@snovon/solast 0.2.0

package/dist/detectors/approval-based-drain.js

@@ -0,0 +1,772 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.ApprovalBasedDrainDetector = void 0;
+const access_control_1 = require("./_common/access-control");
+const RULE_ID = 'approval-based-drain';
+const PATTERN = `${RULE_ID}/caller-controlled-approval-source`;
+const TRANSFER_FROM_NAMES = new Set(['transferfrom', 'safetransferfrom']);
+const ACCESS_CONTROL_MODIFIERS = new Set([
+    'onlyowner',
+    'onlyadmin',
+    'onlyrole',
+    'onlyauthorized',
+    'onlyoperator',
+    'onlyrouter',
+    'onlygovernance',
+    'onlygovernor',
+    'onlyguardian',
+    'onlymanager',
+]);
+// Detector-local keyword set (post roadmap 1.2.2 migration). The list
+// matches the pre-extraction inline regex exactly; behaviour is
+// preserved.
+const PRIVILEGED_AUTHORITY_KEYWORDS = [
+    'owner', 'admin', 'role', 'guardian', 'governor', 'governance',
+    'operator', 'manager', 'authorized', 'authority',
+];
+const OPERATOR_ALLOWLIST_PATTERN = /router|operator|whitelist|allowed|approved|trusted|keeper/i;
+class ApprovalBasedDrainDetector {
+    id = RULE_ID;
+    patternKey = RULE_ID;
+    supportedAstKinds = ['parser', 'solc'];
+    scanAst(ast, file, sourceText) {
+        if (!ast || typeof ast !== 'object')
+            return [];
+        const findings = [];
+        const lineOffsets = buildLineOffsets(sourceText);
+        for (const contractNode of collectContracts(ast)) {
+            if (isInterfaceLike(contractNode))
+                continue;
+            const contractName = getName(contractNode) || '<anonymous>';
+            const functions = getContractFunctions(contractNode);
+            const helpers = new Map();
+            for (const fn of functions) {
+                const name = getName(fn);
+                if (!name)
+                    continue;
+                helpers.set(name, { node: fn, params: getFunctionParameters(fn).map(p => getName(p) || '') });
+            }
+            const modifierBodies = collectModifierBodies(contractNode);
+            for (const fn of functions) {
+                if (!isExternallyCallable(fn))
+                    continue;
+                const body = getFunctionBody(fn);
+                if (!body)
+                    continue;
+                const candidates = collectReachableTransferFromCalls(body, helpers, new Set([getName(fn)]));
+                if (candidates.length === 0)
+                    continue;
+                const entryParams = new Set(getFunctionParameters(fn).map(p => getName(p) || '').filter(Boolean));
+                const aliasMap = collectAliases(body);
+                const prefix = collectPrefixEvidence(body);
+                if (hasRecognizedAccessControlModifier(fn, modifierBodies) || prefix.hasAccessControl)
+                    continue;
+                const unsafe = candidates.find(candidate => {
+                    const from = resolveAlias(candidate.from, aliasMap, new Set());
+                    const amount = resolveAlias(candidate.amount, aliasMap, new Set());
+                    if (isAuthorizedFrom(from, prefix.callerBindings))
+                        return false;
+                    if (!isCallerControlled(from, entryParams))
+                        return false;
+                    if (hasAccountingBound(body, from, amount))
+                        return false;
+                    if (prefix.hasOperatorAllowlist)
+                        return false;
+                    return true;
+                });
+                if (!unsafe)
+                    continue;
+                const displayName = functionDisplayName(fn);
+                const loc = getLoc(unsafe.call, lineOffsets) || getLoc(fn, lineOffsets) || { line: 0, column: 0 };
+                findings.push({
+                    file,
+                    contract: contractName,
+                    'function': displayName,
+                    line: loc.line,
+                    endLine: loc.line,
+                    column: loc.column,
+                    pattern: PATTERN,
+                    confidence: 'high',
+                    category: 'vulnerability',
+                    ruleId: RULE_ID,
+                    severity: 'high',
