@snovon/solast 0.2.0

package/dist/detectors/liquidation-gain-manipulation.js

@@ -0,0 +1,606 @@
+"use strict";
+// Pattern source: samczsun "i, thoughts on the LUSD exploit"
+// (https://samczsun.com) + Liquity public Trove / StabilityPool docs.
+// Detects liquidation / redemption / stability-pool paths whose
+// per-user accounting (debt, collateral, snapshot, reward, gain) can
+// be skipped, reordered, or read stale because per-user state writes
+// are reachable only inside a branch, an external transfer fires
+// before the paired accounting write, or a snapshot/index variable
+// is read for gain-math before being updated in the same function.
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.LiquidationGainManipulationDetector = void 0;
+const ast_1 = require("./_common/ast");
+const access_control_1 = require("./_common/access-control");
+const RULE_ID = 'liquidation-gain-manipulation';
+const NAME_HINT_RE = /^(liquidate|redeem|offset|apply|batch|close|absorb|repay|seize|settle|withdraw)/i;
+const ACCOUNTING_FIELD_RE = /^(debt|coll|stake|snapshot|gain|reward|borrowed|margin|entry|cumulative|deposit|position|account)/i;
+const SNAPSHOT_INDEX_RE = /(index|snapshot|reward|cumulative|epoch|rate|accumul)/i;
+const LIQUIDATION_GUARD_KEYWORDS = [
+    'owner', 'admin', 'role', 'operator', 'guardian', 'governor',
+    'liquidator', 'authorized', 'authorised', 'manager', 'whitelist',
+    'allow', 'keeper', 'auth', 'permitted', 'permission',
+];
+const isLiquidationGuardName = (name) => {
+    if (!name)
+        return false;
+    const lower = name.toLowerCase();
+    return LIQUIDATION_GUARD_KEYWORDS.some((k) => lower.includes(k));
+};
+const LOW_LEVEL_CALL_MEMBERS = new Set(['call', 'delegatecall', 'send', 'transfer']);
+const VALUE_BEARING_MEMBERS = new Set([
+    'transfer', 'transferfrom', 'send',
+    'safetransfer', 'safetransferfrom',
+    'mint', 'burn',
+    'sendvalue',
+]);
+const BUILTIN_BASES = new Set([
+    'msg', 'block', 'tx', 'abi', 'super', 'this', 'address', 'payable',
+    'type', 'bytes', 'string', 'keccak256', 'sha256', 'ripemd160', 'ecrecover',
+    'assert', 'require', 'revert', 'gasleft',
+]);
+class LiquidationGainManipulationDetector {
+    id = RULE_ID;
+    patternKey = RULE_ID;
+    supportedAstKinds = ['parser'];
+    descriptor = {
+        id: RULE_ID,
+        shortDescription: 'Liquidation, redemption, or stability-pool path mutates per-user accounting in ways that allow skipped, reordered, or stale-snapshot gain/debt updates.',
+        helpUri: 'https://snovon.com/',
+        defaultSeverity: 'high',
+    };
+    currentFile = '';
+    currentContract = '';
+    findings = [];
+    stateVars = new Set();
+    setFile(file) {
+        this.currentFile = file;
+        this.currentContract = '';
+        this.findings = [];
+        this.stateVars = new Set();
+    }
+    getFindings() {
+        return this.findings;
+    }
+    ContractDefinition(node) {
+        if (!node)
+            return;
+        if (node.kind === 'interface' || node.kind === 'library') {
+            this.currentContract = '';
+            this.stateVars = new Set();
+            return;
+        }
+        this.currentContract = String(node.name || '');
+        this.stateVars = new Set();
+        for (const sub of node.subNodes || []) {
+            if (sub?.type === 'StateVariableDeclaration') {
+                for (const v of sub.variables || []) {
+                    if (v?.name)
+                        this.stateVars.add(v.name);
+                }
+            }
+        }
+    }
+    ContractDefinition_post() {
+        this.currentContract = '';
+        this.stateVars = new Set();
+    }
+    FunctionDefinition(node) {
+        if (!this.currentContract)
+            return;
+        if (!node || !node.body)
+            return;
+        if (node.isConstructor || node.kind === 'constructor')
+            return;
+        const mutability = String(node.stateMutability || '').toLowerCase();
+        if (mutability === 'view' || mutability === 'pure')
+            return;
+        const visibility = String(node.visibility || '').toLowerCase();
+        if (visibility !== 'public' && visibility !== 'external' && visibility !== '')
+            return;
+        if (visibility === '') {
+            // Solidity default; treat as public for entry-point analysis.
