@snovon/solast 0.2.0

package/dist/detectors/mevbot-insufficient-validation.d.ts

@@ -0,0 +1,48 @@
+import type { ScanResult } from '../index';
+export declare class MevbotInsufficientValidationDetector {
+    readonly id = "mevbot-insufficient-validation";
+    readonly patternKey = "mevbot-insufficient-validation";
+    readonly supportedAstKinds: "parser"[];
+    readonly descriptor: {
+        id: string;
+        shortDescription: string;
+        helpUri: string;
+        defaultSeverity: "high";
+        help: string;
+    };
+    private file;
+    private currentContract;
+    private currentFunction;
+    private currentFunctionName;
+    private findings;
+    private stateVariables;
+    private targetParams;
+    private dataParams;
+    private aliases;
+    private validatedTargets;
+    private validatedData;
+    private accessControlled;
+    private sawApproval;
+    private emitted;
+    setFile(file: string): void;
+    getFindings(): ScanResult[];
+    ContractDefinition(node: any): void;
+    ContractDefinition_post(_node: any): void;
+    ['ContractDefinition:exit'](node: any): void;
+    FunctionDefinition(node: any): void;
+    FunctionDefinition_post(_node: any): void;
+    ['FunctionDefinition:exit'](node: any): void;
+    VariableDeclarationStatement(node: any): void;
+    FunctionCall(node: any): void;
+    IfStatement(node: any): void;
+    private resetFunctionState;
+    private recordGuard;
+    private recordIfRevertGuard;
+    private recordValidationTracking;
+    private recordApproval;
+    private expressionContainsCallerControlled;
+    private resolveTargetName;
+    private resolveDataName;
+    private resolveAliasKind;
+    private makeFinding;
+}

package/dist/detectors/mevbot-insufficient-validation.js

@@ -0,0 +1,574 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.MevbotInsufficientValidationDetector = void 0;
+const access_control_1 = require("./_common/access-control");
+const ast_1 = require("./_common/ast");
+const RULE_ID = 'mevbot-insufficient-validation';
+const PRIVILEGED_KEYWORDS = Object.freeze([
+    ...access_control_1.DEFAULT_PRIVILEGED_KEYWORDS,
+    'auth',
+    'authority',
+    'authorized',
+    'executor',
+    'manager',
+    'whitelist',
+    'allowlist',
+]);
+class MevbotInsufficientValidationDetector {
+    id = RULE_ID;
+    patternKey = RULE_ID;
+    supportedAstKinds = ['parser'];
+    descriptor = {
+        id: RULE_ID,
+        shortDescription: 'MEV bot executor forwards caller-controlled target and calldata without validation.',
+        helpUri: 'https://snovon.com/',
+        defaultSeverity: 'high',
+        help: 'Gate arbitrary executors with recognized access control, or validate both the target and selector before forwarding calldata or value.',
+    };
+    file = '';
+    currentContract = '';
+    currentFunction = null;
+    currentFunctionName = '';
+    findings = [];
+    stateVariables = new Set();
+    targetParams = new Set();
+    dataParams = new Set();
+    aliases = new Map();
+    validatedTargets = new Set();
+    validatedData = new Set();
+    accessControlled = false;
+    sawApproval = false;
+    emitted = false;
+    setFile(file) {
+        this.file = file;
+        this.currentContract = '';
+        this.currentFunction = null;
+        this.currentFunctionName = '';
+        this.findings = [];
+        this.stateVariables.clear();
+        this.resetFunctionState();
+    }
+    getFindings() {
+        return this.findings;
+    }
+    ContractDefinition(node) {
+        if (!(0, ast_1.isNode)(node, 'ContractDefinition') || node.kind === 'interface' || node.kind === 'library') {
+            this.currentContract = '';
+            this.stateVariables.clear();
+            return;
+        }
+        this.currentContract = String(node.name || '<anonymous>');
+        this.stateVariables = collectStateVariables(node);
+    }
+    ContractDefinition_post(_node) {
+        this.currentContract = '';
+        this.stateVariables.clear();
+    }
+    ['ContractDefinition:exit'](node) {
+        this.ContractDefinition_post(node);
+    }
+    FunctionDefinition(node) {
+        this.resetFunctionState();
+        if (!this.currentContract || !node?.body || !isExternallyCallable(node) || isViewOrPure(node))
+            return;
+        this.currentFunction = node;
+        this.currentFunctionName = functionName(node);
