@snovon/solast 0.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (738) hide show
  1. package/LICENSE +201 -0
  2. package/README.md +190 -0
  3. package/dist/api.d.ts +89 -0
  4. package/dist/api.js +33 -0
  5. package/dist/ast/resolve-return-names.d.ts +2 -0
  6. package/dist/ast/resolve-return-names.js +199 -0
  7. package/dist/ast/solc-walker.d.ts +17 -0
  8. package/dist/ast/solc-walker.js +497 -0
  9. package/dist/ast/storage-layout.d.ts +21 -0
  10. package/dist/ast/storage-layout.js +64 -0
  11. package/dist/cli.d.ts +65 -0
  12. package/dist/cli.js +755 -0
  13. package/dist/config.d.ts +9 -0
  14. package/dist/config.js +284 -0
  15. package/dist/dedup/files.d.ts +1 -0
  16. package/dist/dedup/files.js +74 -0
  17. package/dist/dedup/findings.d.ts +41 -0
  18. package/dist/dedup/findings.js +211 -0
  19. package/dist/detectors/_common/access-control.d.ts +204 -0
  20. package/dist/detectors/_common/access-control.js +377 -0
  21. package/dist/detectors/_common/ast.d.ts +139 -0
  22. package/dist/detectors/_common/ast.js +239 -0
  23. package/dist/detectors/_common/compiler-profile.d.ts +14 -0
  24. package/dist/detectors/_common/compiler-profile.js +66 -0
  25. package/dist/detectors/_common/dataflow.d.ts +75 -0
  26. package/dist/detectors/_common/dataflow.js +57 -0
  27. package/dist/detectors/_common/fhe.d.ts +7 -0
  28. package/dist/detectors/_common/fhe.js +40 -0
  29. package/dist/detectors/_common/integer-overflow-helpers.d.ts +58 -0
  30. package/dist/detectors/_common/integer-overflow-helpers.js +422 -0
  31. package/dist/detectors/_common/loop-call-stack.d.ts +9 -0
  32. package/dist/detectors/_common/loop-call-stack.js +132 -0
  33. package/dist/detectors/_common/oracle.d.ts +5 -0
  34. package/dist/detectors/_common/oracle.js +64 -0
  35. package/dist/detectors/_common/price-rate.d.ts +116 -0
  36. package/dist/detectors/_common/price-rate.js +446 -0
  37. package/dist/detectors/_common/source-text.d.ts +11 -0
  38. package/dist/detectors/_common/source-text.js +82 -0
  39. package/dist/detectors/_common/weighted-pool-invariant.d.ts +21 -0
  40. package/dist/detectors/_common/weighted-pool-invariant.js +105 -0
  41. package/dist/detectors/aave-v2-reentrancy.d.ts +7 -0
  42. package/dist/detectors/aave-v2-reentrancy.js +286 -0
  43. package/dist/detectors/access-control.d.ts +103 -0
  44. package/dist/detectors/access-control.js +983 -0
  45. package/dist/detectors/add-reentrancy-on-weth-contract.d.ts +7 -0
  46. package/dist/detectors/add-reentrancy-on-weth-contract.js +536 -0
  47. package/dist/detectors/ai-generated-randomness.d.ts +32 -0
  48. package/dist/detectors/ai-generated-randomness.js +239 -0
  49. package/dist/detectors/amm-spot-oracle-manipulation.d.ts +52 -0
  50. package/dist/detectors/amm-spot-oracle-manipulation.js +420 -0
  51. package/dist/detectors/analyzing-the-uniswap-v3-exploit.d.ts +26 -0
  52. package/dist/detectors/analyzing-the-uniswap-v3-exploit.js +279 -0
  53. package/dist/detectors/any-token-is-destroyed.d.ts +34 -0
  54. package/dist/detectors/any-token-is-destroyed.js +527 -0
  55. package/dist/detectors/anyswap-anytoken-permit-allowance-drain.d.ts +7 -0
  56. package/dist/detectors/anyswap-anytoken-permit-allowance-drain.js +524 -0
  57. package/dist/detectors/anyswap-insufficient-token-validation.d.ts +24 -0
  58. package/dist/detectors/anyswap-insufficient-token-validation.js +342 -0
  59. package/dist/detectors/approval-based-drain.d.ts +7 -0
  60. package/dist/detectors/approval-based-drain.js +772 -0
  61. package/dist/detectors/arbitrary-account-balance-transfer.d.ts +7 -0
  62. package/dist/detectors/arbitrary-account-balance-transfer.js +485 -0
  63. package/dist/detectors/arbitrary-address-spoofing-attack.d.ts +7 -0
  64. package/dist/detectors/arbitrary-address-spoofing-attack.js +444 -0
  65. package/dist/detectors/arbitrary-address-spoofing.d.ts +9 -0
  66. package/dist/detectors/arbitrary-address-spoofing.js +657 -0
  67. package/dist/detectors/arbitrary-call-error.d.ts +127 -0
  68. package/dist/detectors/arbitrary-call-error.js +1163 -0
  69. package/dist/detectors/arbitrary-call.d.ts +4 -0
  70. package/dist/detectors/arbitrary-call.js +11 -0
  71. package/dist/detectors/arbitrary-delegatecall-target.d.ts +35 -0
  72. package/dist/detectors/arbitrary-delegatecall-target.js +554 -0
  73. package/dist/detectors/arbitrary-recipient-no-access-control.d.ts +7 -0
  74. package/dist/detectors/arbitrary-recipient-no-access-control.js +638 -0
  75. package/dist/detectors/arbitrary-storage-proof-forgery.d.ts +35 -0
  76. package/dist/detectors/arbitrary-storage-proof-forgery.js +340 -0
  77. package/dist/detectors/arbitrary-transfer-from.d.ts +38 -0
  78. package/dist/detectors/arbitrary-transfer-from.js +339 -0
  79. package/dist/detectors/arbitrum-cross-chain-message-replay.d.ts +22 -0
  80. package/dist/detectors/arbitrum-cross-chain-message-replay.js +477 -0
  81. package/dist/detectors/avs-slashing-without-quorum-check.d.ts +50 -0
  82. package/dist/detectors/avs-slashing-without-quorum-check.js +386 -0
  83. package/dist/detectors/bad-debt-propagation.d.ts +13 -0
  84. package/dist/detectors/bad-debt-propagation.js +480 -0
  85. package/dist/detectors/bad-k-value-verification.d.ts +7 -0
  86. package/dist/detectors/bad-k-value-verification.js +512 -0
  87. package/dist/detectors/bad-randomness-zero-blockhash.d.ts +29 -0
  88. package/dist/detectors/bad-randomness-zero-blockhash.js +115 -0
  89. package/dist/detectors/balancer-flash-loan-manipulation.d.ts +33 -0
  90. package/dist/detectors/balancer-flash-loan-manipulation.js +178 -0
  91. package/dist/detectors/balancer-pause-guard.d.ts +33 -0
  92. package/dist/detectors/balancer-pause-guard.js +307 -0
  93. package/dist/detectors/balancer-weighted-pool-flash-loan.d.ts +42 -0
  94. package/dist/detectors/balancer-weighted-pool-flash-loan.js +275 -0
  95. package/dist/detectors/batch-transfer-overflow.d.ts +7 -0
  96. package/dist/detectors/batch-transfer-overflow.js +465 -0
  97. package/dist/detectors/beneficiary-validation.d.ts +7 -0
  98. package/dist/detectors/beneficiary-validation.js +696 -0
  99. package/dist/detectors/borrow-behalf-consent.d.ts +7 -0
  100. package/dist/detectors/borrow-behalf-consent.js +400 -0
  101. package/dist/detectors/break-continue-scope.d.ts +7 -0
  102. package/dist/detectors/break-continue-scope.js +194 -0
  103. package/dist/detectors/bridge-accounting-bypass.d.ts +65 -0
  104. package/dist/detectors/bridge-accounting-bypass.js +449 -0
  105. package/dist/detectors/bridge-business-logic-flaw-incorrect-acc.d.ts +43 -0
  106. package/dist/detectors/bridge-business-logic-flaw-incorrect-acc.js +394 -0
  107. package/dist/detectors/bridge-collateral-drain.d.ts +7 -0
  108. package/dist/detectors/bridge-collateral-drain.js +630 -0
  109. package/dist/detectors/bridge-forged-proof.d.ts +7 -0
  110. package/dist/detectors/bridge-forged-proof.js +754 -0
  111. package/dist/detectors/bridge-missing-message-nonce.d.ts +57 -0
  112. package/dist/detectors/bridge-missing-message-nonce.js +638 -0
  113. package/dist/detectors/bridge-swap-metapool-attack.d.ts +20 -0
  114. package/dist/detectors/bridge-swap-metapool-attack.js +230 -0
  115. package/dist/detectors/business-logic-flaw-flashloan-price-mani.d.ts +7 -0
  116. package/dist/detectors/business-logic-flaw-flashloan-price-mani.js +353 -0
  117. package/dist/detectors/business-logic-flaw-incorrect-recipient-balance.d.ts +7 -0
  118. package/dist/detectors/business-logic-flaw-incorrect-recipient-balance.js +403 -0
  119. package/dist/detectors/business-logic-flaw.d.ts +21 -0
  120. package/dist/detectors/business-logic-flaw.js +339 -0
  121. package/dist/detectors/business-logic.d.ts +17 -0
  122. package/dist/detectors/business-logic.js +22 -0
  123. package/dist/detectors/bypassed-insolvency-check.d.ts +30 -0
  124. package/dist/detectors/bypassed-insolvency-check.js +232 -0
  125. package/dist/detectors/bytecode-divergence-risk.d.ts +32 -0
  126. package/dist/detectors/bytecode-divergence-risk.js +150 -0
  127. package/dist/detectors/cache-array-length.d.ts +30 -0
  128. package/dist/detectors/cache-array-length.js +177 -0
  129. package/dist/detectors/cache-storage-reads.d.ts +46 -0
  130. package/dist/detectors/cache-storage-reads.js +323 -0
  131. package/dist/detectors/calldata-secret-access-control.d.ts +36 -0
  132. package/dist/detectors/calldata-secret-access-control.js +446 -0
