@snovon/solast 0.2.0

package/dist/detectors/missing-sequencer-uptime-check.d.ts

@@ -0,0 +1,30 @@
+import type { ScanResult } from '../index';
+export declare class MissingSequencerUptimeCheckDetector {
+    readonly id = "missing-sequencer-uptime-check";
+    readonly patternKey = "missing-sequencer-uptime-check";
+    readonly supportedAstKinds: "parser"[];
+    readonly descriptor: {
+        id: string;
+        shortDescription: string;
+        helpUri: string;
+        defaultSeverity: "medium";
+        help: string;
+    };
+    private currentFile;
+    private findings;
+    private contract;
+    private fn;
+    setFile(file: string): void;
+    getFindings(): ScanResult[];
+    ContractDefinition(node: any): void;
+    ContractDefinition_post(_node: any): void;
+    ['ContractDefinition:exit'](node: any): void;
+    FunctionDefinition(node: any): void;
+    FunctionDefinition_post(_node: any): void;
+    ['FunctionDefinition:exit'](node: any): void;
+    IfStatement(_node: any): void;
+    IfStatement_post(_node: any): void;
+    ['IfStatement:exit'](node: any): void;
+    VariableDeclaration(node: any): void;
+    FunctionCall(node: any): void;
+}

package/dist/detectors/missing-sequencer-uptime-check.js

@@ -0,0 +1,348 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.MissingSequencerUptimeCheckDetector = void 0;
+const ast_1 = require("./_common/ast");
+const RULE_ID = 'missing-sequencer-uptime-check';
+const CLASS_ID = 'L2-SEQUENCER-UPTIME';
+const ARBSYS_TYPES = new Set(['ArbSys', 'IArbSys']);
+const MESSENGER_TYPES = new Set(['L1CrossDomainMessenger', 'IL1CrossDomainMessenger']);
+const LIVENESS_METHODS = new Set(['arbBlockNumber', 'isSequencerActive']);
+const SEND_METHODS = new Set(['sendTxToL1', 'sendMessage']);
+class MissingSequencerUptimeCheckDetector {
+    id = RULE_ID;
+    patternKey = RULE_ID;
+    supportedAstKinds = ['parser'];
+    descriptor = {
+        id: RULE_ID,
+        shortDescription: 'Arbitrum L2 message sends should verify sequencer uptime before dispatch.',
+        helpUri: 'https://snovon.com/',
+        defaultSeverity: 'medium',
+        help: 'Remediation: gate Arbitrum L2-to-L1 sends with `require(ArbSys(address(100)).arbBlockNumber() > 0, "sequencer down");` or an equivalent `isSequencerActive()` / Chainlink sequencer uptime feed guard before calling `sendTxToL1` or `sendMessage`.',
+    };
+    currentFile = '';
+    findings = [];
+    contract = null;
+    fn = null;
+    setFile(file) {
+        this.currentFile = file;
+        this.findings = [];
+        this.contract = null;
+        this.fn = null;
+    }
+    getFindings() {
+        return this.findings;
+    }
+    ContractDefinition(node) {
+        if (node?.kind === 'interface' || node?.kind === 'library') {
+            this.contract = null;
+            return;
+        }
+        this.contract = {
+            name: String(node?.name || '<anonymous>'),
+            node,
+            stateTypes: collectStateTypes(node),
+            guardedModifiers: collectGuardedModifiers(node),
+        };
+    }
+    ContractDefinition_post(_node) {
+        this.contract = null;
+        this.fn = null;
+    }
+    ['ContractDefinition:exit'](node) {
+        this.ContractDefinition_post(node);
+    }
+    FunctionDefinition(node) {
+        this.fn = null;
+        if (!this.contract || !node?.body)
+            return;
+        this.fn = {
+            name: node.name || (node.isConstructor ? '<constructor>' : '<fallback>'),
+            node,
+            localTypes: new Map(),
+            hasGuaranteedLiveness: hasGuardedModifier(node, this.contract.guardedModifiers),
+            sawSequencerFeedRead: false,
+            findingEmitted: false,
+            conditionalDepth: 0,
+        };
+    }
+    FunctionDefinition_post(_node) {
+        this.fn = null;
+    }
+    ['FunctionDefinition:exit'](node) {
+        this.FunctionDefinition_post(node);
+    }
+    IfStatement(_node) {
+        if (this.fn)