+                    message: `Approval-based drain risk in '${contractName}.${displayName}': externally reachable logic spends a caller-controlled transferFrom source without caller binding, authorization, or accounting bounds.`,
+                    rationale: 'A permissionless entry point can consume ERC20/ERC721 approvals from a caller-supplied source address. Successful allowance consumption is not authorization for the caller to move third-party assets.',
+                    suggestedFix: 'Bind the transferFrom source to msg.sender, restrict the entry point to a trusted role/operator, or bound and debit the transferred amount against accounting for the same source before the transfer.',
+                    contractName,
+                    functionName: displayName,
+                    sourceLocation: loc,
+                    findingId: '',
+                    contractHash: '',
+                });
+            }
+        }
+        return findings;
+    }
+}
+exports.ApprovalBasedDrainDetector = ApprovalBasedDrainDetector;
+function collectReachableTransferFromCalls(body, helpers, visited) {
+    const out = [];
+    const localAliases = collectAliases(body);
+    walk(body, node => {
+        if (!isNode(node, 'FunctionCall'))
+            return;
+        const memberName = getCallMemberName(node);
+        if (memberName && TRANSFER_FROM_NAMES.has(memberName.toLowerCase())) {
+            const candidate = pickTransferCandidate(node, memberName);
+            if (candidate) {
+                out.push({
+                    ...candidate,
+                    from: resolveAlias(candidate.from, localAliases, new Set()),
+                    amount: resolveAlias(candidate.amount, localAliases, new Set()),
+                });
+            }
+            return;
+        }
+        const directName = getDirectCallName(node);
+        if (!directName || !helpers.has(directName) || visited.has(directName))
+            return;
+        const helper = helpers.get(directName);
+        const helperBody = getFunctionBody(helper.node);
+        if (!helperBody)
+            return;
+        const nextVisited = new Set(visited);
+        nextVisited.add(directName);
+        const args = getCallArguments(node);
+        for (const inner of collectReachableTransferFromCalls(helperBody, helpers, nextVisited)) {
+            out.push({
+                ...inner,
+                from: substituteArg(inner.from, helper.params, args),
+                to: substituteArg(inner.to, helper.params, args),
+                amount: substituteArg(inner.amount, helper.params, args),
+            });
+        }
+    });
+    return out;
+}
+function pickTransferCandidate(node, memberName) {
+    const args = getCallArguments(node);
+    const normalized = memberName.toLowerCase();
+    if (normalized === 'transferfrom' && args.length >= 3) {
+        return { from: args[0], to: args[1], amount: args[2], call: node };
+    }
+    if (normalized === 'safetransferfrom') {
+        if (args.length >= 4 && callTargetLooksLikeLibrary(node)) {
+            return { from: args[1], to: args[2], amount: args[3], call: node };
+        }
+        if (args.length >= 3) {
+            return { from: args[0], to: args[1], amount: args[2], call: node };
+        }
+    }
+    return undefined;
+}
+function collectPrefixEvidence(body) {
+    const evidence = {
+        callerBindings: [],
+        hasAccessControl: false,
+        hasOperatorAllowlist: false,
+    };
+    for (const stmt of getBlockStatements(body)) {
+        if (isTransferFromStatement(stmt))
+            break;
+        if (isNode(stmt, 'ExpressionStatement')) {
+            const expr = stmt.expression;
+            if (isNode(expr, 'FunctionCall') && isRequireOrAssert(expr)) {
+                const condition = getCallArguments(expr)[0];
+                addEqualToMsgSender(condition, evidence.callerBindings);
+                if (isRecognizedAccessControlCondition(condition))
+                    evidence.hasAccessControl = true;
+                if (isOperatorAllowlistCondition(condition))
+                    evidence.hasOperatorAllowlist = true;
+                continue;
+            }
+        }
+        if (isNode(stmt, 'IfStatement')) {
+            const trueBody = stmt.trueBody || stmt.body;