+        }
+        // Suppress permissioned liquidation paths.
+        if ((0, access_control_1.hasRecognisedAccessControlModifier)(node))
+            return;
+        if (this.functionHasInlineAccessControl(node.body))
+            return;
+        const fnName = String(node.name || '');
+        const stats = this.analyzeFunction(node);
+        // Structural eligibility: name hint OR (accounting write + external call).
+        const hasNameHint = NAME_HINT_RE.test(fnName);
+        const hasAccountingWrite = stats.globalFields.size > 0;
+        const hasExternalCall = stats.topLevelExternalCalls.length > 0
+            || stats.branchExits.some((b) => b.hasExternal);
+        if (!hasAccountingWrite && !stats.snapshotReadBeforeWrite)
+            return;
+        if (!hasNameHint && !(hasAccountingWrite && hasExternalCall))
+            return;
+        // Pattern 1: a branch with early return / continue / break performs an
+        // external transfer + accounting write, but writes a STRICT SUBSET of
+        // the function's accounting fields.
+        const subPattern1 = this.detectSkippedAccounting(stats);
+        if (subPattern1) {
+            this.emit(node, fnName, subPattern1.loc, 'skipped-accounting', `Liquidation accounting in '${this.currentContract}.${fnName}' performs an external transfer and partial per-user accounting writes inside an early-exit branch, leaving other accounting fields (${subPattern1.missing.join(', ')}) stale.`);
+            return;
+        }
+        // Pattern 2: external transfer / mint / burn before a per-user
+        // accounting write in source order at top level.
+        const subPattern2 = this.detectTransferBeforeAccounting(stats);
+        if (subPattern2) {
+            this.emit(node, fnName, subPattern2.loc, 'transfer-before-accounting', `Liquidation accounting in '${this.currentContract}.${fnName}' executes an external transfer before the corresponding per-user accounting write, allowing value to leave the protocol on stale state.`);
+            return;
+        }
+        // Pattern 3: snapshot / index state variable is read in a per-user
+        // gain calculation before being updated in the same function body.
+        if (stats.snapshotReadBeforeWrite) {
+            this.emit(node, fnName, stats.snapshotReadBeforeWrite.loc, 'stale-snapshot', `Liquidation accounting in '${this.currentContract}.${fnName}' reads state variable '${stats.snapshotReadBeforeWrite.varName}' for per-user gain math before that variable is updated in the same function, allowing stale-snapshot accounting drift.`);
+            return;
+        }
+    }
+    detectSkippedAccounting(stats) {
+        if (stats.globalFields.size < 2)
+            return null;
+        for (const branch of stats.branchExits) {
+            if (!branch.hasExternal)
+                continue;
+            if (branch.fields.size === 0)
+                continue;
+            const missing = [];
+            for (const f of stats.globalFields) {
+                if (!branch.fields.has(f))
+                    missing.push(f);
+            }
+            if (missing.length === 0)
+                continue;
+            return { loc: branch.loc, missing };
+        }
+        return null;
+    }
+    detectTransferBeforeAccounting(stats) {
+        const calls = stats.topLevelExternalCalls;
+        const writes = stats.topLevelWrites;
+        if (calls.length === 0 || writes.length === 0)
+            return null;
+        const firstCall = calls[0];
+        for (const w of writes) {
+            if (w.stmtIdx > firstCall.stmtIdx) {
+                return { loc: w.loc };
+            }
+        }
+        return null;
+    }
+    analyzeFunction(fn) {
+        const globalFields = new Set();
+        const locals = this.collectLocals(fn);
+        this.walkAst(fn.body, (n) => {
+            const field = this.fieldFromAssignment(n, locals);
+            if (field)
+                globalFields.add(field);
+        });
+        const topLevelWrites = [];
+        const topLevelExternalCalls = [];
+        const branchExits = [];
+        const stmts = this.bodyStatements(fn.body);
+        this.scanStatements(stmts, locals, branchExits, 0, topLevelWrites, topLevelExternalCalls, true);
+        const snapshotReadBeforeWrite = this.detectSnapshotReadBeforeWrite(stmts, locals);
+        return {
+            globalFields,
+            topLevelWrites,
+            topLevelExternalCalls,
+            branchExits,
+            snapshotReadBeforeWrite,
+        };
+    }
+    // Recursively scan a list of statements. When `topLevel` is true,
+    // append the writes/external calls to the top-level arrays. The
+    // function also collects BranchExitContext for every early exit in
+    // any nested branch, using the cumulative writes/external state at
+    // the point of the exit.