+            this.fn.conditionalDepth++;
+    }
+    IfStatement_post(_node) {
+        if (this.fn && this.fn.conditionalDepth > 0)
+            this.fn.conditionalDepth--;
+    }
+    ['IfStatement:exit'](node) {
+        this.IfStatement_post(node);
+    }
+    VariableDeclaration(node) {
+        if (!this.fn)
+            return;
+        const name = getName(node);
+        const typeName = typeNameText(node?.typeName);
+        if (name && typeName)
+            this.fn.localTypes.set(name, typeName);
+    }
+    FunctionCall(node) {
+        if (!this.contract || !this.fn)
+            return;
+        if (isSequencerFeedRead(node)) {
+            this.fn.sawSequencerFeedRead = true;
+        }
+        if (isArbitrumLivenessCall(node, this.contract, this.fn)) {
+            if (this.fn.conditionalDepth === 0)
+                this.fn.hasGuaranteedLiveness = true;
+            return;
+        }
+        if (isRequireCall(node) && this.fn.sawSequencerFeedRead && requireChecksSequencerUp(node)) {
+            if (this.fn.conditionalDepth === 0)
+                this.fn.hasGuaranteedLiveness = true;
+            return;
+        }
+        if (!isCrossChainSend(node, this.contract, this.fn))
+            return;
+        if (this.fn.hasGuaranteedLiveness || this.fn.findingEmitted)
+            return;
+        this.findings.push(makeFinding(this.currentFile, this.contract.name, this.fn.name, node, this.fn.node));
+        this.fn.findingEmitted = true;
+    }
+}
+exports.MissingSequencerUptimeCheckDetector = MissingSequencerUptimeCheckDetector;
+function makeFinding(file, contractName, functionName, node, fallbackNode) {
+    const loc = (0, ast_1.assertLoc)(node, fallbackNode);
+    return {
+        file,
+        contract: contractName,
+        'function': functionName,
+        line: loc.line,
+        endLine: loc.endLine,
+        column: loc.column,
+        pattern: RULE_ID,
+        confidence: 'medium',
+        category: CLASS_ID,
+        ruleId: RULE_ID,
+        severity: 'medium',
+        message: `Arbitrum L2 cross-chain send in '${functionName}' executes without a preceding sequencer uptime check. ` +
+            `Call arbBlockNumber(), isSequencerActive(), or a sequencer uptime feed guard before dispatching the message.`,
+        contractName,
+        functionName,
+        sourceLocation: { line: loc.line, column: loc.column },
+        suggestedFix: `require(ArbSys(address(100)).arbBlockNumber() > 0, "sequencer down");\n` +
+            `arbSys.sendTxToL1(target, data);`,
+        findingId: '',
+        contractHash: '',
+    };
+}
+function collectStateTypes(contract) {
+    const out = new Map();
+    for (const child of contract?.subNodes || []) {
+        if (!(0, ast_1.isNode)(child, 'StateVariableDeclaration'))
+            continue;
+        for (const variable of child.variables || []) {
+            const name = getName(variable);
+            const typeName = typeNameText(variable?.typeName);
+            if (name && typeName)
+                out.set(name, typeName);
+        }
+    }
+    return out;
+}
+function collectGuardedModifiers(contract) {
+    const out = new Set();
+    for (const child of contract?.subNodes || []) {
+        if (!(0, ast_1.isNode)(child, 'ModifierDefinition'))
+            continue;
+        if (modifierHasPreBodyLiveness(child))
+            out.add(getName(child));
+    }
+    return out;
+}
+function modifierHasPreBodyLiveness(modifier) {
+    let sawPlaceholder = false;
+    let sawGuard = false;
+    walkOrdered(modifier?.body, 0, node => {
+        if (sawPlaceholder || sawGuard)
+            return;
+        if ((0, ast_1.isNode)(node, 'PlaceholderStatement')) {
+            sawPlaceholder = true;
+            return;
+        }
+        if ((0, ast_1.isNode)(node, 'FunctionCall') && isArbitrumLivenessCall(node, null, null)) {
+            sawGuard = true;
+        }
+    });
+    return sawGuard && !sawPlaceholder;
+}
+function hasGuardedModifier(fn, guardedModifiers) {