+            if (bodyUnconditionallyExits(trueBody)) {
+                addNotEqualToMsgSender(stmt.condition, evidence.callerBindings);
+                if (isInverseAccessControlCondition(stmt.condition))
+                    evidence.hasAccessControl = true;
+            }
+            continue;
+        }
+        if (isNode(stmt, 'VariableDeclarationStatement') || isNode(stmt, 'EmitStatement'))
+            continue;
+    }
+    return evidence;
+}
+function hasAccountingBound(body, from, amount) {
+    if (!from || !amount)
+        return false;
+    let hasBound = false;
+    let hasDebit = false;
+    walk(body, node => {
+        if (isNode(node, 'FunctionCall') && isRequireOrAssert(node)) {
+            if (conditionBoundsAmountForFrom(getCallArguments(node)[0], from, amount))
+                hasBound = true;
+        }
+        if (isAccountingDebit(node, from, amount))
+            hasDebit = true;
+    });
+    return hasBound && hasDebit;
+}
+function conditionBoundsAmountForFrom(cond, from, amount) {
+    if (!cond || typeof cond !== 'object')
+        return false;
+    if (isNode(cond, 'BinaryOperation')) {
+        const op = String(cond.operator || '');
+        if (op === '&&') {
+            return conditionBoundsAmountForFrom(getLeft(cond), from, amount) ||
+                conditionBoundsAmountForFrom(getRight(cond), from, amount);
+        }
+        const left = getLeft(cond);
+        const right = getRight(cond);
+        if ((op === '>=' || op === '>') && sameExpression(right, amount) && expressionIndexedBy(left, from))
+            return true;
+        if ((op === '<=' || op === '<') && sameExpression(left, amount) && expressionIndexedBy(right, from))
+            return true;
+    }
+    return false;
+}
+function isAccountingDebit(node, from, amount) {
+    if (!isNode(node, 'BinaryOperation') && !isNode(node, 'Assignment'))
+        return false;
+    const op = String(node.operator || '');
+    const left = getLeft(node);
+    const right = getRight(node);
+    if (op === '-=' && expressionIndexedBy(left, from) && sameExpression(right, amount))
+        return true;
+    if (op === '=' && expressionIndexedBy(left, from) && isSubtractingAmount(right, amount))
+        return true;
+    return false;
+}
+function isSubtractingAmount(node, amount) {
+    if (!isNode(node, 'BinaryOperation') || String(node.operator || '') !== '-')
+        return false;
+    return sameExpression(getRight(node), amount);
+}
+function expressionIndexedBy(node, indexExpr) {
+    if (!node || typeof node !== 'object')
+        return false;
+    if (isNode(node, 'IndexAccess')) {
+        const index = node.index ?? node.indexExpression;
+        if (sameExpression(index, indexExpr))
+            return true;
+        return expressionIndexedBy(node.base ?? node.baseExpression, indexExpr);
+    }
+    if (isNode(node, 'MemberAccess'))
+        return expressionIndexedBy(node.expression, indexExpr);
+    return false;
+}
+function isTransferFromStatement(stmt) {
+    let found = false;
+    walk(stmt, node => {
+        if (found || !isNode(node, 'FunctionCall'))
+            return;
+        const member = getCallMemberName(node).toLowerCase();
+        if (TRANSFER_FROM_NAMES.has(member))
+            found = true;
+    });
+    return found;
+}
+function isAuthorizedFrom(from, callerBindings) {
+    if (!from)
+        return true;
+    if (isMsgSender(from))
+        return true;
+    if (isAddressThis(from))
+        return true;
+    for (const binding of callerBindings) {
+        if (sameExpression(from, binding))
+            return true;
+    }
+    return false;
+}
+function isCallerControlled(node, entryParams) {
+    if (!node || typeof node !== 'object')
+        return false;
+    if (isTxOrigin(node))
+        return true;
+    if (isNode(node, 'Identifier'))
+        return entryParams.has(getName(node));
+    if (isNode(node, 'MemberAccess'))
+        return isCallerControlled(node.expression, entryParams);
+    if (isNode(node, 'IndexAccess'))
+        return isCallerControlled(node.base ?? node.baseExpression, entryParams);
+    if (isNode(node, 'TupleExpression')) {
+        const components = node.components ?? node.elements ?? [];
