, taint);
+            else
+                this.locals.delete(name);
+            if (vrfDerived) {
+                this.vrfDerivedLocals.add(name);
+                if (this.currentFunctionIsVrfCallback && this.stateVarNames.has(name)) {
+                    this.vrfDerivedStateVars.add(name);
+                }
+            }
+            else {
+                this.vrfDerivedLocals.delete(name);
+                if (this.currentFunctionIsVrfCallback && this.stateVarNames.has(name)) {
+                    this.vrfDerivedStateVars.delete(name);
+                }
+            }
+        }
+    }
+    IfStatement(node) {
+        if (this.isSecurityRandomnessExpression(node.condition)) {
+            this.addFinding(node.condition, 'control-flow branch');
+        }
+    }
+    Conditional(node) {
+        const condition = node.condition || node.expression;
+        if (this.isSecurityRandomnessExpression(condition)) {
+            this.addFinding(condition, 'ternary branch');
+        }
+    }
+    FunctionCall(node) {
+        if (!this.inFunction())
+            return;
+        const callee = this.callName(node.expression);
+        const args = node.arguments || [];
+        if (REQUIRE_CALLS.has(callee) && this.isSecurityRandomnessExpression(args[0])) {
+            this.addFinding(args[0] || node, 'require/assert gate');
+            return;
+        }
+        if (this.isValueTransferCall(node, callee) && this.valueTransferDependsOnRandomness(node)) {
+            this.addFinding(node, 'value-transfer decision');
+        }
+    }
+    IndexAccess(node) {
+        if (!this.inFunction())
+            return;
+        const taint = this.taintOf(node.index);
+        if (taint && (taint.hasModulo || taint.hashDerived || taint.hasStrongEntropySource)) {
+            this.addFinding(node.index || node, 'winner/index selection');
+        }
+    }
+    inFunction() {
+        return Boolean(this.currentFunction && this.currentFunctionNode);
+    }
+    hasVrfSignal(contract) {
+        for (const base of contract.baseContracts || []) {
+            const name = this.inheritanceName(base);
+            if (name.startsWith('VRFConsumerBase'))
+                return true;
+        }
+        let hasRequest = false;
+        let hasFulfill = false;
+        for (const sub of contract.subNodes || []) {
+            if (!(0, ast_1.isNode)(sub, 'FunctionDefinition'))
+                continue;
+            if (sub.name === 'requestRandomness' || sub.name === 'requestRandomWords')
+                hasRequest = true;
+            if (sub.name === 'fulfillRandomness' || sub.name === 'fulfillRandomWords')
+                hasFulfill = true;
+        }
+        return hasRequest && hasFulfill;
+    }
+    inheritanceName(base) {
+        const baseName = base?.baseName || base?.namePath || base;
+        if (typeof baseName === 'string')
+            return baseName;
+        if (typeof baseName?.namePath === 'string')
+            return baseName.namePath;
+        if (typeof baseName?.name === 'string')
+            return baseName.name;
+        return '';
+    }
+    isSecurityRandomnessExpression(expr) {
+        if (!expr)
+            return false;
+        if (this.isDeadlineCheck(expr))
+            return false;
+        const taint = this.taintOf(expr);
+        if (!taint)
+            return false;
+        return taint.hasModulo || taint.hashDerived || taint.hasSelection || taint.hasStrongEntropySource;
+    }
+    valueTransferDependsOnRandomness(node) {
+        const exprTaint = this.taintOf(node.expression);
+        if (exprTaint && (exprTaint.hasSelection || exprTaint.hasModulo || exprTaint.hashDerived))
+            return true;
+        for (const arg of node.arguments || []) {
+            const taint = this.taintOf(arg);
+            if (taint && (taint.hasModulo || taint.hashDerived || taint.hasSelection))
+                return true;
+        }
+        const optionTaint = this.taintOf(this.callOptions(node.expression));
+        return Boolean(optionTaint && (optionTaint.hasModulo || optionTaint.hashDerived || optionTaint.hasSelection));
+    }
+    isValueTransferCall(node, callee) {
+        if (TOKEN_SINKS.has(callee))
+            return true;
+        if (TRANSFER_MEMBERS.has(this.memberName(node.expression)))
+            return true;
+        return Boolean(callee === 'call' && this.callOptions(node.expression));
+    }
+    taintOf(node) {
+        if (!node || typeof node !== 'object')
+            return null;
+        if ((0, ast_1.isNode)(node, 'Identifier')) {