+    for (const modifier of fn?.modifiers || []) {
+        const name = modifierName(modifier);
+        if (name && guardedModifiers.has(name))
+            return true;
+    }
+    return false;
+}
+function modifierName(node) {
+    return getName(node) || getName(node?.modifierName) || getName(node?.name) || '';
+}
+function isArbitrumLivenessCall(node, contract, fn) {
+    const call = memberCall(node);
+    if (!call || !LIVENESS_METHODS.has(call.member))
+        return false;
+    if (call.member === 'isSequencerActive')
+        return true;
+    if (call.member === 'arbBlockNumber') {
+        const baseType = expressionTypeName(call.base, contract, fn);
+        return !baseType || ARBSYS_TYPES.has(baseType);
+    }
+    return false;
+}
+function isCrossChainSend(node, contract, fn) {
+    const call = memberCall(node);
+    if (!call || !SEND_METHODS.has(call.member))
+        return false;
+    const baseType = expressionTypeName(call.base, contract, fn);
+    if (call.member === 'sendTxToL1')
+        return baseType === null || ARBSYS_TYPES.has(baseType);
+    if (call.member === 'sendMessage')
+        return baseType === null || MESSENGER_TYPES.has(baseType);
+    return false;
+}
+function memberCall(node) {
+    if (!(0, ast_1.isNode)(node, 'FunctionCall'))
+        return null;
+    const expr = unwrapCallOptions(node.expression);
+    if (!(0, ast_1.isNode)(expr, 'MemberAccess'))
+        return null;
+    return {
+        member: String(expr.memberName || expr.name || ''),
+        base: expr.expression,
+    };
+}
+function unwrapCallOptions(expr) {
+    if ((0, ast_1.isNode)(expr, 'NameValueExpression'))
+        return expr.expression;
+    return (0, ast_1.isNode)(expr, 'FunctionCallOptions') ? expr.expression : expr;
+}
+function expressionTypeName(expr, contract, fn) {
+    if (!expr)
+        return null;
+    if ((0, ast_1.isNode)(expr, 'Identifier')) {
+        const name = getName(expr);
+        return fn?.localTypes.get(name) || contract?.stateTypes.get(name) || null;
+    }
+    if ((0, ast_1.isNode)(expr, 'FunctionCall')) {
+        const callee = unwrapCallOptions(expr.expression);
+        if ((0, ast_1.isNode)(callee, 'Identifier'))
+            return getName(callee) || null;
+    }
+    return null;
+}
+function isSequencerFeedRead(node) {
+    const call = memberCall(node);
+    if (!call || call.member !== 'latestRoundData')
+        return false;
+    return /sequencer.*(uptime|feed)|uptime.*sequencer/i.test(expressionText(call.base));
+}
+function requireChecksSequencerUp(node) {
+    if (!isRequireCall(node))
+        return false;
+    return (node.arguments || []).some((arg) => expressionChecksAnswerZero(arg));
+}
+function expressionChecksAnswerZero(node) {
+    if (!node || typeof node !== 'object')
+        return false;
+    if ((0, ast_1.isNode)(node, 'BinaryOperation') && (node.operator === '==' || node.operator === '!=')) {
+        const left = expressionText(node.left);
+        const right = expressionText(node.right);
+        if (node.operator === '==' && ((left === 'answer' && right === '0') || (left === '0' && right === 'answer')))
+            return true;
+        if (node.operator === '!=' && ((left === 'answer' && right !== '0') || (right === 'answer' && left !== '0')))
+            return true;
+    }
+    return orderedChildren(node).some(child => expressionChecksAnswerZero(child));
+}
+function isRequireCall(node) {
+    if (!(0, ast_1.isNode)(node, 'FunctionCall'))
+        return false;
+    const expr = unwrapCallOptions(node.expression);
+    return (0, ast_1.isNode)(expr, 'Identifier') && getName(expr) === 'require';
+}
+function getName(node) {
+    return typeof node?.name === 'string' ? node.name : '';
+}
+function typeNameText(node) {
+    if (!node)
+        return '';
+    if (typeof node.namePath === 'string')
+        return node.namePath.split('.').pop() || node.namePath;
+    if (typeof node.name === 'string')
+        return node.name.split('.').pop() || node.name;