  133. package/dist/detectors/capital-cross-contract-reentrancy.d.ts +34 -0
  134. package/dist/detectors/capital-cross-contract-reentrancy.js +481 -0
  135. package/dist/detectors/cartel-custom-approval-logic.d.ts +7 -0
  136. package/dist/detectors/cartel-custom-approval-logic.js +407 -0
  137. package/dist/detectors/ccip-receiver-missing-replay-guard.d.ts +22 -0
  138. package/dist/detectors/ccip-receiver-missing-replay-guard.js +413 -0
  139. package/dist/detectors/chain-coupling-risk.d.ts +8 -0
  140. package/dist/detectors/chain-coupling-risk.js +203 -0
  141. package/dist/detectors/chainlink-deprecated-function.d.ts +7 -0
  142. package/dist/detectors/chainlink-deprecated-function.js +205 -0
  143. package/dist/detectors/chainlink-tx-origin.d.ts +7 -0
  144. package/dist/detectors/chainlink-tx-origin.js +363 -0
  145. package/dist/detectors/check-effects-interactions.d.ts +39 -0
  146. package/dist/detectors/check-effects-interactions.js +783 -0
  147. package/dist/detectors/check-permit-missing-chainid.d.ts +27 -0
  148. package/dist/detectors/check-permit-missing-chainid.js +456 -0
  149. package/dist/detectors/classic-reentrancy.d.ts +93 -0
  150. package/dist/detectors/classic-reentrancy.js +645 -0
  151. package/dist/detectors/coinbase-morpho-wethloan-policy.d.ts +29 -0
  152. package/dist/detectors/coinbase-morpho-wethloan-policy.js +368 -0
  153. package/dist/detectors/compoundv2-inflation-attack.d.ts +7 -0
  154. package/dist/detectors/compoundv2-inflation-attack.js +675 -0
  155. package/dist/detectors/constructor-address-validation.d.ts +24 -0
  156. package/dist/detectors/constructor-address-validation.js +335 -0
  157. package/dist/detectors/constructor-interface-no-address-validation.d.ts +32 -0
  158. package/dist/detectors/constructor-interface-no-address-validation.js +283 -0
  159. package/dist/detectors/cross-chain-arbitrary-call.d.ts +7 -0
  160. package/dist/detectors/cross-chain-arbitrary-call.js +601 -0
  161. package/dist/detectors/cross-chain-input-validation.d.ts +31 -0
  162. package/dist/detectors/cross-chain-input-validation.js +347 -0
  163. package/dist/detectors/cross-chain-intent-replay.d.ts +38 -0
  164. package/dist/detectors/cross-chain-intent-replay.js +453 -0
  165. package/dist/detectors/cross-chain-intent-stale-resolution.d.ts +7 -0
  166. package/dist/detectors/cross-chain-intent-stale-resolution.js +463 -0
  167. package/dist/detectors/cross-chain-message-order-dependency.d.ts +8 -0
  168. package/dist/detectors/cross-chain-message-order-dependency.js +472 -0
  169. package/dist/detectors/cross-chain-message-replay.d.ts +8 -0
  170. package/dist/detectors/cross-chain-message-replay.js +568 -0
  171. package/dist/detectors/cross-chain-messaging.d.ts +7 -0
  172. package/dist/detectors/cross-chain-messaging.js +663 -0
  173. package/dist/detectors/cross-chain-msg-truncation.d.ts +7 -0
  174. package/dist/detectors/cross-chain-msg-truncation.js +453 -0
  175. package/dist/detectors/cross-chain-truncation.d.ts +7 -0
  176. package/dist/detectors/cross-chain-truncation.js +422 -0
  177. package/dist/detectors/cross-contract-integer-overflow.d.ts +76 -0
  178. package/dist/detectors/cross-contract-integer-overflow.js +554 -0
  179. package/dist/detectors/cross-contract-reentrancy-trusted-callee.d.ts +39 -0
  180. package/dist/detectors/cross-contract-reentrancy-trusted-callee.js +385 -0
  181. package/dist/detectors/cross-contract-reentrancy.d.ts +63 -0
  182. package/dist/detectors/cross-contract-reentrancy.js +631 -0
  183. package/dist/detectors/cross-function-reentrancy.d.ts +37 -0
  184. package/dist/detectors/cross-function-reentrancy.js +648 -0
  185. package/dist/detectors/cross-protocol-contagion.d.ts +20 -0
  186. package/dist/detectors/cross-protocol-contagion.js +445 -0
  187. package/dist/detectors/cross-protocol-oracle-collateral.d.ts +38 -0
  188. package/dist/detectors/cross-protocol-oracle-collateral.js +487 -0
  189. package/dist/detectors/cross-vm-reentrancy.d.ts +7 -0
  190. package/dist/detectors/cross-vm-reentrancy.js +484 -0
  191. package/dist/detectors/decimals-mismatch.d.ts +89 -0
  192. package/dist/detectors/decimals-mismatch.js +451 -0
  193. package/dist/detectors/deferred-state-update.d.ts +16 -0
  194. package/dist/detectors/deferred-state-update.js +35 -0
  195. package/dist/detectors/deflationary-token.d.ts +27 -0
  196. package/dist/detectors/deflationary-token.js +751 -0
  197. package/dist/detectors/delegate-transfer-unrestricted-caller.d.ts +44 -0
  198. package/dist/detectors/delegate-transfer-unrestricted-caller.js +410 -0
  199. package/dist/detectors/delegatecall-fallback-reentrancy-bypass.d.ts +14 -0
  200. package/dist/detectors/delegatecall-fallback-reentrancy-bypass.js +241 -0
  201. package/dist/detectors/delegatecall-in-loops.d.ts +7 -0
  202. package/dist/detectors/delegatecall-in-loops.js +129 -0
  203. package/dist/detectors/delegatecall-init-owner-mutator.d.ts +8 -0
  204. package/dist/detectors/delegatecall-init-owner-mutator.js +655 -0
  205. package/dist/detectors/delegatecall-init.d.ts +7 -0
  206. package/dist/detectors/delegatecall-init.js +769 -0
  207. package/dist/detectors/delegatecall-untrusted-implementation.d.ts +41 -0
  208. package/dist/detectors/delegatecall-untrusted-implementation.js +888 -0
  209. package/dist/detectors/delegated-authorization-bypass.d.ts +7 -0
  210. package/dist/detectors/delegated-authorization-bypass.js +370 -0
  211. package/dist/detectors/denial-of-service.d.ts +117 -0
  212. package/dist/detectors/denial-of-service.js +947 -0
  213. package/dist/detectors/division-before-multiplication.d.ts +7 -0
  214. package/dist/detectors/division-before-multiplication.js +303 -0
  215. package/dist/detectors/dn404-mirror-access-control.d.ts +26 -0
  216. package/dist/detectors/dn404-mirror-access-control.js +315 -0
  217. package/dist/detectors/doge-flashloan.d.ts +29 -0
  218. package/dist/detectors/doge-flashloan.js +329 -0
  219. package/dist/detectors/donate-inflation-exchangerate-roundin.d.ts +7 -0
  220. package/dist/detectors/donate-inflation-exchangerate-roundin.js +621 -0
  221. package/dist/detectors/donation-share-inflation.d.ts +24 -0
  222. package/dist/detectors/donation-share-inflation.js +466 -0
  223. package/dist/detectors/dont-let-eth-get-rekt.d.ts +84 -0
  224. package/dist/detectors/dont-let-eth-get-rekt.js +1151 -0
  225. package/dist/detectors/dos-unbounded-loop-external-call-revert.d.ts +37 -0
  226. package/dist/detectors/dos-unbounded-loop-external-call-revert.js +541 -0
  227. package/dist/detectors/eip1167-proxy-reentrancy.d.ts +7 -0
  228. package/dist/detectors/eip1167-proxy-reentrancy.js +508 -0
  229. package/dist/detectors/eip4626-vault-reentrancy.d.ts +32 -0
  230. package/dist/detectors/eip4626-vault-reentrancy.js +312 -0
  231. package/dist/detectors/eip5792-auth-replay.d.ts +45 -0
  232. package/dist/detectors/eip5792-auth-replay.js +519 -0
  233. package/dist/detectors/eip712-domain-separator.d.ts +42 -0
  234. package/dist/detectors/eip712-domain-separator.js +524 -0
  235. package/dist/detectors/eip712-signature-verification.d.ts +49 -0
  236. package/dist/detectors/eip712-signature-verification.js +689 -0
  237. package/dist/detectors/eip7702-auth-replay.d.ts +7 -0
  238. package/dist/detectors/eip7702-auth-replay.js +768 -0
  239. package/dist/detectors/eip7702-cross-chain-replay.d.ts +27 -0
  240. package/dist/detectors/eip7702-cross-chain-replay.js +307 -0
  241. package/dist/detectors/eip7702-delegated-eoa-approval-race.d.ts +39 -0
  242. package/dist/detectors/eip7702-delegated-eoa-approval-race.js +413 -0
  243. package/dist/detectors/eip7702-delegation-reentrancy.d.ts +21 -0
  244. package/dist/detectors/eip7702-delegation-reentrancy.js +705 -0
  245. package/dist/detectors/eip7702-delegation-risk.d.ts +7 -0
  246. package/dist/detectors/eip7702-delegation-risk.js +745 -0
  247. package/dist/detectors/eip7702-eoa-assumption.d.ts +57 -0
  248. package/dist/detectors/eip7702-eoa-assumption.js +461 -0
  249. package/dist/detectors/erc1155-batch-missing-per-id-approval.d.ts +23 -0
  250. package/dist/detectors/erc1155-batch-missing-per-id-approval.js +343 -0
  251. package/dist/detectors/erc1155-reentrancy.d.ts +31 -0
  252. package/dist/detectors/erc1155-reentrancy.js +217 -0
  253. package/dist/detectors/erc1271-stub-implementation.d.ts +21 -0
  254. package/dist/detectors/erc1271-stub-implementation.js +268 -0
  255. package/dist/detectors/erc20-safe-wrapper-return-unchecked.d.ts +43 -0