+            if (node.name === 'now')
+                return { ...EMPTY_TAINT };
+            if (this.localBindings.has(node.name))
+                return this.locals.get(node.name) || null;
+            if (this.stateVarNames.has(node.name))
+                return this.stateTaint.get(node.name) || null;
+            return null;
+        }
+        if ((0, ast_1.isNode)(node, 'MemberAccess') && this.isThisStateAccess(node)) {
+            return this.stateTaint.get(node.memberName) || null;
+        }
+        if (this.isPredictableSource(node)) {
+            return { ...EMPTY_TAINT, hasStrongEntropySource: this.isStrongEntropySource(node) };
+        }
+        if ((0, ast_1.isNode)(node, 'BinaryOperation')) {
+            const left = this.taintOf(node.left);
+            const right = this.taintOf(node.right);
+            const merged = this.merge(left, right);
+            if (!merged)
+                return null;
+            if (node.operator === '%')
+                merged.hasModulo = true;
+            if (this.isComparisonOperator(node.operator))
+                merged.hasComparison = true;
+            return merged;
+        }
+        if ((0, ast_1.isNode)(node, 'IndexAccess')) {
+            const base = this.taintOf(node.base);
+            const index = this.taintOf(node.index);
+            const merged = this.merge(base, index);
+            if (!merged)
+                return null;
+            if (index)
+                merged.hasSelection = true;
+            return merged;
+        }
+        if ((0, ast_1.isNode)(node, 'FunctionCall')) {
+            const callee = this.callName(node.expression);
+            const merged = this.taintFromChildren(node);
+            if (!merged)
+                return null;
+            if (HASH_OR_ENCODING_CALLS.has(callee))
+                merged.hashDerived = true;
+            return merged;
+        }
+        return this.taintFromChildren(node);
+    }
+    isPredictableSource(node) {
+        if (this.isCurrentBlockhashCall(node))
+            return false;
+        if ((0, ast_1.isNode)(node, 'FunctionCall') && this.callName(node.expression) === 'blockhash')
+            return true;
+        if ((0, ast_1.isNode)(node, 'FunctionCall') && this.callName(node.expression) === 'gasleft')
+            return true;
+        if (!(0, ast_1.isNode)(node, 'MemberAccess'))
+            return false;
+        if (!(0, ast_1.isNode)(node.expression, 'Identifier') || node.expression.name !== 'block')
+            return false;
+        return ['timestamp', 'number', 'prevrandao', 'difficulty', 'coinbase'].includes(node.memberName);
+    }
+    isCurrentBlockhashCall(node) {
+        if (!(0, ast_1.isNode)(node, 'FunctionCall'))
+            return false;
+        const callee = node.expression;
+        const isBlockhash = ((0, ast_1.isNode)(callee, 'Identifier') && callee.name === 'blockhash') ||
+            ((0, ast_1.isNode)(callee, 'MemberAccess') &&
+                callee.memberName === 'blockhash' &&
+                (0, ast_1.isNode)(callee.expression, 'Identifier') &&
+                callee.expression.name === 'block');
+        if (!isBlockhash)
+            return false;
+        const args = node.arguments || [];
+        if (args.length !== 1)
+            return false;
+        return this.isBlockNumber(this.unwrapParentheses(args[0]));
+    }
+    unwrapParentheses(node) {
+        let current = node;
+        while ((0, ast_1.isNode)(current, 'TupleExpression') && current.components?.length === 1) {
+            current = current.components[0];
+        }
+        return current;
+    }
+    isBlockNumber(node) {
+        return (0, ast_1.isNode)(node, 'MemberAccess') &&
+            node.memberName === 'number' &&
+            (0, ast_1.isNode)(node.expression, 'Identifier') &&
+            node.expression.name === 'block';
+    }
+    isStrongEntropySource(node) {
+        if ((0, ast_1.isNode)(node, 'FunctionCall')) {
+            const name = this.callName(node.expression);
+            return name === 'blockhash' || name === 'gasleft';
+        }
+        if (!(0, ast_1.isNode)(node, 'MemberAccess'))
+            return false;
+        return ['prevrandao', 'difficulty', 'coinbase'].includes(node.memberName);
+    }
+    // VRF outputs are safe entropy only when no predictable on-chain source is mixed in.
+    // Returns true when the expression is fully derived from recognised VRF outputs
+    // (callback params, VRF-derived locals, VRF-assigned state vars) and contains no
+    // block.*, blockhash(), or gasleft() input.