+    if (typeof node.type === 'string' && node.type !== 'UserDefinedTypeName')
+        return node.type;
+    return '';
+}
+function expressionText(node) {
+    if (!node || typeof node !== 'object')
+        return '';
+    if ((0, ast_1.isNode)(node, 'Identifier'))
+        return getName(node);
+    if ((0, ast_1.isNode)(node, 'NumberLiteral') || (0, ast_1.isNode)(node, 'BooleanLiteral') || (0, ast_1.isNode)(node, 'StringLiteral')) {
+        return String(node.number ?? node.value ?? '');
+    }
+    if ((0, ast_1.isNode)(node, 'MemberAccess'))
+        return `${expressionText(node.expression)}.${node.memberName || node.name || ''}`;
+    if ((0, ast_1.isNode)(node, 'FunctionCall'))
+        return expressionText(unwrapCallOptions(node.expression));
+    if ((0, ast_1.isNode)(node, 'TupleExpression'))
+        return (node.components || []).map(expressionText).join(',');
+    if ((0, ast_1.isNode)(node, 'BinaryOperation'))
+        return `${expressionText(node.left)}${node.operator || ''}${expressionText(node.right)}`;
+    return '';
+}
+function walkOrdered(node, conditionalDepth, visit) {
+    if (!node || typeof node !== 'object')
+        return;
+    visit(node, conditionalDepth);
+    const nextDepth = (0, ast_1.isNode)(node, 'IfStatement') ? conditionalDepth + 1 : conditionalDepth;
+    for (const child of orderedChildren(node))
+        walkOrdered(child, nextDepth, visit);
+}
+function orderedChildren(node) {
+    if (!node || typeof node !== 'object')
+        return [];
+    if ((0, ast_1.isNode)(node, 'Block'))
+        return node.statements || [];
+    if ((0, ast_1.isNode)(node, 'ExpressionStatement'))
+        return [node.expression].filter(Boolean);
+    if ((0, ast_1.isNode)(node, 'VariableDeclarationStatement'))
+        return [node.initialValue].filter(Boolean);
+    if ((0, ast_1.isNode)(node, 'IfStatement'))
+        return [node.condition, node.trueBody, node.falseBody].filter(Boolean);
+    if ((0, ast_1.isNode)(node, 'FunctionCall'))
+        return [unwrapCallOptions(node.expression), ...(node.arguments || [])].filter(Boolean);
+    if ((0, ast_1.isNode)(node, 'FunctionCallOptions'))
+        return [node.expression, ...(node.options || []).map((option) => option?.value)].filter(Boolean);
+    if ((0, ast_1.isNode)(node, 'BinaryOperation'))
+        return [node.left, node.right].filter(Boolean);
+    if ((0, ast_1.isNode)(node, 'UnaryOperation'))
+        return [node.subExpression].filter(Boolean);
+    if ((0, ast_1.isNode)(node, 'MemberAccess'))
+        return [node.expression].filter(Boolean);
+    if ((0, ast_1.isNode)(node, 'IndexAccess'))
+        return [node.base, node.index].filter(Boolean);
+    if ((0, ast_1.isNode)(node, 'ReturnStatement'))
+        return [node.expression].filter(Boolean);
+    if ((0, ast_1.isNode)(node, 'EmitStatement'))
+        return [node.eventCall].filter(Boolean);
+    if ((0, ast_1.isNode)(node, 'TupleExpression'))
+        return node.components || [];
+    return [];
+}
+//# sourceMappingURL=missing-sequencer-uptime-check.js.map

package/dist/detectors/missing-storage-gap.d.ts

@@ -0,0 +1,19 @@
+import type { ScanResult } from '../index';
+export declare class MissingStorageGapDetector {
+    readonly id = "missing-storage-gap";
+    readonly patternKey = "missing-storage-gap";
+    readonly supportedAstKinds: "parser"[];
+    readonly descriptor: {
+        id: string;
+        shortDescription: string;
+        helpUri: string;
+        defaultSeverity: "low";
+        help: string;
+    };
+    private file;
+    private contracts;
+    private findings;
+    setFile(file: string): void;
+    getFindings(): ScanResult[];
+    ContractDefinition(node: any): void;
+}

package/dist/detectors/missing-storage-gap.js

@@ -0,0 +1,193 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.MissingStorageGapDetector = void 0;
+const ast_1 = require("./_common/ast");
+const RULE_ID = 'missing-storage-gap';
+class MissingStorageGapDetector {
+    id = RULE_ID;