  256. package/dist/detectors/erc20-safe-wrapper-return-unchecked.js +368 -0
  257. package/dist/detectors/erc20-unchecked-non-standard-return.d.ts +55 -0
  258. package/dist/detectors/erc20-unchecked-non-standard-return.js +454 -0
  259. package/dist/detectors/erc2612-permit-frontrunning.d.ts +23 -0
  260. package/dist/detectors/erc2612-permit-frontrunning.js +246 -0
  261. package/dist/detectors/erc2771-context-spoofing.d.ts +41 -0
  262. package/dist/detectors/erc2771-context-spoofing.js +510 -0
  263. package/dist/detectors/erc4337-validation-storage-access.d.ts +35 -0
  264. package/dist/detectors/erc4337-validation-storage-access.js +232 -0
  265. package/dist/detectors/erc4626-totalassets-stub.d.ts +17 -0
  266. package/dist/detectors/erc4626-totalassets-stub.js +216 -0
  267. package/dist/detectors/erc6909-balance-overflow.d.ts +7 -0
  268. package/dist/detectors/erc6909-balance-overflow.js +688 -0
  269. package/dist/detectors/erc6909-operator-scope.d.ts +49 -0
  270. package/dist/detectors/erc6909-operator-scope.js +494 -0
  271. package/dist/detectors/erc721-unchecked-transfer.d.ts +38 -0
  272. package/dist/detectors/erc721-unchecked-transfer.js +364 -0
  273. package/dist/detectors/erc7579-module-install-without-threshold.d.ts +40 -0
  274. package/dist/detectors/erc7579-module-install-without-threshold.js +338 -0
  275. package/dist/detectors/erc7683-fill-validation.d.ts +53 -0
  276. package/dist/detectors/erc7683-fill-validation.js +758 -0
  277. package/dist/detectors/erc7683-intent-resolution.d.ts +7 -0
  278. package/dist/detectors/erc7683-intent-resolution.js +457 -0
  279. package/dist/detectors/erc777-callback-reentrancy.d.ts +8 -0
  280. package/dist/detectors/erc777-callback-reentrancy.js +439 -0
  281. package/dist/detectors/erc777-reentrancy.d.ts +7 -0
  282. package/dist/detectors/erc777-reentrancy.js +488 -0
  283. package/dist/detectors/erc777-tokens-to-send-reentrancy.d.ts +47 -0
  284. package/dist/detectors/erc777-tokens-to-send-reentrancy.js +674 -0
  285. package/dist/detectors/estuary-token-flaw.d.ts +16 -0
  286. package/dist/detectors/estuary-token-flaw.js +547 -0
  287. package/dist/detectors/euler-debt-token-manipulation.d.ts +32 -0
  288. package/dist/detectors/euler-debt-token-manipulation.js +347 -0
  289. package/dist/detectors/exploiting-a-vulnerability-in-curve-fina.d.ts +29 -0
  290. package/dist/detectors/exploiting-a-vulnerability-in-curve-fina.js +210 -0
  291. package/dist/detectors/fallback-delegatecall-reentrancy.d.ts +14 -0
  292. package/dist/detectors/fallback-delegatecall-reentrancy.js +236 -0
  293. package/dist/detectors/farm-business-logic-flaw-lack-of-access.d.ts +7 -0
  294. package/dist/detectors/farm-business-logic-flaw-lack-of-access.js +665 -0
  295. package/dist/detectors/fee-mechanism-exploitation.d.ts +20 -0
  296. package/dist/detectors/fee-mechanism-exploitation.js +400 -0
  297. package/dist/detectors/fee-on-transfer-balance-mismatch.d.ts +49 -0
  298. package/dist/detectors/fee-on-transfer-balance-mismatch.js +394 -0
  299. package/dist/detectors/fhe-encrypted-input-validation.d.ts +29 -0
  300. package/dist/detectors/fhe-encrypted-input-validation.js +210 -0
  301. package/dist/detectors/fhe-handle-leakage.d.ts +44 -0
  302. package/dist/detectors/fhe-handle-leakage.js +315 -0
  303. package/dist/detectors/fhe-oz-pattern-misuse.d.ts +26 -0
  304. package/dist/detectors/fhe-oz-pattern-misuse.js +311 -0
  305. package/dist/detectors/fhe-state-leakage.d.ts +8 -0
  306. package/dist/detectors/fhe-state-leakage.js +400 -0
  307. package/dist/detectors/fi-bridges.d.ts +33 -0
  308. package/dist/detectors/fi-bridges.js +428 -0
  309. package/dist/detectors/finance-access-control-price-oracle-man.d.ts +9 -0
  310. package/dist/detectors/finance-access-control-price-oracle-man.js +640 -0
  311. package/dist/detectors/finance-bridge-address0safetransferfrom.d.ts +8 -0
  312. package/dist/detectors/finance-bridge-address0safetransferfrom.js +574 -0
  313. package/dist/detectors/finance-business-logic-in-mint.d.ts +54 -0
  314. package/dist/detectors/finance-business-logic-in-mint.js +687 -0
  315. package/dist/detectors/finance-erc667-reentrancy.d.ts +7 -0
  316. package/dist/detectors/finance-erc667-reentrancy.js +509 -0
  317. package/dist/detectors/finance-flashloan-price-oracle-manipul.d.ts +7 -0
  318. package/dist/detectors/finance-flashloan-price-oracle-manipul.js +546 -0
  319. package/dist/detectors/finance-flashloan-reentrancy.d.ts +7 -0
  320. package/dist/detectors/finance-flashloan-reentrancy.js +547 -0
  321. package/dist/detectors/finance-swap-metapool-attack.d.ts +19 -0
  322. package/dist/detectors/finance-swap-metapool-attack.js +321 -0
  323. package/dist/detectors/flashloan-price-manipulation.d.ts +7 -0
  324. package/dist/detectors/flashloan-price-manipulation.js +950 -0
  325. package/dist/detectors/flashloan-reentrancy-rari.d.ts +28 -0
  326. package/dist/detectors/flashloan-reentrancy-rari.js +577 -0
  327. package/dist/detectors/flashloan-reentrancy.d.ts +7 -0
  328. package/dist/detectors/flashloan-reentrancy.js +383 -0
  329. package/dist/detectors/flashloan-token-migrate.d.ts +7 -0
  330. package/dist/detectors/flashloan-token-migrate.js +274 -0
  331. package/dist/detectors/force-fed-eth-state-corruption.d.ts +32 -0
  332. package/dist/detectors/force-fed-eth-state-corruption.js +293 -0
  333. package/dist/detectors/free-mint-bug.d.ts +41 -0
  334. package/dist/detectors/free-mint-bug.js +483 -0
  335. package/dist/detectors/front-running-orderbook-state-update.d.ts +37 -0
  336. package/dist/detectors/front-running-orderbook-state-update.js +471 -0
  337. package/dist/detectors/front-running-shared-collateral-write.d.ts +41 -0
  338. package/dist/detectors/front-running-shared-collateral-write.js +508 -0
  339. package/dist/detectors/fusion-v1-settlement-arbitrary-yul-calld.d.ts +30 -0
  340. package/dist/detectors/fusion-v1-settlement-arbitrary-yul-calld.js +354 -0
  341. package/dist/detectors/generalized-frontrunning.d.ts +7 -0
  342. package/dist/detectors/generalized-frontrunning.js +836 -0
  343. package/dist/detectors/governance-flash-loan.d.ts +62 -0
  344. package/dist/detectors/governance-flash-loan.js +452 -0
  345. package/dist/detectors/governance-flashloan-vote.d.ts +41 -0
  346. package/dist/detectors/governance-flashloan-vote.js +272 -0
  347. package/dist/detectors/halborn-security-report-aave-v3.d.ts +6 -0
  348. package/dist/detectors/halborn-security-report-aave-v3.js +357 -0
  349. package/dist/detectors/incorrect-access-control.d.ts +26 -0
  350. package/dist/detectors/incorrect-access-control.js +328 -0
  351. package/dist/detectors/incorrect-burn-accounting.d.ts +10 -0
  352. package/dist/detectors/incorrect-burn-accounting.js +387 -0
  353. package/dist/detectors/incorrect-dividends-calculation.d.ts +27 -0
  354. package/dist/detectors/incorrect-dividends-calculation.js +524 -0
  355. package/dist/detectors/incorrect-dividends.d.ts +27 -0
  356. package/dist/detectors/incorrect-dividends.js +485 -0
  357. package/dist/detectors/incorrect-input-validation.d.ts +23 -0
  358. package/dist/detectors/incorrect-input-validation.js +312 -0
  359. package/dist/detectors/incorrect-signature-verification.d.ts +26 -0
  360. package/dist/detectors/incorrect-signature-verification.js +530 -0
  361. package/dist/detectors/infinite-loop.d.ts +7 -0
  362. package/dist/detectors/infinite-loop.js +440 -0
  363. package/dist/detectors/infinite-number-of-loans.d.ts +13 -0
  364. package/dist/detectors/infinite-number-of-loans.js +565 -0
  365. package/dist/detectors/inheritance-override.d.ts +26 -0
  366. package/dist/detectors/inheritance-override.js +320 -0
  367. package/dist/detectors/initialization-access-control.d.ts +8 -0
  368. package/dist/detectors/initialization-access-control.js +659 -0
  369. package/dist/detectors/insecure-randomness.d.ts +73 -0
  370. package/dist/detectors/insecure-randomness.js +610 -0
  371. package/dist/detectors/insufficient-access-control-trusted-param.d.ts +39 -0
  372. package/dist/detectors/insufficient-access-control-trusted-param.js +356 -0
  373. package/dist/detectors/insufficient-dvn-threshold.d.ts +32 -0
  374. package/dist/detectors/insufficient-dvn-threshold.js +585 -0
  375. package/dist/detectors/integer-overflow-detector.d.ts +45 -0
  376. package/dist/detectors/integer-overflow-detector.js +284 -0
  377. package/dist/detectors/integer-overflow.d.ts +95 -0