+    scanStatements(stmts, locals, branchExits, stmtIdxBase, topLevelWrites, topLevelExternalCalls, topLevel, inheritedFields = new Set(), inheritedExternal = false) {
+        const fields = new Set(inheritedFields);
+        let external = inheritedExternal;
+        let hitExit = false;
+        for (let i = 0; i < stmts.length; i++) {
+            const stmt = stmts[i];
+            if (!stmt)
+                continue;
+            const stmtIdx = stmtIdxBase + i;
+            if ((0, ast_1.isNode)(stmt, 'ReturnStatement')) {
+                branchExits.push({
+                    exitType: 'return',
+                    loc: this.locOf(stmt),
+                    fields: new Set(fields),
+                    hasExternal: external,
+                });
+                hitExit = true;
+                break;
+            }
+            if ((0, ast_1.isNode)(stmt, 'ContinueStatement')) {
+                branchExits.push({
+                    exitType: 'continue',
+                    loc: this.locOf(stmt),
+                    fields: new Set(fields),
+                    hasExternal: external,
+                });
+                hitExit = true;
+                break;
+            }
+            if ((0, ast_1.isNode)(stmt, 'BreakStatement')) {
+                branchExits.push({
+                    exitType: 'break',
+                    loc: this.locOf(stmt),
+                    fields: new Set(fields),
+                    hasExternal: external,
+                });
+                hitExit = true;
+                break;
+            }
+            if ((0, ast_1.isNode)(stmt, 'IfStatement')) {
+                // Walk condition for any side-effects (rare).
+                this.collectExprEffects(stmt.condition, locals, fields, (e) => {
+                    if (e)
+                        external = true;
+                });
+                const tStmts = this.bodyStatements(stmt.trueBody);
+                const fStmts = this.bodyStatements(stmt.falseBody);
+                this.scanStatements(tStmts, locals, branchExits, stmtIdx, null, null, false, new Set(fields), external);
+                this.scanStatements(fStmts, locals, branchExits, stmtIdx, null, null, false, new Set(fields), external);
+                continue;
+            }
+            if ((0, ast_1.isNode)(stmt, 'ForStatement')
+                || (0, ast_1.isNode)(stmt, 'WhileStatement')
+                || (0, ast_1.isNode)(stmt, 'DoWhileStatement')) {
+                const bodyStmts = this.bodyStatements(stmt.body);
+                this.scanStatements(bodyStmts, locals, branchExits, stmtIdx, null, null, false, new Set(fields), external);
+                continue;
+            }
+            // Process leaf statement effects.
+            const localFields = [];
+            const localCalls = [];
+            this.walkAst(stmt, (n) => {
+                const field = this.fieldFromAssignment(n, locals);
+                if (field)
+                    localFields.push(field);
+                if (this.isExternalCallExpression(n, locals)) {
+                    localCalls.push(this.locOf(n));
+                }
+            });
+            // Capture writes/calls in source order: for top-level (function-body)
+            // ordering we record them on the function-wide arrays.
+            for (const f of localFields) {
+                fields.add(f);
+                if (topLevel && topLevelWrites) {
+                    topLevelWrites.push({ field: f, loc: this.locOf(stmt), stmtIdx });
+                }
+            }
+            for (const callLoc of localCalls) {
+                if (!external)
+                    external = true;
+                if (topLevel && topLevelExternalCalls) {
+                    topLevelExternalCalls.push({ loc: callLoc, stmtIdx });
+                }
+            }
+        }
+        return { fields, external, hitExit };
+    }
+    detectSnapshotReadBeforeWrite(stmts, locals) {
+        // Track the FIRST statement index at which each candidate state
+        // variable appears as a pure read, and the FIRST statement index
+        // at which it is written. If a candidate is read in stmt i and
+        // separately written in stmt j>i, treat that as the stale-snapshot
+        // shape — but only if the variable name matches the snapshot/index
+        // vocabulary.