+    patternKey = RULE_ID;
+    supportedAstKinds = ['parser'];
+    descriptor = {
+        id: RULE_ID,
+        shortDescription: 'Upgradeable base contracts with mutable storage should reserve a storage gap.',
+        helpUri: 'https://snovon.com/',
+        defaultSeverity: 'low',
+        help: 'Add a fixed-size private or internal storage gap array, such as `uint256[50] private __gap;`, to upgradeable base contracts that declare mutable state.',
+    };
+    file = '';
+    contracts = [];
+    findings = null;
+    setFile(file) {
+        this.file = file;
+        this.contracts = [];
+        this.findings = null;
+    }
+    getFindings() {
+        if (this.findings)
+            return this.findings;
+        const inheritedNames = new Set();
+        for (const contract of this.contracts) {
+            for (const base of contract.bases)
+                inheritedNames.add(lastSegment(base));
+        }
+        this.findings = [];
+        const emitted = new Set();
+        for (const contract of this.contracts) {
+            if (!isConcreteOrAbstractContract(contract))
+                continue;
+            if (!inheritedNames.has(contract.name))
+                continue;
+            if (!contract.hasMutableState)
+                continue;
+            if (!isUpgradeableContract(contract))
+                continue;
+            if (contract.hasStorageGap)
+                continue;
+            if (emitted.has(contract.name))
+                continue;
+            emitted.add(contract.name);
+            this.findings.push(makeFinding(this.file, contract));
+        }
+        return this.findings;
+    }
+    ContractDefinition(node) {
+        if (!(0, ast_1.isNode)(node, 'ContractDefinition'))
+            return;
+        this.contracts.push({
+            name: String(node.name || '<anonymous>'),
+            node,
+            kind: String(node.kind || ''),
+            bases: baseNames(node),
+            hasInitializerModifier: hasInitializerModifier(node),
+            hasMutableState: hasMutableState(node),
+            hasStorageGap: hasStorageGap(node),
+        });
+        this.findings = null;
+    }
+}
+exports.MissingStorageGapDetector = MissingStorageGapDetector;
+function isConcreteOrAbstractContract(contract) {
+    return contract.kind !== 'interface' && contract.kind !== 'library';
+}
+function isUpgradeableContract(contract) {
+    return contract.hasInitializerModifier
+        || isUpgradeableName(contract.name)
+        || contract.bases.some(base => {
+            const name = lastSegment(base);
+            return name === 'Initializable' || isUpgradeableName(name);
+        });
+}
+function isUpgradeableName(name) {
+    return name.endsWith('Upgradeable');
+}
+function baseNames(contract) {
+    const out = [];
+    for (const specifier of contract?.baseContracts || []) {
+        const name = typeNameText(specifier?.baseName);
+        if (name)
+            out.push(name);
+    }
+    return out;
+}
+function hasInitializerModifier(contract) {
+    for (const node of contract?.subNodes || []) {
+        if (!(0, ast_1.isNode)(node, 'FunctionDefinition'))
+            continue;
+        for (const modifier of node.modifiers || []) {
+            const name = modifierName(modifier);
+            if (name === 'initializer' || name === 'reinitializer')
+                return true;
+        }
+    }
+    return false;
+}
+function hasMutableState(contract) {
+    for (const declaration of contract?.subNodes || []) {
+        if (!(0, ast_1.isNode)(declaration, 'StateVariableDeclaration'))
+            continue;
+        for (const variable of declaration.variables || []) {
+            if (!isMutableStateVariable(variable))
+                continue;
+            return true;
+        }
+    }
+    return false;
+}
+function hasStorageGap(contract) {
+    for (const declaration of contract?.subNodes || []) {
+        if (!(0, ast_1.isNode)(declaration, 'StateVariableDeclaration'))
+            continue;