+        this.accessControlled = (0, access_control_1.hasRecognisedAccessControlModifier)(node);
+        for (const param of node.parameters || []) {
+            const name = variableName(param);
+            if (!name)
+                continue;
+            if (isAddressLikeType(param.typeName))
+                this.targetParams.add(name);
+            if (isBytesLikeType(param.typeName))
+                this.dataParams.add(name);
+        }
+    }
+    FunctionDefinition_post(_node) {
+        this.resetFunctionState();
+    }
+    ['FunctionDefinition:exit'](node) {
+        this.FunctionDefinition_post(node);
+    }
+    VariableDeclarationStatement(node) {
+        if (!this.currentFunction || !(0, ast_1.isNode)(node, 'VariableDeclarationStatement'))
+            return;
+        const initial = node.initialValue;
+        const variables = node.variables || node.declarations || [];
+        if (!initial || variables.length === 0)
+            return;
+        if (isAbiDecodeOfCallerData(initial, this.dataParams, this.aliases)) {
+            for (const variable of variables) {
+                const name = variableName(variable);
+                if (!name)
+                    continue;
+                if (isAddressLikeType(variable.typeName))
+                    this.aliases.set(name, 'target');
+                if (isBytesLikeType(variable.typeName))
+                    this.aliases.set(name, 'data');
+            }
+            return;
+        }
+        const sourceKind = this.resolveAliasKind(initial);
+        if (!sourceKind)
+            return;
+        for (const variable of variables) {
+            const name = variableName(variable);
+            if (name)
+                this.aliases.set(name, sourceKind);
+        }
+    }
+    FunctionCall(node) {
+        if (!this.currentFunction || !(0, ast_1.isNode)(node, 'FunctionCall'))
+            return;
+        if (isRequireOrAssert(node)) {
+            this.recordGuard(node.arguments?.[0]);
+            return;
+        }
+        if (this.emitted)
+            return;
+        this.recordApproval(node);
+        const lowLevel = lowLevelCall(node);
+        if (!lowLevel || (lowLevel.member !== 'call' && lowLevel.member !== 'delegatecall'))
+            return;
+        if (this.accessControlled)
+            return;
+        const targetName = this.resolveTargetName(lowLevel.target);
+        if (!targetName || this.validatedTargets.has(targetName))
+            return;
+        const dataName = lowLevel.args.map(arg => this.resolveDataName(arg)).find(Boolean) || '';
+        if (!dataName || this.validatedData.has(dataName))
+            return;
+        const hasExecutionValue = lowLevel.member === 'delegatecall' || this.sawApproval || lowLevel.options.some(isMsgValue);
+        if (!hasExecutionValue)
+            return;
+        this.findings.push(this.makeFinding(node));
+        this.emitted = true;
+    }
+    IfStatement(node) {
+        if (!this.currentFunction || !(0, ast_1.isNode)(node, 'IfStatement'))
+            return;
+        this.recordIfRevertGuard(node);
+    }
+    resetFunctionState() {
+        this.currentFunction = null;
+        this.currentFunctionName = '';
+        this.targetParams.clear();
+        this.dataParams.clear();
+        this.aliases.clear();
+        this.validatedTargets.clear();
+        this.validatedData.clear();
+        this.accessControlled = false;
+        this.sawApproval = false;
+        this.emitted = false;
+    }
+    recordGuard(condition) {
+        if (!condition)
+            return;
+        if ((0, access_control_1.requireExpressesAccessControl)(condition, isPrivilegedName, access_control_1.getCalleeNameDefault)
+            || txOriginExpressesAccessControl(condition)) {
+            this.accessControlled = true;
+            return;
+        }
+        this.recordValidationTracking(condition);
+    }
+    recordIfRevertGuard(stmt) {
+        const reverts = revertingBranch(stmt);
+        if (!reverts)
+            return;
+        const condition = stmt.condition;
+        if (!condition)
+            return;
+        // `reverts === 'true'` means the then-branch reverts, so the executing
+        // path requires `!condition`; `reverts === 'false'` means the else
+        // branch reverts, so the executing path requires `condition`.