+        const firstRead = new Map();
+        const firstWrite = new Map();
+        for (let i = 0; i < stmts.length; i++) {
+            const stmt = stmts[i];
+            if (!stmt)
+                continue;
+            const writesInStmt = new Set();
+            const readsInStmt = [];
+            this.collectStateReadsWrites(stmt, locals, writesInStmt, readsInStmt);
+            for (const r of readsInStmt) {
+                if (writesInStmt.has(r.name))
+                    continue; // same-statement R+W: skip
+                if (!firstRead.has(r.name)) {
+                    firstRead.set(r.name, { stmtIdx: i, loc: r.loc });
+                }
+            }
+            for (const w of writesInStmt) {
+                if (!firstWrite.has(w))
+                    firstWrite.set(w, { stmtIdx: i });
+            }
+        }
+        for (const [name, read] of firstRead) {
+            if (!SNAPSHOT_INDEX_RE.test(name))
+                continue;
+            const w = firstWrite.get(name);
+            if (!w)
+                continue;
+            if (w.stmtIdx > read.stmtIdx) {
+                return { varName: name, loc: read.loc };
+            }
+        }
+        return null;
+    }
+    // Walks every node under `stmt`, recording each state-variable name
+    // that appears as a pure read (Identifier reference outside of an
+    // assignment target) and each state-variable name that is assigned
+    // (LHS of `=`/`+=`/etc.). Compound assigns (`+=`) count as BOTH
+    // a read and a write of the LHS — captured here by adding the name
+    // to both sets.
+    collectStateReadsWrites(node, locals, writes, reads) {
+        if (!node || typeof node !== 'object')
+            return;
+        if ((0, ast_1.isNode)(node, 'BinaryOperation') && ASSIGN_OPS.has(String(node.operator || ''))) {
+            const lhs = node.left;
+            const lhsName = this.stateTargetName(lhs);
+            if (lhsName && this.isStateVarName(lhsName, locals)) {
+                writes.add(lhsName);
+                if (node.operator !== '=') {
+                    // compound assignment also reads
+                    reads.push({ name: lhsName, loc: this.locOf(lhs) });
+                }
+            }
+            // Recurse RHS for reads.
+            this.collectStateReadsWrites(node.right, locals, writes, reads);
+            // For complex LHS (MemberAccess, IndexAccess), still scan inner expressions for reads.
+            if (lhs && ((0, ast_1.isNode)(lhs, 'MemberAccess') || (0, ast_1.isNode)(lhs, 'IndexAccess'))) {
+                this.collectStateReadsWrites(lhs.expression || lhs.base, locals, writes, reads);
+                if ((0, ast_1.isNode)(lhs, 'IndexAccess')) {
+                    this.collectStateReadsWrites(lhs.index, locals, writes, reads);
+                }
+            }
+            return;
+        }
+        if ((0, ast_1.isNode)(node, 'UnaryOperation') && (node.operator === '++' || node.operator === '--')) {
+            const targetName = this.stateTargetName(node.subExpression);
+            if (targetName && this.isStateVarName(targetName, locals)) {
+                writes.add(targetName);
+                reads.push({ name: targetName, loc: this.locOf(node) });
+            }
+            return;
+        }
+        if ((0, ast_1.isNode)(node, 'Identifier')) {
+            const name = String(node.name || '');
+            if (this.isStateVarName(name, locals) && !BUILTIN_BASES.has(name)) {
+                reads.push({ name, loc: this.locOf(node) });
+            }
+            return;
+        }
+        for (const child of this.childNodes(node)) {
+            this.collectStateReadsWrites(child, locals, writes, reads);
+        }
+    }
+    stateTargetName(node) {
+        if (!node)
+            return '';
+        if ((0, ast_1.isNode)(node, 'Identifier'))
+            return String(node.name || '');
+        if ((0, ast_1.isNode)(node, 'IndexAccess'))
+            return this.baseIdentifierName(node.base);
+        if ((0, ast_1.isNode)(node, 'MemberAccess'))
+            return this.baseIdentifierName(node.expression);
+        return '';
+    }
+    isStateVarName(name, locals) {
+        if (!name || locals.has(name))
+            return false;
+        return this.stateVars.has(name);
+    }
+    // True when `node` is a `BinaryOperation` with an assignment operator
+    // whose left side targets an accounting-named field — either a
+    // mapping write keyed by something (`debtOf[borrower] = 0`), a struct
+    // member write (`p.borrowed = 0`), or a plain state-variable write
+    // (`rewardIndex = ...`). Returns the matched accounting field name.