+        for (const variable of declaration.variables || []) {
+            if (isConventionalStorageGap(variable))
+                return true;
+        }
+    }
+    return false;
+}
+function isMutableStateVariable(variable) {
+    if (!variable?.isStateVar)
+        return false;
+    if (variable.isDeclaredConst || variable.isImmutable)
+        return false;
+    return true;
+}
+function isConventionalStorageGap(variable) {
+    if (!isMutableStateVariable(variable))
+        return false;
+    if (variable.visibility !== 'private' && variable.visibility !== 'internal')
+        return false;
+    if (!/gap/i.test(String(variable.name || '')))
+        return false;
+    return isFixedSizeArray(variable.typeName);
+}
+function isFixedSizeArray(typeName) {
+    return (0, ast_1.isNode)(typeName, 'ArrayTypeName') && typeName.length != null;
+}
+function modifierName(modifier) {
+    if (typeof modifier?.name === 'string')
+        return lastSegment(modifier.name);
+    return lastSegment(typeNameText(modifier?.name));
+}
+function typeNameText(typeName) {
+    if (!typeName)
+        return '';
+    if (typeof typeName.namePath === 'string')
+        return typeName.namePath;
+    if (typeof typeName.name === 'string')
+        return typeName.name;
+    if (typeof typeName.typeDescriptions?.typeString === 'string')
+        return typeName.typeDescriptions.typeString;
+    if (typeof typeName.referencedDeclaration?.name === 'string')
+        return typeName.referencedDeclaration.name;
+    return '';
+}
+function lastSegment(namePath) {
+    const parts = String(namePath || '').split('.');
+    return parts[parts.length - 1] || '';
+}
+function makeFinding(file, contract) {
+    const loc = (0, ast_1.assertLoc)(contract.node);
+    return {
+        file,
+        contract: contract.name,
+        'function': '<contract>',
+        line: loc.line,
+        endLine: loc.endLine,
+        column: loc.column,
+        endColumn: loc.endColumn,
+        ruleId: RULE_ID,
+        pattern: RULE_ID,
+        severity: 'low',
+        confidence: 'high',
+        category: 'hardening',
+        message: `Upgradeable base contract '${contract.name}' declares mutable storage but does not reserve a fixed-size storage gap.`,
+        rationale: 'Future state variables added to an upgradeable base can shift child storage layout unless the base reserves unused slots for later versions.',
+        suggestedFix: 'Add a fixed-size private or internal gap array, for example `uint256[50] private __gap;`. Gap-size correctness is not checked by this rule.',
+        contractName: contract.name,
+        functionName: '<contract>',
+        sourceLocation: { line: loc.line, column: loc.column },
+        findingId: '',
+        contractHash: '',
+    };
+}
+//# sourceMappingURL=missing-storage-gap.js.map

package/dist/detectors/missing-swap-deadline-slippage.d.ts

@@ -0,0 +1,31 @@
+import type { ScanResult } from '../index';
+export declare class MissingSwapDeadlineSlippageDetector {
+    readonly id = "missing-swap-deadline-slippage";
+    readonly patternKey = "missing-swap-deadline-slippage";
+    readonly supportedAstKinds: "parser"[];
+    readonly descriptor: {
+        id: string;
+        shortDescription: string;
+        helpUri: string;
+        defaultSeverity: "medium";
+        help: string;
+    };
+    private currentFile;
+    private currentContract;
+    private currentFunction;
+    private currentFunctionNode;
+    private findings;
+    private emittedKeys;
+    setFile(file: string): void;
+    getFindings(): ScanResult[];
+    ContractDefinition(node: any): void;
+    ContractDefinition_post(_node: any): void;
+    ['ContractDefinition:exit'](node: any): void;
+    FunctionDefinition(node: any): void;
+    FunctionDefinition_post(_node: any): void;
+    ['FunctionDefinition:exit'](node: any): void;
+    FunctionCall(node: any): void;
+    private inspectRouterCall;
+    private inspectV3StructCall;
+    private emitFinding;
+}