  378. package/dist/detectors/integer-overflow.js +344 -0
  379. package/dist/detectors/integer-underflow.d.ts +7 -0
  380. package/dist/detectors/integer-underflow.js +422 -0
  381. package/dist/detectors/intent-settlement-balance-manipulation.d.ts +22 -0
  382. package/dist/detectors/intent-settlement-balance-manipulation.js +548 -0
  383. package/dist/detectors/l1-to-l2-message-reentrancy.d.ts +7 -0
  384. package/dist/detectors/l1-to-l2-message-reentrancy.js +545 -0
  385. package/dist/detectors/l2-withdrawal-validation.d.ts +8 -0
  386. package/dist/detectors/l2-withdrawal-validation.js +303 -0
  387. package/dist/detectors/lack-of-access-control.d.ts +7 -0
  388. package/dist/detectors/lack-of-access-control.js +425 -0
  389. package/dist/detectors/lack-of-calldata-validation.d.ts +16 -0
  390. package/dist/detectors/lack-of-calldata-validation.js +914 -0
  391. package/dist/detectors/lack-of-input-validation-reentrancy.d.ts +7 -0
  392. package/dist/detectors/lack-of-input-validation-reentrancy.js +637 -0
  393. package/dist/detectors/lack-of-slippage-control.d.ts +7 -0
  394. package/dist/detectors/lack-of-slippage-control.js +513 -0
  395. package/dist/detectors/lack-of-slippage-protection.d.ts +7 -0
  396. package/dist/detectors/lack-of-slippage-protection.js +474 -0
  397. package/dist/detectors/lack-of-validation-data.d.ts +23 -0
  398. package/dist/detectors/lack-of-validation-data.js +391 -0
  399. package/dist/detectors/lack-of-validation-pool.d.ts +7 -0
  400. package/dist/detectors/lack-of-validation-pool.js +492 -0
  401. package/dist/detectors/lack-of-validation-userdata.d.ts +7 -0
  402. package/dist/detectors/lack-of-validation-userdata.js +583 -0
  403. package/dist/detectors/lack-of-validation.d.ts +27 -0
  404. package/dist/detectors/lack-of-validation.js +609 -0
  405. package/dist/detectors/layerzero-dvn-quorum-missing.d.ts +22 -0
  406. package/dist/detectors/layerzero-dvn-quorum-missing.js +464 -0
  407. package/dist/detectors/layerzero-v2-unverified-origin.d.ts +40 -0
  408. package/dist/detectors/layerzero-v2-unverified-origin.js +368 -0
  409. package/dist/detectors/liquidation-accounting-desync.d.ts +14 -0
  410. package/dist/detectors/liquidation-accounting-desync.js +145 -0
  411. package/dist/detectors/liquidation-gain-manipulation.d.ts +42 -0
  412. package/dist/detectors/liquidation-gain-manipulation.js +606 -0
  413. package/dist/detectors/liquidation-price-rounding-advantage.d.ts +26 -0
  414. package/dist/detectors/liquidation-price-rounding-advantage.js +283 -0
  415. package/dist/detectors/liquidity-poisoning.d.ts +25 -0
  416. package/dist/detectors/liquidity-poisoning.js +339 -0
  417. package/dist/detectors/loans-malicious-proposal-price-oracle.d.ts +44 -0
  418. package/dist/detectors/loans-malicious-proposal-price-oracle.js +813 -0
  419. package/dist/detectors/logic-flaw.d.ts +186 -0
  420. package/dist/detectors/logic-flaw.js +3356 -0
  421. package/dist/detectors/manipulation-of-funds.d.ts +31 -0
  422. package/dist/detectors/manipulation-of-funds.js +304 -0
  423. package/dist/detectors/merkl-unsafe-claim-callback.d.ts +22 -0
  424. package/dist/detectors/merkl-unsafe-claim-callback.js +94 -0
  425. package/dist/detectors/mev-boost-timestamp.d.ts +7 -0
  426. package/dist/detectors/mev-boost-timestamp.js +318 -0
  427. package/dist/detectors/mev-merge-exploit.d.ts +29 -0
  428. package/dist/detectors/mev-merge-exploit.js +397 -0
  429. package/dist/detectors/mev-sandwich-vulnerability.d.ts +24 -0
  430. package/dist/detectors/mev-sandwich-vulnerability.js +648 -0
  431. package/dist/detectors/mev-slot-manipulation.d.ts +36 -0
  432. package/dist/detectors/mev-slot-manipulation.js +691 -0
  433. package/dist/detectors/mevbot-insufficient-validation.d.ts +48 -0
  434. package/dist/detectors/mevbot-insufficient-validation.js +574 -0
  435. package/dist/detectors/migration-rebalance-without-bound.d.ts +7 -0
  436. package/dist/detectors/migration-rebalance-without-bound.js +514 -0
  437. package/dist/detectors/mint-hardcoded-asset-parity.d.ts +31 -0
  438. package/dist/detectors/mint-hardcoded-asset-parity.js +356 -0
  439. package/dist/detectors/miscalculation-on-spendallowance.d.ts +7 -0
  440. package/dist/detectors/miscalculation-on-spendallowance.js +188 -0
  441. package/dist/detectors/misconfiguration.d.ts +27 -0
  442. package/dist/detectors/misconfiguration.js +410 -0
  443. package/dist/detectors/missing-access-control-caller-supplied-auth.d.ts +7 -0
  444. package/dist/detectors/missing-access-control-caller-supplied-auth.js +550 -0
  445. package/dist/detectors/missing-access-control-receiver-payout.d.ts +7 -0
  446. package/dist/detectors/missing-access-control-receiver-payout.js +460 -0
  447. package/dist/detectors/missing-access-control-role-or-transferfrom.d.ts +7 -0
  448. package/dist/detectors/missing-access-control-role-or-transferfrom.js +663 -0
  449. package/dist/detectors/missing-access-control.d.ts +19 -0
  450. package/dist/detectors/missing-access-control.js +781 -0
  451. package/dist/detectors/missing-sequencer-uptime-check.d.ts +30 -0
  452. package/dist/detectors/missing-sequencer-uptime-check.js +348 -0
  453. package/dist/detectors/missing-storage-gap.d.ts +19 -0
  454. package/dist/detectors/missing-storage-gap.js +193 -0
  455. package/dist/detectors/missing-swap-deadline-slippage.d.ts +31 -0
  456. package/dist/detectors/missing-swap-deadline-slippage.js +231 -0
  457. package/dist/detectors/missing-zk-proof-verification.d.ts +60 -0
  458. package/dist/detectors/missing-zk-proof-verification.js +547 -0
  459. package/dist/detectors/my-experience-with-yearn-finance.d.ts +7 -0
  460. package/dist/detectors/my-experience-with-yearn-finance.js +552 -0
  461. package/dist/detectors/network-bridge-ronin.d.ts +7 -0
  462. package/dist/detectors/network-bridge-ronin.js +408 -0
  463. package/dist/detectors/network-bridge.d.ts +7 -0
  464. package/dist/detectors/network-bridge.js +444 -0
  465. package/dist/detectors/network-underflow.d.ts +7 -0
  466. package/dist/detectors/network-underflow.js +517 -0
  467. package/dist/detectors/nft-denial-of-service.d.ts +7 -0
  468. package/dist/detectors/nft-denial-of-service.js +223 -0
  469. package/dist/detectors/nft-marketplace-order-reentrancy.d.ts +7 -0
  470. package/dist/detectors/nft-marketplace-order-reentrancy.js +427 -0
  471. package/dist/detectors/nft-token-standard-access-control.d.ts +7 -0
  472. package/dist/detectors/nft-token-standard-access-control.js +455 -0
  473. package/dist/detectors/oracle-manipulation-amm-spot-price.d.ts +42 -0
  474. package/dist/detectors/oracle-manipulation-amm-spot-price.js +321 -0
  475. package/dist/detectors/oracle-manipulation-liquidity-withdrawal.d.ts +27 -0
  476. package/dist/detectors/oracle-manipulation-liquidity-withdrawal.js +192 -0
  477. package/dist/detectors/oracle-manipulation.d.ts +90 -0
  478. package/dist/detectors/oracle-manipulation.js +1023 -0
  479. package/dist/detectors/oracle-vortex-manipulation.d.ts +30 -0
  480. package/dist/detectors/oracle-vortex-manipulation.js +473 -0
  481. package/dist/detectors/overpriced-asset-in-oracle.d.ts +41 -0
  482. package/dist/detectors/overpriced-asset-in-oracle.js +420 -0
  483. package/dist/detectors/oz-access-control-roles.d.ts +33 -0
  484. package/dist/detectors/oz-access-control-roles.js +359 -0
  485. package/dist/detectors/pair-manipulation-transfer-hook.d.ts +38 -0
  486. package/dist/detectors/pair-manipulation-transfer-hook.js +366 -0
  487. package/dist/detectors/parameter-access-control.d.ts +47 -0
  488. package/dist/detectors/parameter-access-control.js +511 -0
  489. package/dist/detectors/parameter-manipulation.d.ts +7 -0
  490. package/dist/detectors/parameter-manipulation.js +505 -0
  491. package/dist/detectors/parity-multisig-delegatecall.d.ts +7 -0
  492. package/dist/detectors/parity-multisig-delegatecall.js +707 -0
  493. package/dist/detectors/permissionless-claim-amm-spot-pricing.d.ts +7 -0
  494. package/dist/detectors/permissionless-claim-amm-spot-pricing.js +351 -0
  495. package/dist/detectors/permit-future-dated-deadline.d.ts +31 -0
  496. package/dist/detectors/permit-future-dated-deadline.js +339 -0
  497. package/dist/detectors/phishing-attack-bybit.d.ts +37 -0
  498. package/dist/detectors/phishing-attack-bybit.js +513 -0
  499. package/dist/detectors/post-insolvency-check.d.ts +7 -0
  500. package/dist/detectors/post-insolvency-check.js +277 -0