+        return Array.isArray(components) && components.some((item) => isCallerControlled(item, entryParams));
+    }
+    return false;
+}
+function collectAliases(body) {
+    const map = new Map();
+    walk(body, node => {
+        if (!isNode(node, 'VariableDeclarationStatement'))
+            return;
+        const init = node.initialValue ?? node.initialExpression ?? node.expression;
+        if (!init)
+            return;
+        const declarations = node.variables ?? node.declarations;
+        if (!Array.isArray(declarations) || declarations.length !== 1)
+            return;
+        const declName = declarations[0]?.name;
+        if (typeof declName === 'string' && declName.length > 0)
+            map.set(declName, init);
+    });
+    return map;
+}
+function resolveAlias(node, aliasMap, visited) {
+    if (!node || typeof node !== 'object')
+        return node;
+    if (isNode(node, 'Identifier')) {
+        const name = getName(node);
+        if (name && aliasMap.has(name) && !visited.has(name)) {
+            const next = new Set(visited);
+            next.add(name);
+            return resolveAlias(aliasMap.get(name), aliasMap, next);
+        }
+    }
+    return node;
+}
+function substituteArg(node, params, args) {
+    if (!node || typeof node !== 'object')
+        return node;
+    if (isNode(node, 'Identifier')) {
+        const idx = params.indexOf(getName(node));
+        if (idx >= 0 && idx < args.length)
+            return args[idx];
+    }
+    return node;
+}
+function addEqualToMsgSender(node, out) {
+    if (!node || typeof node !== 'object')
+        return;
+    if (isNode(node, 'BinaryOperation') || isNode(node, 'Assignment')) {
+        const op = String(node.operator || '');
+        if (op === '==' || op === '===') {
+            const left = getLeft(node);
+            const right = getRight(node);
+            if (isMsgSender(left) && right)
+                out.push(right);
+            if (isMsgSender(right) && left)
+                out.push(left);
+            return;
+        }
+        if (op === '&&') {
+            addEqualToMsgSender(getLeft(node), out);
+            addEqualToMsgSender(getRight(node), out);
+        }
+    }
+}
+function addNotEqualToMsgSender(node, out) {
+    if (!node || typeof node !== 'object')
+        return;
+    if (isNode(node, 'BinaryOperation')) {
+        const op = String(node.operator || '');
+        if (op === '!=' || op === '!==') {
+            const left = getLeft(node);
+            const right = getRight(node);
+            if (isMsgSender(left) && right)
+                out.push(right);
+            if (isMsgSender(right) && left)
+                out.push(left);
+            return;
+        }
+        if (op === '||') {
+            addNotEqualToMsgSender(getLeft(node), out);
+            addNotEqualToMsgSender(getRight(node), out);
+        }
+    }
+}
+function hasRecognizedAccessControlModifier(fn, modifierBodies) {
+    for (const modifier of fn.modifiers || []) {
+        const modName = getModifierName(modifier);
+        if (ACCESS_CONTROL_MODIFIERS.has(modName.toLowerCase()))
+            return true;
+        const body = modifierBodies.get(modName);
+        if (body && bodyContainsAccessControlGuard(body))
+            return true;
+    }
+    return false;
+}
+function bodyContainsAccessControlGuard(body) {
+    let found = false;
+    walk(body, node => {
+        if (found)
+            return;
+        if (isNode(node, 'FunctionCall') && isRequireOrAssert(node)) {
+            if (isRecognizedAccessControlCondition(getCallArguments(node)[0]))
+                found = true;
+        }
+    });
+    return found;
+}
+function isRecognizedAccessControlCondition(expr) {
+    if (!expr || typeof expr !== 'object')
+        return false;
+    if (isNode(expr, 'BinaryOperation')) {
+        const op = String(expr.operator || '');
+        if (op === '&&' || op === '||') {
+            return isRecognizedAccessControlCondition(getLeft(expr)) ||
+                isRecognizedAccessControlCondition(getRight(expr));
+        }
+        if (op !== '==' && op !== '===')
+            return false;
+        const left = getLeft(expr);
+        const right = getRight(expr);
+        if (isMsgSender(left) && isPrivilegedAuthorityReference(right))