+    isVrfDerivedExpression(expr) {
+        if (!expr || typeof expr !== 'object')
+            return false;
+        if (this.containsPredictableSource(expr))
+            return false;
+        return this.referencesVrfOutput(expr);
+    }
+    containsPredictableSource(node) {
+        if (!node || typeof node !== 'object')
+            return false;
+        if (this.isPredictableSource(node))
+            return true;
+        let found = false;
+        this.forEachChild(node, child => {
+            if (found)
+                return;
+            if (this.containsPredictableSource(child))
+                found = true;
+        });
+        return found;
+    }
+    referencesVrfOutput(node) {
+        if (!node || typeof node !== 'object')
+            return false;
+        if ((0, ast_1.isNode)(node, 'Identifier')) {
+            return this.vrfCallbackParams.has(node.name) ||
+                this.vrfDerivedLocals.has(node.name) ||
+                this.vrfDerivedStateVars.has(node.name);
+        }
+        let found = false;
+        this.forEachChild(node, child => {
+            if (found)
+                return;
+            if (this.referencesVrfOutput(child))
+                found = true;
+        });
+        return found;
+    }
+    taintFromChildren(node) {
+        let out = null;
+        this.forEachChild(node, child => {
+            out = this.merge(out, this.taintOf(child));
+        });
+        return out;
+    }
+    merge(a, b) {
+        if (!a && !b)
+            return null;
+        return {
+            hasModulo: Boolean(a?.hasModulo || b?.hasModulo),
+            hasComparison: Boolean(a?.hasComparison || b?.hasComparison),
+            hashDerived: Boolean(a?.hashDerived || b?.hashDerived),
+            hasSelection: Boolean(a?.hasSelection || b?.hasSelection),
+            hasStrongEntropySource: Boolean(a?.hasStrongEntropySource || b?.hasStrongEntropySource),
+        };
+    }
+    assignmentTargets(node) {
+        if (!node || typeof node !== 'object')
+            return [];
+        if ((0, ast_1.isNode)(node, 'Identifier'))
+            return [node.name].filter(Boolean);
+        if ((0, ast_1.isNode)(node, 'MemberAccess') && this.isThisStateAccess(node))
+            return [node.memberName].filter(Boolean);
+        if ((0, ast_1.isNode)(node, 'TupleExpression')) {
+            return (node.components || []).flatMap((component) => this.assignmentTargets(component));
+        }
+        return [];
+    }
+    isAssignmentNode(node) {
+        return Boolean(node && typeof node === 'object' && ((0, ast_1.isNode)(node, 'Assignment') || (0, ast_1.isNode)(node, 'BinaryOperation')) && node.operator === '=');
+    }
+    runtimeStateAssignmentTargets(node) {
+        if (!node || typeof node !== 'object')
+            return [];
+        if ((0, ast_1.isNode)(node, 'MemberAccess') && this.isThisStateAccess(node))
+            return [node.memberName].filter(Boolean);
+        if ((0, ast_1.isNode)(node, 'Identifier') && this.stateVarNames.has(node.name) && !this.localBindings.has(node.name))
+            return [node.name];
+        if ((0, ast_1.isNode)(node, 'TupleExpression')) {
+            return (node.components || []).flatMap((component) => this.runtimeStateAssignmentTargets(component));
+        }
+        return [];
+    }
+    collectStateTaintAssignments(fn) {
+        const shadowed = new Set();
+        for (const param of fn.parameters || []) {
+            if (param?.name)
+                shadowed.add(param.name);
+        }
+        const walk = (node) => {
+            if (!node || typeof node !== 'object')
+                return;
+            if ((0, ast_1.isNode)(node, 'VariableDeclarationStatement')) {
+                for (const variable of node.variables || []) {
+                    if (variable?.name)
+                        shadowed.add(variable.name);
+                }
+            }
+            if (this.isAssignmentNode(node)) {
+                for (const name of this.prepassStateAssignmentTargets(node.left, shadowed)) {
+                    const taint = this.taintOf(node.right);
+                    if (taint)
+                        this.stateTaint.set(name, taint);
+                }
+            }
+            this.forEachChild(node, walk);
+        };
+        walk(fn.body);
+    }
+    prepassStateAssignmentTargets(node, shadowed) {
+        if (!node || typeof node !== 'object')
+            return [];
+        if ((0, ast_1.isNode)(node, 'MemberAccess') && this.isThisStateAccess(node))