  501. package/dist/detectors/precision-loss-vulnerability.d.ts +7 -0
  502. package/dist/detectors/precision-loss-vulnerability.js +472 -0
  503. package/dist/detectors/precision-truncation.d.ts +8 -0
  504. package/dist/detectors/precision-truncation.js +425 -0
  505. package/dist/detectors/price-dependency-veth.d.ts +41 -0
  506. package/dist/detectors/price-dependency-veth.js +588 -0
  507. package/dist/detectors/price-feed-verification.d.ts +7 -0
  508. package/dist/detectors/price-feed-verification.js +557 -0
  509. package/dist/detectors/price-manipulation-reentrancy.d.ts +32 -0
  510. package/dist/detectors/price-manipulation-reentrancy.js +445 -0
  511. package/dist/detectors/price-manipulation-via-reentranc.d.ts +7 -0
  512. package/dist/detectors/price-manipulation-via-reentranc.js +569 -0
  513. package/dist/detectors/price-oracle-manipulation.d.ts +25 -0
  514. package/dist/detectors/price-oracle-manipulation.js +530 -0
  515. package/dist/detectors/project-instant-rewards-unlocked.d.ts +6 -0
  516. package/dist/detectors/project-instant-rewards-unlocked.js +462 -0
  517. package/dist/detectors/protocol-reentrancy.d.ts +7 -0
  518. package/dist/detectors/protocol-reentrancy.js +457 -0
  519. package/dist/detectors/proxy-init-race.d.ts +11 -0
  520. package/dist/detectors/proxy-init-race.js +634 -0
  521. package/dist/detectors/proxy-storage-slot-collision.d.ts +7 -0
  522. package/dist/detectors/proxy-storage-slot-collision.js +135 -0
  523. package/dist/detectors/public-internal-function.d.ts +39 -0
  524. package/dist/detectors/public-internal-function.js +233 -0
  525. package/dist/detectors/quote-silent-zero.d.ts +25 -0
  526. package/dist/detectors/quote-silent-zero.js +156 -0
  527. package/dist/detectors/readonly-reentrancy.d.ts +9 -0
  528. package/dist/detectors/readonly-reentrancy.js +108 -0
  529. package/dist/detectors/receipt-redemption-missing-validation.d.ts +31 -0
  530. package/dist/detectors/receipt-redemption-missing-validation.js +453 -0
  531. package/dist/detectors/reentrancy-balance.d.ts +36 -0
  532. package/dist/detectors/reentrancy-balance.js +577 -0
  533. package/dist/detectors/reentrancy-business-logic-game.d.ts +36 -0
  534. package/dist/detectors/reentrancy-business-logic-game.js +616 -0
  535. package/dist/detectors/reentrancy-on-sell-nft.d.ts +23 -0
  536. package/dist/detectors/reentrancy-on-sell-nft.js +510 -0
  537. package/dist/detectors/reflection-token-balance-desync.d.ts +28 -0
  538. package/dist/detectors/reflection-token-balance-desync.js +246 -0
  539. package/dist/detectors/registry-engine.d.ts +34 -0
  540. package/dist/detectors/registry-engine.js +388 -0
  541. package/dist/detectors/rollup-unvalidated-state-update.d.ts +35 -0
  542. package/dist/detectors/rollup-unvalidated-state-update.js +286 -0
  543. package/dist/detectors/s-horizon-bridge-private-key-compromis.d.ts +8 -0
  544. package/dist/detectors/s-horizon-bridge-private-key-compromis.js +615 -0
  545. package/dist/detectors/share-price-manipulation.d.ts +7 -0
  546. package/dist/detectors/share-price-manipulation.js +653 -0
  547. package/dist/detectors/signature-replay.d.ts +30 -0
  548. package/dist/detectors/signature-replay.js +367 -0
  549. package/dist/detectors/simpleswap-unverified-approval.d.ts +27 -0
  550. package/dist/detectors/simpleswap-unverified-approval.js +198 -0
  551. package/dist/detectors/single-spot-oracle-collateral-valuation.d.ts +22 -0
  552. package/dist/detectors/single-spot-oracle-collateral-valuation.js +419 -0
  553. package/dist/detectors/skim-token-balance.d.ts +7 -0
  554. package/dist/detectors/skim-token-balance.js +788 -0
  555. package/dist/detectors/sky-oft-governance-payload.d.ts +7 -0
  556. package/dist/detectors/sky-oft-governance-payload.js +515 -0
  557. package/dist/detectors/sky-oft-governance-truncation.d.ts +32 -0
  558. package/dist/detectors/sky-oft-governance-truncation.js +377 -0
  559. package/dist/detectors/solana-evm-bridge-truncation.d.ts +7 -0
  560. package/dist/detectors/solana-evm-bridge-truncation.js +638 -0
  561. package/dist/detectors/solhint-unchecked-low-level-call.d.ts +74 -0
  562. package/dist/detectors/solhint-unchecked-low-level-call.js +463 -0
  563. package/dist/detectors/stablecoin-pair-spot-oracle.d.ts +7 -0
  564. package/dist/detectors/stablecoin-pair-spot-oracle.js +364 -0
  565. package/dist/detectors/staked-rate-as-oracle.d.ts +44 -0
  566. package/dist/detectors/staked-rate-as-oracle.js +497 -0
  567. package/dist/detectors/stale-oracle.d.ts +63 -0
  568. package/dist/detectors/stale-oracle.js +649 -0
  569. package/dist/detectors/starkware-proof-validation-gap.d.ts +18 -0
  570. package/dist/detectors/starkware-proof-validation-gap.js +629 -0
  571. package/dist/detectors/steth-transfer-reentrancy.d.ts +8 -0
  572. package/dist/detectors/steth-transfer-reentrancy.js +317 -0
  573. package/dist/detectors/storage-collision-malicious-proposal.d.ts +27 -0
  574. package/dist/detectors/storage-collision-malicious-proposal.js +386 -0
  575. package/dist/detectors/timestamp-manipulation.d.ts +49 -0
  576. package/dist/detectors/timestamp-manipulation.js +383 -0
  577. package/dist/detectors/token-access-control.d.ts +7 -0
  578. package/dist/detectors/token-access-control.js +544 -0
  579. package/dist/detectors/token-incorrect-signature-verification.d.ts +23 -0
  580. package/dist/detectors/token-incorrect-signature-verification.js +434 -0
  581. package/dist/detectors/token-transfer-logic-flaw.d.ts +33 -0
  582. package/dist/detectors/token-transfer-logic-flaw.js +267 -0
  583. package/dist/detectors/transfer-double-debit-pool-recipient.d.ts +7 -0
  584. package/dist/detectors/transfer-double-debit-pool-recipient.js +542 -0
  585. package/dist/detectors/treasury-reentrancy.d.ts +7 -0
  586. package/dist/detectors/treasury-reentrancy.js +442 -0
  587. package/dist/detectors/tstore-poison.d.ts +32 -0
  588. package/dist/detectors/tstore-poison.js +417 -0
  589. package/dist/detectors/tstore-race-condition.d.ts +7 -0
  590. package/dist/detectors/tstore-race-condition.js +632 -0
  591. package/dist/detectors/types.d.ts +85 -0
  592. package/dist/detectors/types.js +20 -0
  593. package/dist/detectors/unauthorized-payer-transferfrom.d.ts +66 -0
  594. package/dist/detectors/unauthorized-payer-transferfrom.js +339 -0
  595. package/dist/detectors/unauthorized-transferfrom-shell.d.ts +7 -0
  596. package/dist/detectors/unauthorized-transferfrom-shell.js +504 -0
  597. package/dist/detectors/unauthorized-transferfrom.d.ts +16 -0
  598. package/dist/detectors/unauthorized-transferfrom.js +838 -0
  599. package/dist/detectors/unbound-zk-verifier-input.d.ts +7 -0
  600. package/dist/detectors/unbound-zk-verifier-input.js +445 -0
  601. package/dist/detectors/unbounded-share-price-collateral-oracle.d.ts +48 -0
  602. package/dist/detectors/unbounded-share-price-collateral-oracle.js +566 -0
  603. package/dist/detectors/uncapped-reward-emission.d.ts +7 -0
  604. package/dist/detectors/uncapped-reward-emission.js +493 -0
  605. package/dist/detectors/unchecked-call-forwarding.d.ts +31 -0
  606. package/dist/detectors/unchecked-call-forwarding.js +330 -0
  607. package/dist/detectors/unchecked-external-call-unconditional-state-mutation.d.ts +18 -0
  608. package/dist/detectors/unchecked-external-call-unconditional-state-mutation.js +311 -0
  609. package/dist/detectors/unchecked-external-call.d.ts +66 -0
  610. package/dist/detectors/unchecked-external-call.js +389 -0
  611. package/dist/detectors/unchecked-oft-return.d.ts +13 -0
  612. package/dist/detectors/unchecked-oft-return.js +118 -0
  613. package/dist/detectors/unguarded-governance-execution.d.ts +35 -0
  614. package/dist/detectors/unguarded-governance-execution.js +422 -0
  615. package/dist/detectors/unguarded-governance-executor.d.ts +35 -0
  616. package/dist/detectors/unguarded-governance-executor.js +349 -0
  617. package/dist/detectors/unindexed-event-address.d.ts +7 -0
  618. package/dist/detectors/unindexed-event-address.js +268 -0
  619. package/dist/detectors/uninitialized-implementation.d.ts +27 -0
  620. package/dist/detectors/uninitialized-implementation.js +333 -0
  621. package/dist/detectors/uninitialized-storage-pointer.d.ts +7 -0
  622. package/dist/detectors/uninitialized-storage-pointer.js +110 -0
  623. package/dist/detectors/uniswap-skim-token-balance-attack.d.ts +8 -0
  624. package/dist/detectors/uniswap-skim-token-balance-attack.js +331 -0