+            return true;
+        if (isMsgSender(right) && isPrivilegedAuthorityReference(left))
+            return true;
+    }
+    if (isHasRoleSenderCall(expr))
+        return true;
+    return false;
+}
+function isInverseAccessControlCondition(expr) {
+    if (!expr || typeof expr !== 'object')
+        return false;
+    if (isNode(expr, 'UnaryOperation') && String(expr.operator || '') === '!') {
+        const inner = expr.subExpression ?? expr.argument;
+        return isHasRoleSenderCall(inner) || isOperatorAllowlistCondition(inner);
+    }
+    if (!isNode(expr, 'BinaryOperation'))
+        return false;
+    const op = String(expr.operator || '');
+    if (op === '||') {
+        return isInverseAccessControlCondition(getLeft(expr)) || isInverseAccessControlCondition(getRight(expr));
+    }
+    if (op !== '!=' && op !== '!==')
+        return false;
+    const left = getLeft(expr);
+    const right = getRight(expr);
+    if (isMsgSender(left) && isPrivilegedAuthorityReference(right))
+        return true;
+    if (isMsgSender(right) && isPrivilegedAuthorityReference(left))
+        return true;
+    return false;
+}
+function isOperatorAllowlistCondition(expr) {
+    if (!expr || typeof expr !== 'object')
+        return false;
+    if (isNode(expr, 'BinaryOperation')) {
+        const op = String(expr.operator || '');
+        if (op === '&&' || op === '||') {
+            return isOperatorAllowlistCondition(getLeft(expr)) || isOperatorAllowlistCondition(getRight(expr));
+        }
+        return false;
+    }
+    if (isNode(expr, 'IndexAccess')) {
+        const index = expr.index ?? expr.indexExpression;
+        return isMsgSender(index) && OPERATOR_ALLOWLIST_PATTERN.test(expressionText(expr.base ?? expr.baseExpression));
+    }
+    if (isNode(expr, 'FunctionCall')) {
+        const args = getCallArguments(expr);
+        return args.some(isMsgSender) && OPERATOR_ALLOWLIST_PATTERN.test(getCalleeName(expr));
+    }
+    return false;
+}
+function isHasRoleSenderCall(expr) {
+    if (!expr || !isNode(expr, 'FunctionCall'))
+        return false;
+    const calleeName = getCalleeName(expr).toLowerCase();
+    return (calleeName === 'hasrole' || calleeName === 'has_role') && getCallArguments(expr).some(isMsgSender);
+}
+function isPrivilegedAuthorityReference(expr) {
+    if (!expr || typeof expr !== 'object')
+        return false;
+    if (isNode(expr, 'Identifier'))
+        return (0, access_control_1.isPrivilegedIdentifier)(getName(expr), { keywords: PRIVILEGED_AUTHORITY_KEYWORDS });
+    if (isNode(expr, 'MemberAccess')) {
+        if ((0, access_control_1.isPrivilegedIdentifier)(String(expr.memberName || ''), { keywords: PRIVILEGED_AUTHORITY_KEYWORDS }))
+            return true;
+        return isPrivilegedAuthorityReference(expr.expression);
+    }
+    if (isNode(expr, 'FunctionCall')) {
+        if ((0, access_control_1.isPrivilegedIdentifier)(getCalleeName(expr), { keywords: PRIVILEGED_AUTHORITY_KEYWORDS }))
+            return true;
+        return isPrivilegedAuthorityReference(expr.expression);
+    }
+    return false;
+}
+function sameExpression(a, b) {
+    if (!a || !b || typeof a !== 'object' || typeof b !== 'object')
+        return false;
+    if (isNode(a, 'Identifier') && isNode(b, 'Identifier'))
+        return getName(a) === getName(b);
+    if (isMsgSender(a) && isMsgSender(b))
+        return true;
+    if (isTxOrigin(a) && isTxOrigin(b))
+        return true;
+    if (isNode(a, 'MemberAccess') && isNode(b, 'MemberAccess')) {
+        return String(a.memberName || '') === String(b.memberName || '') && sameExpression(a.expression, b.expression);
+    }
+    if (isNode(a, 'IndexAccess') && isNode(b, 'IndexAccess')) {
+        return sameExpression(a.base ?? a.baseExpression, b.base ?? b.baseExpression) &&
+            sameExpression(a.index ?? a.indexExpression, b.index ?? b.indexExpression);
+    }
+    return false;
+}
+function expressionText(node) {
+    if (!node || typeof node !== 'object')
+        return '';
+    if (isNode(node, 'Identifier'))
+        return getName(node);
+    if (isNode(node, 'MemberAccess'))
+        return `${expressionText(node.expression)}.${String(node.memberName || '')}`;
+    if (isNode(node, 'IndexAccess'))