+        const negated = reverts === 'true';
+        if (predicateExpressesAccessControlAtPolarity(condition, negated)) {
+            this.accessControlled = true;
+            return;
+        }
+        this.recordValidationTracking(condition);
+    }
+    recordValidationTracking(condition) {
+        for (const name of referencedTargetNames(condition, this.targetParams, this.aliases)) {
+            if (predicateValidatesAgainstStorage(condition, name, this.stateVariables))
+                this.validatedTargets.add(name);
+        }
+        for (const name of referencedDataNames(condition, this.dataParams, this.aliases)) {
+            if (predicateValidatesAgainstStorage(condition, name, this.stateVariables))
+                this.validatedData.add(name);
+        }
+    }
+    recordApproval(call) {
+        const callee = call.expression;
+        if (!(0, ast_1.isNode)(callee, 'MemberAccess') || String(callee.memberName || '').toLowerCase() !== 'approve')
+            return;
+        if (this.expressionContainsCallerControlled(callee.expression) || (call.arguments || []).some((arg) => this.expressionContainsCallerControlled(arg))) {
+            this.sawApproval = true;
+        }
+    }
+    expressionContainsCallerControlled(expr) {
+        const target = this.resolveTargetName(expr);
+        if (target)
+            return true;
+        const data = this.resolveDataName(expr);
+        if (data)
+            return true;
+        return false;
+    }
+    resolveTargetName(expr) {
+        const unwrapped = unwrapTypeConversion(expr);
+        if ((0, ast_1.isNode)(unwrapped, 'Identifier')) {
+            const name = variableName(unwrapped);
+            if (this.targetParams.has(name))
+                return name;
+            return this.aliases.get(name) === 'target' ? name : '';
+        }
+        return '';
+    }
+    resolveDataName(expr) {
+        const unwrapped = unwrapTypeConversion(expr);
+        if ((0, ast_1.isNode)(unwrapped, 'Identifier')) {
+            const name = variableName(unwrapped);
+            if (this.dataParams.has(name))
+                return name;
+            return this.aliases.get(name) === 'data' ? name : '';
+        }
+        return '';
+    }
+    resolveAliasKind(expr) {
+        const target = this.resolveTargetName(expr);
+        if (target)
+            return 'target';
+        const data = this.resolveDataName(expr);
+        if (data)
+            return 'data';
+        return null;
+    }
+    makeFinding(node) {
+        const loc = (0, ast_1.assertLoc)(node, this.currentFunction);
+        return {
+            file: this.file,
+            contract: this.currentContract,
+            'function': this.currentFunctionName,
+            line: loc.line,
+            endLine: loc.endLine,
+            column: loc.column,
+            endColumn: loc.endColumn,
+            pattern: RULE_ID,
+            confidence: 'medium',
+            category: 'logic-flaw',
+            ruleId: RULE_ID,
+            severity: 'high',
+            message: `MEV bot insufficient validation in '${this.currentContract}.${this.currentFunctionName}': ` +
+                'caller-controlled target and calldata reach a value-bearing or delegate low-level call before access-control or allowlist validation.',
+            rationale: 'The 0x28d9 MEV bot exploit class exposed an executor that forwarded arbitrary caller-supplied target/calldata, optionally with value or token approval, without validating who could call it or what could be executed.',
+            suggestedFix: 'Require a recognized owner/role guard before the sink, or validate both the target address and forwarded selector/calldata against storage-backed allowlists before executing the low-level call.',
+            contractName: this.currentContract,
+            functionName: this.currentFunctionName,
+            sourceLocation: { line: loc.line, column: loc.column },
+            findingId: '',
+            contractHash: '',
+            source: 'x-20221211-mevbot-0x28d9-insufficient-validation',
+        };
+    }
+}
+exports.MevbotInsufficientValidationDetector = MevbotInsufficientValidationDetector;
+function isExternallyCallable(fn) {
+    const visibility = String(fn?.visibility || '').toLowerCase();
+    return visibility === 'public' || visibility === 'external';
+}
+function isViewOrPure(fn) {
+    const mutability = String(fn?.stateMutability || '').toLowerCase();
+    return mutability === 'view' || mutability === 'pure';
+}
+function functionName(fn) {
+    return String(fn?.name || (fn?.isConstructor ? '<constructor>' : '<fallback>'));
+}
+function variableName(node) {