  625. package/dist/detectors/uniswap-v4-hook-state-manipulation.d.ts +7 -0
  626. package/dist/detectors/uniswap-v4-hook-state-manipulation.js +296 -0
  627. package/dist/detectors/unprotected-admin-or-fund-sink.d.ts +7 -0
  628. package/dist/detectors/unprotected-admin-or-fund-sink.js +643 -0
  629. package/dist/detectors/unprotected-dex-swap.d.ts +43 -0
  630. package/dist/detectors/unprotected-dex-swap.js +334 -0
  631. package/dist/detectors/unprotected-initializer.d.ts +7 -0
  632. package/dist/detectors/unprotected-initializer.js +707 -0
  633. package/dist/detectors/unprotected-pair-initializer.d.ts +22 -0
  634. package/dist/detectors/unprotected-pair-initializer.js +359 -0
  635. package/dist/detectors/unprotected-upgrade-function.d.ts +7 -0
  636. package/dist/detectors/unprotected-upgrade-function.js +180 -0
  637. package/dist/detectors/unreachable-code-0.8.28.d.ts +19 -0
  638. package/dist/detectors/unreachable-code-0.8.28.js +206 -0
  639. package/dist/detectors/unsafe-proxy-storage.d.ts +7 -0
  640. package/dist/detectors/unsafe-proxy-storage.js +436 -0
  641. package/dist/detectors/unsafe-transient-storage.d.ts +7 -0
  642. package/dist/detectors/unsafe-transient-storage.js +1052 -0
  643. package/dist/detectors/unsafe-tx-origin.d.ts +9 -0
  644. package/dist/detectors/unsafe-tx-origin.js +179 -0
  645. package/dist/detectors/unsigned-validity-window.d.ts +20 -0
  646. package/dist/detectors/unsigned-validity-window.js +220 -0
  647. package/dist/detectors/unvalidated-interface-address.d.ts +25 -0
  648. package/dist/detectors/unvalidated-interface-address.js +377 -0
  649. package/dist/detectors/uups-uninitialized-storage.d.ts +9 -0
  650. package/dist/detectors/uups-uninitialized-storage.js +366 -0
  651. package/dist/detectors/v2-error-k-value-attack.d.ts +33 -0
  652. package/dist/detectors/v2-error-k-value-attack.js +276 -0
  653. package/dist/detectors/v2-k-invariant-bypass.d.ts +33 -0
  654. package/dist/detectors/v2-k-invariant-bypass.js +283 -0
  655. package/dist/detectors/v4-hook-reentrancy.d.ts +9 -0
  656. package/dist/detectors/v4-hook-reentrancy.js +488 -0
  657. package/dist/detectors/vault-inflation-rounding.d.ts +23 -0
  658. package/dist/detectors/vault-inflation-rounding.js +477 -0
  659. package/dist/detectors/vault-share-price-manipulation.d.ts +7 -0
  660. package/dist/detectors/vault-share-price-manipulation.js +332 -0
  661. package/dist/detectors/vortex-interaction-guard.d.ts +45 -0
  662. package/dist/detectors/vortex-interaction-guard.js +275 -0
  663. package/dist/detectors/vortex-protocol-reentrancy-guard.d.ts +27 -0
  664. package/dist/detectors/vortex-protocol-reentrancy-guard.js +408 -0
  665. package/dist/detectors/vulnerable-price-dependency.d.ts +41 -0
  666. package/dist/detectors/vulnerable-price-dependency.js +473 -0
  667. package/dist/detectors/weak-random-mint.d.ts +37 -0
  668. package/dist/detectors/weak-random-mint.js +271 -0
  669. package/dist/detectors/withdraw-be-to-withdraw.d.ts +26 -0
  670. package/dist/detectors/withdraw-be-to-withdraw.js +329 -0
  671. package/dist/detectors/wrong-function-visibility.d.ts +29 -0
  672. package/dist/detectors/wrong-function-visibility.js +147 -0
  673. package/dist/detectors/wrong-price-calculation.d.ts +42 -0
  674. package/dist/detectors/wrong-price-calculation.js +387 -0
  675. package/dist/detectors/yearn-vault-v2-share-price-manipulation.d.ts +32 -0
  676. package/dist/detectors/yearn-vault-v2-share-price-manipulation.js +248 -0
  677. package/dist/detectors/zero-fee.d.ts +7 -0
  678. package/dist/detectors/zero-fee.js +596 -0
  679. package/dist/detectors/zetachain-gateway-hack-analysis.d.ts +7 -0
  680. package/dist/detectors/zetachain-gateway-hack-analysis.js +629 -0
  681. package/dist/detectors/zk-rollup-da-gap.d.ts +8 -0
  682. package/dist/detectors/zk-rollup-da-gap.js +322 -0
  683. package/dist/detectors/zksync-batch-validation.d.ts +8 -0
  684. package/dist/detectors/zksync-batch-validation.js +461 -0
  685. package/dist/detectors/zksync-era-rollup-state-update.d.ts +60 -0
  686. package/dist/detectors/zksync-era-rollup-state-update.js +360 -0
  687. package/dist/detectors/zksync-simulation-drift.d.ts +35 -0
  688. package/dist/detectors/zksync-simulation-drift.js +309 -0
  689. package/dist/exit-codes.d.ts +15 -0
  690. package/dist/exit-codes.js +18 -0
  691. package/dist/formatters/github-actions.d.ts +2 -0
  692. package/dist/formatters/github-actions.js +61 -0
  693. package/dist/formatters/sarif.d.ts +24 -0
  694. package/dist/formatters/sarif.js +670 -0
  695. package/dist/formatters/text.d.ts +14 -0
  696. package/dist/formatters/text.js +152 -0
  697. package/dist/fp-rates.json +70 -0
  698. package/dist/identity/diff-baseline.d.ts +16 -0
  699. package/dist/identity/diff-baseline.js +152 -0
  700. package/dist/identity/hashing.d.ts +39 -0
  701. package/dist/identity/hashing.js +96 -0
  702. package/dist/index.d.ts +174 -0
  703. package/dist/index.js +358 -0
  704. package/dist/parallel-scan.d.ts +66 -0
  705. package/dist/parallel-scan.js +227 -0
  706. package/dist/registry.d.ts +17 -0
  707. package/dist/registry.js +118 -0
  708. package/dist/rules/glob.d.ts +5 -0
  709. package/dist/rules/glob.js +76 -0
  710. package/dist/rules/suppressions.d.ts +23 -0
  711. package/dist/rules/suppressions.js +136 -0
  712. package/dist/rules/tiers.d.ts +23 -0
  713. package/dist/rules/tiers.js +341 -0
  714. package/dist/scan-worker.d.ts +1 -0
  715. package/dist/scan-worker.js +61 -0
  716. package/dist/scan.d.ts +24 -0
  717. package/dist/scan.js +558 -0
  718. package/dist/semantic/contracts.d.ts +10 -0
  719. package/dist/semantic/contracts.js +141 -0
  720. package/dist/semantic/diagnostics.d.ts +29 -0
  721. package/dist/semantic/diagnostics.js +25 -0
  722. package/dist/semantic/eog.d.ts +56 -0
  723. package/dist/semantic/eog.js +545 -0
  724. package/dist/semantic/imports.d.ts +88 -0
  725. package/dist/semantic/imports.js +246 -0
  726. package/dist/semantic/index.d.ts +2 -0
  727. package/dist/semantic/index.js +8 -0
  728. package/dist/semantic/inheritance.d.ts +33 -0
  729. package/dist/semantic/inheritance.js +137 -0
  730. package/dist/semantic/model.d.ts +95 -0
  731. package/dist/semantic/model.js +232 -0
  732. package/dist/semantic/taint-tracker.d.ts +49 -0
  733. package/dist/semantic/taint-tracker.js +410 -0
  734. package/dist/semantic/types.d.ts +119 -0
  735. package/dist/semantic/types.js +18 -0
  736. package/dist/severity.d.ts +10 -0
  737. package/dist/severity.js +78 -0
  738. package/package.json +52 -0
package/dist/detectors/any-token-is-destroyed.js ADDED
@@ -0,0 +1,527 @@
1
+ "use strict";
2
+ Object.defineProperty(exports, "__esModule", { value: true });
3
+ exports.AnyTokenIsDestroyedDetector = void 0;
4
+ const ast_1 = require("./_common/ast");
5
+ const access_control_1 = require("./_common/access-control");
6
+ const RULE_ID = 'any-token-is-destroyed';
7
+ const ALLOWANCE_HELPERS = new Set(['_spendallowance', 'spendallowance', '_approve']);
8
+ class AnyTokenIsDestroyedDetector {
9
+ id = RULE_ID;
10
+ patternKey = RULE_ID;
11
+ supportedAstKinds = ['parser'];
12
+ scanAst(ast, file) {
13
+ if (!ast || ast.type !== 'SourceUnit')
14
+ return [];
15
+ const findings = [];
16
+ for (const contract of ast.children || []) {
17
+ if (contract?.type !== 'ContractDefinition')
18
+ continue;
19
+ const contractName = contract.name || '<anonymous>';
20
+ for (const fn of contract.subNodes || []) {
21
+ if (fn?.type !== 'FunctionDefinition')
22
+ continue;
23
+ const functionName = fn.name || '';
24
+ if (!fn.body)
25
+ continue;
26
+ if (!this.isExternallyCallable(fn))
27
+ continue;
28
+ if (!this.isEligibleBurnFunction(fn, functionName))
29
+ continue;
30
+ if (this.hasAccessControlModifier(fn) || this.hasInlineAccessControlGuard(fn) || this.hasReentrancyGuard(fn))
31
+ continue;
32
+ const fromParam = this.findFromParameter(fn);
33
+ if (!fromParam)
34
+ continue;
35
+ const aliases = this.collectAliases(fn.body);
36
+ const burnInfo = this.findBurnOfFromParam(fn.body, fromParam, aliases);
37
+ if (!burnInfo)
38
+ continue;
39
+ const vuln = this.checkVulnerability(fn.body, fromParam, burnInfo, fn.body);
40
+ if (!vuln)
41
+ continue;
42
+ findings.push({
43
+ file,
44
+ contract: contractName,
45
+ 'function': functionName,
46
+ line: vuln.line,
47
+ endLine: vuln.endLine,
48
+ column: vuln.column,
49
+ pattern: RULE_ID,
50
+ confidence: 'high',
51
+ ruleId: RULE_ID,
52