+    fieldFromAssignment(node, locals) {
+        if (!node)
+            return null;
+        if ((0, ast_1.isNode)(node, 'BinaryOperation') && ASSIGN_OPS.has(String(node.operator || ''))) {
+            return this.accountingFieldFromLhs(node.left, locals);
+        }
+        if ((0, ast_1.isNode)(node, 'UnaryOperation') && (node.operator === '++' || node.operator === '--' || node.operator === 'delete')) {
+            return this.accountingFieldFromLhs(node.subExpression, locals);
+        }
+        return null;
+    }
+    accountingFieldFromLhs(lhs, locals) {
+        if (!lhs)
+            return null;
+        if ((0, ast_1.isNode)(lhs, 'IndexAccess')) {
+            const baseName = this.baseIdentifierName(lhs.base);
+            if (baseName && ACCOUNTING_FIELD_RE.test(baseName))
+                return baseName;
+            return null;
+        }
+        if ((0, ast_1.isNode)(lhs, 'MemberAccess')) {
+            const member = String(lhs.memberName || '');
+            if (ACCOUNTING_FIELD_RE.test(member))
+                return member;
+            return null;
+        }
+        if ((0, ast_1.isNode)(lhs, 'Identifier')) {
+            const name = String(lhs.name || '');
+            if (locals.has(name))
+                return null;
+            if (ACCOUNTING_FIELD_RE.test(name))
+                return name;
+            return null;
+        }
+        if ((0, ast_1.isNode)(lhs, 'TupleExpression')) {
+            for (const c of lhs.components || []) {
+                const f = this.accountingFieldFromLhs(c, locals);
+                if (f)
+                    return f;
+            }
+        }
+        return null;
+    }
+    baseIdentifierName(node) {
+        if (!node)
+            return '';
+        if ((0, ast_1.isNode)(node, 'Identifier'))
+            return String(node.name || '');
+        if ((0, ast_1.isNode)(node, 'MemberAccess'))
+            return String(node.memberName || '');
+        if ((0, ast_1.isNode)(node, 'IndexAccess'))
+            return this.baseIdentifierName(node.base);
+        return '';
+    }
+    // Recognise external / value-bearing call expressions. Treats:
+    //   - low-level call/delegatecall/staticcall/send/transfer
+    //   - .transfer / .transferFrom / .safeTransfer / .send / .mint / .burn
+    //     on an identifier base that is NOT a Solidity builtin and NOT a
+    //     local non-address temporary.
+    // The intent is "value leaving the protocol" rather than the strict
+    // CEI external-call shape; the two overlap heavily in practice.
+    isExternalCallExpression(node, locals) {
+        if (!node || !(0, ast_1.isNode)(node, 'FunctionCall'))
+            return false;
+        let callee = node.expression;
+        if (!callee)
+            return false;
+        if ((0, ast_1.isNode)(callee, 'NameValueExpression'))
+            callee = callee.expression;
+        if (!(0, ast_1.isNode)(callee, 'MemberAccess'))
+            return false;
+        const member = String(callee.memberName || '').toLowerCase();
+        if (LOW_LEVEL_CALL_MEMBERS.has(member))
+            return true;
+        if (!VALUE_BEARING_MEMBERS.has(member))
+            return false;
+        const base = callee.expression;
+        const baseName = this.simpleIdentifierName(base);
+        if (baseName && BUILTIN_BASES.has(baseName))
+            return false;
+        // Accept the call as external if the base is a state variable
+        // (interface/contract/address) or any identifier that isn't a
+        // builtin. Locals named after tokens or interfaces still qualify
+        // because the caller's typing of the local doesn't change the
+        // value-leaving intent.