+    return String(node?.name || node?.identifier?.name || '');
+}
+function collectStateVariables(contractNode) {
+    const names = new Set();
+    for (const child of contractNode?.subNodes || contractNode?.nodes || []) {
+        if (!(0, ast_1.isNode)(child, 'StateVariableDeclaration'))
+            continue;
+        for (const variable of child.variables || []) {
+            const name = variableName(variable);
+            if (name)
+                names.add(name);
+        }
+    }
+    return names;
+}
+function isAddressLikeType(typeName) {
+    if (!typeName)
+        return false;
+    if ((0, ast_1.isNode)(typeName, 'ElementaryTypeName'))
+        return String(typeName.name || '').toLowerCase().startsWith('address');
+    if ((0, ast_1.isNode)(typeName, 'UserDefinedTypeName'))
+        return true;
+    return false;
+}
+function isBytesLikeType(typeName) {
+    if (!typeName)
+        return false;
+    if ((0, ast_1.isNode)(typeName, 'ElementaryTypeName')) {
+        const name = String(typeName.name || '').toLowerCase();
+        return name === 'bytes' || name === 'string' || /^bytes\d+$/.test(name);
+    }
+    return false;
+}
+function isRequireOrAssert(call) {
+    const name = (0, access_control_1.getCalleeNameDefault)(call).toLowerCase();
+    return name === 'require' || name === 'assert';
+}
+function lowLevelCall(expr) {
+    if (!(0, ast_1.isNode)(expr, 'FunctionCall'))
+        return null;
+    const args = expr.arguments || [];
+    let callee = expr.expression;
+    let options = [];
+    if ((0, ast_1.isNode)(callee, 'NameValueExpression') || (0, ast_1.isNode)(callee, 'FunctionCallOptions')) {
+        options = Array.isArray(callee.arguments) ? callee.arguments : callee.arguments?.arguments || [];
+        callee = callee.expression;
+    }
+    if (!(0, ast_1.isNode)(callee, 'MemberAccess'))
+        return null;
+    const member = String(callee.memberName || '').toLowerCase();
+    if (member !== 'call' && member !== 'delegatecall')
+        return null;
+    return { member, target: callee.expression, args, options };
+}
+function isMsgValue(expr) {
+    return (0, ast_1.isNode)(expr, 'MemberAccess')
+        && String(expr.memberName || '') === 'value'
+        && (0, ast_1.isNode)(expr.expression, 'Identifier')
+        && String(expr.expression.name || '') === 'msg';
+}
+function txOriginExpressesAccessControl(expr) {
+    if (!expr || typeof expr !== 'object')
+        return false;
+    if ((0, ast_1.isNode)(expr, 'BinaryOperation') && (expr.operator === '==' || expr.operator === '!=' || expr.operator === '===')) {
+        const left = expr.left || expr.leftExpression;
+        const right = expr.right || expr.rightExpression;
+        return isTxOrigin(left) && (0, access_control_1.isPrivilegedReference)(right, isPrivilegedName)
+            || isTxOrigin(right) && (0, access_control_1.isPrivilegedReference)(left, isPrivilegedName);
+    }
+    if ((0, ast_1.isNode)(expr, 'BinaryOperation') && (expr.operator === '&&' || expr.operator === '||')) {
+        return txOriginExpressesAccessControl(expr.left || expr.leftExpression)
+            || txOriginExpressesAccessControl(expr.right || expr.rightExpression);
+    }
+    if ((0, ast_1.isNode)(expr, 'TupleExpression')) {
+        return (expr.components || []).some((child) => txOriginExpressesAccessControl(child));
+    }
+    return false;
+}
+function isTxOrigin(expr) {
+    return (0, ast_1.isNode)(expr, 'MemberAccess')
+        && String(expr.memberName || '') === 'origin'
+        && (0, ast_1.isNode)(expr.expression, 'Identifier')
+        && String(expr.expression.name || '') === 'tx';
+}
+function isAbiDecodeOfCallerData(expr, dataParams, aliases) {
+    if (!(0, ast_1.isNode)(expr, 'FunctionCall'))
+        return false;
+    const callee = (0, access_control_1.getCalleeNameDefault)(expr).toLowerCase();
+    if (callee !== 'abi.decode')
+        return false;
+    const source = unwrapTypeConversion(expr.arguments?.[0]);
+    if (!(0, ast_1.isNode)(source, 'Identifier'))
+        return false;
+    const name = variableName(source);
+    return dataParams.has(name) || aliases.get(name) === 'data';
+}
+function unwrapTypeConversion(expr) {
+    let current = unwrapNameValueExpression(expr);
+    while ((0, ast_1.isNode)(current, 'FunctionCall')) {
+        const args = current.arguments || [];
+        const callee = unwrapNameValueExpression(current.expression);
+        if (args.length !== 1)
+            break;
+        if (!(0, ast_1.isNode)(callee, 'Identifier') && !(0, ast_1.isNode)(callee, 'ElementaryTypeNameExpression'))
+            break;
+        current = unwrapNameValueExpression(args[0]);
+    }