+            return [node.memberName].filter(Boolean);
+        if ((0, ast_1.isNode)(node, 'Identifier') && this.stateVarNames.has(node.name) && !shadowed.has(node.name))
+            return [node.name];
+        if ((0, ast_1.isNode)(node, 'TupleExpression')) {
+            return (node.components || []).flatMap((component) => this.prepassStateAssignmentTargets(component, shadowed));
+        }
+        return [];
+    }
+    isThisStateAccess(node) {
+        return (0, ast_1.isNode)(node, 'MemberAccess') &&
+            (0, ast_1.isNode)(node.expression, 'Identifier') &&
+            node.expression.name === 'this' &&
+            this.stateVarNames.has(node.memberName);
+    }
+    isDeadlineCheck(expr) {
+        if (!(0, ast_1.isNode)(expr, 'BinaryOperation'))
+            return false;
+        if (expr.operator !== '<=' && expr.operator !== '<' && expr.operator !== '>=' && expr.operator !== '>')
+            return false;
+        return this.isTimestampOrNumber(expr.left) || this.isTimestampOrNumber(expr.right);
+    }
+    isTimestampOrNumber(node) {
+        return (0, ast_1.isNode)(node, 'MemberAccess') &&
+            (0, ast_1.isNode)(node.expression, 'Identifier') &&
+            node.expression.name === 'block' &&
+            (node.memberName === 'timestamp' || node.memberName === 'number');
+    }
+    isComparisonOperator(operator) {
+        return ['==', '!=', '<', '<=', '>', '>='].includes(operator);
+    }
+    callName(expr) {
+        if (!expr)
+            return '';
+        if ((0, ast_1.isNode)(expr, 'Identifier'))
+            return expr.name || '';
+        if ((0, ast_1.isNode)(expr, 'MemberAccess')) {
+            const base = this.callName(expr.expression);
+            return base ? `${base}.${expr.memberName}` : expr.memberName || '';
+        }
+        if ((0, ast_1.isNode)(expr, 'FunctionCallOptions'))
+            return this.callName(expr.expression);
+        return '';
+    }
+    memberName(expr) {
+        if ((0, ast_1.isNode)(expr, 'FunctionCallOptions'))
+            return this.memberName(expr.expression);
+        if ((0, ast_1.isNode)(expr, 'MemberAccess'))
+            return expr.memberName || '';
+        return '';
+    }
+    callOptions(expr) {
+        if ((0, ast_1.isNode)(expr, 'FunctionCallOptions'))
+            return expr.options || expr.names || expr.arguments || expr;
+        return null;
+    }
+    addFinding(node, site) {
+        if (!this.inFunction())
+            return;
+        if (this.isVrfDerivedExpression(node))
+            return;
+        const key = `${this.currentFile}:${this.currentContract}:${this.currentFunction}`;
+        if (this.reportedFunctions.has(key))
+            return;
+        this.reportedFunctions.add(key);
+        const loc = (0, ast_1.assertLoc)(node, this.currentFunctionNode);
+        const functionName = this.currentFunction || '<unknown>';
+        this.findings.push({
+            file: this.currentFile,
+            contract: this.currentContract,
+            'function': functionName,
+            line: loc.line,
+            endLine: loc.endLine,
+            column: loc.column,
+            endColumn: loc.endColumn,
+            pattern: RULE_ID,
+            confidence: 'high',
+            category: 'vulnerability',
+            ruleId: RULE_ID,
+            severity: 'high',
+            message: `Predictable on-chain randomness in function '${functionName}' reaches a ${site}. Use VRF, commit-reveal, or another unbiasable entropy source for security-sensitive outcomes.`,
+            contractName: this.currentContract,
+            functionName,
+            sourceLocation: { line: loc.line, column: loc.column },
+            findingId: '',
+            contractHash: '',
+        });
+    }
+    forEachChild(node, visit) {
+        if (!node || typeof node !== 'object')
+            return;
+        for (const [key, value] of Object.entries(node)) {
+            if (key === 'loc' || key === 'range' || key === 'src')
+                continue;
+            if (Array.isArray(value)) {
+                for (const item of value) {
+                    if (item && typeof item === 'object')
+                        visit(item);
+                }
+            }
+            else if (value && typeof value === 'object') {
+                visit(value);
+            }
+        }
+    }
+}
+exports.InsecureRandomnessDetector = InsecureRandomnessDetector;
+//# sourceMappingURL=insecure-randomness.js.map