+ severity: 'high',
53
+ message: vuln.message,
54
+ contractName,
55
+ functionName,
56
+ sourceLocation: { line: vuln.line, column: vuln.column },
57
+ findingId: '',
58
+ contractHash: '',
59
+ });
60
+ }
61
+ }
62
+ return findings;
63
+ }
64
+ findFromParameter(fn) {
65
+ for (const param of fn.parameters || []) {
66
+ if (param?.name && /from|account|target|user/i.test(param.name)) {
67
+ return param.name;
68
+ }
69
+ }
70
+ return null;
71
+ }
72
+ isEligibleBurnFunction(fn, functionName) {
73
+ if (functionName === 'burn') {
74
+ return this.isExactAccountBurn(fn);
75
+ }
76
+ return /burnFrom|destroy|liquidate/i.test(functionName);
77
+ }
78
+ isExactAccountBurn(fn) {
79
+ const params = fn.parameters || [];
80
+ if (params.length !== 2)
81
+ return false;
82
+ const [accountParam] = params;
83
+ if (!accountParam?.name || !/^(account|user)$/i.test(accountParam.name))
84
+ return false;
85
+ const typeName = this.getTypeName(accountParam.typeName);
86
+ return typeName === 'address';
87
+ }
88
+ getTypeName(typeNode) {
89
+ if (!typeNode)
90
+ return '';
91
+ if (typeof typeNode.name === 'string')
92
+ return typeNode.name;
93
+ if (typeof typeNode.type === 'string' && typeNode.type === 'ElementaryTypeName') {
94
+ return typeNode.name || '';
95
+ }
96
+ if (typeof typeNode.namePath === 'string')
97
+ return typeNode.namePath;
98
+ return '';
99
+ }
100
+ isExternallyCallable(fn) {
101
+ return fn.visibility !== 'internal' && fn.visibility !== 'private';
102
+ }
103
+ findBurnOfFromParam(body, fromParam, aliases) {
104
+ let result = null;
105
+ this.walk(body, node => {
106
+ if (result)
107
+ return;
108
+ if (this.isBalanceDecrementOf(node, fromParam, aliases)) {
109
+ result = node;
110
+ }
111
+ });
112
+ return result;
113
+ }
114
+ isBalanceDecrementOf(node, param, aliases) {
115
+ if (!node || typeof node !== 'object')
116
+ return false;
117
+ if (node.type === 'BinaryOperation' && (node.operator === '-=' || node.operator === '=')) {
118
+ const left = node.left;
119
+ if (left?.type === 'IndexAccess') {
120
+ const base = left.base;
121
+ if (base?.type === 'Identifier' && /balance/i.test(base.name)) {
122
+ const index = left.index;
123
+ if (index?.type === 'Identifier' && this.identifierResolvesTo(index.name, param, aliases))
124
+ return true;
125
+ }
126
+ }
127
+ }
128
+ if (node.type === 'FunctionCall') {
129
+ const callee = this.getCalleeName(node.expression);
130
+ if (callee === '_burn' || callee === 'burn') {
131
+ const firstArg = node.arguments?.[0];
132
+ if (firstArg?.type === 'Identifier' && this.identifierResolvesTo(firstArg.name, param, aliases))
133
+ return true;
134
+ }
135
+ }
136
+ return false;
137
+ }
138
+ identifierResolvesTo(name, target, aliases) {
139
+ if (name === target)
140
+ return true;
141
+ const seen = new Set();
142
+ let cur = name;
143
+ while (cur && !seen.has(cur)) {
144
+ seen.add(cur);
145
+ const next = aliases.get(cur);
146
+ if (!next)
147
+ return false;
148
+ if (next === target)
149
+ return true;
150
+ if (next === '__indexAccess' || next === '__other')
151
+ return false;
152
+ cur = next;
153
+ }
154
+ return false;
155
+ }
156
+ collectAliases(body) {
157
+ const aliases = new Map();
158
+ this.walk(body, node => {
159
+ if (node.type === 'VariableDeclarationStatement') {
160
+ const initialValue = node.initialValue;
161
+ for (const variable of node.variables || []) {
162
+ if (variable?.name) {
163
+ if (initialValue?.type === 'Identifier') {
164
+ aliases.set(variable.name, initialValue.name);
165
+ }
166
+ else if (initialValue?.type === 'IndexAccess') {
167
+ aliases.set(variable.name, '__indexAccess');
168
+ }
169
+ else if (initialValue) {
170
+ aliases.set(variable.name, '__other');
171
+ }
172
+ }
173
+ }
174
+ }
175
+ else if (node.type === 'Assignment' && node.operator === '=') {
176
+ const left = node.left;
177
+ if (left?.type === 'Identifier' && node.right) {
178
+ if (node.right.type === 'Identifier') {
179
+ aliases.set(left.name, node.right.name);
180
+ }
181
+ else if (node.right.type === 'IndexAccess') {
182
+ aliases.set(left.name, '__indexAccess');
183
+ }
184
+ else {
185
+ aliases.set(left.name, '__other');
186
+ }
187
+ }
188
+ }
189
+ });
190
+ return aliases;
191
+ }
192
+ checkVulnerability(body, fromParam, burnNode, rootBody) {
193
+ const analysis = this.analyzeFunctionBody(rootBody, fromParam);
194
+ if (analysis.reversedAllowanceLookups.length > 0) {
195
+ const node = analysis.reversedAllowanceLookups[0].node;
196
+ const { line, endLine, column } = (0, ast_1.assertLoc)(node);
197
+ return {
198
+ line, endLine, column,
199
+ message: 'Reversed allowance indices: allowances[msg.sender][from] instead of allowances[from][msg.sender] allows attacker to self-approve and burn arbitrary holder tokens.',
200
+ };
201
+ }
202
+ const safeHelperCall = analysis.callsSafeAllowanceHelper;
203
+ if (safeHelperCall)
204
+ return null;
205
+ const hasCorrectCheck = analysis.correctAllowanceLookups.length > 0;
206
+ if (hasCorrectCheck)
207
+ return null;
208
+ if (analysis.allowanceLookups.length > 0) {
209
+ return null;
210
+ }
211
+ if (this.hasMsgSenderEqualityGuard(rootBody, fromParam)) {
212
+ return null;
213
+ }
214
+ const { line, endLine, column } = (0, ast_1.assertLoc)(burnNode);
215
+ return {
216
+ line, endLine, column,
217
+ message: 'Unguarded third-party burn: externally callable function burns tokens of a caller-supplied address with no allowance check or access control.',
218
+ };
219
+ }
220
+ hasMsgSenderEqualityGuard(body, fromParam) {
221
+ let found = false;
222
+ this.walk(body, node => {
223
+ if (found)
224
+ return;
225
+ if (node.type === 'FunctionCall') {
226
+ const callee = this.getCalleeName(node.expression);
227
+ if ((callee === 'require' || callee === 'assert') && node.arguments?.length > 0) {
228
+ const arg = node.arguments[0];
229
+ if (this.isMsgSenderEqualsParamGuard(arg, fromParam)) {
230
+ found = true;
231
+ }
232
+ }
233
+ }
234
+ });
235
+ return found;
236
+ }
237
+ isMsgSenderEqualsParamGuard(node, param) {
238
+ if (!node || node.type !== 'BinaryOperation')
239
+ return false;
240
+ const op = node.operator;
241
+ if (op !== '==' && op !== '===' && op !== '!=' && op !== '!==')
242
+ return false;
243
+ const { left, right } = node;
244
+ const isLeftParam = left?.type === 'Identifier' && left.name === param;
245
+ const isRightParam = right?.type === 'Identifier' && right.name === param;
246
+ const isLeftMsgSender = this.isMsgSender(left);
247
+ const isRightMsgSender = this.isMsgSender(right);
248
+ return (isLeftParam && isRightMsgSender) || (isRightParam && isLeftMsgSender);
249
+ }
250
+ analyzeFunctionBody(body, fromParam) {
251
+ const allowanceLookups = [];
252
+ const reversedAllowanceLookups = [];
253
+ const correctAllowanceLookups = [];
254
+ let callsSafeAllowanceHelper = false;
255
+ const varAliases = new Map();
256
+ const addReversed = (node) => {
257
+ reversedAllowanceLookups.push({ node });
258
+ allowanceLookups.push(node);
259
+ };
260
+ const addCorrect = (node) => {
261
+ correctAllowanceLookups.push({ node });
262
+ allowanceLookups.push(node);
263
+ };
264
+ const addLookup = (node) => {
265
+ allowanceLookups.push(node);
266
+ };
267
+ const visitor = (node) => {
268
+ if (node.type === 'VariableDeclarationStatement') {
269
+ const initialValue = node.initialValue;
270
+ for (const variable of node.variables || []) {
271
+ if (variable?.name) {
272
+ if (initialValue?.type === 'Identifier') {
273
+ varAliases.set(variable.name, initialValue.name);
274
+ }
275
+ else if (initialValue?.type === 'IndexAccess') {
276
+ varAliases.set(variable.name, '__indexAccess');
277
+ }
278
+ else {
279
+ varAliases.set(variable.name, '__other');
280
+ }
281
+ }
282
+ }
283
+ if (initialValue?.type === 'IndexAccess') {
284
+ this.processAllowanceIndexAccess(initialValue, fromParam, addReversed, addCorrect, addLookup, varAliases);
285
+ }
286
+ return;
287
+ }
288
+ if (node.type === 'Assignment' && node.operator === '=') {
289
+ const left = node.left;
290
+ if (left?.type === 'Identifier' && node.right) {
291
+ if (node.right.type === 'Identifier') {
292
+ varAliases.set(left.name, node.right.name);
293
+ }
294
+ else if (node.right.type === 'IndexAccess') {
295
+ varAliases.set(left.name, '__indexAccess');
296
+ }
297
+ else {
298
+ varAliases.set(left.name, '__other');
299
+ }
300
+ }
301
+ if (left?.type === 'IndexAccess') {
302