+    return current;
+}
+function unwrapNameValueExpression(expr) {
+    return (0, ast_1.isNode)(expr, 'NameValueExpression') ? expr.expression : expr;
+}
+function referencedTargetNames(expr, params, aliases) {
+    return referencedNames(expr, params, aliases, 'target');
+}
+function referencedDataNames(expr, params, aliases) {
+    return referencedNames(expr, params, aliases, 'data');
+}
+function referencedNames(expr, params, aliases, kind) {
+    const names = new Set();
+    visitExpression(expr, node => {
+        if (!(0, ast_1.isNode)(node, 'Identifier'))
+            return;
+        const name = variableName(node);
+        if (params.has(name) || aliases.get(name) === kind)
+            names.add(name);
+    });
+    return names;
+}
+function predicateValidatesAgainstStorage(expr, subject, stateVariables) {
+    if (!expr || typeof expr !== 'object')
+        return false;
+    if ((0, ast_1.isNode)(expr, 'IndexAccess')) {
+        return containsIdentifier(expr.index || expr.indexExpression, subject)
+            && referencesState(expr.base || expr.baseExpression, stateVariables);
+    }
+    if ((0, ast_1.isNode)(expr, 'BinaryOperation')) {
+        const operator = String(expr.operator || '');
+        const left = expr.left || expr.leftExpression;
+        const right = expr.right || expr.rightExpression;
+        if (operator === '&&' || operator === '||') {
+            return predicateValidatesAgainstStorage(left, subject, stateVariables)
+                || predicateValidatesAgainstStorage(right, subject, stateVariables);
+        }
+        if (operator === '==' || operator === '===') {
+            return containsIdentifier(left, subject) && referencesState(right, stateVariables)
+                || containsIdentifier(right, subject) && referencesState(left, stateVariables);
+        }
+    }
+    if ((0, ast_1.isNode)(expr, 'FunctionCall')) {
+        return (expr.arguments || []).some((arg) => predicateValidatesAgainstStorage(arg, subject, stateVariables))
+            || predicateValidatesAgainstStorage(expr.expression, subject, stateVariables);
+    }
+    if ((0, ast_1.isNode)(expr, 'TupleExpression')) {
+        return (expr.components || []).some((child) => predicateValidatesAgainstStorage(child, subject, stateVariables));
+    }
+    return false;
+}
+function containsIdentifier(expr, name) {
+    let found = false;
+    visitExpression(expr, node => {
+        if ((0, ast_1.isNode)(node, 'Identifier') && variableName(node) === name)
+            found = true;
+    });
+    return found;
+}
+function referencesState(expr, stateVariables) {
+    let found = false;
+    visitExpression(expr, node => {
+        if ((0, ast_1.isNode)(node, 'Identifier') && stateVariables.has(variableName(node)))
+            found = true;
+    });
+    return found;
+}
+function visitExpression(expr, visit) {
+    if (!expr || typeof expr !== 'object')
+        return;
+    visit(expr);
+    for (const value of Object.values(expr)) {
+        if (!value || typeof value !== 'object')
+            continue;
+        if (Array.isArray(value)) {
+            for (const child of value)
+                visitExpression(child, visit);
+        }
+        else {
+            visitExpression(value, visit);
+        }
+    }
+}
+function isPrivilegedName(name) {
+    return (0, access_control_1.isPrivilegedIdentifier)(name, { keywords: PRIVILEGED_KEYWORDS });
+}
+function revertingBranch(stmt) {
+    const trueReverts = branchAlwaysReverts(stmt?.trueBody);
+    const falseReverts = branchAlwaysReverts(stmt?.falseBody);
+    if (trueReverts && !falseReverts)
+        return 'true';
+    if (falseReverts && !trueReverts)
+        return 'false';
+    return null;
+}
+function branchAlwaysReverts(body) {
+    if (!body || typeof body !== 'object')
+        return false;
+    if (isStatementRevert(body))
+        return true;
+    if ((0, ast_1.isNode)(body, 'Block')) {
+        const stmts = body.statements || [];
+        return stmts.some((s) => isStatementRevert(s));
+    }
+    return false;
+}
+function isStatementRevert(stmt) {
+    if (!stmt || typeof stmt !== 'object')
+        return false;
+    if ((0, ast_1.isNode)(stmt, 'RevertStatement'))
+        return true;
+    if ((0, ast_1.isNode)(stmt, 'ExpressionStatement')) {
+        const expr = stmt.expression;
+        if ((0, ast_1.isNode)(expr, 'FunctionCall')) {
+            const callee = expr.expression;
+            if ((0, ast_1.isNode)(callee, 'Identifier') && String(callee.name || '') === 'revert')
+                return true;
+        }
+    }
+    return false;
+}
+/**
+ * Polarity-aware access-control recognition for if/revert guards.