+        return true;
+    }
+    collectExprEffects(expr, locals, fields, onExternal) {
+        if (!expr || typeof expr !== 'object')
+            return;
+        if (this.isExternalCallExpression(expr, locals))
+            onExternal(true);
+        const f = this.fieldFromAssignment(expr, locals);
+        if (f)
+            fields.add(f);
+        for (const child of this.childNodes(expr)) {
+            this.collectExprEffects(child, locals, fields, onExternal);
+        }
+    }
+    functionHasInlineAccessControl(body) {
+        let found = false;
+        this.walkAst(body, (n) => {
+            if (found || !(0, ast_1.isNode)(n, 'FunctionCall'))
+                return;
+            const callee = n.expression;
+            if (!(0, ast_1.isNode)(callee, 'Identifier'))
+                return;
+            const name = String(callee.name || '');
+            if (name !== 'require' && name !== 'assert')
+                return;
+            const arg0 = n.arguments?.[0];
+            if (arg0 && (0, access_control_1.requireExpressesAccessControl)(arg0, isLiquidationGuardName)) {
+                found = true;
+            }
+        });
+        return found;
+    }
+    collectLocals(fn) {
+        const locals = new Set();
+        for (const p of fn.parameters || []) {
+            if (p?.name)
+                locals.add(p.name);
+        }
+        for (const p of fn.returnParameters || []) {
+            if (p?.name)
+                locals.add(p.name);
+        }
+        this.walkAst(fn.body, (n) => {
+            if ((0, ast_1.isNode)(n, 'VariableDeclarationStatement')) {
+                for (const v of n.variables || []) {
+                    if (v?.name)
+                        locals.add(v.name);
+                }
+            }
+        });
+        return locals;
+    }
+    bodyStatements(body) {
+        if (!body)
+            return [];
+        if ((0, ast_1.isNode)(body, 'Block'))
+            return body.statements || [];
+        return [body];
+    }
+    simpleIdentifierName(expr) {
+        if (!expr || typeof expr !== 'object')
+            return '';
+        if ((0, ast_1.isNode)(expr, 'Identifier'))
+            return String(expr.name || '');
+        return '';
+    }
+    locOf(node) {
+        const { line, column } = (0, ast_1.assertLoc)(node);
+        return { line, column };
+    }
+    childNodes(node) {
+        const out = [];
+        for (const [key, value] of Object.entries(node)) {
+            if (key === 'loc' || key === 'range' || key === 'typeName')
+                continue;
+            if (Array.isArray(value)) {
+                for (const item of value) {
+                    if (item && typeof item === 'object')
+                        out.push(item);
+                }
+            }
+            else if (value && typeof value === 'object') {
+                out.push(value);
+            }
+        }
+        return out;
+    }
+    walkAst(node, visit) {
+        if (!node || typeof node !== 'object')
+            return;
+        visit(node);
+        for (const child of this.childNodes(node)) {
+            this.walkAst(child, visit);
+        }
+    }
+    emit(fnNode, fnName, loc, subPattern, message) {
+        const fnLoc = (0, ast_1.assertLoc)(fnNode);
+        const safeLoc = loc.line > 0 ? loc : { line: fnLoc.line, column: fnLoc.column };
+        this.findings.push({
+            file: this.currentFile,
+            contract: this.currentContract,
+            'function': fnName,
+            line: safeLoc.line,
+            column: safeLoc.column,
+            pattern: `${RULE_ID}/${subPattern}`,
+            confidence: 'medium',
+            category: 'vulnerability',
+            ruleId: RULE_ID,
+            severity: 'high',
+            message,
+            contractName: this.currentContract,
+            functionName: fnName,
+            sourceLocation: { line: safeLoc.line, column: safeLoc.column },
+            trace: subPattern,
+            findingId: '',
+            contractHash: '',
+        });
+    }
+}
+exports.LiquidationGainManipulationDetector = LiquidationGainManipulationDetector;
+const ASSIGN_OPS = new Set([
+    '=', '+=', '-=', '*=', '/=', '%=',
+    '&=', '|=', '^=', '<<=', '>>=', '>>>=',
+]);
+//# sourceMappingURL=liquidation-gain-manipulation.js.map

package/dist/detectors/liquidation-price-rounding-advantage.d.ts

@@ -0,0 +1,26 @@
+import type { ScanResult } from '../index';
+export declare class LiquidationPriceRoundingAdvantageDetector {
+    readonly id = "liquidation-price-rounding-advantage";
+    readonly patternKey = "liquidation-price-rounding-advantage";
+    readonly supportedAstKinds: "parser"[];
+    private findings;
+    private currentFile;
+    private currentContract;
+    private localVariables;
+    private spotOracleLocals;
+    private flaggedSpotOracleDivs;
+    setFile(file: string): void;
+    getFindings(): ScanResult[];
+    ContractDefinition(node: any): void;
+    ContractDefinition_post(_node: any): void;
+    FunctionDefinition(node: any): void;
+    FunctionDefinition_post(_node: any): void;
+    VariableDeclarationStatement(node: any): void;
+    Assignment(node: any): void;
+    private analyzeBody;
+    private checkDivision;
+    private isNumberLiteral;
+    private hasSpotOracleViaLocalVar;
+    private containsTwapCall;
+    private walk;
+}