+        return expressionText(node.base ?? node.baseExpression);
+    if (isNode(node, 'FunctionCall'))
+        return getCalleeName(node);
+    return '';
+}
+function isAddressThis(node) {
+    if (!isNode(node, 'FunctionCall'))
+        return false;
+    const callee = node.expression;
+    if (!isNode(callee, 'ElementaryTypeNameExpression'))
+        return false;
+    const typeName = callee.typeName;
+    const typeNameStr = typeof typeName === 'string' ? typeName : String(typeName?.name || '');
+    const args = getCallArguments(node);
+    return typeNameStr === 'address' && args.length === 1 && isNode(args[0], 'Identifier') && getName(args[0]) === 'this';
+}
+function isMsgSender(node) {
+    if (isNode(node, 'MemberAccess') &&
+        String(node.memberName || '') === 'sender' &&
+        isNode(node.expression, 'Identifier') &&
+        String(node.expression.name || '') === 'msg')
+        return true;
+    if (isNode(node, 'FunctionCall')) {
+        const callee = node.expression;
+        return isNode(callee, 'Identifier') && String(callee.name || '') === '_msgSender' && getCallArguments(node).length === 0;
+    }
+    return false;
+}
+function isTxOrigin(node) {
+    return isNode(node, 'MemberAccess') &&
+        String(node.memberName || '') === 'origin' &&
+        isNode(node.expression, 'Identifier') &&
+        String(node.expression.name || '') === 'tx';
+}
+function isRequireOrAssert(call) {
+    const name = getCalleeName(call).toLowerCase();
+    return name === 'require' || name === 'assert';
+}
+function bodyUnconditionallyExits(body) {
+    if (!body || typeof body !== 'object')
+        return false;
+    if (isNode(body, 'Block'))
+        return getBlockStatements(body).some(statementGuaranteesExit);
+    return statementGuaranteesExit(body);
+}
+function statementGuaranteesExit(stmt) {
+    if (!stmt || typeof stmt !== 'object')
+        return false;
+    if (isNode(stmt, 'ThrowStatement') || isNode(stmt, 'RevertStatement'))
+        return true;
+    if (isNode(stmt, 'ExpressionStatement')) {
+        const expr = stmt.expression;
+        return isNode(expr, 'FunctionCall') && getCalleeName(expr).toLowerCase() === 'revert';
+    }
+    if (isNode(stmt, 'Block'))
+        return bodyUnconditionallyExits(stmt);
+    return false;
+}
+function callTargetLooksLikeLibrary(node) {
+    const expr = node?.expression;
+    if (!isNode(expr, 'MemberAccess'))
+        return false;
+    const inner = expr.expression;
+    return isNode(inner, 'Identifier') && /^[A-Z]/.test(String(inner.name || ''));
+}
+function collectModifierBodies(contractNode) {
+    const map = new Map();
+    for (const member of getContractMembers(contractNode)) {
+        if (!isNode(member, 'ModifierDefinition'))
+            continue;
+        const name = getName(member);
+        if (name && member.body)
+            map.set(name, member.body);
+    }
+    return map;
+}
+function isInterfaceLike(contractNode) {
+    const kind = String(contractNode?.kind || contractNode?.contractKind || '').toLowerCase();
+    return kind === 'interface' || kind === 'library';
+}
+function isConstructor(fn) {
+    if (!fn)
+        return false;
+    if (fn.isConstructor === true)
+        return true;
+    return String(fn.kind || '').toLowerCase() === 'constructor';
+}
+function isExternallyCallable(fn) {
+    if (!fn || isConstructor(fn))
+        return false;
+    const visibility = String(fn.visibility || '').toLowerCase();
+    return visibility === 'public' || visibility === 'external';
+}
+function getFunctionParameters(fn) {
+    const params = fn?.parameters;
+    if (Array.isArray(params))
+        return params;
+    if (Array.isArray(params?.parameters))
+        return params.parameters;
+    return [];
+}
+function getFunctionBody(node) {
+    return node?.body || null;
+}
+function getBlockStatements(body) {
+    if (!body || typeof body !== 'object')
+        return [];
+    if (Array.isArray(body.statements))
+        return body.statements;
+    return [];
+}
+function getContractFunctions(contractNode) {
+    return getContractMembers(contractNode).filter(child => isNode(child, 'FunctionDefinition'));
+}
+function getContractMembers(contractNode) {
+    if (!contractNode || typeof contractNode !== 'object')