+ this.processAllowanceIndexAccess(left, fromParam, addReversed, addCorrect, addLookup, varAliases);
303
+ }
304
+ return;
305
+ }
306
+ if (node.type === 'BinaryOperation' && (node.operator === '-=' || node.operator === '=')) {
307
+ const left = node.left;
308
+ if (left?.type === 'IndexAccess') {
309
+ this.processAllowanceIndexAccess(left, fromParam, addReversed, addCorrect, addLookup, varAliases);
310
+ }
311
+ return;
312
+ }
313
+ if (node.type === 'FunctionCall') {
314
+ const callee = this.getCalleeName(node.expression);
315
+ if ((callee === 'require' || callee === 'assert') && node.arguments?.length > 0) {
316
+ this.findAllowanceInRequireExpr(node.arguments[0], fromParam, varAliases, addReversed, addCorrect, addLookup);
317
+ }
318
+ if (ALLOWANCE_HELPERS.has(callee.toLowerCase())) {
319
+ const args = node.arguments || [];
320
+ if (args.length >= 2) {
321
+ const firstArg = args[0];
322
+ const secondArg = args[1];
323
+ const firstIsFrom = this.exprIsParam(firstArg, fromParam, varAliases);
324
+ const secondIsMsgSender = this.isMsgSenderOrEquivalent(secondArg);
325
+ if (firstIsFrom && secondIsMsgSender) {
326
+ callsSafeAllowanceHelper = true;
327
+ }
328
+ }
329
+ }
330
+ return;
331
+ }
332
+ if (node.type === 'IndexAccess') {
333
+ this.processAllowanceIndexAccess(node, fromParam, addReversed, addCorrect, addLookup, varAliases);
334
+ return;
335
+ }
336
+ };
337
+ this.walk(body, visitor);
338
+ return { allowanceLookups, reversedAllowanceLookups, correctAllowanceLookups, callsSafeAllowanceHelper };
339
+ }
340
+ exprIsParam(expr, param, aliases) {
341
+ if (!expr)
342
+ return false;
343
+ if (expr.type === 'Identifier') {
344
+ if (expr.name === param)
345
+ return true;
346
+ const alias = aliases.get(expr.name);
347
+ return alias === param;
348
+ }
349
+ return false;
350
+ }
351
+ processAllowanceIndexAccess(node, fromParam, onReversed, onCorrect, onLookup, aliases) {
352
+ if (!node || node.type !== 'IndexAccess')
353
+ return;
354
+ const base = node.base;
355
+ if (base?.type === 'Identifier' && /allowances?/i.test(base.name)) {
356
+ onLookup(node);
357
+ if (node.index?.type === 'MemberAccess' && this.isMsgSender(node.index)) {
358
+ onCorrect(node);
359
+ }
360
+ return;
361
+ }
362
+ if (base?.type === 'IndexAccess') {
363
+ const outerIndex = base.index;
364
+ const innerBase = base.base;
365
+ if (outerIndex?.type === 'MemberAccess' && this.isMsgSender(outerIndex) && innerBase?.type === 'Identifier' && /allowances?/i.test(innerBase.name)) {
366
+ const innerIndex = node.index;
367
+ const effectiveOwner = this.resolveParam(innerIndex, aliases);
368
+ if (effectiveOwner != null && effectiveOwner === fromParam) {
369
+ onReversed(node);
370
+ return;
371
+ }
372
+ }
373
+ if (innerBase?.type === 'Identifier' && /allowances?/i.test(innerBase.name)) {
374
+ if (outerIndex?.type === 'Identifier') {
375
+ const effectiveOuter = this.resolveParam(outerIndex, aliases);
376
+ if (effectiveOuter != null && effectiveOuter === fromParam) {
377
+ if (node.index?.type === 'MemberAccess' && this.isMsgSender(node.index)) {
378
+ onCorrect(node);
379
+ return;
380
+ }
381
+ }
382
+ }
383
+ this.processAllowanceIndexAccess(base, fromParam, onReversed, onCorrect, onLookup, aliases);
384
+ return;
385
+ }
386
+ this.processAllowanceIndexAccess(base, fromParam, onReversed, onCorrect, onLookup, aliases);
387
+ return;
388
+ }
389
+ }
390
+ resolveParam(expr, aliases) {
391
+ if (!expr)
392
+ return null;
393
+ if (expr.type === 'Identifier') {
394
+ const alias = aliases.get(expr.name);
395
+ return alias || expr.name;
396
+ }
397
+ return null;
398
+ }
399
+ findAllowanceInRequireExpr(expr, fromParam, aliases, onReversed, onCorrect, onLookup) {
400
+ if (!expr || typeof expr !== 'object')
401
+ return;
402
+ if (expr.type === 'Identifier') {
403
+ const alias = aliases.get(expr.name);
404
+ if (alias === '__indexAccess') {
405
+ return;
406
+ }
407
+ return;
408
+ }
409
+ if (expr.type === 'IndexAccess') {
410
+ this.processAllowanceIndexAccess(expr, fromParam, onReversed, onCorrect, onLookup, aliases);
411
+ return;
412
+ }
413
+ if (expr.type === 'BinaryOperation') {
414
+ this.findAllowanceInRequireExpr(expr.left, fromParam, aliases, onReversed, onCorrect, onLookup);
415
+ this.findAllowanceInRequireExpr(expr.right, fromParam, aliases, onReversed, onCorrect, onLookup);
416
+ return;
417
+ }
418
+ if (expr.type === 'FunctionCall') {
419
+ for (const arg of expr.arguments || []) {
420
+ this.findAllowanceInRequireExpr(arg, fromParam, aliases, onReversed, onCorrect, onLookup);
421
+ }
422
+ return;
423
+ }
424
+ }
425
+ hasAccessControlModifier(fn) {
426
+ if ((0, access_control_1.hasRecognisedAccessControlModifier)(fn))
427
+ return true;
428
+ for (const modifier of fn.modifiers || []) {
429
+ const name = this.getModifierName(modifier).toLowerCase();
430
+ if (name === 'onlyowner' || name === 'onlyrole' || name.includes('admin'))
431
+ return true;
432
+ }
433
+ return false;
434
+ }
435
+ hasInlineAccessControlGuard(fn) {
436
+ let found = false;
437
+ this.walk(fn.body, node => {
438
+ if (found || node.type !== 'FunctionCall')
439
+ return;
440
+ const callee = this.getCalleeName(node.expression);
441
+ if ((callee !== 'require' && callee !== 'assert') || !node.arguments?.length)
442
+ return;
443
+ if ((0, access_control_1.requireExpressesAccessControl)(node.arguments[0], this.isPrivilegedBurnAuthorityName)) {
444
+ found = true;
445
+ }
446
+ });
447
+ return found;
448
+ }
449
+ isPrivilegedBurnAuthorityName(name) {
450
+ return (0, access_control_1.isPrivilegedIdentifier)(name, {
451
+ keywords: ['owner', 'admin', 'role', 'guardian', 'governor', 'operator', 'authority', 'authorized', 'controller'],
452
+ });
453
+ }
454
+ hasReentrancyGuard(fn) {
455
+ for (const modifier of fn.modifiers || []) {
456
+ const name = this.getModifierName(modifier).toLowerCase();
457
+ if (name === 'nonreentrant' || name.includes('reentrancyguard'))
458
+ return true;
459
+ }
460
+ return false;
461
+ }
462
+ getModifierName(modifier) {
463
+ if (!modifier)
464
+ return '';
465
+ if (typeof modifier === 'string')
466
+ return modifier;
467
+ if (typeof modifier.name === 'string')
468
+ return modifier.name;
469
+ if (modifier.name && typeof modifier.name === 'object') {
470
+ if (typeof modifier.name.name === 'string')
471
+ return modifier.name.name;
472
+ if (typeof modifier.name.namePath === 'string')
473
+ return modifier.name.namePath;
474
+ }
475
+ return '';
476
+ }
477
+ isMsgSender(node) {
478
+ return node?.type === 'MemberAccess' &&
479
+ node.memberName === 'sender' &&
480
+ node.expression?.type === 'Identifier' &&
481
+ node.expression.name === 'msg';
482
+ }
483
+ isMsgSenderOrEquivalent(node) {
484
+ if (this.isMsgSender(node))
485
+ return true;
486
+ if (node?.type === 'FunctionCall') {
487
+ const callee = this.getCalleeName(node.expression);
488
+ if (callee === '_msgSender')
489
+ return true;
490
+ }
491
+ return false;
492
+ }
493
+ getCalleeName(expr) {
494
+ if (!expr)
495
+ return '';
496
+ if (expr.type === 'Identifier')
497
+ return expr.name || '';
498
+ if (expr.type === 'MemberAccess')
499
+ return expr.memberName || '';
500
+ if (expr.type === 'NameValueExpression')
501
+ return this.getCalleeName(expr.expression);
502
+ return '';
503
+ }
504
+ walk(node, visitor) {
505
+ if (!node || typeof node !== 'object')
506
+ return;
507
+ visitor(node);
508
+ for (const child of this.childNodes(node))
509
+ this.walk(child, visitor);
510
+ }
511
+ childNodes(node) {
512
+ const children = [];
513
+ for (const [key, value] of Object.entries(node)) {
514
+ if (typeof value === 'object' && value !== null) {
515
+ if (Array.isArray(value)) {
516
+ children.push(...value.filter((item) => item && typeof item === 'object'));
517
+ }
518
+ else {
519
+ children.push(value);
520
+ }
521
+ }
522
+ }
523
+ return children;
524
+ }
525
+ }
526
+ exports.AnyTokenIsDestroyedDetector = AnyTokenIsDestroyedDetector;
527
+ //# sourceMappingURL=any-token-is-destroyed.js.map
package/dist/detectors/anyswap-anytoken-permit-allowance-drain.d.ts ADDED
@@ -0,0 +1,7 @@
1
+ import type { ScanResult } from '../index';
2
+ export declare class AnyswapAnytokenPermitAllowanceDrainDetector {
3
+ readonly id = "anyswap-anytoken-permit-allowance-drain";
4
+ readonly patternKey = "anyswap-anytoken-permit-allowance-drain";
5
+ readonly supportedAstKinds: ("parser" | "solc")[];
6
+ scanAst(ast: any, file: string, sourceText?: string): ScanResult[];
7
+ }