+ *
+ * `negated` indicates whether the executing path requires `!expr`
+ * (`true`, then-branch reverts) or `expr` (`false`, else-branch
+ * reverts). Returns true iff the executing-path predicate is a
+ * recognised access-control check — only `msg.sender == privileged`
+ * (or equivalent role/index forms), never `msg.sender != privileged`
+ * (which would block the owner and let everyone else through).
+ */
+function predicateExpressesAccessControlAtPolarity(expr, negated) {
+    if (!expr || typeof expr !== 'object')
+        return false;
+    if ((0, ast_1.isNode)(expr, 'UnaryOperation') && expr.operator === '!') {
+        return predicateExpressesAccessControlAtPolarity(expr.subExpression, !negated);
+    }
+    if ((0, ast_1.isNode)(expr, 'TupleExpression')) {
+        const components = expr.components || [];
+        if (components.length === 1)
+            return predicateExpressesAccessControlAtPolarity(components[0], negated);
+        return components.some((c) => predicateExpressesAccessControlAtPolarity(c, negated));
+    }
+    if ((0, ast_1.isNode)(expr, 'BinaryOperation')) {
+        const op = expr.operator;
+        if (op === '==' || op === '!=' || op === '===') {
+            const left = expr.left || expr.leftExpression;
+            const right = expr.right || expr.rightExpression;
+            const hasSenderShape = ((0, access_control_1.isMsgSenderExpr)(left) && (0, access_control_1.isPrivilegedReference)(right, isPrivilegedName))
+                || ((0, access_control_1.isMsgSenderExpr)(right) && (0, access_control_1.isPrivilegedReference)(left, isPrivilegedName))
+                || (isTxOrigin(left) && (0, access_control_1.isPrivilegedReference)(right, isPrivilegedName))
+                || (isTxOrigin(right) && (0, access_control_1.isPrivilegedReference)(left, isPrivilegedName));
+            if (!hasSenderShape)
+                return false;
+            const isEq = op === '==' || op === '===';
+            return isEq !== negated;
+        }
+        if (op === '&&' || op === '||') {
+            const left = expr.left || expr.leftExpression;
+            const right = expr.right || expr.rightExpression;
+            return predicateExpressesAccessControlAtPolarity(left, negated)
+                || predicateExpressesAccessControlAtPolarity(right, negated);
+        }
+    }
+    if ((0, ast_1.isNode)(expr, 'FunctionCall')) {
+        if ((0, access_control_1.isHasRoleStyleCall)(expr, access_control_1.getCalleeNameDefault)) {
+            return !negated;
+        }
+    }
+    if ((0, ast_1.isNode)(expr, 'IndexAccess')) {
+        const base = expr.base || expr.baseExpression;
+        const index = expr.index || expr.indexExpression;
+        if (((0, access_control_1.isMsgSenderExpr)(index) || isTxOrigin(index)) && (0, access_control_1.isPrivilegedReference)(base, isPrivilegedName)) {
+            return !negated;
+        }
+    }
+    return false;
+}
+//# sourceMappingURL=mevbot-insufficient-validation.js.map

package/dist/detectors/migration-rebalance-without-bound.d.ts

@@ -0,0 +1,7 @@
+import type { ScanResult } from '../index';
+export declare class MigrationRebalanceWithoutBoundDetector {
+    readonly id = "migration-rebalance-without-bound";
+    readonly patternKey = "migration-rebalance-without-bound";
+    readonly supportedAstKinds: "parser"[];
+    scanAst(ast: any, _file: string, _sourceText?: string): ScanResult[];
+}