+        return [];
+    if (Array.isArray(contractNode.subNodes))
+        return contractNode.subNodes;
+    if (Array.isArray(contractNode.nodes))
+        return contractNode.nodes;
+    return [];
+}
+function collectContracts(ast) {
+    const out = [];
+    walkContracts(ast, node => out.push(node));
+    return out;
+}
+function walkContracts(node, visit) {
+    if (!node || typeof node !== 'object')
+        return;
+    if (isNode(node, 'ContractDefinition')) {
+        visit(node);
+        return;
+    }
+    for (const child of childrenOf(node))
+        walkContracts(child, visit);
+}
+function walk(node, visit) {
+    if (!node || typeof node !== 'object')
+        return;
+    visit(node);
+    for (const child of childrenOf(node))
+        walk(child, visit);
+}
+function childrenOf(node) {
+    if (!node || typeof node !== 'object')
+        return [];
+    const children = [];
+    for (const [key, value] of Object.entries(node)) {
+        if (key === 'loc' || key === 'src' || key === 'range' || key === 'typeDescriptions' || key === 'id')
+            continue;
+        if (Array.isArray(value)) {
+            for (const item of value) {
+                if (item && typeof item === 'object')
+                    children.push(item);
+            }
+        }
+        else if (value && typeof value === 'object') {
+            children.push(value);
+        }
+    }
+    return children;
+}
+function isNode(node, kind) {
+    return node?.type === kind || node?.nodeType === kind;
+}
+function getName(node) {
+    return typeof node?.name === 'string' ? node.name : '';
+}
+function functionDisplayName(fn) {
+    return getName(fn) || '<anonymous>';
+}
+function getCallArguments(node) {
+    return Array.isArray(node?.arguments) ? node.arguments : [];
+}
+function getCallMemberName(node) {
+    const expr = node?.expression;
+    if (isNode(expr, 'MemberAccess'))
+        return String(expr.memberName || '');
+    return '';
+}
+function getDirectCallName(node) {
+    const expr = node?.expression;
+    if (isNode(expr, 'Identifier'))
+        return String(expr.name || '');
+    return '';
+}
+function getCalleeName(node) {
+    const expr = node?.expression;
+    if (isNode(expr, 'Identifier'))
+        return String(expr.name || '');
+    if (isNode(expr, 'MemberAccess'))
+        return String(expr.memberName || '');
+    return '';
+}
+function getModifierName(modifier) {
+    if (!modifier)
+        return '';
+    if (typeof modifier === 'string')
+        return modifier;
+    if (typeof modifier.name === 'string')
+        return modifier.name;
+    if (modifier.name && typeof modifier.name === 'object') {
+        if (typeof modifier.name.name === 'string')
+            return modifier.name.name;
+        if (typeof modifier.name.namePath === 'string')
+            return modifier.name.namePath;
+    }
+    if (modifier.modifierName) {
+        const inner = modifier.modifierName;
+        if (typeof inner === 'string')
+            return inner;
+        if (typeof inner.name === 'string')
+            return inner.name;
+    }
+    return '';
+}
+function getLeft(node) {
+    return node?.left ?? node?.leftExpression ?? node?.leftHandSide;
+}
+function getRight(node) {
+    return node?.right ?? node?.rightExpression ?? node?.rightHandSide;
+}
+function buildLineOffsets(sourceText) {
+    if (sourceText === undefined)
+        return undefined;
+    const lineOffsets = [0];
+    let byteOffset = 0;
+    for (const char of sourceText) {
+        byteOffset += Buffer.byteLength(char, 'utf8');
+        if (char === '\n')
+            lineOffsets.push(byteOffset);
+    }
+    return lineOffsets;
+}
+function getLoc(node, lineOffsets) {
+    if (node?.loc?.start)
+        return node.loc.start;
+    if (!node?.src || !lineOffsets)
+        return undefined;
+    const offset = Number(String(node.src).split(':')[0]);
+    if (!Number.isFinite(offset) || offset < 0)
+        return undefined;
+    let lineIndex = 0;
+    for (let i = 0; i < lineOffsets.length; i++) {
+        if (lineOffsets[i] <= offset)
+            lineIndex = i;
+        else
+            break;
+    }
+    return { line: lineIndex + 1, column: offset - lineOffsets[lineIndex] };
+}
+//# sourceMappingURL=approval-based-drain.js.map